public ActionResult <GruntTasking> CreateGruntTasking(int id, [FromBody] GruntTasking gruntTasking) { Grunt grunt = _context.Grunts.FirstOrDefault(G => G.Id == id); if (grunt == null) { return(NotFound($"NotFound - Grunt with id: {id}")); } CovenantUser taskingUser = this.GetCurrentUser(); if (taskingUser == null) { return(NotFound($"NotFound - CovenantUser")); } gruntTasking.TaskingUser = taskingUser.UserName; gruntTasking.TaskingTime = DateTime.UtcNow; if (gruntTasking.Type == GruntTaskingType.Assembly) { GruntTask task = _context.GruntTasks.Include(T => T.Options).FirstOrDefault(T => T.Id == gruntTasking.TaskId); if (task == null) { return(NotFound($"NotFound - GruntTask with id: {gruntTasking.TaskId}")); } List <string> parameters = task.Options.Select(O => O.Value).ToList(); if (task.Name.ToLower() == "wmigrunt") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower()); if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { return(NotFound($"NotFound - Launcher with name: {parameters[1]}")); } else { parameters[1] = l.LauncherString; } } else if (task.Name.ToLower() == "dcomgrunt") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower()); if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { return(NotFound($"NotFound - Launcher with name: {parameters[1]}")); } else { // Add .exe exetension if needed List <string> split = l.LauncherString.Split(" ").ToList(); parameters[1] = split.FirstOrDefault(); if (!parameters[1].EndsWith(".exe", StringComparison.OrdinalIgnoreCase)) { parameters[1] += ".exe"; } // Add command parameters split.RemoveAt(0); parameters.Insert(2, String.Join(" ", split.ToArray())); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[1].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[1].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "wbem\\"; } parameters.Insert(3, Directory); } } else if (task.Name.ToLower() == "dcomcommand") { // Add .exe exetension if needed List <string> split = parameters[1].Split(" ").ToList(); parameters[1] = split[0]; if (!parameters[1].EndsWith(".exe", StringComparison.OrdinalIgnoreCase)) { parameters[1] += ".exe"; } // Add command parameters split.RemoveAt(0); parameters.Insert(2, String.Join(" ", split.ToArray())); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[1].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[1].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "wbem\\"; } parameters.Insert(3, Directory); } else if (task.Name.ToLower() == "bypassuacgrunt") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[0].ToLower()); if (l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { return(NotFound($"NotFound - Launcher with name: {parameters[0]}")); } else { // Add .exe exetension if needed string[] split = l.LauncherString.Split(" "); if (!parameters[0].EndsWith(".exe", StringComparison.OrdinalIgnoreCase)) { parameters[0] += ".exe"; } // Add parameters need for BypassUAC Task string ArgParams = String.Join(" ", split.ToList().GetRange(1, split.Count() - 1)); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[0].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[0].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "wbem\\"; } parameters.Add(ArgParams); parameters.Add(Directory); parameters.Add("0"); } } else if (task.Name.ToLower() == "bypassuaccommand") { // Add .exe exetension if needed string[] split = parameters[0].Split(" "); if (!parameters[0].EndsWith(".exe", StringComparison.OrdinalIgnoreCase)) { parameters[0] += ".exe"; } // Add parameters need for BypassUAC Task string ArgParams = String.Join(" ", split.ToList().GetRange(1, split.Count() - 1)); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[0].Equals("powershell.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[0].Equals("wmic.exe", StringComparison.OrdinalIgnoreCase)) { Directory += "wbem\\"; } parameters.Add(ArgParams); parameters.Add(Directory); parameters.Add("0"); } try { gruntTasking.Compile(task, grunt, parameters); } catch (Exception e) { Console.Error.WriteLine("Task Compilation failed: " + e.Message + e.StackTrace); return(BadRequest("Task returned compilation errors:" + e.Message + e.StackTrace)); } } else if (gruntTasking.Type == GruntTaskingType.Connect) { string hostname = gruntTasking.GruntTaskingMessage.Message.Split(",")[0]; string pipename = gruntTasking.GruntTaskingMessage.Message.Split(",")[1]; if (hostname == "localhost" || hostname == "127.0.0.1") { hostname = grunt.Hostname; } gruntTasking.TaskingMessage = hostname + "," + pipename; } _context.GruntTaskings.Add(gruntTasking); _context.Events.Add(new Event { Time = gruntTasking.TaskingTime, MessageHeader = "[" + gruntTasking.TaskingTime + " UTC] Grunt: " + grunt.Name + " has " + "been assigned GruntTasking: " + gruntTasking.Name, MessageBody = "(" + gruntTasking.TaskingUser + ") > " + gruntTasking.TaskingCommand, Level = Event.EventLevel.Highlight, Context = grunt.Name }); _context.SaveChanges(); return(CreatedAtRoute(nameof(GetGruntTasking), new { id = id, tid = gruntTasking.Id }, gruntTasking)); }
