Simple MacOS EICAR PoC Payload (hak5#350)

* Add files via upload * Add files via upload Co-authored-by: Ciph3rtxt <[email protected]>
omern18 · Feb 15, 2022 · a5d1174 · a5d1174
1 parent 3184c22
commit a5d1174
Show file tree

Hide file tree

Showing 3 changed files with 53 additions and 0 deletions.
diff --git a/payloads/library/poc/MacOS_EICAR/eicar.sh b/payloads/library/poc/MacOS_EICAR/eicar.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'\ >Desktop/Malware.txt
diff --git a/payloads/library/poc/MacOS_EICAR/payload.txt b/payloads/library/poc/MacOS_EICAR/payload.txt
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Title:  MacOS_EICAR
+# Description:  Bad USB PoC for MacOS.    	
+# Author:  Ciph3rtxt	
+# Category:  PoC 	
+# Target:  MacOS 		
+# Attackmodes: 	HID STORAGE
+
+# Setup
+LED R
+ATTACKMODE HID STORAGE
+GET SWITCH_POSITION
+path=/Volumes/BashBunny/payloads/$SWITCH_POSITION
+
+
+# Execute Attack
+LED R
+DELAY 200
+RUN OSX terminal
+Q DELAY 2000
+Q STRING cd
+Q ENTER
+Q DELAY 200
+Q STRING chmod a+x $path/eicar.sh
+Q ENTER
+Q DELAY 200
+Q STRING $path/eicar.sh
+Q ENTER
+Q DELAY 200
+
+# Complete
+LED G
diff --git a/payloads/library/poc/MacOS_EICAR/readme.md b/payloads/library/poc/MacOS_EICAR/readme.md
@@ -0,0 +1,19 @@
+# MacOS EICAR PoC
+
+Author: Ciph3rtxt
+
+
+## Category: 
+
+PoC
+
+## Description:
+
+Generates EICAR file to simulate USB (physical access) malware attack.
+
+## Status:
+
+|LED|STATUS|
+|-|-|
+|Red|Attack|
+|Green|Complete|
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		#!/bin/bash
		echo 'X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*'\ >Desktop/Malware.txt