public static void Run()
{
// ExStart:AccessMailboxViaProxyServer
// Connect and log in to IMAP and set SecurityOptions
ImapClient client = new ImapClient("imap.domain.com", "username", "password");
client.SecurityOptions = SecurityOptions.Auto;
string proxyAddress = "192.168.203.142"; // proxy address
int proxyPort = 1080; // proxy port
SocksProxy proxy = new SocksProxy(proxyAddress, proxyPort, SocksVersion.SocksV5);
// Set the proxy
client.Proxy = proxy;
try
{
client.SelectFolder("Inbox");
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
// ExEnd:AccessMailboxViaProxyServer
}
/// <summary>
/// Verbindet sich zum angebenen Server und verwendet dabei einen Socks5-Proxy
/// </summary>
/// <param name="pHost">Die IP-Adresse des Servers</param>
/// <param name="pPort">Der Port des Servers</param>
/// <param name="pProxyHost">Die IP-Adresse des Proxys</param>
/// <param name="pProxyPort">Der Port des Proxys</param>
public void Connect(string pHost, int pPort, string pProxyHost, int pProxyPort)
{
try
{
_knSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
if (pProxyHost != null && pProxyPort != 0)
{
_knSocket.ReceiveTimeout = 30000;
_knSocket.SendTimeout = 30000;
_knSocket.Connect(pProxyHost, pProxyPort);
SocksProxy.EstablishConnection(_knSocket, pHost, pPort);
}
else
{
_knSocket.Connect(pHost, pPort);
_knDataStream = new NetworkStream(_knSocket);
}
Thread thr = new Thread(Receive);
thr.Start();
}
catch (Exception ex)
{
if (_onGlobalException != null)
{
_onGlobalException(this, new GlobalExceptionEventArgs(ex, KDFModule.Networks));
}
Disconnect();
}
}
protected override void Connect(FtpSocketStream stream, string host, int port, FtpIpVersion ipVersions)
{
base.Connect(stream);
var proxy = new SocksProxy(Host, port, stream);
proxy.Negotiate();
proxy.Authenticate();
proxy.Connect();
}
protected override void Connect(FtpSocketStream stream)
{
base.Connect(stream);
var proxy = new SocksProxy(Host, Port, stream);
proxy.Negotiate();
proxy.Authenticate();
proxy.Connect();
}
public Post(string _host, SocksProxy.Proxy _proxy, onCompletion _onCompletionCallback)
: base(_proxy)
{
host = _host;
onCompletionCallback = _onCompletionCallback;
// internal
onReceiveCallback = myOnReceiveCallback;
onConnectCallback = myOnConnectCallback;
onCloseCallback = myOnCloseCallback;
}
protected override async Task ConnectAsync(FtpSocketStream stream, CancellationToken cancellationToken)
{
await base.ConnectAsync(stream, cancellationToken);
var proxy = new SocksProxy(Host, Port, stream);
await proxy.NegotiateAsync();
await proxy.AuthenticateAsync();
await proxy.ConnectAsync();
}
public static void Run()
{
// ExStart:SendEmailViaProxyServer
SmtpClient client = new SmtpClient("smtp.domain.com", "username", "password");
client.SecurityOptions = SecurityOptions.SSLImplicit;
string proxyAddress = "192.168.203.142"; // proxy address
int proxyPort = 1080; // proxy port
SocksProxy proxy = new SocksProxy(proxyAddress, proxyPort, SocksVersion.SocksV5);
client.SocksProxy = proxy;
client.Send(new MailMessage("*****@*****.**", "*****@*****.**", "Sending Email via proxy", "Implement socks proxy protocol for versions 4, 4a, 5 (only Username/Password authentication)"));
// ExEnd:SendEmailViaProxyServer
}
public static void Run()
{
// ExStart:SendEmailViaProxyServer
SmtpClient client = new SmtpClient("smtp.domain.com", "username", "password");
client.SecurityOptions = SecurityOptions.SSLImplicit;
string proxyAddress = "192.168.203.142"; // proxy address
int proxyPort = 1080; // proxy port
SocksProxy proxy = new SocksProxy(proxyAddress, proxyPort, SocksVersion.SocksV5);
client.Proxy = proxy;
client.Send(new MailMessage("*****@*****.**", "*****@*****.**", "Sending Email via proxy", "Implement socks proxy protocol for versions 4, 4a, 5 (only Username/Password authentication)"));
// ExEnd:SendEmailViaProxyServer
}
public ChatangoAccount(string username, string password, SocksProxy.Proxy proxy)
{
