private static void Run(string[] args)
{
// ignore all certs
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
// parse program flags
if (!CommandLineFlagManager.Parse(args))
{
return;
}
AppDomain.CurrentDomain.ProcessExit += CurrentDomain_ProcessExit;
_log.Trace($"Initiating {ApplicationDetails.Name} startup - Local: {DateTime.Now.TimeOfDay} UTC: {DateTime.UtcNow.TimeOfDay}");
//load configuration
try
{
Program.Configuration = ClientConfigurationLoader.Config;
}
catch (Exception e)
{
var path = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
var o = $"Exec path: {path} - configuration 404: {ApplicationDetails.ConfigurationFiles.Application} - exiting. Exception: {e}";
_log.Fatal(o);
Console.WriteLine(o, Color.Red);
Console.ReadLine();
return;
}
//linux clients do not catch stray processes or check for job duplication
StartupTasks.SetStartup();
_listenerManager = new ListenerManager();
//check id
_log.Trace(Comms.CheckId.Id);
//connect to command server for updates and sending logs
Comms.Updates.Run();
//linux clients do not perform local survey
if (Configuration.HealthIsEnabled)
{
var h = new Health.Check();
h.Run();
}
if (Configuration.HandlersIsEnabled)
{
var o = new Orchestrator();
o.Run();
}
new ManualResetEvent(false).WaitOne();
}
private static void Run(string[] args)
{
// ignore all certs
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
// parse program flags
if (!CommandLineFlagManager.Parse(args))
{
return;
}
//attach handler for shutdown tasks
AppDomain.CurrentDomain.ProcessExit += CurrentDomain_ProcessExit;
_log.Trace($"Initiating Ghosts startup - Local time: {DateTime.Now.TimeOfDay} UTC: {DateTime.UtcNow.TimeOfDay}");
//load configuration
try
{
Configuration = ClientConfigurationLoader.Config;
}
catch (Exception e)
{
var path = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
var o = $"Exec path: {path} - configuration 404: {ApplicationDetails.ConfigurationFiles.Application} - exiting. Exception: {e}";
_log.Fatal(o);
Console.WriteLine(o);
Console.ReadLine();
return;
}
StartupTasks.CheckConfigs();
Thread.Sleep(500);
//show window if debugging or if --debug flag passed in
var handle = GetConsoleWindow();
if (!IsDebug)
{
ShowWindow(handle, SwHide);
//add hook to manage processes running in order to never tip a machine over
StartupTasks.CleanupProcesses();
}
//add ghosts to startup
StartupTasks.SetStartup();
//add listener on a port or ephemeral file watch to handle ad hoc commands
ListenerManager.Run();
//do we have client id? or is this first run?
_log.Trace(Comms.CheckId.Id);
//connect to command server for 1) client id 2) get updates and 3) sending logs/surveys
Comms.Updates.Run();
//local survey gathers information such as drives, accounts, logs, etc.