public ActionResult <GruntTasking> CreateGruntTasking(int id, [FromBody] GruntTasking gruntTasking) { Grunt grunt = _context.Grunts.FirstOrDefault(G => G.Id == id); if (grunt == null) { return(NotFound()); } if (gruntTasking.type == GruntTasking.GruntTaskingType.Assembly) { GruntTask task = _context.GruntTasks.FirstOrDefault(T => T.Id == gruntTasking.TaskId); if (task == null) { return(NotFound()); } task.Options = _context.GruntTaskOptions.Where(O => O.TaskId == task.Id).ToList(); List <string> parameters = task.Options.OrderBy(O => O.OptionId).Select(O => O.Value).ToList(); if (task.Name.ToLower() == "wmi") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[3].ToLower()); if ((parameters[4] != null && parameters[4] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { // If using custom command // Remove the "Launcher" parameter parameters.RemoveAt(3); } else { // If using Launcher // Remove the "Command" parameter parameters.RemoveAt(4); // Set LauncherString to WMI command parameter parameters[3] = l.LauncherString; } } else if (task.Name.ToLower() == "dcom") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[1].ToLower()); if ((parameters[2] != null && parameters[2] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { // If using custom command // Remove the "Launcher" parameter parameters.RemoveAt(1); // Add .exe exetension if needed List <string> split = parameters[1].Split(" ").ToList(); parameters[1] = split[0]; if (!parameters[1].EndsWith(".exe")) { parameters[1] += ".exe"; } split.RemoveAt(0); parameters.Insert(2, String.Join(" ", split.ToArray())); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[1].ToLower().Contains("powershell.exe")) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[1].ToLower().Contains("wmic.exe")) { Directory += "wbem\\"; } parameters.Insert(3, Directory); } else { // If using Launcher // Remove the "Command" parameter parameters.RemoveAt(2); // Set LauncherString to DCOM command parameter parameters[1] = l.LauncherString; // Add .exe exetension if needed List <string> split = parameters[1].Split(" ").ToList(); parameters[1] = split[0]; if (!parameters[1].EndsWith(".exe")) { parameters[1] += ".exe"; } split.RemoveAt(0); parameters.Insert(2, String.Join(" ", split.ToArray())); string Directory = "C:\\WINDOWS\\System32\\"; if (parameters[1].ToLower().Contains("powershell.exe")) { Directory += "WindowsPowerShell\\v1.0\\"; } else if (parameters[1].ToLower().Contains("wmic.exe")) { Directory += "wbem\\"; } parameters.Insert(3, Directory); } } else if (task.Name.ToLower() == "bypassuac") { Launcher l = _context.Launchers.FirstOrDefault(L => L.Name.ToLower() == parameters[0].ToLower()); if ((parameters[1] != null && parameters[1] != "") || l == null || l.LauncherString == null || l.LauncherString.Trim() == "") { // If using custom command // Remove the "Launcher" parameter parameters.RemoveAt(0); // Add .exe exetension if needed string[] split = parameters[0].Split(" "); parameters[0] = split.FirstOrDefault(); if (!parameters[0].EndsWith(".exe")) { parameters[0] += ".exe"; } // Add parameters needed for BypassUAC Task parameters.Add(String.Join(" ", split.ToList().GetRange(1, split.Count() - 1))); parameters.Add("C:\\WINDOWS\\System32\\"); if (parameters[0].ToLower().Contains("powershell.exe")) { parameters[2] += "WindowsPowerShell\\v1.0\\"; } else if (parameters[0].ToLower().Contains("wmic.exe")) { parameters[2] += "wbem\\"; } parameters.Add("0"); } else { // If using Launcher // Remove the "Command" parameter parameters.RemoveAt(1); // Add .exe exetension if needed string[] split = l.LauncherString.Split(" "); parameters[0] = split.FirstOrDefault(); if (!parameters[0].EndsWith(".exe")) { parameters[0] += ".exe"; } // Add parameters need for BypassUAC Task parameters.Add(String.Join(" ", split.ToList().GetRange(1, split.Count() - 1))); parameters.Add("C:\\WINDOWS\\System32\\"); if (l.Name.ToLower() == "powershell") { parameters[2] += "WindowsPowerShell\\v1.0\\"; } else if (l.Name.ToLower() == "wmic") { parameters[2] += "wbem\\"; } parameters.Add("0"); } } try { gruntTasking.Compile( task.Code, parameters, task.GetReferenceAssemblies(), task.GetReferenceSourceLibraries(), task.GetEmbeddedResources(), grunt.DotNetFrameworkVersion ); } catch (Exception e) { Console.Error.WriteLine("Task Compilation failed: " + e.Message + e.StackTrace); return(BadRequest("Task returned compilation errors:" + e.Message + e.StackTrace)); } } _context.GruntTaskings.Add(gruntTasking); _context.SaveChanges(); return(CreatedAtRoute(nameof(GetGruntTasking), new { id = id, taskname = gruntTasking.Name }, gruntTasking)); }