public ActionResult <GruntTasking> CreateGruntTasking(int id, [FromBody] GruntTasking gruntTasking)
{
Grunt grunt = _context.Grunts.FirstOrDefault(G => G.Id == id);
if (grunt == null)
{
return(NotFound($"NotFound - Grunt with id: {id}"));
}
CovenantUser taskingUser = this.GetCurrentUser();
if (taskingUser == null)
{
return(NotFound($"NotFound - CovenantUser"));
}
gruntTasking.TaskingUser = taskingUser.UserName;
gruntTasking.TaskingTime = DateTime.UtcNow;
if (gruntTasking.Type == GruntTaskingType.Assembly)
{
GruntTask task = _context.GruntTasks.Include(T => T.Options).FirstOrDefault(T => T.Id == gruntTasking.TaskId);
if (task == null)
{
return(NotFound($"NotFound - GruntTask with id: {gruntTasking.TaskId}"));
}
List <string> parameters = task.Options.Select(O => O.Value).ToList();
if (task.Name.ToLower() == "wmigrunt")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower());
if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
return(NotFound($"NotFound - Launcher with name: {parameters[1]}"));
}
else
{
parameters[1] = l.LauncherString;
}
}
else if (task.Name.ToLower() == "dcomgrunt")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower());
if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
return(NotFound($"NotFound - Launcher with name: {parameters[1]}"));
}
else
{
// Add .exe exetension if needed
List <string> split = l.LauncherString.Split(" ").ToList();
parameters[1] = split.FirstOrDefault();
if (!parameters[1].EndsWith(".exe", StringComparison.OrdinalIgnoreCase))
{
parameters[1] += ".exe";
}
// Add command parameters
split.RemoveAt(0);
parameters.Insert(2, String.Join(" ", split.ToArray()));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[1].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[1].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "wbem\\";
}
parameters.Insert(3, Directory);
}
}
else if (task.Name.ToLower() == "dcomcommand")
{
// Add .exe exetension if needed
List <string> split = parameters[1].Split(" ").ToList();
parameters[1] = split[0];
if (!parameters[1].EndsWith(".exe", StringComparison.OrdinalIgnoreCase))
{
parameters[1] += ".exe";
}
// Add command parameters
split.RemoveAt(0);
parameters.Insert(2, String.Join(" ", split.ToArray()));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[1].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[1].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "wbem\\";
}
parameters.Insert(3, Directory);
}
else if (task.Name.ToLower() == "bypassuacgrunt")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[0].ToLower());
if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
return(NotFound($"NotFound - Launcher with name: {parameters[0]}"));
}
else
{
// Add .exe exetension if needed
string[] split = l.LauncherString.Split(" ");
if (!parameters[0].EndsWith(".exe", StringComparison.OrdinalIgnoreCase))
{
parameters[0] += ".exe";
}
// Add parameters need for BypassUAC Task
string ArgParams = String.Join(" ", split.ToList().GetRange(1, split.Count() - 1));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[0].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[0].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "wbem\\";
}
parameters.Add(ArgParams);
parameters.Add(Directory);
parameters.Add("0");
}
}
else if (task.Name.ToLower() == "bypassuaccommand")
{
// Add .exe exetension if needed
string[] split = parameters[0].Split(" ");
if (!parameters[0].EndsWith(".exe", StringComparison.OrdinalIgnoreCase))
{
parameters[0] += ".exe";
}
// Add parameters need for BypassUAC Task
string ArgParams = String.Join(" ", split.ToList().GetRange(1, split.Count() - 1));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[0].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[0].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "wbem\\";
}
parameters.Add(ArgParams);
parameters.Add(Directory);
parameters.Add("0");
}
try
{
gruntTasking.Compile(task, grunt, parameters);
}
catch (Exception e)
{
Console.Error.WriteLine("Task Compilation failed: " + e.Message + e.StackTrace);
return(BadRequest("Task returned compilation errors:" + e.Message + e.StackTrace));
}
}
else if (gruntTasking.Type == GruntTaskingType.Connect)
{
string hostname = gruntTasking.GruntTaskingMessage.Message.Split(",")[0];
string pipename = gruntTasking.GruntTaskingMessage.Message.Split(",")[1];
if (hostname == "localhost" || hostname == "127.0.0.1")
{
hostname = grunt.Hostname;
}
gruntTasking.TaskingMessage = hostname + "," + pipename;
}
_context.GruntTaskings.Add(gruntTasking);
_context.Events.Add(new Event
{
Time = gruntTasking.TaskingTime,
MessageHeader = "[" + gruntTasking.TaskingTime + " UTC] Grunt: " + grunt.Name + " has " + "been assigned GruntTasking: " + gruntTasking.Name,
MessageBody = "(" + gruntTasking.TaskingUser + ") > " + gruntTasking.TaskingCommand,