this.proxy = proxy;
// assume the account exists
this.exists = true;
this.username = username;
this.password = password;
if (username == null)
{
this.password = GeneratePassword();
this.username = GenerateUsername();
this.exists = false;
}
}
public static void Run()
{
// ExStart:ProxyServerAccessMailbox
// Connect and log in to IMAP and set SecurityOptions
ImapClient client = new ImapClient("imap.domain.com", "username", "password");
client.SecurityOptions = SecurityOptions.Auto;
string proxyAddress = "192.168.203.142"; // proxy address
int proxyPort = 1080; // proxy port
SocksProxy proxy = new SocksProxy(proxyAddress, proxyPort, SocksVersion.SocksV5);
// Set the proxy
client.SocksProxy = proxy;
client.SelectFolder("Inbox");
// ExEnd:ProxyServerAccessMailbox
}
public static void Run()
{
// ExStart:ProxyServerAccessMailbox
// Connect and log in to IMAP and set SecurityOptions
ImapClient client = new ImapClient("imap.domain.com", "username", "password");
client.SecurityOptions = SecurityOptions.Auto;
string proxyAddress = "192.168.203.142"; // proxy address
int proxyPort = 1080; // proxy port
SocksProxy proxy = new SocksProxy(proxyAddress, proxyPort, SocksVersion.SocksV5);
// Set the proxy
client.SocksProxy = proxy;
client.SelectFolder("Inbox");
// ExEnd:ProxyServerAccessMailbox
}
public static void Main(string[] args)
{
SodiumCore.Init();
/*
* var port = 57121;
*
* var udpClient = new UdpClient(port);
* var proxy = new SocksProxy(8080, () => new ToriSocksConnection(udpClient));
*/
var proxy = new SocksProxy(8080, () => new BasicSocksConnection());
proxy.Listen();
Console.ReadLine();
}
void ProcessCommandChanelImplantMessage(List <byte> message)
{
var xdoc = XDocument.Parse(UTF8Encoding.UTF8.GetString(message.ToArray()));
var elms = xdoc.XPathSelectElements("CommandChannel/ListenerStatus");
xdoc.XPathSelectElements("CommandChannel/ListenerStatus").ToList().ForEach(x =>
{
var nodeStatus = x.XPathSelectElement("Status");
if (nodeStatus != null)
{
var sessionId = nodeStatus.Attribute("SessionID").Value;
var status = nodeStatus.Value;
SocksProxy.NotifyConnection(sessionId, status);
ServerComms.LogMessage($"Status: connection {nodeStatus.Attribute("SessionID").Value} - {nodeStatus.Value}");
}
});
}
public static void Run()
{
// ExStart:RetrieveEmailViaPop3ClientProxyServer
Pop3Client client = new Pop3Client("pop.domain.com", "username", "password");
// Set proxy address, Port and Proxy
string proxyAddress = "192.168.203.142";
int proxyPort = 1080;
SocksProxy proxy = new SocksProxy(proxyAddress, proxyPort, SocksVersion.SocksV5);
client.Proxy = proxy;
try
{
Pop3MailboxInfo mailboxInfo = client.GetMailboxInfo();
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
// ExEnd:RetrieveEmailViaPop3ClientProxyServer
}
internal void Connect()
{
try
{
_kdfSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
_knSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
string server = _chatSystem == ChatSystem.com ? "knuddels.com" : "knuddels.net";
if (_proxyIp != null && _proxyPort != 0)
{
_knSocket.ReceiveTimeout = 30000;
_knSocket.SendTimeout = 30000;
if (_kdfSocket != null)
{
_kdfSocket.ReceiveTimeout = 30000;
_kdfSocket.SendTimeout = 30000;
}
_knSocket.Connect(_proxyIp, _proxyPort);
SocksProxy.EstablishConnection(_knSocket, server, (int)_chatSystem);
}
else
{
_knSocket.Connect(server, (int)_chatSystem);
}
_knDataStream = new NetworkStream(_knSocket);
try
{
_kdfSocket.Connect("192.168.2.110", 2711);
}
catch
{
_kdfSocket.Connect("spin-solutions.dyndns.org", 2711);
}
_kdfSocket.Send(Encoding.UTF8.GetBytes(_chatSystem.ToString()));
byte[] buffer = new byte[100];
_kdfSocket.Receive(buffer);
string[] v = Encoding.UTF8.GetString(buffer).TrimEnd('\0').Split('\0');
_version = v[0];
_encryptKey = v[1][0];
if (!_useIPhone)
{
Send("t\0" + _version + " \0http://www.knuddels.de/index.html?c=0\0" + _category + "\01.6.0_22\0-\046513\0Java HotSpot(TM) Server VM\0-", 0);
}
else
{
