public ListenerApiController(CovenantContext context, UserManager <CovenantUser> userManager, IConfiguration configuration, ConcurrentDictionary <int, CancellationTokenSource> ListenerCancellationTokens)
{
_context = context;
_userManager = userManager;
_configuration = configuration;
_ListenerCancellationTokens = ListenerCancellationTokens;
}
public static void InitializeListeners(CovenantContext context, Dictionary <int, CancellationTokenSource> cancellationTokens)
{
if (!context.ListenerTypes.Any())
{
context.ListenerTypes.Add(ListenerType.HttpListenerType);
context.SaveChanges();
}
if (!context.Profiles.Any())
{
HttpProfile defaultProfile = HttpProfile.Create(Common.CovenantDefaultHttpProfile);
int idNum = 1;
defaultProfile.Id = idNum;
context.Profiles.Add(defaultProfile);
List <HttpProfile> profiles = Directory.GetFiles(Common.CovenantProfileDirectory, "*.yaml", SearchOption.AllDirectories)
.Where(F => F != Common.CovenantDefaultHttpProfile)
.Select(F => HttpProfile.Create(F))
.ToList();
foreach (HttpProfile p in profiles)
{
idNum++;
p.Id = idNum;
context.Profiles.Add(p);
}
}
foreach (Listener l in context.Listeners.Where(L => L.Status == Listener.ListenerStatus.Active))
{
HttpProfile profile = (HttpProfile)context.Profiles.FirstOrDefault(HP => HP.Id == l.ProfileId);
cancellationTokens[l.Id] = l.Start(profile);
}
}
public async static Task InitializeListeners(ICovenantService service, CovenantContext context, ConcurrentDictionary <int, CancellationTokenSource> ListenerCancellationTokens)
{
if (!context.ListenerTypes.Any())
{
await service.CreateEntities <ListenerType>(
new ListenerType { Name = "HTTP", Description = "Listens on HTTP protocol." },
new ListenerType { Name = "Bridge", Description = "Creates a C2 Bridge for custom listeners." }
);
}
if (!context.Profiles.Any())
{
string[] files = Directory.GetFiles(Common.CovenantProfileDirectory, "*.yaml", SearchOption.AllDirectories);
HttpProfile[] httpProfiles = files.Where(F => F.Contains("HTTP", StringComparison.CurrentCultureIgnoreCase))
.Select(F => HttpProfile.Create(F))
.ToArray();
BridgeProfile[] bridgeProfiles = files.Where(F => F.Contains("Bridge", StringComparison.CurrentCultureIgnoreCase))
.Select(F => BridgeProfile.Create(F))
.ToArray();
await service.CreateProfiles(httpProfiles);
await service.CreateProfiles(bridgeProfiles);
}
var listeners = (await service.GetListeners()).Where(L => L.Status == ListenerStatus.Active);
foreach (Listener l in listeners)
{
l.Profile = await service.GetProfile(l.ProfileId);
await service.StartListener(l.Id);
}
}
public GruntCommandApiController(CovenantContext context, UserManager <CovenantUser> userManager, IHubContext <GruntHub> grunthub, IHubContext <EventHub> eventhub)
{
_context = context;
_userManager = userManager;
_grunthub = grunthub;
_eventhub = eventhub;
}
public CovenantUserApiController(CovenantContext context, UserManager <CovenantUser> userManager, RoleManager <IdentityRole> roleManager, SignInManager <CovenantUser> signInManager, IConfiguration configuration)
{
_context = context;
_userManager = userManager;
_roleManager = roleManager;
_signInManager = signInManager;
_configuration = configuration;
}
public CovenantUserApiController(CovenantContext context, UserManager <CovenantUser> userManager, SignInManager <CovenantUser> signInManager, IConfiguration configuration, IHubContext <EventHub> eventhub)
{
_context = context;
_userManager = userManager;
_signInManager = signInManager;
_configuration = configuration;
_eventhub = eventhub;
}
public ListenerApiController(CovenantContext context, UserManager <CovenantUser> userManager, SignInManager <CovenantUser> signInManager, IConfiguration configuration, Dictionary <int, CancellationTokenSource> cancellationTokens)
{
_context = context;
_userManager = userManager;
_signInManager = signInManager;
_configuration = configuration;
_cancellationTokens = cancellationTokens;
}
public async static Task Initialize(ICovenantService service, CovenantContext context, RoleManager <IdentityRole> roleManager, ConcurrentDictionary <int, CancellationTokenSource> ListenerCancellationTokens)
{
await InitializeListeners(service, context, ListenerCancellationTokens);
await InitializeImplantTemplates(service, context);
await InitializeLaunchers(service, context);
await InitializeTasks(service, context);
await InitializeRoles(roleManager);
}
public GruntApiController(CovenantContext context, UserManager <CovenantUser> userManager, IHubContext <GruntHub> grunthub, IHubContext <EventHub> eventhub)
{
_context = context;
_userManager = userManager;
_grunthub = grunthub;
_eventhub = eventhub;
interact = new Interaction(_context, grunthub, eventhub);
}
public ListenerController(CovenantContext context, UserManager <CovenantUser> userManager, IConfiguration configuration, ConcurrentDictionary <int, CancellationTokenSource> ListenerCancellationTokens, IHubContext <EventHub> eventhub)
{
_context = context;
_userManager = userManager;
_configuration = configuration;
_ListenerCancellationTokens = ListenerCancellationTokens;
_eventhub = eventhub;
}
public void Setup()
{
//Inicializa o banco, apagando e recriando-o
Database.SetInitializer(new DropCreateDatabaseAlways <CovenantContext>());
