private static void Run(string[] args) { // ignore all certs ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true; // parse program flags if (!CommandLineFlagManager.Parse(args)) { return; } AppDomain.CurrentDomain.ProcessExit += CurrentDomain_ProcessExit; _log.Trace($"Initiating {ApplicationDetails.Name} startup - Local: {DateTime.Now.TimeOfDay} UTC: {DateTime.UtcNow.TimeOfDay}"); //load configuration try { Program.Configuration = ClientConfigurationLoader.Config; } catch (Exception e) { var path = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); var o = $"Exec path: {path} - configuration 404: {ApplicationDetails.ConfigurationFiles.Application} - exiting. Exception: {e}"; _log.Fatal(o); Console.WriteLine(o, Color.Red); Console.ReadLine(); return; } //linux clients do not catch stray processes or check for job duplication StartupTasks.SetStartup(); _listenerManager = new ListenerManager(); //check id _log.Trace(Comms.CheckId.Id); //connect to command server for updates and sending logs Comms.Updates.Run(); //linux clients do not perform local survey if (Configuration.HealthIsEnabled) { var h = new Health.Check(); h.Run(); } if (Configuration.HandlersIsEnabled) { var o = new Orchestrator(); o.Run(); } new ManualResetEvent(false).WaitOne(); }
private static void Run(string[] args) { // ignore all certs ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true; // parse program flags if (!CommandLineFlagManager.Parse(args)) { return; } //attach handler for shutdown tasks AppDomain.CurrentDomain.ProcessExit += CurrentDomain_ProcessExit; _log.Trace($"Initiating Ghosts startup - Local time: {DateTime.Now.TimeOfDay} UTC: {DateTime.UtcNow.TimeOfDay}"); //load configuration try { Configuration = ClientConfigurationLoader.Config; } catch (Exception e) { var path = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); var o = $"Exec path: {path} - configuration 404: {ApplicationDetails.ConfigurationFiles.Application} - exiting. Exception: {e}"; _log.Fatal(o); Console.WriteLine(o); Console.ReadLine(); return; } StartupTasks.CheckConfigs(); Thread.Sleep(500); //show window if debugging or if --debug flag passed in var handle = GetConsoleWindow(); if (!IsDebug) { ShowWindow(handle, SwHide); //add hook to manage processes running in order to never tip a machine over StartupTasks.CleanupProcesses(); } //add ghosts to startup StartupTasks.SetStartup(); //add listener on a port or ephemeral file watch to handle ad hoc commands ListenerManager.Run(); //do we have client id? or is this first run? _log.Trace(Comms.CheckId.Id); //connect to command server for 1) client id 2) get updates and 3) sending logs/surveys Comms.Updates.Run(); //local survey gathers information such as drives, accounts, logs, etc. if (Configuration.Survey.IsEnabled) { try { Survey.SurveyManager.Run(); } catch (Exception exc) { _log.Error(exc); } } if (Configuration.HealthIsEnabled) { try { var h = new Health.Check(); h.Run(); } catch (Exception exc) { _log.Error(exc); } } //timeline processing if (Configuration.HandlersIsEnabled) { try { var o = new Orchestrator(); o.Run(); } catch (Exception exc) { _log.Error(exc); } } //ghosts singleton new ManualResetEvent(false).WaitOne(); }
static void Main(string[] args) { if (!CommandLineFlagManager.Parse(args)) { return; } RestClient client; IRestResponse o; string id; RestRequest request; var commands = new List <string>(); commands.Add("BrowserChrome"); commands.Add("BrowserFirefox"); commands.Add("Word"); commands.Add("Excel"); commands.Add("Outlook"); commands.Add("PowerPoint"); commands.Add("Clicks"); commands.Add("BrowserIE"); var rnd = new Random(); var i = 0; while (true) { client = new RestClient($"{Program.Options.Host}/api/clientid"); request = new RestRequest(Method.GET); request.AddHeader("Cache-Control", "no-cache"); request.AddHeader("Content-Type", "application/json"); request.AddHeader("ghosts-user", "clubber.lang"); request.AddHeader("ghosts-ip", $"127.1.1.{i}"); request.AddHeader("ghosts-domain", $"domain-{i}"); request.AddHeader("ghosts-host", $"host-{i}"); request.AddHeader("ghosts-resolvedhost", $"resolvedHost.{i}"); request.AddHeader("ghosts-fqdn", $"flag01.hq.win10.user-test-vpn-{i}"); request.AddHeader("ghosts-name", $"flag01.hq.win10.user-test-vpn-{i}"); request.AddHeader("ghosts-version", "2.6.0.0"); o = client.Execute(request); id = o.Content.Replace("\"", ""); Console.WriteLine($"Id response was: {id}"); Thread.Sleep(50); var i2 = 30; Console.Write($"Results "); while (i2 > 0) { client = new RestClient($"{Options.Host}/api/clientresults"); request = new RestRequest(Method.POST); request.AddHeader("Cache-Control", "no-cache"); request.AddHeader("Content-Type", "application/json"); request.AddHeader("ghosts-user", "clubber.lang"); request.AddHeader("ghosts-ip", $"127.1.1.{i}"); request.AddHeader("ghosts-domain", $"domain-{i}"); request.AddHeader("ghosts-host", $"host-{i}"); request.AddHeader("ghosts-resolvedhost", $"resolvedHost.