-
-
Save Qix-/3c8a619abdaf35b0dd1e27efafb86e2f to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| _ _ _ _____ _ _ _____ ______ _____ _ _ _ | |
| | | | | __ \ /\ | \ | |/ ____| ____| __ \| | | | | |
| | | | | | | | / \ | \| | | __| |__ | |__) | | | | | |
| | | | | | | |/ /\ \ | . ` | | |_ | __| | _ /| | | | | |
| |_|_|_| |__| / ____ \| |\ | |__| | |____| | \ \|_|_|_| | |
| (_|_|_)_____/_/ \_\_| \_|\_____|______|_| \_(_|_|_) | |
| This script connects to a KNOWN DANGEROUS C&C and echos | |
| any commands given to it. | |
| DO NOT RUN unless you understand that the attacker WILL | |
| have your IP address logged. | |
| This script does NOT execute any of the issued commands. | |
| For more information, see: | |
| https://security.stackexchange.com/a/160410/17451 | |
| */ | |
| const tls = require('tls'); | |
| const connectOptions = { | |
| port: 9999, | |
| host: 'ec2-54-169-248-105.ap-southeast-1.compute.amazonaws.com', | |
| rejectUnauthorized: false | |
| }; | |
| const client = tls.connect(connectOptions, () => { | |
| console.log('connected; sending payload\n'); | |
| client.write('Windows PowerShell running as user Alice on WIN32-MACHINE\nCopyright (C) 2015 Microsoft Corporation. All rights reserved.\n\n', 'ascii'); | |
| client.write('PS C:\\Users\\Alice\\SafeCrypt Vault (x86)>', 'ascii'); | |
| }); | |
| client.on('data', buf => { | |
| console.log(buf.toString('utf-8')); | |
| }); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment