public async Task Handle(LoadModule moduleRequest, string replyTo, string correlationId)
{
Console.WriteLine($"[i] Got New LoadModule Message.");
Module module = _taskRepository.GetModule(moduleRequest.Name, moduleRequest.Language);
string moduleb64 = "";
string workingDir = Path.Join(Settings.ModulesPath, Settings.LanguageName);
string exitCode = "0";
string output = "";
string error = "";
if (!String.IsNullOrEmpty(module.BuildCommand))
{
Dictionary <string, string> cmdResult = RunCommand(workingDir, module.BuildCommand);
exitCode = cmdResult["ExitCode"];
output = cmdResult["Output"];
error = cmdResult["Error"];
}
if (exitCode == "0")
{
byte[] moduleBytes = File.ReadAllBytes(Path.Join(workingDir, module.BuildLocation));
moduleb64 = Convert.ToBase64String(moduleBytes);
}
if (String.IsNullOrEmpty(moduleb64))
{
NewErrorMessage response = new NewErrorMessage();
response.Source = ".NET Build Server";
response.Message = $"Error building {moduleRequest.Name} module.";
response.Details = $"Stdout: {output}\n Stderr: {error}";
_eventBus.Publish(response, replyTo = null, correlationId = null);
}
else
{
ModuleResponse response = new ModuleResponse();
response.Success = true;
response.Contents = $"module {moduleRequest.Name} {moduleb64}";
_eventBus.Publish(response, replyTo, correlationId);
}
}
public async Task Handle(NewAgentCheckin agentCheckinMsg, string replyTo, string correlationId)
{
Console.WriteLine($"[i] Got AgentCheckin Message.");
Transport transport = _taskRepository.GetTransport(agentCheckinMsg.TransportId);
// Check in agent
Agent agent = _taskRepository.GetAgent(agentCheckinMsg.AgentName);
agent.TransportId = agentCheckinMsg.TransportId;
agent.ExternalIp = agentCheckinMsg.SourceIp;
agent.LastCheckin = DateTime.UtcNow;
if (!agent.Visible)
{
agent.Visible = true;
AgentUpdated update = new AgentUpdated();
update.Success = true;
update.Agent = agent;
_eventBus.Publish(update);
}
_taskRepository.Update(agent.Id, agent);
AgentCheckinAnnouncement agentCheckinAnnouncement = new AgentCheckinAnnouncement();
agentCheckinAnnouncement.Id = agent.Id;
agentCheckinAnnouncement.SourceIp = agentCheckinMsg.SourceIp;
agentCheckinAnnouncement.TransportId = agentCheckinMsg.TransportId;
agentCheckinAnnouncement.TransportName = transport.Name;
agentCheckinAnnouncement.Received = agent.LastCheckin.Value;
_eventBus.Publish(agentCheckinAnnouncement);
// Decode and Decrypt AgentTaskResponse
if (!String.IsNullOrEmpty(agentCheckinMsg.Message))
{
AgentCheckin agentCheckin = new AgentCheckin();
agentCheckin.SourceIp = agentCheckinMsg.SourceIp;
agentCheckin.TransportId = agentCheckinMsg.TransportId;
agentCheckin.HMAC = agentCheckinMsg.HMAC;
agentCheckin.IV = agentCheckinMsg.IV;
agentCheckin.Message = agentCheckinMsg.Message;
agentCheckin.AgentId = agent.Id;
agentCheckin.Agent = agent;
_taskRepository.Add(agentCheckin);
// Decrypt Message from Agent
string decryptedMessage = Crypto.Decrypt(agentCheckin);
Console.WriteLine($"Got response {decryptedMessage}");
if (!agent.Visible)
{
agent.Visible = true;
_taskRepository.Update(agent.Id, agent);
}
// Process taskResults
// TODO: Probably a better way to check if the message is blank.