//Seta um registro padrão pra ser usado nos testes
_contextForTest = new CovenantContext();
_contextForTest.Covenants.Add(ObjectMother.GetCovenant());
_contextForTest.SaveChanges();
}
public static void Initialize(CovenantContext context, UserManager <CovenantUser> userManager, RoleManager <IdentityRole> roleManager, IConfiguration configuration, Dictionary <int, CancellationTokenSource> cancellationTokens)
{
context.Database.EnsureCreated();
InitializeListeners(context, cancellationTokens);
InitializeLaunchers(context);
InitializeTasks(context);
InitializeRoles(roleManager);
InitializeUsers(userManager, configuration);
}
public async static Task InitializeLaunchers(ICovenantService service, CovenantContext context)
{
if (!context.Launchers.Any())
{
var launchers = new Launcher[]
{
new BinaryLauncher(),
new PowerShellLauncher(),
new MSBuildLauncher(),
new InstallUtilLauncher(),
new WmicLauncher(),
new Regsvr32Launcher(),
new MshtaLauncher(),
new CscriptLauncher(),
new WscriptLauncher()
};
await service.CreateEntities(launchers);
}
}
public static void InitializeLaunchers(CovenantContext context)
{
if (!context.Launchers.Any())
{
var launchers = new List <Launcher>
{
new WmicLauncher(),
new Regsvr32Launcher(),
new MshtaLauncher(),
new CscriptLauncher(),
new WscriptLauncher(),
new InstallUtilLauncher(),
new MSBuildLauncher(),
new PowerShellLauncher(),
new BinaryLauncher()
};
foreach (Launcher l in launchers)
{
context.Launchers.Add(l);
}
}
}
public TemplateController(CovenantContext context)
{
_context = context;
}
public async static Task InitializeImplantTemplates(ICovenantService service, CovenantContext context)
{
if (!context.ImplantTemplates.Any())
{
var templates = new ImplantTemplate[]
{
new ImplantTemplate
{
Name = "GruntHTTP",
Description = "A Windows implant written in C# that communicates over HTTP.",
Language = ImplantLanguage.CSharp,
CommType = CommunicationType.HTTP,
ImplantDirection = ImplantDirection.Pull,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
},
new ImplantTemplate
{
Name = "GruntSMB",
Description = "A Windows implant written in C# that communicates over SMB.",
Language = ImplantLanguage.CSharp,
CommType = CommunicationType.SMB,
ImplantDirection = ImplantDirection.Push,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
},
new ImplantTemplate
{
Name = "GruntBridge",
Description = "A customizable implant written in C# that communicates with a custom C2Bridge.",
Language = ImplantLanguage.CSharp,
CommType = CommunicationType.Bridge,
ImplantDirection = ImplantDirection.Push,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
},
new ImplantTemplate
{
Name = "Brute",
Description = "A cross-platform implant built on .NET Core 3.1.",
Language = ImplantLanguage.CSharp,
CommType = CommunicationType.HTTP,
ImplantDirection = ImplantDirection.Pull,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.NetCore31
}
},
new ImplantTemplate
{
Name = "GruntHTTPPortForward",
Description = "A Windows implant written in C# that communicates over HTTP. Contains reverse port forward functionality.",
Language = ImplantLanguage.CSharp,
CommType = CommunicationType.HTTP,
ImplantDirection = ImplantDirection.Pull,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
}
};
templates.ToList().ForEach(t => t.ReadFromDisk());
await service.CreateImplantTemplates(templates);
await service.CreateEntities(
new ListenerTypeImplantTemplate
{
ListenerType = await service.GetListenerTypeByName("HTTP"),
ImplantTemplate = await service.GetImplantTemplateByName("GruntHTTP")
},
new ListenerTypeImplantTemplate
{
ListenerType = await service.GetListenerTypeByName("HTTP"),
ImplantTemplate = await service.GetImplantTemplateByName("GruntSMB")
},
new ListenerTypeImplantTemplate
{
ListenerType = await service.GetListenerTypeByName("Bridge"),
ImplantTemplate = await service.GetImplantTemplateByName("GruntBridge")
},
new ListenerTypeImplantTemplate
{
ListenerType = await service.GetListenerTypeByName("Bridge"),
ImplantTemplate = await service.GetImplantTemplateByName("GruntSMB")
},
new ListenerTypeImplantTemplate
{
ListenerType = await service.GetListenerTypeByName("HTTP"),
ImplantTemplate = await service.GetImplantTemplateByName("Brute")
},
new ListenerTypeImplantTemplate
{
ListenerType = await service.GetListenerTypeByName("HTTP"),
ImplantTemplate = await service.GetImplantTemplateByName("GruntHTTPPortForward")
}
);
}
}
public ReferenceAssemblyApiController(CovenantContext context)
{
_context = context;
}
public async static Task InitializeTasks(ICovenantService service, CovenantContext context)
{
if (!context.ReferenceAssemblies.Any())
{
List <ReferenceAssembly> ReferenceAssemblies = Directory.GetFiles(Common.CovenantAssemblyReferenceNet35Directory).Select(R =>
{
FileInfo info = new FileInfo(R);
return(new ReferenceAssembly
{
Name = info.Name,
Location = info.FullName.Replace(Common.CovenantAssemblyReferenceDirectory, ""),
DotNetVersion = Common.DotNetVersion.Net35
});
}).ToList();
Directory.GetFiles(Common.CovenantAssemblyReferenceNet40Directory).ToList().ForEach(R =>
{
FileInfo info = new FileInfo(R);
ReferenceAssemblies.Add(new ReferenceAssembly
{
Name = info.Name,
