search

nathanlopez / Stitch

Python Remote Administration Tool (RAT)
https://nathanlopez.github.io/Stitch/
Other
3.13k stars 661 forks source link

OSX 10.11 Requirements Failure #24

Open elbarolped opened 7 years ago

elbarolped commented 7 years ago

I am trying to build the pip requirements on OSX 10.11; I can't seem to find info anywhere on building pyobjc 2.5.1.

I was able to get past PIL through Issue#14, but I can't seem to get past building of pyobjc 2.5.1.

When I use stitchgen with the modules that did successfully install, the binary is basically unusable and complains about missing python dependencies, to which I assume is a result of of the incomplete requirements, so I suppose someone could correct me if I am wrong?

I am not skilled enough in python to make manual modifications to the pyobjc 2.5.1 source to force it to install, as it feels 10.11 is a lesser version than 10.8.

I also tried changing the requirements to work with the latest version of pyobjc (3.2.1) but it appears as if this doesn't help.

When installing PyOBJC 3.2.1 and attempting to run the payload binary directly (outside of the virtualenv):

./Safari 
Failed to execute script st_main
Traceback (most recent call last):
  File "st_main.py", line 1, in <module>
  File "/private/var/folders/65/vrd36dv964sf_bgr6rzrqj8hrqg1mc/T/pip-build-2YHMO_/PyInstaller/PyInstaller/loader/pyimod03_importers.py", line 389, in load_module
  File "requirements.py", line 28, in <module>
  File "/private/var/folders/65/vrd36dv964sf_bgr6rzrqj8hrqg1mc/T/pip-build-2YHMO_/PyInstaller/PyInstaller/loader/pyimod03_importers.py", line 389, in load_module
  File "st_utils.py", line 3, in <module>
  File "<string>", line 25, in <module>
  File "/private/var/folders/65/vrd36dv964sf_bgr6rzrqj8hrqg1mc/T/pip-build-2YHMO_/PyInstaller/PyInstaller/loader/pyimod03_importers.py", line 389, in load_module
  File "st_osx_keylogger.py", line 3, in <module>
  File "<string>", line 9, in <module>

Note: I am building this entirely in a virtualenv just to ensure there is a clean list of dependencies installed.

Any tips?

AlainG80 commented 7 years ago

The PIL requirement install a vulnerable version of the Python Image library. You shouldn't install this application until it is updated by the author. https://www.cvedetails.com/cve/CVE-2014-3007/ https://pypi.python.org/pypi/Pillow/2.5.3 https://www.cvedetails.com/cve/CVE-2016-4009/

Ekultek commented 7 years ago

issue here https://github.com/Ekultek/Stitch/issues