Level = Event.EventLevel.Highlight,
Context = grunt.Name
});
_context.SaveChanges();
return(CreatedAtRoute(nameof(GetGruntTasking), new { id = id, tid = gruntTasking.Id }, gruntTasking));
}
public ActionResult <GruntTasking> CreateGruntTasking(int id, [FromBody] GruntTasking gruntTasking)
{
Grunt grunt = _context.Grunts.FirstOrDefault(G => G.Id == id);
if (grunt == null)
{
return(NotFound());
}
if (gruntTasking.type == GruntTasking.GruntTaskingType.Assembly)
{
GruntTask task = _context.GruntTasks.FirstOrDefault(T => T.Id == gruntTasking.TaskId);
if (task == null)
{
return(NotFound());
}
task.Options = _context.GruntTaskOptions.Where(O => O.TaskId == task.Id).ToList();
List <string> parameters = task.Options.OrderBy(O => O.OptionId).Select(O => O.Value).ToList();
if (task.Name.ToLower() == "wmi")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[3].ToLower());
if ((parameters[4] != null && parameters[4] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
// If using custom command
// Remove the "Launcher" parameter
parameters.RemoveAt(3);
}
else
{
// If using Launcher
// Remove the "Command" parameter
parameters.RemoveAt(4);
// Set LauncherString to WMI command parameter
parameters[3] = l.LauncherString;
}
}
else if (task.Name.ToLower() == "dcom")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower());
if ((parameters[2] != null && parameters[2] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
// If using custom command
// Remove the "Launcher" parameter
parameters.RemoveAt(1);
// Add .exe exetension if needed
List <string> split = parameters[1].Split(" ").ToList();
parameters[1] = split[0];
if (!parameters[1].EndsWith(".exe"))
{
parameters[1] += ".exe";
}
split.RemoveAt(0);
parameters.Insert(2, String.Join(" ", split.ToArray()));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[1].ToLower().Contains("powershell.exe"))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[1].ToLower().Contains("wmic.exe"))
{
Directory += "wbem\\";
}
parameters.Insert(3, Directory);
}
else
{
// If using Launcher
// Remove the "Command" parameter
parameters.RemoveAt(2);
// Set LauncherString to DCOM command parameter
parameters[1] = l.LauncherString;
// Add .exe exetension if needed
List <string> split = parameters[1].Split(" ").ToList();
parameters[1] = split[0];
if (!parameters[1].EndsWith(".exe"))
{
parameters[1] += ".exe";
}
split.RemoveAt(0);
parameters.Insert(2, String.Join(" ", split.ToArray()));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[1].ToLower().Contains("powershell.exe"))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[1].ToLower().Contains("wmic.exe"))
{
Directory += "wbem\\";
}
parameters.Insert(3, Directory);
}
}
else if (task.Name.ToLower() == "bypassuac")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[0].ToLower());
if ((parameters[1] != null && parameters[1] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
// If using custom command
// Remove the "Launcher" parameter
parameters.RemoveAt(0);
// Add .exe exetension if needed
string[] split = parameters[0].Split(" ");
parameters[0] = split.FirstOrDefault();
if (!parameters[0].EndsWith(".exe"))
{
parameters[0] += ".exe";
}
// Add parameters needed for BypassUAC Task
parameters.Add(String.Join(" ", split.ToList().GetRange(1, split.Count() - 1)));
parameters.Add("C:\\WINDOWS\\System32\\");
if (parameters[0].ToLower().Contains("powershell.exe"))
{
parameters[2] += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[0].ToLower().Contains("wmic.exe"))
{
parameters[2] += "wbem\\";
}
parameters.Add("0");
}
else
{
// If using Launcher
// Remove the "Command" parameter
parameters.RemoveAt(1);
// Add .exe exetension if needed
string[] split = l.LauncherString.Split(" ");
parameters[0] = split.FirstOrDefault();
if (!parameters[0].EndsWith(".exe"))
{
parameters[0] += ".exe";
}
// Add parameters need for BypassUAC Task
parameters.Add(String.Join(" ", split.ToList().GetRange(1, split.Count() - 1)));
parameters.Add("C:\\WINDOWS\\System32\\");
if (l.Name.ToLower() == "powershell")
{
parameters[2] += "WindowsPowerShell\\v1.0\\";
}
else if (l.Name.ToLower() == "wmic")
{
parameters[2] += "wbem\\";
}
parameters.Add("0");
}
}
try
{
gruntTasking.Compile(
task.Code, parameters,
task.GetReferenceAssemblies(),
task.GetReferenceSourceLibraries(),
task.GetEmbeddedResources(),
grunt.DotNetFrameworkVersion
);
}
catch (Exception e)
{
Console.Error.WriteLine("Task Compilation failed: " + e.Message + e.StackTrace);
return(BadRequest("Task returned compilation errors:" + e.Message + e.StackTrace));
}
}
_context.GruntTaskings.Add(gruntTasking);
_context.SaveChanges();
return(CreatedAtRoute(nameof(GetGruntTasking), new { id = id, taskname = gruntTasking.Name }, gruntTasking));
}
