public void DecryptWithBadKeyThrows()
{
string value = "1234567890";
try
{
var key = EncryptUtilities.GenerateKey();
string encrypted = value.Encrypt(key);
string nonresult = encrypted.Decrypt("bad");
Assert.Fail("Decrypt with bad key should throw");
}
catch (Exception)
{
}
try
{
var key = EncryptUtilities.GenerateKey();
string encrypted = value.Encrypt(key);
var key2 = EncryptUtilities.GenerateKey();
string nonresult = encrypted.Decrypt(key2);
Assert.Fail("Decrypt with different key should throw");
}
catch (Exception)
{
}
}
public void DecryptWithBadKeyThrows()
{
var value = "1234567890";
try
{
var key = EncryptUtilities.GenerateKey();
var encrypted = value.Encrypt(key);
var nonresult = encrypted.Decrypt("bad");
throw new XunitException("Decrypt with bad key should throw");
}
catch (Exception)
{
}
try
{
var key = EncryptUtilities.GenerateKey();
var encrypted = value.Encrypt(key);
var key2 = EncryptUtilities.GenerateKey();
var nonresult = encrypted.Decrypt(key2);
throw new XunitException("Decrypt with different key should throw");
}
catch (Exception)
{
}
}
public void EncryptDecryptNullWorks()
{
var encrypted = EncryptUtilities.Encrypt(null, key);
Assert.Null(encrypted);
var decrypted = EncryptUtilities.Decrypt(encrypted, key);
Assert.Null(decrypted);
}
public void EncryptDecryptNullWorks()
{
var key = "lgCbJPXnfOlatjbBDKMbh0ie6bc8PD/cjqA/2tPgMS0=";
string encrypted = EncryptUtilities.Encrypt(null, key);
Assert.AreEqual(null, encrypted, "encryption failed");
string decrypted = EncryptUtilities.Decrypt(encrypted, key);
Assert.AreEqual(null, decrypted, "decryption failed");
}
public SysUserInfo Login(string userName, string password)
{
var sysUserInfo = new SysUserInfoMan().GetModelByUserName(userName);
if (sysUserInfo != null && sysUserInfo.Password == EncryptUtilities.EncryptMD5(password))
{
CurrentUser = sysUserInfo;
return(sysUserInfo);
}
return(null);
}
public void EncryptDecryptNullWorks()
{
var key = "lgCbJPXnfOlatjbBDKMbh0ie6bc8PD/cjqA/2tPgMS0=";
var encrypted = EncryptUtilities.Encrypt(null, key);
Assert.Null(encrypted);
var decrypted = EncryptUtilities.Decrypt(encrypted, key);
Assert.Null(decrypted);
}
public void GenerateKeyWorks()
{
var value = "1234567890";
var key = EncryptUtilities.GenerateKey();
var encrypted = value.Encrypt(key);
Assert.NotEqual(value, encrypted);
var decrypted = encrypted.Decrypt(key);
Assert.Equal(value, decrypted);
}
public void GenerateKeyWorks()
{
string value = "1234567890";
var key = EncryptUtilities.GenerateKey();
string encrypted = value.Encrypt(key);
Assert.AreNotEqual(value, encrypted, "encryption failed");
string decrypted = encrypted.Decrypt(key);
Assert.AreEqual(value, decrypted, "decryption failed");
}
private static GruntEncryptedMessage Create(string GUID, byte[] message, byte[] key, GruntEncryptedMessageType Type = GruntEncryptedMessageType.Tasking)
{
byte[] encryptedMessagePacket = EncryptUtilities.AesEncrypt(message, key);
byte[] encryptionIV = encryptedMessagePacket.Take(Common.AesIVLength).ToArray();
byte[] encryptedMessage = encryptedMessagePacket.TakeLast(encryptedMessagePacket.Length - Common.AesIVLength).ToArray();
byte[] hmac = EncryptUtilities.ComputeHMAC(encryptedMessage, key);
return(new GruntEncryptedMessage
{
GUID = GUID,
Type = Type,
EncryptedMessage = Convert.ToBase64String(encryptedMessage),
IV = Convert.ToBase64String(encryptionIV),
HMAC = Convert.ToBase64String(hmac)
});
}
public void DecryptWithNullKeyThrows()
{
var value = "1234567890";
try
{
var key = EncryptUtilities.GenerateKey();
var encrypted = value.Encrypt(key);
var nonresult = encrypted.Decrypt(null);
throw new XunitException("Decrypt with null key should throw");
}
catch (Exception)
{
}
}
public void DecryptWithNullKeyThrows()
{
string value = "1234567890";
try
{
var key = EncryptUtilities.GenerateKey();
string encrypted = value.Encrypt(key);
string nonresult = encrypted.Decrypt(null);
Assert.Fail("Decrypt with null secret should throw");
}
catch (Exception)
{
}
}
public bool VerifyHMAC(byte[] Key)
{
if (IV == "" || EncryptedMessage == "" || HMAC == "" || Key.Length == 0)
{
return(false);
}
try
{
var hashedBytes = Convert.FromBase64String(this.EncryptedMessage);
return(EncryptUtilities.VerifyHMAC(hashedBytes, Convert.FromBase64String(this.HMAC), Key));
}
catch
{
return(false);
}
}
public static byte[] GruntRSAEncrypt(APIModels.Grunt grunt, byte[] toEncrypt)
{
return(EncryptUtilities.RSAEncrypt(toEncrypt, Common.CovenantEncoding.GetString(Convert.FromBase64String(grunt.GruntRSAPublicKey))));
}