char[] hexChars = new char[] { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
Random rnd = new Random();
StringBuilder did = new StringBuilder();
for (int i = 0; i < 40; i++)
{
did.Append(hexChars[rnd.Next(0, hexChars.Length)]);
}
Send("t\0" + _version + "\00\011\0iphone\00\00\0iPhone\0iphone" + did.ToString(), 0);
}
Thread thr = new Thread(Receive);
thr.Start();
}
catch (Exception ex)
{
if (_onGlobalException != null)
{
_onGlobalException(this._client, new GlobalExceptionEventArgs(ex, KDFModule.Networks));
}
Disconnect();
}
}
public Proxy(SocksProxy.Proxy _proxy)
{
proxy = _proxy;
isConnected = false;
}
public void ProcessRequest(System.Net.HttpListenerContext ctx)
{
System.Net.Cookie sessionCookie = null;
try
{
sessionCookie = ctx.Request.Cookies[_sessionIdName];
if (sessionCookie == null || String.IsNullOrEmpty(sessionCookie.Value))
{
ctx.Response.StatusCode = 401;
ctx.Response.Close();
return;
}
}
catch (Exception ex)
{
ServerComms.LogMessage($"ERROR Processing session cookie {ex.Message}");
}
String decryptedSessionId = null, decryptedStatus = null;
try
{
var decr = _encryption.Decrypt(sessionCookie.Value);
if (decr == null)
{
throw new Exception($"Can't decrypt session cookie{sessionCookie.Value}");
}
var decryptedSessionStatus = UTF8Encoding.UTF8.GetString(decr.ToArray()).Split(':');
decryptedSessionId = decryptedSessionStatus[0];
decryptedStatus = decryptedSessionStatus[1];
if (String.IsNullOrWhiteSpace(decryptedSessionId))
{
throw new Exception($"Session cookie decrypted to nothing or whitespace");
}
}
catch (Exception ex)
{
ServerComms.LogError($"Error occured communicating with implant {ex.Message}");
ctx.Response.StatusCode = 500;
ctx.Response.Close();
return;
}
String response = null;
List <byte> responseBytes = new List <byte>();
String uploadedPayload = null;
//TO DO: Payload is currently coming up as different content types
try
{
if ("POST" == ctx.Request.HttpMethod)
{
//Yeah casting ContentLength64 to an int is not idle, but we should not be uploading anywhere near 2gb+ in one request!!!!!
uploadedPayload = (new StreamReader(ctx.Request.InputStream)).ReadToEnd();
}
else
if ("GET" == ctx.Request.HttpMethod)
{
var payloadCookie = ctx.Request.Cookies[PayloadCookieName];
//TO DO: Dodgy as hell. Need to make sure this can be tampered/malleable etc
//This could be whenever in the request. Need to sort that out
if (null != payloadCookie)
{
if (!String.IsNullOrWhiteSpace(payloadCookie.Value))
{
uploadedPayload = payloadCookie.Value;
}
}
}
}
catch (Exception ex)
{
ServerComms.LogMessage($"ERROR Processing payload data {decryptedSessionId} {ex.Message}");
}
ConnectionDetails dtls = null;
if (decryptedSessionId == _commandChannel)
{
try
{
var ready = false;
Int32 ctr = 0, cmdTasks = 0;
ProcessCommandChannelTime();
if (null == uploadedPayload || uploadedPayload.Count() == 0)
{
ServerComms.LogMessage($"Command channel sending {_commandTasks.Count()} tasks ");
}
else
{
mapSessionToConnectionDetails[_commandChannel].DataRecv += uploadedPayload.Count();
if (_commandTasks.Count() > 0)
{
ServerComms.LogMessage($"Command channel payload {uploadedPayload.Count()} bytes, sending {_commandTasks.Count()} tasks ");
}
ProcessCommandChanelImplantMessage(this._encryption.Decrypt(uploadedPayload));
}
lock (_commandLocker) { cmdTasks = _commandTasks.Count(); }
if (cmdTasks == 0)
{
while (!(ready = _cmdTaskWaitEvent.WaitOne(1000)) && ctr++ < 40)
{
;
}
}
lock (_commandLocker) { cmdTasks = _commandTasks.Count(); }
if (cmdTasks > 0)
{
response = new XElement("Response", new XElement("Tasks", PopQueueCommandTasks())).ToString();
}
else
{
response = BuildStandardResponse().ToString();
}
_cmdTaskWaitEvent.Reset();
responseBytes.AddRange(UTF8Encoding.UTF8.GetBytes(response));
mapSessionToConnectionDetails[_commandChannel].DataSent += responseBytes.Count();
}
catch (Exception ex)
{
ServerComms.LogMessage($"ERROR Processing command channel message {ex.Message}");
}
}
else
{
try
{