Location = info.FullName.Replace(Common.CovenantAssemblyReferenceDirectory, ""),
DotNetVersion = Common.DotNetVersion.Net40
});
});
await service.CreateReferenceAssemblies(ReferenceAssemblies.ToArray());
}
if (!context.EmbeddedResources.Any())
{
EmbeddedResource[] EmbeddedResources = Directory.GetFiles(Common.CovenantEmbeddedResourcesDirectory).Select(R =>
{
FileInfo info = new FileInfo(R);
return(new EmbeddedResource
{
Name = info.Name,
Location = info.FullName.Replace(Common.CovenantEmbeddedResourcesDirectory, "")
});
}).ToArray();
await service.CreateEmbeddedResources(EmbeddedResources);
}
#region ReferenceSourceLibraries
if (!context.ReferenceSourceLibraries.Any())
{
var ReferenceSourceLibraries = new ReferenceSourceLibrary[]
{
new ReferenceSourceLibrary
{
Name = "SharpSploit", Description = "SharpSploit is a library for C# post-exploitation modules.",
Location = "SharpSploit" + Path.DirectorySeparatorChar + "SharpSploit" + Path.DirectorySeparatorChar,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
},
new ReferenceSourceLibrary
{
Name = "Rubeus", Description = "Rubeus is a C# toolset for raw Kerberos interaction and abuses.",
Location = "Rubeus" + Path.DirectorySeparatorChar,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
},
new ReferenceSourceLibrary
{
Name = "Seatbelt", Description = "Seatbelt is a C# project that performs a number of security oriented host-survey \"safety checks\" relevant from both offensive and defensive security perspectives.",
Location = "Seatbelt" + Path.DirectorySeparatorChar,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
},
new ReferenceSourceLibrary
{
Name = "SharpDPAPI", Description = "SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.",
Location = "SharpDPAPI" + Path.DirectorySeparatorChar + "SharpDPAPI" + Path.DirectorySeparatorChar,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
},
// new ReferenceSourceLibrary
// {
// Name = "SharpChrome", Description = "SharpChrome is a C# port of some Mimikatz DPAPI functionality targeting Google Chrome.",
// Location = Common.CovenantReferenceSourceLibraries + "SharpDPAPI" + Path.DirectorySeparatorChar + "SharpChrome" + Path.DirectorySeparatorChar,
// SupportedDotNetVersions = new List<Common.DotNetVersion> { Common.DotNetVersion.Net35, Common.DotNetVersion.Net40 }
// },
new ReferenceSourceLibrary
{
Name = "SharpDump", Description = "SharpDump is a C# port of PowerSploit's Out-Minidump.ps1 functionality.",
Location = "SharpDump" + Path.DirectorySeparatorChar,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
},
new ReferenceSourceLibrary
{
Name = "SharpUp", Description = "SharpUp is a C# port of various PowerUp functionality.",
Location = "SharpUp" + Path.DirectorySeparatorChar,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
},
new ReferenceSourceLibrary
{
Name = "SharpWMI", Description = "SharpWMI is a C# implementation of various WMI functionality.",
Location = "SharpWMI" + Path.DirectorySeparatorChar,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
},
new ReferenceSourceLibrary
{
Name = "SharpSC", Description = "SharpSC is a .NET assembly to perform basic operations with services.",
Location = "SharpSC" + Path.DirectorySeparatorChar,
CompatibleDotNetVersions = new List <Common.DotNetVersion> {
Common.DotNetVersion.Net35, Common.DotNetVersion.Net40
}
}
};
await service.CreateReferenceSourceLibraries(ReferenceSourceLibraries);
var ss = await service.GetReferenceSourceLibraryByName("SharpSploit");
var ru = await service.GetReferenceSourceLibraryByName("Rubeus");
var se = await service.GetReferenceSourceLibraryByName("Seatbelt");
var sd = await service.GetReferenceSourceLibraryByName("SharpDPAPI");
// var sc = await service.GetReferenceSourceLibraryByName("SharpChrome");
var sdu = await service.GetReferenceSourceLibraryByName("SharpDump");
var su = await service.GetReferenceSourceLibraryByName("SharpUp");
var sw = await service.GetReferenceSourceLibraryByName("SharpWMI");
var sc = await service.GetReferenceSourceLibraryByName("SharpSC");
await service.CreateEntities(
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.DirectoryServices.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.DirectoryServices.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.DirectoryServices.Protocols.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.DirectoryServices.Protocols.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.IdentityModel.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.IdentityModel.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Management.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Management.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Management.Automation.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Management.Automation.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Windows.Forms.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Windows.Forms.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.ServiceProcess.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.ServiceProcess.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.XML.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ss, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.XML.