{i}"); request.AddHeader("ghosts-fqdn", $"flag01.hq.win10.user-test-vpn-{i}"); request.AddHeader("ghosts-name", $"flag01.hq.win10.user-test-vpn-{i}"); request.AddHeader("ghosts-version", "2.6.0.0"); request.AddHeader("ghosts-id", id); var r = new TransferLogDump(); var data = File.ReadLines(Options.UpdatesFile); var sb = new StringBuilder(); foreach (var d in data) { sb.AppendLine(d); } r.Log = sb.ToString(); var payload = JsonConvert.SerializeObject(r); request.AddParameter("undefined", payload, ParameterType.RequestBody); // request.AddParameter("undefined", // "{\r\n\t\"Log\": \"TIMELINE|" + DateTime.UtcNow.ToString("MM/dd/yy H:mm:ss tt") + "|{\\\"Handler\\\":\\\"" + // commands.PickRandom() + // "\\\",\\\"Command\\\":\\\"random\\\",\\\"CommandArg\\\":\\\"https:\\/\\/nec-hr.region.army.mil\\\"}\\r\\nHEALTH|" + // DateTime.Now.ToString("MM/dd/yy H:mm:ss tt") + // "|{\\\"Internet\\\":true,\\\"Permissions\\\":false,\\\"ExecutionTime\\\":101,\\\"Errors\\\":[],\\\"LoggedOnUsers\\\":[\\\"Dustin\\\"]}\\r\\nTIMELINE|" + // DateTime.Now.ToString() + "|{\\\"Handler\\\":\\\"" + commands.PickRandom() + // "\\\",\\\"Command\\\":\\\"random\\\",\\\"CommandArg\\\":\\\"http:\\/\\/www.dma.mil\\\"}\"\r\n}", ParameterType.RequestBody); o = client.Execute(request); Console.Write($"{i2}, "); i2--; Thread.Sleep(50); } client = new RestClient($"{Options.Host}/api/clientresults"); request = new RestRequest(Method.POST); request.AddHeader("cache-control", "no-cache"); request.AddHeader("ghosts-user", "clubber.lang"); request.AddHeader("ghosts-ip", $"127.1.1.{i}"); request.AddHeader("ghosts-domain", $"domain-{i}"); request.AddHeader("ghosts-host", $"host-{i}"); request.AddHeader("ghosts-resolvedhost", $"resolvedHost.{i}"); request.AddHeader("ghosts-fqdn", $"flag01.hq.win10.user-test-vpn-{i}"); request.AddHeader("ghosts-name", $"flag01.hq.win10.user-test-vpn-{i}"); request.AddHeader("ghosts-version", "2.6.0.0"); request.AddHeader("Content-Type", "application/json"); request.AddParameter("undefined", "{\"Log\":\"HEALTH|" + DateTime.UtcNow.ToString("MM/dd/yy H:mm:ss tt") + "|{\\\"Internet\\\":true,\\\"Permissions\\\":false,\\\"ExecutionTime\\\":946,\\\"Errors\\\":[],\\\"LoggedOnUsers\\\":[\\\"Dustin\\\"],\\\"Stats\\\":{\\\"Memory\\\":0.907363832,\\\"Cpu\\\":97.98127,\\\"DiskSpace\\\":0.479912162}}\"}", ParameterType.RequestBody); o = client.Execute(request); Console.WriteLine($"Health response was: {o.ResponseStatus}"); Thread.Sleep(50); client = new RestClient($"{Options.Host}/api/clientupdates"); request = new RestRequest(Method.GET); request.AddHeader("Cache-Control", "no-cache"); request.AddHeader("Content-Type", "application/json"); request.AddHeader("ghosts-user", "clubber.lang"); request.AddHeader("ghosts-ip", $"127.1.1.{i}"); request.AddHeader("ghosts-domain", $"domain-{i}"); request.AddHeader("ghosts-host", $"host-{i}"); request.AddHeader("ghosts-resolvedhost", $"resolvedHost.{i}"); request.AddHeader("ghosts-fqdn", $"flag01.hq.win10.user-test-vpn-{i}"); request.AddHeader("ghosts-name", $"flag01.hq.win10.user-test-vpn-{i}"); request.AddHeader("ghosts-version", "2.6.0.0"); request.AddHeader("ghosts-id", id); request.AddParameter("undefined", "{\"Log\":\"\"}", ParameterType.RequestBody); o = client.Execute(request); Console.WriteLine($"Updates response was: {o.ResponseStatus}"); Thread.Sleep(500); i++; } }
private static void Run(string[] args) { // ignore all certs ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true; // parse program flags if (!CommandLineFlagManager.Parse(args)) { return; } AppDomain.CurrentDomain.ProcessExit += CurrentDomain_ProcessExit; _log.Trace($"Initiating Ghosts startup - Local time: {DateTime.Now.TimeOfDay} UTC: {DateTime.UtcNow.TimeOfDay}"); //load configuration try { Program.Configuration = ClientConfigurationLoader.Config; } catch (Exception e) { var path = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location); var o = $"Exec path: {path} - configuration 404: {ApplicationDetails.ConfigurationFiles.Application} - exiting. Exception: {e}"; _log.Fatal(o); Console.WriteLine(o, Color.Red); Console.ReadLine(); return; } //catch any stray processes running and avoid duplication of jobs running //StartupTasks.CleanupProcesses(); //make sure ghosts starts when machine starts StartupTasks.SetStartup(); ListenerManager.Run(); //check id _log.Trace(Comms.CheckId.Id); ////connect to command server for updates and sending logs Comms.Updates.Run(); //TODO? should these clients do a local survey? //if (Configuration.Survey.IsEnabled) //{ // try // { // Survey.SurveyManager.Run(); // } // catch (Exception exc) // { // _log.Error(exc); // } //} if (Configuration.HealthIsEnabled) { try { var h = new Health.Check(); h.Run(); } catch (Exception exc) { _log.Error(exc); } } if (Configuration.HandlersIsEnabled) { try { var o = new Orchestrator(); o.Run(); } catch (Exception exc) { _log.Error(exc); } } new ManualResetEvent(false).WaitOne(); }