if (Configuration.Survey.IsEnabled)
{
try
{
Survey.SurveyManager.Run();
}
catch (Exception exc)
{
_log.Error(exc);
}
}
if (Configuration.HealthIsEnabled)
{
try
{
var h = new Health.Check();
h.Run();
}
catch (Exception exc)
{
_log.Error(exc);
}
}
//timeline processing
if (Configuration.HandlersIsEnabled)
{
try
{
var o = new Orchestrator();
o.Run();
}
catch (Exception exc)
{
_log.Error(exc);
}
}
//ghosts singleton
new ManualResetEvent(false).WaitOne();
}
static void Main(string[] args)
{
if (!CommandLineFlagManager.Parse(args))
{
return;
}
RestClient client;
IRestResponse o;
string id;
RestRequest request;
var commands = new List <string>();
commands.Add("BrowserChrome");
commands.Add("BrowserFirefox");
commands.Add("Word");
commands.Add("Excel");
commands.Add("Outlook");
commands.Add("PowerPoint");
commands.Add("Clicks");
commands.Add("BrowserIE");
var rnd = new Random();
var i = 0;
while (true)
{
client = new RestClient($"{Program.Options.Host}/api/clientid");
request = new RestRequest(Method.GET);
request.AddHeader("Cache-Control", "no-cache");
request.AddHeader("Content-Type", "application/json");
request.AddHeader("ghosts-user", "clubber.lang");
request.AddHeader("ghosts-ip", $"127.1.1.{i}");
request.AddHeader("ghosts-domain", $"domain-{i}");
request.AddHeader("ghosts-host", $"host-{i}");
request.AddHeader("ghosts-resolvedhost", $"resolvedHost.{i}");
request.AddHeader("ghosts-fqdn", $"flag01.hq.win10.user-test-vpn-{i}");
request.AddHeader("ghosts-name", $"flag01.hq.win10.user-test-vpn-{i}");
request.AddHeader("ghosts-version", "2.6.0.0");
o = client.Execute(request);
id = o.Content.Replace("\"", "");
Console.WriteLine($"Id response was: {id}");
Thread.Sleep(50);
var i2 = 30;
Console.Write($"Results ");
while (i2 > 0)
{
client = new RestClient($"{Options.Host}/api/clientresults");
request = new RestRequest(Method.POST);
request.AddHeader("Cache-Control", "no-cache");
request.AddHeader("Content-Type", "application/json");
request.AddHeader("ghosts-user", "clubber.lang");
request.AddHeader("ghosts-ip", $"127.1.1.{i}");
request.AddHeader("ghosts-domain", $"domain-{i}");
request.AddHeader("ghosts-host", $"host-{i}");
request.AddHeader("ghosts-resolvedhost", $"resolvedHost.{i}");
request.AddHeader("ghosts-fqdn", $"flag01.hq.win10.user-test-vpn-{i}");
request.AddHeader("ghosts-name", $"flag01.hq.win10.user-test-vpn-{i}");
request.AddHeader("ghosts-version", "2.6.0.0");
request.AddHeader("ghosts-id", id);
var r = new TransferLogDump();
var data = File.ReadLines(Options.UpdatesFile);
var sb = new StringBuilder();
foreach (var d in data)
{
sb.AppendLine(d);
}
r.Log = sb.ToString();
var payload = JsonConvert.SerializeObject(r);
request.AddParameter("undefined", payload, ParameterType.RequestBody);
// request.AddParameter("undefined",
// "{\r\n\t\"Log\": \"TIMELINE|" + DateTime.UtcNow.ToString("MM/dd/yy H:mm:ss tt") + "|{\\\"Handler\\\":\\\"" +
// commands.PickRandom() +
// "\\\",\\\"Command\\\":\\\"random\\\",\\\"CommandArg\\\":\\\"https:\\/\\/nec-hr.region.army.mil\\\"}\\r\\nHEALTH|" +
// DateTime.Now.ToString("MM/dd/yy H:mm:ss tt") +
// "|{\\\"Internet\\\":true,\\\"Permissions\\\":false,\\\"ExecutionTime\\\":101,\\\"Errors\\\":[],\\\"LoggedOnUsers\\\":[\\\"Dustin\\\"]}\\r\\nTIMELINE|" +
// DateTime.Now.ToString() + "|{\\\"Handler\\\":\\\"" + commands.PickRandom() +
// "\\\",\\\"Command\\\":\\\"random\\\",\\\"CommandArg\\\":\\\"http:\\/\\/www.dma.mil\\\"}\"\r\n}", ParameterType.RequestBody);
o = client.Execute(request);
Console.Write($"{i2}, ");
i2--;
Thread.Sleep(50);
}
client = new RestClient($"{Options.Host}/api/clientresults");
