EvilOSX Remote Administration Tool for macOS

Share on facebook
Share on google
Share on twitter
Share on linkedin
Join Masterscyber Institute Of Technology for free and Paid Courses And Many More Traning Tools transform your career with degrees certificates Take the next step in your career with a world class learning experience Student Free Earning Facilitis Available Hare & Courses Joining for free

evil RAT (Remote Administration Tool) for macOS / OS X. – GitHub – Marten4n6/EvilOSX: An evil RAT (Remote Administration Tool) for macOS / OS X.

EvilOSX. A pure python, post-exploitation, remote administration tool (RAT) for macOS / OS X. Features. Emulate a simple terminal instance.

EvilOSX is a pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX. Features of EvilOSX: Emulate a simple terminal instance.

EvilOSX – Remote Administration Tool for MacOS / OS X: RAT tool which allows the user to gain access to Mac OS systems and retrieve data from them



EvilOSX is a pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.

Features of EvilOSX:

  • Emulate a simple terminal instance
    This means we can input commands directly as though we were sitting behind the machine’s terminal interface.
  • Sockets are encrypted with CSR via OpenSSL
    Our communications to our infected hosts is encrypted, ensuring our communications remain secure.
  • No dependencies (pure python)
    No dependencies, aside from standard Python libraries, meaning nothing extra to install.
  • Persistence
    The ability to migrate to an in-memory process so that it can survive after the terminal it’s launched in is closed.
  • Retrieve Chrome passwords
  • Retrieve iCloud contacts
  • Attempt to get iCloud password via phishing
  • Show local iOS backups
  • Download and upload files
  • Retrieve find my iphone devices
  • Attempt to get root via local privilege escalation (<= 10.10.5)
    Attempt to get root via local privilege escalation based on the linked exploit of macOS,
  • Auto installer, simply run EvilOSX on the target and the rest is handled automatically

Exploitation

Step — 1 — Making the payload



The program will ask you for the IP address of the attacking machine. Enter your IP address, and then the server port of your choice. It may complain a little, but the end result should be an “EvilOSX.py” build file located in the “Builds” folder.

Command — ./BUILDER EvilOSX.py

Step — 2 — Starting the Server

In order to establish the connection to our victim machine when it attempts to connect to us, we’ll have to start a server on our attacker machine to listen for it. We will do this while still in the EvilOSX directory by running

Command — ./Server

Step 3 — Social Engineering

Transfer the file to victim by any method, then ask him to run the file.



Command: — python filename.py

Success

As soon as victim runs the file the victim gets hacked by the attacker without any knowledge and attacker have gained the shell.

Help Menu

Command — help — Displays available options to the user.

Available Commands

Status — This option helps the attacker to know that weather the victim is been connected or not.

Clients — This option tell the attacker the list of the online clients. Who has run the file.

Connect — This options helps the attacker to establish the connection victim

Get_info — This option tell the attacker all the information of the victim machine

State — Not Working

Get_root — This options will give the attacker root access of the victim machine.



State — Not Working

Download — This option gives the permission to attacker to any type of file from victim machine.

Upload — This option give the attacker permission to upload any file to victim machine.

Chrome_password — This option can steal all the password which are stored in google chrome of victim

State — Not Working

icloud_contacts — This attack can steal all the password from the victims icloud and give to attacker.

State — Not Working

icloud_phish — This attack make the fake icloud sign in popup on the victim machine by the attacker to get password of his/her account

Download EvilOSX Tool Free

Zip Extract Password: www.masterscyber.com

Cleaning Up

When finished doing whatever remote administration it is that you’re doing, make sure to send a final kill_server command to kill the connection, and clean up and remove the client server. After this, you won’t be able to connect again, so make sure you’re ready to let go before running this final command.

Masterscyber Institute Of Technology

Masterscyber Institute Of Technology

Join the skill-based learning programs at MCIT and launch your career in the technology industry Free Courses Available Hare

Sign up for our Website

Free Joining and Signup Today Join Our Institute Special Discount 30% Extra