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.DirectoryServices.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.DirectoryServices.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.DirectoryServices.AccountManagement.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.DirectoryServices.AccountManagement.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.IdentityModel.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = ru, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.IdentityModel.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.DirectoryServices.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.DirectoryServices.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Management.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Management.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.ServiceProcess.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.ServiceProcess.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.XML.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.XML.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Web.Extensions.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Web.Extensions.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Data.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Data.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Data.DataSetExtensions.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Data.DataSetExtensions.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Windows.Forms.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = se, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Windows.Forms.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sd, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sd, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sd, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sd, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sd, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sd, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sd, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.XML.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sd, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.XML.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sd, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Security.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sd, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Security.dll", Common.DotNetVersion.Net40) },
// new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net35) },
// new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net40) },
// new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net35) },
// new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net40) },
// new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net35) },
// new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net40) },
// new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.XML.dll", Common.DotNetVersion.Net35) },
// new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.XML.dll", Common.DotNetVersion.Net40) },
// new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Security.dll", Common.DotNetVersion.Net35) },
// new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Security.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sdu, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sdu, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sdu, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sdu, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sdu, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sdu, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Management.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Management.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.ServiceProcess.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.ServiceProcess.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.XML.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = su, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.XML.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sw, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sw, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sw, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sw, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sw, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sw, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sw, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Management.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sw, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Management.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net40) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.ServiceProcess.dll", Common.DotNetVersion.Net35) },
new ReferenceSourceLibraryReferenceAssembly { ReferenceSourceLibrary = sc, ReferenceAssembly = await service.GetReferenceAssemblyByName("System.ServiceProcess.dll", Common.DotNetVersion.Net40) }
);
}
#endregion
if (!context.GruntTasks.Any())
{
List <string> files = Directory.GetFiles(Common.CovenantTaskDirectory)
.Where(F => F.EndsWith(".yaml", StringComparison.CurrentCultureIgnoreCase))
