Mpge is a wrapper of meterpreter (msfconsole, msfpayload and msfencode) of Metasploit Framework directly integrated with Mac OS X Snow Leopard 10.6.8 and with OS X Mavericks 10.9. With Mpge is possible make trojan horse files for Microsoft Windows, Linux and Mac OS X 10.3 Panther, OS X 10.4 Tiger, OS X 10.5 Leopard and OS X Montain Lion 10.8.1 for all Mac OS X is possible make a trojan horse files contains a reverse shell into files .pkg and files .app. I used three real Mac OS X: Attacker: MacBook with Snow Leopard 10.6.8 Target: Mac iBook PowerPC G4 with Mac OS X10.3.5 Panther and after MacBook and iMac Mac OS X Mountain Lion 10.8.1. All Mac OS X were connected on intranet lan of an italian ISP. The attacker MacBook is in listening and expected the reverse shell from the target Mac iBook PowerPC G4 that receive a package and when user click on file .pkg and insert the user password, the attacker receive a reverse shell of target. For more details read Features and User Reviews.
- All tests were conducted in order to study and laboratory to perform test on ids, firewalls and anti-malware on Microsoft Windows, Linux and Mac OS X on an intranet. Which my case it is an italian ISP (Internet Service Provider). The Internal IP Addresses with the same network class of IP addressing used in all tests they relate of internal IP addresses released from DHCP server of ISP. It is a normal adsl. I use Mpge on my adsl without firewalls and ids. The hosts are connected on intranet with RG45 cable to router. After i conducted an other test with two Mac OS X in the same intranet (lan and wifi connection) with addition of a powerline adapter 200 Mbps connected to a electricity network of home and connected with RG45 cable to router. So your network becomes a network packet switching. The program enjoys the GNU General Public License version 3.0 (GPLv3). For Metasploit Framework the license is url: metasploit.com/license.jsp. Disclaimer: This software is provided by the author ''as is'' and any expressed or implied warranties, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose are disclaimed. In no event shall the author be liable for any direct, indirect, incidental, special, exemplary, or consequential damages (Including, but not limited to, procurement of substitute goods or services; loss of use, hardware, data, profits, life, or limb; or business interruption) homever caused and on any theory of liability, whether in contract, strict liability, or tort (Including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage. Don't hurt your laptop.You don't have to swing it so hard, you know. If you do break damage to your machine in any way, it is your fault. The connection between MacBook and Mac iBook PowerPC G4 (or the other target iMac) that realizes the root shell of the target Mac iBook POWERPC G4 on the attacker MacBook. Both are connected with RG45 on my router and with addition of powerline adapter 200 Mbps and through the package file .pkg downloaded from a public web mail portal and installed on Mac iBook (or a file .pkg realized with Iceberg or a file .dmg containing a file . app for iMac). This realize an overlap between two shells: first the shell of the listener MacBook and second shell that of the target Mac iBook. Through this overlap you can view and create data (a folder) from MacBook to Mac iBook POWERPC G4. See image of link of Security List Network.
- For more details see images in a directory Files: Test Environment Mac iBook POWERPC G4 Mac OS X 10.3 Panther, MacBook Mac OS X Snow Leopard 10.6.3 and iMac Mac OS X Mountain Lion 10.8.1.
- At this point you need to prepare on MacBook attacker a new reverse shell and create a new package with PackageMaker or Iceberg and send it to the target, start a listener on attacker, download a trojan horse file on a target click on it and the connection opens. In all tests the password to install the trojan horse file on Mac OS X PowerPC G4 or iMac is entered by user target of the attack. In my lab the password on target is always inserted by me, imagine that another person. The actual payloads for Mac OS X are: osx/ppc/shell_reverse_tcp and osx/x86/shell_reverse_tcp which realize http reverse shells connections. The reverse shell is insert into files .pkg and files .app.
- Release of Mpge for OS X Snow Leopard 10.6.8 in directory Files: Mpge OS X Snow Leopard 10.6.8: Mpge v.1.3.tgz. New release of Mpge for OS X Mavericks 10.9 in directory Files: Mpge v.1.0 OS X Mavericks: Mpge v.1.0 OS X Mavericks.tgz.
