EvilOSX: Remote Administration Tool for Mac OS X


EvilOSX: Remote Administration Tool for Mac OS X

EvilOSX is a remote administration tool for MacOS which allows the user to gain access to Mac OS systems and retrieve data from them. EvilOSX is designed in way to make it invisible to anti-virus software while also doing its damage in a matter of a few seconds.

EvilOSX RAT logo
EvilOSX RAT

EvilOSX: Remote Administration Tool for MacOS / OS X

EvilOSX allows the user to build their own bots and customize them to run the desired commands. These commands can range from transferring files to taking screenshots. The user can also retrieve chrome passwords and phish for iCloud passwords via iTunes. The EvilOSX hides its communication with the target by sending messages hidden in HTTP 404 error messages. It also ensures only the bot communicates with server and not the other way around to ensure that the server has no idea when the bot was deactivated.

Features:

  • Emulate a terminal instance
  • Simple extendable module system
  • No bot dependencies (pure python)
  • Undetected by anti-virus (OpenSSL AES-256 encrypted payloads)
  • Persistent
  • GUI and CLI support
  • Retrieve Chrome passwords
  • Retrieve iCloud tokens and contacts
  • Retrieve/monitor the clipboard
  • Retrieve browser history (Chrome and Safari)
  • Phish for iCloud passwords via iTunes
  • iTunes (iOS) backup enumeration
  • Record the microphone
  • Take a desktop screenshot or picture using the webcam
  • Attempt to get root via local privilege escalation

Made to be used with Rubber Ducky

– Takes about 10 seconds to backdoor any unlocked Mac
– To bypass the keyboard setup assistant make sure you change the VID&PID
– “Terminal” is spelt that way intentionally

Click the “documentation” button below for the simple script.

Modules:

  • update_bot
  • download
  • upload
  • remove_bot
  • microphone
  • decrypt_mme
  • slowloris
  • chrome_passwords
  • icloud_contacts
  • clipboard
  • browser_history
  • get_backups
  • screenshot
  • webcam
  • cve-2015-5889
  • get_info
  • phish_itunes

Supported Platforms:

  • Linux

Requirements:

  • Python

EvilOSX Install

# Clone the repository
 
$ git clone https://github.com/Marten4n6/EvilOSX     # Go into the repository
$ cd EvilOSX    #Install dependencies required by the server
$ sudo pip install -r requirements.txt 

Usage

# Start the GUI

$ python start.py
# Lastly, run a built launcher on your target(s)
▓█████ ██▒   █▓ ██▓ ██▓     ▒█████    ██████ ▒██   ██▒
▓█   ▀▓██░   █▒▓██▒▓██▒    ▒██▒  ██▒▒██    ▒ ▒▒ █ █ ▒░
▒███   ▓██  █▒░▒██▒▒██░    ▒██░  ██▒░ ▓██▄   ░░  █   ░
▒▓█  ▄  ▒██ █░░░██░▒██░    ▒██   ██░  ▒   ██▒ ░ █ █ ▒   @Marten4n6 (v7.2.1)
░▒████▒  ▒▀█░  ░██░░██████▒░ ████▓▒░▒██████▒▒▒██▒ ▒██▒  GPLv3 licensed
░░ ▒░ ░  ░ ▐░  ░▓  ░ ▒░▓  ░░ ▒░▒░▒░ ▒ ▒▓▒ ▒ ░▒▒ ░ ░▓ ░
░ ░  ░  ░ ░░   ▒ ░░ ░ ▒  ░  ░ ▒ ▒░ ░ ░▒  ░ ░░░   ░▒ ░
   ░       ░░   ▒ ░  ░ ░   ░ ░ ░ ▒  ░  ░  ░   ░    ░  
   ░  ░     ░   ░      ░  ░    ░ ░        ░   ░    ░  
 
[?] Server port to listen on:
Documentation Box
Download Box