if ((decryptedMessage != "[]") || (!String.IsNullOrEmpty(decryptedMessage)))
{
List <AgentTaskUpdate> taskUpdates = JsonConvert.DeserializeObject <List <AgentTaskUpdate> >(decryptedMessage);
foreach (AgentTaskUpdate taskUpdate in taskUpdates)
{
taskUpdate.AgentTask = _taskRepository.GetAgentTask(taskUpdate.TaskName);
taskUpdate.AgentId = taskUpdate.AgentTask.AgentId;
taskUpdate.Received = DateTime.UtcNow;
foreach (IOC ioc in taskUpdate.IOCs)
{
ioc.UserId = taskUpdate.AgentTask.ConsoleMessage.UserId.Value;
ioc.AgentTaskUpdateId = taskUpdate.Id;
}
_taskRepository.Add(taskUpdate);
if (taskUpdate.AgentTask.Action == "LOAD" && taskUpdate.Success.Value)
{
AgentsModulesXref xref = new AgentsModulesXref();
xref.AgentId = taskUpdate.AgentId;
string languageName = taskUpdate.Agent.AgentType.Language.Name;
string moduleName = taskUpdate.AgentTask.Command.Split(" ")[1];
if (moduleName.Contains("/"))
{
languageName = moduleName.Split("/")[0];
moduleName = moduleName.Split("/")[1];
}
Module loadedModule = _taskRepository.GetModule(moduleName, languageName);
xref.ModuleId = loadedModule.Id;
_taskRepository.Add(xref);
List <Command> loadedCommands = _taskRepository.GetCommands(loadedModule.Id);
foreach (Command loadedCommand in loadedCommands)
{
loadedCommand.Parameters = _taskRepository.GetCommandParameters(loadedCommand.Id);
}
AgentCommandsUpdated agentCommandsUpdated = new AgentCommandsUpdated();
agentCommandsUpdated.Success = true;
agentCommandsUpdated.AgentId = xref.AgentId;
agentCommandsUpdated.Commands = loadedCommands;
_eventBus.Publish(agentCommandsUpdated);
}
if (taskUpdate.Type == "File" && !String.IsNullOrEmpty(taskUpdate.Content))
{
WebClient wc = new WebClient();
FactionSettings factionSettings = Utility.GetConfiguration();
wc.Headers[HttpRequestHeader.ContentType] = "application/json";
string rsp = wc.UploadString($"{apiUrl}/login/",
$"{{\"Username\":\"{factionSettings.SYSTEM_USERNAME}\", \"Password\":\"{factionSettings.SYSTEM_PASSWORD}\"}}");
Dictionary <string, string> responseDict = JsonConvert.DeserializeObject <Dictionary <string, string> >(rsp);
wc.Dispose();
string apiKeyName = responseDict["AccessKeyId"];
string apiSecret = responseDict["AccessSecret"];
string uploadUrl = $"{apiUrl}/file/?token={apiKeyName}:{apiSecret}";
Dictionary <string, string> upload = new Dictionary <string, string>();
upload.Add("AgentName", taskUpdate.Agent.Name);
upload.Add("FileName", taskUpdate.ContentId);
upload.Add("FileContent", taskUpdate.Content);
WebClient uploadClient = new WebClient();
uploadClient.Headers[HttpRequestHeader.ContentType] = "application/json";
string content = JsonConvert.SerializeObject(upload);
Console.WriteLine(content);
string uploadResponse = uploadClient.UploadString(uploadUrl, content);
}
ConsoleMessage consoleMessage = new ConsoleMessage();
consoleMessage.Agent = taskUpdate.Agent;
consoleMessage.Type = "AgentTaskResult";
consoleMessage.AgentTask = taskUpdate.AgentTask;
consoleMessage.AgentTaskId = taskUpdate.AgentTask.Id;
consoleMessage.Display = taskUpdate.Message;
_taskRepository.Add(consoleMessage);
ConsoleMessageAnnouncement response = new ConsoleMessageAnnouncement();
response.Success = true;
response.Username = consoleMessage.Agent.Name;
response.ConsoleMessage = consoleMessage;
_eventBus.Publish(response);
}
}
}
}
public static void LoadModules(FactionRepository dbRepository)
{
string[] files = Directory.GetFiles(Settings.ModulesPath, Settings.ModuleConfigName, SearchOption.AllDirectories);
foreach (string file in files)
{
bool import;
string contents = File.ReadAllText(file);
JsonSerializerSettings settings = new JsonSerializerSettings
{
NullValueHandling = NullValueHandling.Include,
MissingMemberHandling = MissingMemberHandling.Ignore
};
ModuleConfig moduleConfig = JsonConvert.DeserializeObject <ModuleConfig>(contents);
try
{
Module module = dbRepository.GetModule(moduleConfig.Name, Settings.LanguageName);
import = false;
}
catch
{
import = true;
}
if (import)
{
Module module = new Module();
module.Name = moduleConfig.Name;
module.Description = moduleConfig.Description;
module.Authors = String.Join(", ", moduleConfig.Authors.ToArray());
module.BuildLocation = moduleConfig.BuildLocation;
module.BuildCommand = moduleConfig.BuildCommand;
module.LanguageId = Settings.LanguageId;
dbRepository.Add(module);
foreach (CommandConfig commandConfig in moduleConfig.Commands)
{
Command command = new Command();
command.Name = commandConfig.Name;
command.Description = commandConfig.Description;
command.Help = commandConfig.Help;
command.MitreReference = commandConfig.MitreReference;
command.OpsecSafe = commandConfig.OpsecSafe;
command.ModuleId = module.Id;
if (commandConfig.Artifacts.Count > 0)
{
command.Artifacts = String.Join(",", commandConfig.Artifacts.ToArray());
}
dbRepository.Add(command);
foreach (CommandParameterConfig paramConfig in commandConfig.Parameters)
{
CommandParameter param = new CommandParameter();
param.Name = paramConfig.Name;
param.CommandId = command.Id;
param.Help = paramConfig.Help;
param.Required = paramConfig.Required;
param.Position = paramConfig.Position;
param.Values = String.Join(",", paramConfig.Values.ToArray());
dbRepository.Add(param);
}
}
}
}
}