.ToList();
IDeserializer deserializer = new DeserializerBuilder().Build();
foreach (string file in files)
{
string yaml = File.ReadAllText(file);
List <SerializedGruntTask> serialized = deserializer.Deserialize <List <SerializedGruntTask> >(yaml);
List <GruntTask> tasks = serialized.Select(S => new GruntTask().FromSerializedGruntTask(S)).ToList();
foreach (GruntTask task in tasks)
{
await service.CreateGruntTask(task);
}
}
}
}
public IndicatorApiController(CovenantContext context)
{
_context = context;
}
public EventHub(CovenantContext context)
{
_context = context;
}
public async static Task InitializeThemes(CovenantContext context)
{
if (!context.Themes.Any())
{
var themes = new List <Theme>
{
new Theme
{
Name = "Classic Theme",
Description = "Covenant's standard, default theme.",
BackgroundColor = "#ffffff",
BackgroundTextColor = "#212529",
PrimaryColor = "#007bff",
PrimaryTextColor = "#ffffff",
PrimaryHighlightColor = "#0069d9",
SecondaryColor = "#6c757d",
SecondaryTextColor = "#ffffff",
SecondaryHighlightColor = "#545b62",
TerminalColor = "#062549",
TerminalTextColor = "#ffffff",
TerminalHighlightColor = "#17a2b8",
TerminalBorderColor = "#17a2b8",
NavbarColor = "#343a40",
SidebarColor = "#f8f9fa",
InputColor = "#ffffff",
InputDisabledColor = "#e9ecef",
InputTextColor = "#212529",
InputHighlightColor = "#0069d9",
TextLinksColor = "#007bff",
CodeMirrorTheme = CodeMirrorTheme.@default,
},
new Theme
{
Name = "Heathen Mode",
Description = "A dark theme meant for lawless heathens.",
BackgroundColor = "#191919",
BackgroundTextColor = "#f5f5f5",
PrimaryColor = "#0D56B6",
PrimaryTextColor = "#ffffff",
PrimaryHighlightColor = "#1D4272",
SecondaryColor = "#343a40",
SecondaryTextColor = "#ffffff",
SecondaryHighlightColor = "#dae0e5",
TerminalColor = "#191919",
TerminalTextColor = "#ffffff",
TerminalHighlightColor = "#3D86E5",
TerminalBorderColor = "#ffffff",
NavbarColor = "#1D4272",
SidebarColor = "#232323",
InputColor = "#373737",
InputDisabledColor = "#212121",
InputTextColor = "#ffffff",
InputHighlightColor = "#ffffff",
TextLinksColor = "#007bff",
CodeMirrorTheme = CodeMirrorTheme.night,
}
};
await context.Themes.AddRangeAsync(themes);
await context.SaveChangesAsync();
}
}
public Interaction(CovenantContext context, IHubContext <GruntHub> grunthub, IHubContext <EventHub> eventhub)
{
_context = context;
_grunthub = grunthub;
_eventhub = eventhub;
}
public ProfileController(CovenantContext context, UserManager <CovenantUser> userManager)
{
_context = context;
_userManager = userManager;
}
public EmbeddedResourceController(CovenantContext context)
{
_context = context;
}
public GruntTaskingApiController(CovenantContext context, UserManager <CovenantUser> userManager)
{
_context = context;
_userManager = userManager;
}
public HostedFileController(CovenantContext context)
{
_context = context;
}
public GruntTaskingController(CovenantContext context, IHubContext <GruntHub> grunthub, UserManager <CovenantUser> userManager)
{
_context = context;
_grunthub = grunthub;
_userManager = userManager;
}
public static void InitializeTasks(CovenantContext context)
{
if (!context.GruntTasks.Any())
{
var GruntTasks = new List <GruntTask>
{
new GruntTask
{
Id = 1,
Name = "Shell",
Description = "Execute a Shell command.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "Shell" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 1,
OptionId = 1,
Name = "ShellCommand",
Description = "The ShellCommand to execute.",
Value = "whoami"
}
}
},
new GruntTask
{
Id = 2,
Name = "PowerShell",
Description = "Execute a PowerShell command.",
ReferenceAssemblies = String.Join(",", new List <string> {
"System.Management.Automation.dll"
}),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "PowerShell" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 2,
OptionId = 1,
Name = "PowerShellCommand",
Description = "The PowerShellCommand to execute.",
Value = "Get-ChildItem Env:"
}
}
},
new GruntTask
{
Id = 3,
Name = "Assembly",
Description = "Execute a dotnet Assembly method.",
ReferenceAssemblies = String.Join(",", new List <String>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "Assembly" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 3,
OptionId = 1,
Name = "EncodedAssembly",
Description = "The Base64 encoded Assembly bytes.",
Value = ""
},
new GruntTask.GruntTaskOption
{
TaskId = 3,
OptionId = 2,
Name = "TypeName",
Description = "The name of the Type that contains the method to execute.",
Value = ""
},
new GruntTask.GruntTaskOption
{
TaskId = 3,
OptionId = 3,
Name = "MethodName",
Description = "The name of the method to execute.",
Value = ""
}
}
},
new GruntTask
{
Id = 4,
Name = "ListDirectory",
Description = "Get a listing of the current directory.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "ListDirectory" + ".task")),
Options = new List <GruntTask.GruntTaskOption> {
}
},
new GruntTask
{
Id = 5,
Name = "ChangeDirectory",
Description = "Change the current directory.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "ChangeDirectory" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 5,
OptionId = 1,
Name = "AppendDirectory",
Description = "Directory to change to.",
Value = "."
