This repository contains a Python proof-of-concept of command and control scripts focused around HTTP 404 error pages. The server will generate a clean error page without any suspicious details until the user chooses a command for the client to run. Once the command is chosen, an HTML comment will be inserted into the error page with a base64 encoding of the command and the server and port for the client to connect back to.
The client will navigate to the given web server and attempt to read from a random URI. This will hopefully result in a 404 error, and if the error page contains the encoded comment, it will decode it and run the command. It will then connect back to the server through a socket and send the base64-encoded results of the command. Then, it will sleep for 30-60 seconds and repeat the process. If no comments are found or the result is not a 404 error, then the client will sleep and try again.
To fully get this proof-of-concept running, a user will need to have a web server running and have the 404 error page pointing to the file generated by the command and control server.
Further work could involve better encoding or encryption of the data being passed around, as base64 is suspicious to see, and to have the client exfiltrate the data through different means, such as in a cookie or HTTP header, to seem more like regular traffic. Additionally, the client can be expanded to Windows machines, as currently it only works on Linux.
This code works with Python version >= 3.6