Q1: Is there a similar one-command to setup tool for MacOS victims? .. or maybe some metasploit / evilosx modules to set up a VNC connection?
Puoi provare a utilizzare lo vnc_login scanner ausiliario per identificare se c'è disponibile VNC in target e tenta di accedere con una password o un elenco di parole:
msf > use auxiliary/scanner/vnc/vnc_login
E / o ard_root_pw per sfruttare in remoto CVE-2017-13872
su 5900
porta - se i requisiti sono soddisfatti :
msf > use auxiliary/scanner/vnc/ard_root_pw
Some notes by ard_root_pw
's author (jgor):
This extends Rex::Proto::RFB to support usernames, implements authentication security type 30 ("Apple Remote Desktop" / ARD used by macOS), and uses that to add a module to remotely exploit CVE-2017-13872 over 5900/tcp on vulnerable macOS High Sierra hosts that have either Screen Sharing or Remote Management enabled.
( fonte )
Q2: Or I must do it manually without easy to use scripts?
Se hai già accesso (con shell o meterpreter) nella destinazione, dovresti considerare che Apple include un client VNC per impostazione predefinita, puoi usarlo con un semplice script bash:
echo '#!/usr/bin/env bash' >> /usr/local/bin/vncviewer
echo open vnc://\ >> /usr/local/bin/vncviewer
chmod +x /usr/local/bin/vncviewer
Dopodiché, semplicemente usa: vncviewer [IP]:5901
( source )