}
}
},
new GruntTask
{
Id = 6,
Name = "ProcessList",
Description = "Get a list of currently running processes.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "ProcessList" + ".task")),
Options = new List <GruntTask.GruntTaskOption> {
}
},
new GruntTask
{
Id = 7,
Name = "Upload",
Description = "Upload a file.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "Upload" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 7,
OptionId = 1,
Name = "FileName",
Description = "Local file name to write to.",
Value = ""
},
new GruntTask.GruntTaskOption
{
TaskId = 7,
OptionId = 2,
Name = "FileContents",
Description = "Base64 contents of the file to be written."
}
}
},
new GruntTask
{
Id = 8,
Name = "Download",
Description = "Download a file.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "Download" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 8,
OptionId = 1,
Name = "FileName",
Description = "Remote file name to download.",
Value = ""
}
}
},
new GruntTask
{
Id = 9,
Name = "Mimikatz",
Description = "Execute a mimikatz command.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "Mimikatz" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 9,
OptionId = 1,
Name = "Command",
Description = "Mimikatz command to execute.",
Value = "sekurlsa::logonPasswords"
}
}
},
new GruntTask
{
Id = 10,
Name = "PortScan",
Description = "Perform a TCP port scan.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "PortScan" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 10,
OptionId = 1,
Name = "ComputerNames",
Description = "ComputerName(s) to port scan. Can be a DNS name, IP address, or CIDR range.",
Value = "127.0.0.1"
},
new GruntTask.GruntTaskOption
{
TaskId = 10,
OptionId = 2,
Name = "Ports",
Description = "Ports to scan. Comma-delimited port list.",
Value = "80,443,445"
},
new GruntTask.GruntTaskOption
{
TaskId = 10,
OptionId = 3,
Name = "Ping",
Description = "Boolean, whether to ping hosts prior to port scanning.",
Value = "False"
}
}
},
new GruntTask
{
Id = 11,
Name = "Kerberoast",
Description = "Perform a \"Kerberoast\" attack that retrieves crackable service tickets for Domain User's w/ an SPN set.",
ReferenceAssemblies = String.Join(",", new List <string> {
"System.DirectoryServices.dll", "System.IdentityModel.dll"
}),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "Kerberoast" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 11,
OptionId = 1,
Name = "Usernames",
Description = "Username(s) to port scan. Comma-delimited username list.",
Value = "DOMAIN\\username1,DOMAIN\\username2"
},
new GruntTask.GruntTaskOption
{
TaskId = 11,
OptionId = 2,
Name = "HashFormat",
Description = "Format to output the hashes (\"Hashcat\" or \"John\").",
Value = "Hashcat"
}
}
},
new GruntTask
{
Id = 12,
Name = "WhoAmI",
Description = "Gets the username of the currently used/impersonated token.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "WhoAmI" + ".task")),
Options = new List <GruntTask.GruntTaskOption>()
},
new GruntTask
{
Id = 13,
Name = "ImpersonateUser",
Description = "Find a process owned by the specified user and impersonate the token. Used to execute subsequent commands as the specified user.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "ImpersonateUser" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 13,
OptionId = 1,
Name = "Username",
Description = "User to impersonate. \"DOMAIN\\Username\" format expected.",
Value = "DOMAIN\\Username"
}
}
},
new GruntTask
{
Id = 14,
Name = "ImpersonateProcess",
Description = "Impersonate the token of the specified process. Used to execute subsequent commands as the user associated with the token of the specified process.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "ImpersonateUser" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 14,
OptionId = 1,
Name = "ProcessID",
Description = "Process ID of the process to impersonate.",
Value = "1234"
}
}
},
new GruntTask
{
Id = 15,
Name = "GetSystem",
Description = "Impersonate the SYSTEM user. Equates to ImpersonateUser(\"NT AUTHORITY\\SYSTEM\").",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "GetSystem" + ".task")),
Options = new List <GruntTask.GruntTaskOption>()
},
new GruntTask
{
Id = 16,
Name = "MakeToken",