private async Task PostStage0(APIModels.Grunt egressGrunt, APIModels.Grunt targetGrunt, ModelUtilities.GruntEncryptedMessage gruntStage0Response, string guid)
{
if (targetGrunt == null || !gruntStage0Response.VerifyHMAC(Convert.FromBase64String(targetGrunt.GruntSharedSecretPassword)))
{
// Always return NotFound, don't give away unnecessary info
this.PushCache(guid, new GruntMessageCacheInfo {
Status = GruntMessageCacheStatus.NotFound, Message = "", Tasking = null
});
return;
}
bool egressGruntExists = egressGrunt != null;
if (targetGrunt.Status != APIModels.GruntStatus.Uninitialized)
{
// We create a new Grunt if this one is not uninitialized
APIModels.Grunt tempModel = new APIModels.Grunt
{
Id = 0,
Name = Utilities.CreateShortGuid(),
Guid = guid,
OriginalServerGuid = Utilities.CreateShortGuid(),
Status = APIModels.GruntStatus.Stage0,
ListenerId = targetGrunt.ListenerId,
Listener = targetGrunt.Listener,
ImplantTemplateId = targetGrunt.ImplantTemplateId,
ImplantTemplate = targetGrunt.ImplantTemplate,
GruntSharedSecretPassword = targetGrunt.GruntSharedSecretPassword,
SmbPipeName = targetGrunt.SmbPipeName,
Delay = targetGrunt.Delay,
JitterPercent = targetGrunt.JitterPercent,
KillDate = targetGrunt.KillDate,
ConnectAttempts = targetGrunt.ConnectAttempts,
DotNetFrameworkVersion = targetGrunt.DotNetFrameworkVersion,
LastCheckIn = DateTime.UtcNow
};
targetGrunt = await _client.ApiGruntsPostAsync(tempModel);
}
else
{
targetGrunt.Status = APIModels.GruntStatus.Stage0;
targetGrunt.Guid = guid;
targetGrunt.LastCheckIn = DateTime.UtcNow;
targetGrunt = await _client.ApiGruntsPutAsync(targetGrunt);
}
if (!egressGruntExists)
{
egressGrunt = targetGrunt;
}
// EncryptedMessage is the RSA Public Key
targetGrunt.GruntRSAPublicKey = Convert.ToBase64String(EncryptUtilities.AesDecrypt(
gruntStage0Response,
Convert.FromBase64String(targetGrunt.GruntSharedSecretPassword)
));
// Generate negotiated session key
using (Aes newAesKey = Aes.Create())
{
newAesKey.GenerateKey();
targetGrunt.GruntNegotiatedSessionKey = Convert.ToBase64String(newAesKey.Key);
await _client.ApiGruntsPutAsync(targetGrunt);
}
if (egressGruntExists)
{
// Add this as Child grunt to Grunt that connects it
List <APIModels.GruntTasking> taskings = _client.ApiTaskingsGet().ToList();
// TODO: Finding the connectTasking this way could cause race conditions, should fix w/ guid of some sort?
APIModels.GruntTasking connectTasking = taskings.Where(GT => GT.Type == APIModels.GruntTaskingType.Connect && GT.Status == APIModels.GruntTaskingStatus.Progressed).Reverse().FirstOrDefault();
if (connectTasking == null)
{
this.PushCache(guid, new GruntMessageCacheInfo {
Status = GruntMessageCacheStatus.NotFound, Message = "", Tasking = null
});
return;
}
APIModels.GruntTaskingMessage tmessage = this.GetGruntTaskingMessage(connectTasking, targetGrunt.DotNetFrameworkVersion);
targetGrunt.Hostname = tmessage.Message.Split(",")[0];
await _client.ApiGruntsPutAsync(targetGrunt);
connectTasking.Status = APIModels.GruntTaskingStatus.Completed;
await _client.ApiTaskingsPutAsync(connectTasking);
}
byte[] rsaEncryptedBytes = EncryptUtilities.GruntRSAEncrypt(targetGrunt, Convert.FromBase64String(targetGrunt.GruntNegotiatedSessionKey));
ModelUtilities.GruntEncryptedMessage message = null;
try
{
message = this.CreateMessageForGrunt(egressGrunt, targetGrunt, rsaEncryptedBytes);
}
catch (HttpOperationException)
{
this.PushCache(guid, new GruntMessageCacheInfo {
Status = GruntMessageCacheStatus.NotFound, Message = "", Tasking = null
});
return;
}
// Transform response
// Stage0Response: "Id,Name,Base64(IV),Base64(AES(RSA(SessionKey))),Base64(HMAC)"
string transformed = this._utilities.ProfileTransform(_transform, Common.CovenantEncoding.GetBytes(JsonConvert.SerializeObject(message)));
this.PushCache(guid, new GruntMessageCacheInfo {
Status = GruntMessageCacheStatus.Ok, Message = transformed, Tasking = null
});
return;
}
// Data should be of format: IV (16 bytes) + EncryptedBytes
public byte[] GruntSessionDecrypt(APIModels.Grunt grunt, byte[] data)
{
return(EncryptUtilities.AesDecrypt(data, Convert.FromBase64String(grunt.GruntNegotiatedSessionKey)));
}
/// <summary>
/// Generate a new key suitable for encrypting.
/// </summary>
/// <returns>key to use with <see cref="Encrypt(string)"/> method. </returns>
public static string GenerateKey()
{
return(EncryptUtilities.GenerateKey());
}
/// <summary> /// Generate a new key suitable for encrypting. /// </summary> /// <returns>key to use with <see cref="Encrypt(string)"/> method. </returns> public static string GenerateKey() => EncryptUtilities.GenerateKey();
