Hugging Face's logo

Spaces:
eikarna
/
hfcc
Paused

App Files Community
eikarna commited on
Commit
8e84046
·
0 Parent(s):

Initial commit

Browse files
Files changed (4) hide show
  1. Dockerfile +26 -0
  2. README.md +11 -0
  3. go.mod +3 -0
  4. main.go +95 -0
Dockerfile ADDED
@@ -0,0 +1,26 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ # Build stage
2
+ FROM golang:1.24-alpine AS builder
3
+ RUN apk add --no-cache git
4
+ WORKDIR /app
5
+ COPY . .
6
+ RUN go mod tidy
7
+ RUN CGO_ENABLED=0 GOOS=linux go build -o huggingface-cc
8
+
9
+ # Runtime stage
10
+ FROM alpine:3.22.0
11
+ RUN apk add --no-cache \
12
+ git \
13
+ bash \
14
+ curl
15
+
16
+ RUN adduser -D -u 1000 user
17
+ USER user
18
+
19
+ # Install Hugging Face CLI and transformers
20
+ # RUN pip3 install --no-cache-dir --break-system-packages --user huggingface_hub transformers pytorch
21
+
22
+ # Copy binary from builder
23
+ COPY --chown=user:user --from=builder /app/huggingface-cc /usr/local/bin/
24
+
25
+ EXPOSE 8080
26
+ CMD ["huggingface-cc"]
README.md ADDED
@@ -0,0 +1,11 @@
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ---
2
+ title: hfcc
3
+ emoji: 😋
4
+ colorFrom: purple
5
+ colorTo: blue
6
+ sdk: docker
7
+ app_file: app.py
8
+ pinned: true
9
+ ---
10
+
11
+ Dan Yap
go.mod ADDED
@@ -0,0 +1,3 @@
 
 
 
 
1
+ module hfcc
2
+
3
+ go 1.24.2
main.go ADDED
@@ -0,0 +1,95 @@
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ package main
2
+
3
+ import (
4
+ "encoding/json"
5
+ "log"
6
+ "net/http"
7
+ "os/exec"
8
+ "strings"
9
+ "sync"
10
+ )
11
+
12
+ // CommandRequest struktur untuk request
13
+ type CommandRequest struct {
14
+ Command string `json:"command"`
15
+ }
16
+
17
+ // CommandResponse struktur untuk response
18
+ type CommandResponse struct {
19
+ Status string `json:"status"`
20
+ Output string `json:"output,omitempty"`
21
+ Error string `json:"error,omitempty"`
22
+ }
23
+
24
+ var (
25
+ commandLock sync.Mutex
26
+ )
27
+
28
+ func commandHandler(w http.ResponseWriter, r *http.Request) {
29
+ if r.Method != http.MethodPost {
30
+ respondError(w, "Method not allowed", http.StatusMethodNotAllowed)
31
+ return
32
+ }
33
+
34
+ var req CommandRequest
35
+ if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
36
+ respondError(w, "Invalid JSON format", http.StatusBadRequest)
37
+ return
38
+ }
39
+
40
+ if strings.TrimSpace(req.Command) == "" {
41
+ respondError(w, "Command cannot be empty", http.StatusBadRequest)
42
+ return
43
+ }
44
+
45
+ response := executeCommand(req.Command)
46
+
47
+ w.Header().Set("Content-Type", "application/json")
48
+ w.WriteHeader(http.StatusOK)
49
+ json.NewEncoder(w).Encode(response)
50
+ }
51
+
52
+ func rootHandler(w http.ResponseWriter, r *http.Request) {
53
+ w.Header().Set("Content-Type", "text/html")
54
+ w.WriteHeader(http.StatusOK)
55
+ w.Write([]byte("200 OK"))
56
+ }
57
+
58
+ func executeCommand(cmdStr string) CommandResponse {
59
+ commandLock.Lock()
60
+ defer commandLock.Unlock()
61
+
62
+ cmd := exec.Command("/bin/sh", "-c", cmdStr)
63
+ output, err := cmd.CombinedOutput()
64
+
65
+ if err != nil {
66
+ return CommandResponse{
67
+ Status: "error",
68
+ Error: err.Error(),
69
+ Output: string(output),
70
+ }
71
+ }
72
+
73
+ return CommandResponse{
74
+ Status: "success",
75
+ Output: string(output),
76
+ }
77
+ }
78
+
79
+ func respondError(w http.ResponseWriter, message string, statusCode int) {
80
+ w.Header().Set("Content-Type", "application/json")
81
+ w.WriteHeader(statusCode)
82
+ json.NewEncoder(w).Encode(CommandResponse{
83
+ Status: "error",
84
+ Error: message,
85
+ })
86
+ }
87
+
88
+ func main() {
89
+ http.HandleFunc("/", rootHandler)
90
+ http.HandleFunc("/execute", commandHandler)
91
+
92
+ port := ":8080"
93
+ log.Printf("Shell C2 server running on port %s\n", port)
94
+ log.Fatal(http.ListenAndServe(port, nil))
95
+ }