- The last version of Mpge for OS X Mavericks 10.9 can take back all tests carried in the laboratory with MacBook with OS X Snow Leopard 10.6.8 as the target and the iMac as attacker. The simple osx/x86/shell_reverse_tcp can be inserted within any applications. Is an executable hidden, for example, in a path /Applications/Safari.app/Contents MacOS/Safari. Clicking on Safari and instead run Safari run a reverse shell. To do so as it run after Safari and before run a reverse shell you can create a third executable in bash scripting that run in sequence before Safari and after run the reverse shell. The web mail portal is only a foothold of files .app contains a reverse shell and is located in a different network. The file in format .zip file is sent from the attacker OS X Mavericks 10.9 on the web mail portal with e-mail address of the attacker and downloaded, on the same web mail portal from the target MacBook with different e-mail address, the e-mail address of target. For more details see directory Files: Mpge v.1.0 OS X Mavericks 10.9. Published on: http://seclist.us/2014/01/update-mpge-v-1-0-a-wrapper-of-msfpayload-and-msfencode-of-metasploit.html
The script mpge.sh is a wrapper formed of fourth main areas: The first area is dedicated to the creation of trojans horse files for Microsoft Windows, Mac OS X and Linux. A second area for listeners instructed to intercept the connection is opened by our trojans horse files. A third area is dedicated to networking, in particular monitoring and collecting information on the IP addresses. A fourth area is dedicated to creation of trojan horse files for Mac OS X with extension .pkg, .app and .dmg (that contains files .app) and to creation of trojan horse files for Microsoft Windows. To create the trojan horse file you can use Mpge and insert IP address and port before you need insert the original file name that you want use and a name of trojan horse file. Before i used to Backbox means VMware Fusion for Mac (on MacBook with Mac OS X Snow Leopard 10.6.8) and i use it for the reverse shell and reverse shell with script evil.sh between attacker MacBook with Mac OS X Snow Leopard 10.6.8 and target Mac iBook POWERPC G4 with Mac OS X 10.3.5 Panther. After between attacker MacBook with Mac OS X Snow Leopard 10.6.8 and target iMac with Mac OS X Mountain Lion 10.8.1. After i decided to use Mpge directly integrated with Metasploit Framework on Mac OS X. Important: To use Mpge need to run it as root. The connection between two Mac OS X MacBook attacker and targets Mac iBook POWERPC G4 or iMac Mac OS X Mountain Lion 10.8.1 that are located in the same network sometimes it worked and sometimes not. At this point you need to prepare on MacBook attacker a new reverse shell and create a new package with PackageMaker or Iceberg and send it to the target, start a listener on a attacker, download a file on a target click on it and see if the connection opens. Don't worry if it does not work try again with calm is just for fun is for relaxing. I was able to captured the moment in which the connection means a reverse shell between these two Mac OS X MacBook Mac OS X Snow Leopard 10.6.8 attacker and target Mac iBook POWERPC G4 Mac OS X 10.3.5 Panther and the other target iMac Mac OS X Mountain Lion 10.8.1 is open. For more details enters into the folder Files that contains folders named Reverse Shell, The Pyramid, MacBook and iMac, MacBook and Mac iBook POWERPC G4, Creation trojan horse file .app and .dmg and see images. The new folder is Mpge v.1.0 OS X Mavericks 10.9. Package Creation for Linux: Regarding Linux tested with a virtual machine, you can integrate Mpge with Rust (rust.sourceforge.net/download.html) Rust allows us to create files .rpm containing the scripts .sh. For this integration, I leave to you the fun! For more information see images in a folder Linux in a folder Files Modules: You can use modules in Autoscript or manual mode. ISP Network: Attacker: MacBook Target: Mac iBook POWERPC G4 installing file .pkg on Mac iBook POWERPC G4 (Target), while MacBook is an attacker. In this experiment, as in all other experiments i’ve never used USB flash drives but i made the exchange of files over a shared folder or a public web portal mail. The reverse shell with evil script between MacBook and Mac iBook PowerPC G4 is very strange test. The connection if you use files .pkg with reverse shell at the end of installation of file .pkg continued if the user not see active processes. You can see on MacBook with the command uname -a the user on Mac iBook POWERPC G4. It 's very difficult to use this type of package. Only works once. Is difficult because is how to insert a file that works only locally (evil.sh) inside a remote connection (the reverse shell). If something is wrong must rebuild all create a new reverse shell assign right permissions and create a new package from scratch a few times also redoing the reverse shell. I managed to make it work between the two Mac OS X : MacBook and iBook PowerPC G4 4-5 times then i got tired but when it succeeds is very funny!