Skip to content
/ injectra Public

Injectra injects shellcode payloads into MacOS applications and package installers.

License

MIT license
39 stars 6 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Taguar258/injectra

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

72 Commits

.github/ISSUE_TEMPLATE

.github/ISSUE_TEMPLATE

 
 

example

example

 
 

injectra

injectra

 
 

.gitignore

.gitignore

 
 

CODE_OF_CONDUCT.md

CODE_OF_CONDUCT.md

 
 

CONTRIBUTING.md

CONTRIBUTING.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

setup.py

setup.py

 
 

Repository files navigation

Injectra

Injectra injects shellcode payloads into MacOS applications and package installers.

Injectra makes so that applications and packages run user-given code on start.

Installation

Due to the installation using setuptools the only requirement is python3 with pip installed.

Installation:

pip3 install git+https://github.com/Taguar258/injectra

Execution:

injectra -h

Uninstallation:

pip3 uninstall injectra

Tested on MacOS.

Instructions

Injectra has three working modes: Injection, Removal, and Detection. All those modes can be applied to packages as well as applications.

Injection

A simple injection of an application would look like this:

injectra -a INPUT_APP.app -i PAYLOAD.sh -o OUTPUT.app

The -a argument inputs an application whereas this can be replaced with -p which stands for package:

injectra -a INPUT_PKG.pkg -i PAYLOAD.sh -o OUTPUT.pkg

The -i argument injects the given shell payload and -o defines an output location.

In case you would like to include files to the directory of the payload you can use the -in argument. The -in argument accepts a folder with all the files in it you would like to add. You can then call all the injected files from you current working directory of the payload.

Detection

You can easily identify injections via injectra using:

injectra -c -a INPUT.app

Whereas -c stands for check. The application argument (-a) can be replaced with -p for packages as well.

Removal

Injections can be removed by applying the -r argument (stands for remove):

injectra -r -p INPUT.pkg

You can also replace -p with -a for application.

This will remove the injection from the given input.

Explanation

MacOS applications, as well as pkg installers, contain executables that are executed by a parent process. Injectra renames those executables so that a parent payload can be injected which calls your payload before starting the actual process.

There are some application which will not work yet though will work in feature updates. An example of such applications is the applications provided by MacOS itself. All other tested applications worked fine.

The injection of a package installer can escalate the payloads permissions due to the privilege escalation of the installer itself.

The injection method provided by Injectra was fully developed and discovered by Taguar258.

About

Injectra injects shellcode payloads into MacOS applications and package installers.

Topics

macos backdoor virus osx injection trojan rat macosx injector payload mac-os code-injection macos-app

Resources

Readme

License

MIT license

Code of conduct

Code of conduct
Activity

Stars

39 stars

Watchers

3 watching

Forks

6 forks
Report repository

Releases 7

Rewrite into setuptools Latest
Jan 22, 2021
+ 6 releases

Languages