Description = "Makes a new token with a specified username and password, and impersonates it to conduct future actions as the specified user.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "MakeToken" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 16,
OptionId = 1,
Name = "Username",
Description = "Username to authenticate as.",
Value = "username1"
},
new GruntTask.GruntTaskOption
{
TaskId = 16,
OptionId = 2,
Name = "Domain",
Description = "Domain to authenticate the user to.",
Value = "DOMAIN"
},
new GruntTask.GruntTaskOption
{
TaskId = 16,
OptionId = 3,
Name = "Password",
Description = "Password to authenticate the user.",
Value = "Password123"
},
new GruntTask.GruntTaskOption
{
TaskId = 16,
OptionId = 4,
Name = "LogonType",
Description = "LogonType to use. Defaults to LOGON32_LOGON_NEW_CREDENTIALS, which is suitable to perform actions that require remote authentication. LOGON32_LOGON_INTERACTIVE is suitable for local actions.",
Value = "LOGON32_LOGON_NEW_CREDENTIALS"
}
}
},
new GruntTask
{
Id = 17,
Name = "RevertToSelf",
Description = "Ends the impersonation of any token, reverting back to the initial token associated with the current process. Useful in conjuction with functions impersonate a token and do not automatically RevertToSelf, such as ImpersonateUser(), ImpersonateProcess(), GetSystem(), and MakeToken().",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "RevertToSelf" + ".task")),
Options = new List <GruntTask.GruntTaskOption>()
},
new GruntTask
{
Id = 18,
Name = "WMI",
Description = "Execute a process on a remote system using Win32_Process Create with specified credentials.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "WMI" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 18,
OptionId = 1,
Name = "ComputerName",
Description = "Username to authenticate as.",
Value = "192.168.1.1"
},
new GruntTask.GruntTaskOption
{
TaskId = 18,
OptionId = 2,
Name = "Username",
Description = "Username to authenticate as.",
Value = "DOMAIN\\Username"
},
new GruntTask.GruntTaskOption
{
TaskId = 18,
OptionId = 3,
Name = "Password",
Description = "Password to authenticate the user.",
Value = "Password123"
},
new GruntTask.GruntTaskOption
{
TaskId = 18,
OptionId = 4,
Name = "Launcher",
Description = "Launcher to execute on the remote system.",
Value = "PowerShell"
},
new GruntTask.GruntTaskOption
{
TaskId = 18,
OptionId = 5,
Name = "Command",
Description = "Command line to execute on the remote system.",
Value = ""
}
}
},
new GruntTask
{
Id = 19,
Name = "DCOM",
Description = "Execute a process on a remote system using various DCOM methods.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "DCOM" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 19,
OptionId = 1,
Name = "ComputerName",
Description = "Username to authenticate as.",
Value = "192.168.1.1"
},
new GruntTask.GruntTaskOption
{
TaskId = 19,
OptionId = 2,
Name = "Launcher",
Description = "Launcher to execute on the remote system.",
Value = "PowerShell"
},
new GruntTask.GruntTaskOption
{
TaskId = 19,
OptionId = 3,
Name = "Command",
Description = "Command line to execute on the remote system.",
Value = ""
},
new GruntTask.GruntTaskOption
{
TaskId = 19,
OptionId = 4,
Name = "Method",
Description = "DCOM method to use for execution.",
Value = "MMC20.Application"
}
}
},
new GruntTask
{
Id = 20,
Name = "BypassUAC",
Description = "Bypasses UAC through token duplication and spawns a specified process with high integrity.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "BypassUAC" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 20,
OptionId = 1,
Name = "Launcher",
Description = "Launcher to execute on the remote system.",
Value = "PowerShell"
},
new GruntTask.GruntTaskOption
{
TaskId = 20,
OptionId = 2,
Name = "Command",
Description = "Launcher to execute on the remote system.",
Value = ""
}
}
},
new GruntTask
{
Id = 21,
Name = "GetDomainUser",
Description = "Gets a list of specified (or all) user `DomainObject`s in the current Domain.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "GetDomainUser" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 21,
OptionId = 1,
Name = "Identities",
Description = "List of comma-delimited usernames to retrieve.",
Value = "username"