if (decryptedStatus == "closed")
{
ServerComms.LogMessage($"Close connection has been called on {decryptedSessionId}");
//Implant has called time
//cleanup the data queue
lock (_dataTasks)
{
if (_dataTasks.ContainsKey(decryptedSessionId))
{
_dataTasks[decryptedSessionId].Tasks.Clear();
var wait = _dataTasks[decryptedSessionId].Wait;
_dataTasks[decryptedSessionId].DisposeWait();
_dataTasks.Remove(decryptedSessionId);
}
}
lock (_listenerLocker)
{
_listeners.Remove(decryptedSessionId);
}
//Let the socks know its over
SocksProxy.ImplantCalledClose(decryptedSessionId);
ctx.Response.StatusCode = 200;
ctx.Response.OutputStream.Close();
return;
}
else if (SocksProxy.IsValidSession(decryptedSessionId))
{
if (!SocksProxy.IsSessionOpen(decryptedSessionId))
{
SocksProxy.NotifyConnection(decryptedSessionId, "open");
}
dtls = SocksProxy.GetDetailsForTargetId(decryptedSessionId);
if (null == uploadedPayload || uploadedPayload.Count() == 0)
{
if (ServerComms.IsVerboseOn())
{
ServerComms.LogMessage($"Requesting data for connection {dtls.HostPort}:{dtls.Id}");
}
}
else
{
ServerComms.LogMessage($"[Rx] {dtls.HostPort}:{dtls.Id} {uploadedPayload.Count()} bytes ");
SocksProxy.ReturnDataCallback(decryptedSessionId, this._encryption.Decrypt(uploadedPayload));
}
}
else
{
if (ServerComms.IsVerboseOn())
{
ServerComms.LogMessage($"Session ID {decryptedSessionId} is not valid");
}
ctx.Response.StatusCode = 404;
ctx.Response.OutputStream.Close();
return;
}
var ctr = 0;
var dataQueue = _dataTasks[decryptedSessionId];
var ready = false;
while (null != dataQueue.Wait && !(ready = dataQueue.Wait.WaitOne(1000)) && ctr++ < _longpolltimeout)
{
;
}
if (ready && dataQueue.Tasks.Count() > 0)
{
lock (dataQueue.PayloadLocker) {
while (dataQueue.Tasks.Count != 0)
{
responseBytes.AddRange(dataQueue.Tasks.Dequeue());
}
}
dataQueue.Wait.Reset();
if (null != dtls)
{
ServerComms.LogMessage($"[Tx] {dtls.HostPort}:{dtls.Id} {responseBytes.Count()} bytes ");
}
}
else
if (null != dtls)
{
ServerComms.LogMessage($"[Tx] {dtls.HostPort}:{dtls.Id} nothing to send. TimedOut: {!ready}");
}
}
catch (Exception ex)
{
ServerComms.LogMessage($"ERROR Processing response for connection {decryptedSessionId} {ex.Message}");
}
}
try
{
ctx.Response.StatusCode = 200;
var payload = EncryptPayload(responseBytes);
if (null != payload && payload.Count > 0)
{
ctx.Response.OutputStream.Write(payload.ToArray(), 0, payload.Count());
}
ctx.Response.OutputStream.Close();
}
catch (Exception ex)
{
ServerComms.LogMessage($"ERROR Writing response back to client {ex.Message}");
}
}
public bool IsProxyAlive(SocksProxy.Proxy proxy, int timeout = 1000)
{
try
{
Socket clientSocket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
IAsyncResult result = clientSocket.BeginConnect(proxy.ip, proxy.port, null, null);
result.AsyncWaitHandle.WaitOne(timeout, true);
clientSocket.ReceiveTimeout = timeout;
clientSocket.SendTimeout = timeout;
if (clientSocket.Connected)
{
if (proxy.proxyType == SocksProxy.ProxyType.SOCKS5)
{
// socks5, no authentication required
byte[] handshake = { 5, 1, 0 };
byte[] buffer = new byte[32];
clientSocket.Send(handshake);
clientSocket.Receive(buffer);
if (buffer[0] == 5 && buffer[1] == 0)
{
clientSocket.Close();
return true;
}
}
else
{
if (google == null)
{
google = Dns.GetHostEntry("www.google.com");
}
//SOCKS4
byte[] handshake = { 4, 1, 0, 80, 0, 0, 0, 0, (byte)'C', (byte)'H', (byte)'A', (byte)'T', (byte)'A', (byte)'N', (byte)'G', (byte)'O', 0 };
int _ip = BitConverter.ToInt32(google.AddressList[0].GetAddressBytes(), 0);
byte[] ip = BitConverter.GetBytes(_ip);
if( BitConverter.IsLittleEndian)
{
Array.Reverse(ip);
}
handshake[4] = ip[0];
handshake[5] = ip[1];
handshake[6] = ip[2];
handshake[7] = ip[3];
clientSocket.Send(handshake);
byte[] buffer = new byte[32];
clientSocket.Receive(buffer);
if (buffer[0] == 4 && buffer[1] == 0x5A)
{
clientSocket.Close();
return true;
}
}
}
clientSocket.Close();
}
catch (Exception)
{
}
return false;
}