request = new RestRequest(Method.POST);
request.AddHeader("cache-control", "no-cache");
request.AddHeader("ghosts-user", "clubber.lang");
request.AddHeader("ghosts-ip", $"127.1.1.{i}");
request.AddHeader("ghosts-domain", $"domain-{i}");
request.AddHeader("ghosts-host", $"host-{i}");
request.AddHeader("ghosts-resolvedhost", $"resolvedHost.{i}");
request.AddHeader("ghosts-fqdn", $"flag01.hq.win10.user-test-vpn-{i}");
request.AddHeader("ghosts-name", $"flag01.hq.win10.user-test-vpn-{i}");
request.AddHeader("ghosts-version", "2.6.0.0");
request.AddHeader("Content-Type", "application/json");
request.AddParameter("undefined",
"{\"Log\":\"HEALTH|" + DateTime.UtcNow.ToString("MM/dd/yy H:mm:ss tt") +
"|{\\\"Internet\\\":true,\\\"Permissions\\\":false,\\\"ExecutionTime\\\":946,\\\"Errors\\\":[],\\\"LoggedOnUsers\\\":[\\\"Dustin\\\"],\\\"Stats\\\":{\\\"Memory\\\":0.907363832,\\\"Cpu\\\":97.98127,\\\"DiskSpace\\\":0.479912162}}\"}",
ParameterType.RequestBody);
o = client.Execute(request);
Console.WriteLine($"Health response was: {o.ResponseStatus}");
Thread.Sleep(50);
client = new RestClient($"{Options.Host}/api/clientupdates");
request = new RestRequest(Method.GET);
request.AddHeader("Cache-Control", "no-cache");
request.AddHeader("Content-Type", "application/json");
request.AddHeader("ghosts-user", "clubber.lang");
request.AddHeader("ghosts-ip", $"127.1.1.{i}");
request.AddHeader("ghosts-domain", $"domain-{i}");
request.AddHeader("ghosts-host", $"host-{i}");
request.AddHeader("ghosts-resolvedhost", $"resolvedHost.{i}");
request.AddHeader("ghosts-fqdn", $"flag01.hq.win10.user-test-vpn-{i}");
request.AddHeader("ghosts-name", $"flag01.hq.win10.user-test-vpn-{i}");
request.AddHeader("ghosts-version", "2.6.0.0");
request.AddHeader("ghosts-id", id);
request.AddParameter("undefined", "{\"Log\":\"\"}", ParameterType.RequestBody);
o = client.Execute(request);
Console.WriteLine($"Updates response was: {o.ResponseStatus}");
Thread.Sleep(500);
i++;
}
}
private static void Run(string[] args)
{
// ignore all certs
ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
// parse program flags
if (!CommandLineFlagManager.Parse(args))
{
return;
}
AppDomain.CurrentDomain.ProcessExit += CurrentDomain_ProcessExit;
_log.Trace($"Initiating Ghosts startup - Local time: {DateTime.Now.TimeOfDay} UTC: {DateTime.UtcNow.TimeOfDay}");
//load configuration
try
{
Program.Configuration = ClientConfigurationLoader.Config;
}
catch (Exception e)
{
var path = Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location);
var o = $"Exec path: {path} - configuration 404: {ApplicationDetails.ConfigurationFiles.Application} - exiting. Exception: {e}";
_log.Fatal(o);
Console.WriteLine(o, Color.Red);
Console.ReadLine();
return;
}
//catch any stray processes running and avoid duplication of jobs running
//StartupTasks.CleanupProcesses();
//make sure ghosts starts when machine starts
StartupTasks.SetStartup();
ListenerManager.Run();
//check id
_log.Trace(Comms.CheckId.Id);
////connect to command server for updates and sending logs
Comms.Updates.Run();
//TODO? should these clients do a local survey?
//if (Configuration.Survey.IsEnabled)
//{
// try
// {
// Survey.SurveyManager.Run();
// }
// catch (Exception exc)
// {
// _log.Error(exc);
// }
//}
if (Configuration.HealthIsEnabled)
{
try
{
var h = new Health.Check();
h.Run();
}
catch (Exception exc)
{
_log.Error(exc);
}
}
if (Configuration.HandlersIsEnabled)
{
try
{
var o = new Orchestrator();
o.Run();
}
catch (Exception exc)
{
_log.Error(exc);
}
}
new ManualResetEvent(false).WaitOne();
}
