Example #1
0
        void rdpClient_OnChannelReceivedData(object sender, AxMSTSCLib.IMsTscAxEvents_OnChannelReceivedDataEvent e)
        {
            try
            {
                if (chkInVchanDebug.Checked && e.chanName != "McxSess")
                {
                    m_logger.LogDebug("RDP: Received data on channel " + e.chanName);
                }


                if (e.chanName == "devcaps")
                {
                    HandleDevCapsIncoming(e);
                }
                else if (e.chanName == "McxSess")
                {
                    HandleMcxSessIncoming(e.data);
                }
                else if (e.chanName == "avctrl")
                {
                    HandleAvctrlIncoming(e.data);
                }
                else
                {
                    MessageBox.Show("unhandled data on channel " + e.chanName);
                }
            }
            catch (Exception ee)
            {
                MessageBox.Show(ee.Message + " " + ee.StackTrace);
            }
        }
Example #2
0
        void RdpClient_OnChannelReceivedData(object sender, AxMSTSCLib.IMsTscAxEvents_OnChannelReceivedDataEvent e) {
            try {

                if (e.chanName == "avctrl") {
                    AvCtrlHandler.ProcessData(e.data);
                } else if (e.chanName == "devcaps") {
                    DevCapsHandler.ProcessData(e.data);
                } else if (e.chanName == "McxSess") {
                    McxSessHandler.ProcessData(e.data);
                } else {
                    MessageBox.Show("unhandled data on channel " + e.chanName);
                }

            } catch (Exception ee) {
                MessageBox.Show(ee.Message + " " + ee.StackTrace);
            }
        }
Example #3
0
        private void rdp_OnChannelReceivedData(object sender, AxMSTSCLib.IMsTscAxEvents_OnChannelReceivedDataEvent e)
        {
            byte[] Data = System.Text.Encoding.Unicode.GetBytes(e.data);
            string str  = System.Text.Encoding.Unicode.GetString(Data);

            byte[] Channel     = System.Text.Encoding.Unicode.GetBytes(e.chanName);
            string channelName = System.Text.Encoding.Unicode.GetString(Channel);

            FileContent = Data;


            //Handle Fenrir traffic
            if (channelName == "Fenrir")
            {
                if (str == "Start of Request")
                {
                    sFenrirReceivedRequest = "";
                    rdp.SendOnVirtualChannel("Fenrir", "Received");
                }

                else if (str == "End of Request")
                {
                    //strip the trailing null
                    sFenrirReceivedRequest = sFenrirReceivedRequest.Replace("\0", "");

                    //convert from base64string
                    byte[] bFenrirReceivedRequest = Convert.FromBase64String(sFenrirReceivedRequest);

                    //view the string
                    string decodedFenrirReceivedRequest = Encoding.UTF8.GetString(bFenrirReceivedRequest);

                    //convert the string to a byte  array so it can be forwarded on.
                    if (decodedFenrirReceivedRequest != "")
                    {
                        rdp.SendOnVirtualChannel("Fenrir", "Received");

                        Match  match = Regex.Match(decodedFenrirReceivedRequest, @"(?<method>[A-Z]+) (?<protocol>[A-Za-z0-9]+://)?(?<host>[A-Za-z0-9\.]+)?(:)?(?<port>[0-9]+)?(?<directory>[A-Za-z0-9\./\?\&\=]+)? (HTTP\/[0-9\.]+)", RegexOptions.IgnoreCase);
                        string host  = Form1.sMetasploitServer;
                        int    port  = Form1.iMetasploitPort;

                        Application.DoEvents();

                        //The below is for forwarding the packet on once we strip the IP and port from the packet
                        TcpClient client = new TcpClient();

                        //check if its an IP address, if not assume hostname
                        try
                        {
                            IPAddress oAddress = null;
                            if (IPAddress.TryParse(host, out oAddress))
                            {
                                IPEndPoint serverEndPoint = new IPEndPoint(oAddress, port);
                                client.Connect(serverEndPoint);
                            }
                            else
                            {
                                client.Connect(host, port);
                            }
                        }
                        catch (Exception error)
                        {
                            MessageBox.Show(error.ToString());
                        }

                        NetworkStream clientStream = client.GetStream();

                        ASCIIEncoding encoder = new ASCIIEncoding();

                        clientStream.Write(bFenrirReceivedRequest, 0, bFenrirReceivedRequest.Length);

                        //Log the requests sent
                        using (System.IO.StreamWriter file = new System.IO.StreamWriter(@"Fenrir.log", true))
                        {
                            file.WriteLine("Request " + DateTime.Now.ToString("dd/MM/yyyy h:mm:ss tt"));
                            file.Write(encoder.GetString(bFenrirReceivedRequest, 0, bFenrirReceivedRequest.Length));
                        }

                        Array.Clear(bFenrirReceivedRequest, 0, bFenrirReceivedRequest.Length);

                        byte[] bResponse = new byte[1024];
                        int    bytesRead = 0;
                        while ((bytesRead = clientStream.Read(bResponse, 0, bResponse.Length)) > 0)
                        {
                            //Log the responses
                            using (System.IO.StreamWriter file = new System.IO.StreamWriter(@"Fenrir.log", true))
                            {
                                file.WriteLine("Response " + DateTime.Now.ToString("dd/MM/yyyy h:mm:ss tt"));
                                file.Write(encoder.GetString(bResponse, 0, bResponse.Length) + "\r\n");
                            }

                            string sResponse = Convert.ToBase64String(bResponse, 0, bResponse.Length) + "$";
                            rdp.SendOnVirtualChannel("Fenrir", sResponse);
                            clientStream.Flush();
                            Array.Clear(bResponse, 0, bResponse.Length);
                            Application.DoEvents();
                        }

