Persistence & Modules about evilosx HOT 3 CLOSED

how do I run a fresh payload as when I manual start the payload it says on the target computer that its already present in the system

This is because you can't have two launch agents with the same name, one solution would be to use a different launch agent name. You could also just remove the client once it's connected to your server (use remove_client once you're connected to the client), if you entered an invalid IP address and the client won't connect to your server you'll have to remove it manually:

launchctl remove com.apple.EvilOSX
rm -rf ~/Library/Containers/.EvilOSX
rm -rf ~/Library/LaunchAgents/com.apple.EvilOSX

Note that the names will be whatever you configured them to be when you built the launcher.

how do I incorporate the modules such as webcam?

With "incorporate" I'm going to assume you want to write your own module.
Alright, for this example we're going to create a simple module which says "Hello world" to the user (via text to speech).

• First of all we're going to need to create a new python file in the modules directory, this file will be automatically picked up by the server. I called my file 'say.py'.
• It's important to know that a module needs to follow certain rules before the server can use it, these rules can be found in the ModuleABC class. Everything with an @abstractclassmethod means it's required, you can ignore everything else.
• Since we want our module to follow these rules we need to import the ModuleABC class using
  from modules.helpers import ModuleABC
• Now we need to create a subclass of ModuleABC which has these required rules:

from modules.helpers import ModuleABC


class Module(ModuleABC):
    def __init__():
        pass

    def get_info(self) -> dict:
        pass

    def setup(self, module_input, view, successful):
        pass

    def run(self) -> str:
        pass

This is how a module "template" would look like, the server will now see this as a valid module (even though it currently does nothing).
Now let's start filling in the rules to actually do something.

from modules.helpers import ModuleABC


class Module(ModuleABC):
    def __init__(self):
        """Define global variables here so that the run method can also use them."""
        self.message = None
    
    def get_info(self) -> dict:
        """:return A dictionary containing basic information about this module."""
        return {
            "Author": ["Marten4n6"],  # The author(s) of this module
            "Description": "Says a message to the client via text to speech.",  # Short module description. 
            "References": [
                # List of external links related to this module.
                "http://example.com/",
                "https://wikileaks.org/"
            ],
            "Task": False  # Ignore this for now, if set to "True" this module will run in the background.
        }

    def setup(self, module_input, view, successful):
        """This is called by the server before the module is run.
        
        Here you can setup configuration options by interacting with the user.
        In this example we'll prompt the user for the message they want
        text-to-speech say to the client.
        """
        self.message = module_input.prompt("Message to say [ENTER for \"Hello world.\"]: ")
        
        if not self.message:  # The user pressed enter, set the default.
            self.message = "Hello world."

        # Important! 
        # Let the server know the module setup was successful.
        successful.put(True)

    def run(self) -> str:
        """Code which will be run on the client machine."""
        return """\
        run_command("say \"{}\"")  # Run a system command.
        
        print "Text to speech finished!"  # Anything printed will be returned to the server.
        """.format(self.message)

See the ViewABC and ModuleInputABC for methods you can call on the view and module_input.
And that's about it, you can start the server then type modules and you'll see your new module!
If you need any more help with this feel free to shoot me an email.

Lastly, I'm not quite sure why you'd lose your client once you shut it down, works fine for me.
I'll have a look into this tomorrow.

from evilosx.

I’m Regards to the persistence...I’m talking about the target computer once it’s turned off or put to sleep I loose the connection and when they turn it back on it doesn’t re load at all...(it says client unavailable even though the target computer is back on. So the RAT isn’t actually activating back on after the target has turned their computer back on.

Modules
I saw modules on your GitHub. How do I load those module into the rat so I gain for example webcam access...

from evilosx.

How do I load those module into the rat so I gain for example webcam access...

The second message when you start the server is:
Type "help" to get a list of available commands.
Run this and you'll see that use <module> is an available command, so it would be use webcam.

The RAT isn’t actually activating back on after the target has turned their computer back on.

Yeah, because the client becomes idle after a certain amount of inactivity from the server, wait ~30 seconds and it'll reconnect.

from evilosx.