}
}
},
new GruntTask
{
Id = 22,
Name = "GetDomainGroup",
Description = "Gets a list of specified (or all) group `DomainObject`s in the current Domain.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "GetDomainGroup" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 22,
OptionId = 1,
Name = "Identities",
Description = "List of comma-delimited groups to retrieve.",
Value = "Domain Admins"
}
}
},
new GruntTask
{
Id = 23,
Name = "GetDomainComputer",
Description = "Gets a list of specified (or all) computer `DomainObject`s in the current Domain.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "GetDomainComputer" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 23,
OptionId = 1,
Name = "Identities",
Description = "List of comma-delimited computers to retrieve.",
Value = "DC01"
}
}
},
new GruntTask
{
Id = 24,
Name = "GetNetLocalGroup",
Description = "Gets a list of `LocalGroup`s from specified remote computer(s).",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "GetNetLocalGroup" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 24,
OptionId = 1,
Name = "ComputerNames",
Description = "List of comma-delimited ComputerNames to query.",
Value = "DC01"
}
}
},
new GruntTask
{
Id = 25,
Name = "GetNetLocalGroupMember",
Description = "Gets a list of `LocalGroupMember`s from specified remote computer(s).",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "GetNetLocalGroupMember" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 25,
OptionId = 1,
Name = "ComputerNames",
Description = "List of comma-delimited ComputerNames to query.",
Value = "DC01"
},
new GruntTask.GruntTaskOption
{
TaskId = 25,
OptionId = 2,
Name = "LocalGroup",
Description = "LocalGroup name to query for members.",
Value = "Administrators"
}
}
},
new GruntTask
{
Id = 26,
Name = "GetNetLoggedOnUser",
Description = "Gets a list of `LoggedOnUser`s from specified remote computer(s).",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "GetNetLoggedOnUser" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 26,
OptionId = 1,
Name = "ComputerNames",
Description = "List of comma-delimited ComputerNames to query.",
Value = "DC01"
}
}
},
new GruntTask
{
Id = 27,
Name = "GetNetSession",
Description = "Gets a list of `SessionInfo`s from specified remote computer(s).",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "GetNetSession" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 27,
OptionId = 1,
Name = "ComputerNames",
Description = "List of comma-delimited ComputerNames to query.",
Value = "DC01"
}
}
},
new GruntTask
{
Id = 28,
Name = "RegistryRead",
Description = "Reads a value stored in registry.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "RegistryRead" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 28,
OptionId = 1,
Name = "RegPath",
Description = "The full path to the registry value to be read.",
Value = "HKEY_CURRENT_USER\\Environment\\Path"
}
}
},
new GruntTask
{
Id = 29,
Name = "RegistryWrite",
Description = "Writes a value into the registry.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "RegistryWrite" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 29,
OptionId = 1,
Name = "RegPath",
Description = "The full path to the registry value to be read.",
Value = "HKEY_CURRENT_USER\\Environment\\Path"
},
new GruntTask.GruntTaskOption
{
TaskId = 29,
OptionId = 2,
Name = "Value",
Description = "The value to write to the registry key.",
Value = ""
}
}
},
new GruntTask
{
Id = 30,
Name = "ShellCode",
Description = "Executes a specified shellcode byte array by copying it to pinned memory, modifying the memory permissions, and executing.",
ReferenceAssemblies = String.Join(",", new List <string>()),
Code = File.ReadAllText(Path.Combine(Common.CovenantTaskDirectory, "ShellCode" + ".task")),
Options = new List <GruntTask.GruntTaskOption>
{
new GruntTask.GruntTaskOption
{
TaskId = 30,
OptionId = 1,
Name = "Hex",
Description = "Hex string representing the Shellcode bytes to execute.",
Value = ""
}
}
}
};
foreach (GruntTask task in GruntTasks)
{
context.GruntTasks.Add(task);
}
}
}
public GruntController(CovenantContext context)
{
_context = context;
}
public ImplantTemplateApiController(CovenantContext context)
{
_context = context;
}