                        rdp.SendOnVirtualChannel("Fenrir", "End of Response");

                        sFenrirReceivedRequest = "";
                    }
                    else
                    {
                        //DO NOTHING
                    }
                }


                else
                {
                    sFenrirReceivedRequest += str;
                    rdp.SendOnVirtualChannel("Fenrir", "Received");
                }
            }

            //If its not Fenrir then assume it is Sleipnir Traffic
            else
            {
                string sDecode = System.Text.Encoding.Unicode.GetString(System.Convert.FromBase64String(str));
                byte[] bDecode = System.Convert.FromBase64String(str);

                //Make sure its the start of the file by checking for "title:"
                if (System.Text.RegularExpressions.Regex.IsMatch(sDecode, "title:", System.Text.RegularExpressions.RegexOptions.IgnoreCase))
                {
                    sTitle        = sDecode.Replace("title:", "");
                    sTitleTrimmed = sTitle.Replace("\0", string.Empty);
                    if (File.Exists(sTitleTrimmed))
                    {
                        MessageBox.Show("File already exists! Cancelling transfer");
                        rdp.SendOnVirtualChannel("Loki1", "Cancelled");
                    }
                    else
                    {
                        using (FileStream writeStream = new FileStream(sTitleTrimmed, FileMode.Create, FileAccess.Write))
                        {
                            writeStream.Flush();
                        }
                        rdp.SendOnVirtualChannel("Loki1", "Received");
                    }
                }
                //If its not the start then check that it is not the end by looking for !!!

                else if (System.Text.RegularExpressions.Regex.IsMatch(sDecode, "!!!", System.Text.RegularExpressions.RegexOptions.IgnoreCase))
                {
                    MessageBox.Show("File successfully transferred!");
                    return;
                }
                //If its not the beginning or the end then it must be the middle :)
                else
                {
                    string sDecodeTrimmed = sDecode.Replace("\0", string.Empty);
                    byte[] filecontent    = System.Text.Encoding.Unicode.GetBytes(sDecode);

                    using (FileStream writeStream = new FileStream(sTitleTrimmed, FileMode.Append, FileAccess.Write))
                    {
                        writeStream.Write(bDecode, 0, filecontent.Length);
                        writeStream.Flush();
                        Array.Clear(bDecode, 0, bDecode.Length);
                    }

                    rdp.SendOnVirtualChannel("Loki1", "Received");
                }
            }

            str         = "";
            channelName = "";
            Array.Clear(Data, 0, Data.Length);
            Array.Clear(Channel, 0, Channel.Length);
        }
Example #4
0
        private void HandleDevCapsIncoming(AxMSTSCLib.IMsTscAxEvents_OnChannelReceivedDataEvent e)
        {
            byte[] vChanResponseBuff = null;

            if (devCapsIter == 1)
            {
                // The initial response data for the initialization process.
                vChanResponseBuff = LoadDevCapsVChan("Initial");
            }
            else
            {
                // For now, respond true to all capability requests except the capabilities in the white list.
                byte[] vChanIncomingBuff = Encoding.Unicode.GetBytes(e.data);
                string capChar1          = Encoding.ASCII.GetString(vChanIncomingBuff, vChanIncomingBuff.Length - 2, 1).ToUpper();
                string capChar2          = Encoding.ASCII.GetString(vChanIncomingBuff, vChanIncomingBuff.Length - 1, 1).ToUpper();

                m_logger.LogDebug("Asked for capability: " + capChar1 + capChar2);

                List <String> disabledCaps = new List <string>();
                disabledCaps.Add("BI"); // BIG - we cannot do Xbox 360 rendering
                disabledCaps.Add("PH");
                disabledCaps.Add("POP");
                disabledCaps.Add("HO");
                disabledCaps.Add("AR");
                disabledCaps.Add("CR");
                disabledCaps.Add("CP");
                disabledCaps.Add("CD");
                disabledCaps.Add("DR");
                disabledCaps.Add("DV");
                disabledCaps.Add("FP");
                disabledCaps.Add("HC");
                disabledCaps.Add("HT");
                disabledCaps.Add("DO");
                disabledCaps.Add("SC");
                disabledCaps.Add("NL");
                disabledCaps.Add("RS");
                disabledCaps.Add("VO");
                disabledCaps.Add("W3");
                disabledCaps.Add("RU"); // RUI - we cannot do Xbox 360 rendering
                disabledCaps.Add("WI"); // WID - disable widescreen for the time being.
                disabledCaps.Add("TV"); // TVS
                disabledCaps.Add("TB"); // TBP - disable the media center toolbar.
                disabledCaps.Add("AN"); // ANI - intensive animations over RDP look awful!
                disabledCaps.Add("VI"); // VIZ - can't do wmp visualisations over RDP!
                disabledCaps.Add("MU"); // TVS
                disabledCaps.Add("XT");

                bool response = false;
                if (disabledCaps.Contains(capChar1 + capChar2))
                {
                    vChanResponseBuff = LoadDevCapsVChan("Disabled");
                }
                else
                {
                    vChanResponseBuff = LoadDevCapsVChan("Enabled");
                    response          = true;
                }

                // We need to modify the sequencing integer inside the response.
                vChanResponseBuff[21] = Convert.ToByte(devCapsIter);

                m_logger.LogDebug("RDP: " + response.ToString().ToUpper() + " for capability " + capChar1 + capChar2);
            }



            rdpClient.SendOnVirtualChannel("devcaps", Encoding.Unicode.GetString(vChanResponseBuff));
            m_logger.LogDebug("RDP: Sent devcaps citeration " + devCapsIter.ToString());


            devCapsIter++;
        }