Dump PlainText Google Chrome Passwords on MacOS using EvilOSX

0

Today, we’re going to learn how we can target MacOS and dump all saved Google Chrome Passwords in PlainText using EvilOSX. Lot of you guys asked me how to target MacOS.

So here it is!

The point of RAT is to gain initial hold on your target computer. For this tutorial we’re going to use EvilOSX which is written in Python and specialize in automating some devastating attacks that takes advantage of MacOS environment.

EvilOSX is a pure python, post-exploitation, RAT (Remote Administration Tool) for macOS / OSX.

EvilOSX Features:

  • Emulate a simple terminal instance.
  • Sockets are encrypted with CSR via OpenSSL.
  • No dependencies (pure python).
  • Persistence.
  • Retrieve Chrome passwords.
  • Retrieve iCloud contacts.
  • Attempt to get iCloud password via phishing.
  • Show local iOS backups.
  • Download and upload files.
  • Retrieve find my iphone devices.
  • Attempt to get root via local privilege escalation (<= 10.10.5).
  • Auto installer, simply run EvilOSX on the target and the rest is handled automatically.

How to use EvilOSX:

  1. Download or clone this repository.
  2. Run ./BUILDER and enter the appropriate information: 
  3. Done! Upload and execute the built EvilOSX on your target (with ./EvilOSX.py).
  4. Finally, start the Server (with ./Server.py) and start managing connections: