Search for | Ashguard Wiki

License

CTHULHU

MIT License Copyright (c) 2023 Ashguard Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation...

Base URL

CTHULHU API

The API create its own nodejs server at this address http://localhost:5000/

Endpoints

CTHULHU API

Create a New Agent URL: /api/agent/new Method: POST Description: Create a new agent and store its information in a MySQL database. Request Body: versionOS (required): The version of the operating system running on the agent. host (required): The host...

Database Connection

CTHULHU API

The API connects to a MySQL database for storing agent information. The database connection details are specified using environment variables: DB_HOST: The host name or IP address of the MySQL database. DB_USER: The username for accessing the MySQL database...

User Folder Creation

CTHULHU API

The API creates a folder named /CTHULHU/users if it doesn't already exist. Additionally, for each agent created, a user-specific folder is created within /CTHULHU/users. Folder Structure The folder structure is as follows: /CTHULHU /users /<agentId_1> ...

RSA Key Pair Generation and Storage

CTHULHU API

For each agent created, the API generates an RSA key pair consisting of a public key and a private key. The key pair is generated using a modulus length of 4096 bits. The generated keys are stored in the MySQL database along with other agent information. Key G...

Docker Compose Setup

CTHULHU Infrastructure

To simplify the deployment and management of the API and its dependencies, Docker Compose is used. The docker-compose.yml file defines the services and their configurations. docker-compose.yml version: '3.1' services: mariadb: image: mariadb restart...

Shadow copy deletion

CTHULHU Ransomware

This code provides a function to delete shadow copies using the vssadmin command. delete_shadow_copies() Deletes shadow copies using the vssadmin command. Command Execution The function executes the following command using the Command module: Command::new("cmd...

System Information Retrieval

CTHULHU Ransomware

This code provides functions to retrieve various system information such as disk details, operating system version, hostname, username, and user home directory. get_disks() -> Vec<String> Retrieves the mounted points of the system disks. Returns: A Vec<String>...

Ecryption / Decryption for external disk

CTHULHU Ransomware

Function Description The code snippet defines a function named encrypt_decrypt_external_disks with the following signature: pub fn encrypt_decrypt_external_disks(private_public_key: String, user_id: String, is_encryption: u8) Parameters private_public_key (...

Encryption / Decryption files

CTHULHU Ransomware

Overview This code provides functions for encrypting and decrypting files using AES-256 CTR encryption. It supports multi-threaded encryption and decryption of files in a specified directory. The encryption is performed using RSA public-key cryptography, where...

API connection

CTHULHU Ransomware

Overview This code provides a C2API struct that encapsulates functionalities related to interacting with a command and control (C2) API. It includes methods for making POST and GET requests, retrieving public IP information, and uploading files to the C2 serve...

Main.rs

CTHULHU Ransomware

Overview This code represents an entry point for a program that performs certain actions based on command-line arguments. It imports and utilizes modules c2, encryption, and system for various functionalities related to interacting with a C2 API, encryption, a...