From ad1e47428a0680dde3162cffc116c6dbc49819aa Mon Sep 17 00:00:00 2001
From: its-a-feature <codybthomas@gmail.com>
Date: Thu, 24 Oct 2024 12:06:54 -0400
Subject: [PATCH] fixing socks

---
 .../poseidon/poseidon/agent_code/CHANGELOG.MD     |  4 ++++
 .../poseidon/poseidon/agent_code/socks/socks.go   | 15 ++++++++-------
 .../poseidon/poseidon/agentfunctions/builder.go   |  6 +++++-
 .../poseidon/browserscripts/download_new.js       |  2 +-
 agent_capabilities.json                           |  2 +-
 5 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD b/Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD
index 1506e05..a71b2ef 100644
--- a/Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD
+++ b/Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD
@@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 2.1.9 - 2024-10-24
+
+- Fixed issue with new UDP associate breaking for non-udp long-lived connections
+
 ## 2.1.8 - 2024-10-14
 
 ### Changed
diff --git a/Payload_Type/poseidon/poseidon/agent_code/socks/socks.go b/Payload_Type/poseidon/poseidon/agent_code/socks/socks.go
index 59711a2..bda68fd 100644
--- a/Payload_Type/poseidon/poseidon/agent_code/socks/socks.go
+++ b/Payload_Type/poseidon/poseidon/agent_code/socks/socks.go
@@ -158,9 +158,10 @@ func handleMutexMapModifications() {
 				default:
 					//fmt.Printf("dropping data because channel is full")
 				}
+				continue
 			}
 			if msg.Exit {
-
+				continue
 			}
 			// got a message from mythic, we don't know that serverID and the message isn't exit, try to open a new connection
 			data, err := base64.StdEncoding.DecodeString(msg.Data)
@@ -394,7 +395,7 @@ func readFromProxy(conn net.Conn, toMythicSocksChannel chan structs.SocksMsg, ch
 func writeToProxy(recvChan chan structs.SocksMsg, conn net.Conn, channelId uint32, toMythicSocksChannel chan structs.SocksMsg) {
 	w := bufio.NewWriter(conn)
 	for bufOut := range recvChan {
-		fmt.Printf("got recv message from mythic to udp proxy")
+		//fmt.Printf("got recv message from mythic to proxy\n")
 		// Send a response back to person contacting us.
 		if bufOut.Exit {
 			w.Flush()
@@ -404,7 +405,7 @@ func writeToProxy(recvChan chan structs.SocksMsg, conn net.Conn, channelId uint3
 		data, err := base64.StdEncoding.DecodeString(bufOut.Data)
 		if err != nil {
 			w.Flush()
-			fmt.Printf("telling udp proxy to exit\n")
+			//fmt.Printf("telling proxy to exit\n")
 			msg := structs.SocksMsg{}
 			msg.ServerId = channelId
 			msg.Data = ""
@@ -415,7 +416,7 @@ func writeToProxy(recvChan chan structs.SocksMsg, conn net.Conn, channelId uint3
 		}
 		_, err = w.Write(data)
 		if err != nil {
-			fmt.Println("channel (%d) Error writing to proxy: ", channelId, err.Error())
+			//fmt.Println("channel (%d) Error writing to proxy: ", channelId, err.Error())
 			msg := structs.SocksMsg{}
 			msg.ServerId = channelId
 			msg.Data = ""
@@ -429,7 +430,7 @@ func writeToProxy(recvChan chan structs.SocksMsg, conn net.Conn, channelId uint3
 		w.Flush()
 	}
 	w.Flush()
-	fmt.Printf("telling udp proxy to exit\n")
+	//fmt.Printf("telling proxy to exit\n")
 	msg := structs.SocksMsg{}
 	msg.ServerId = channelId
 	msg.Data = ""
@@ -457,7 +458,7 @@ func writeToUDPProxy(recvChan chan structs.SocksMsg, conn net.Conn, channelId ui
 		r := bytes.NewReader(data)
 		header := []byte{0, 0, 0}
 		if _, err := r.Read(header); err != nil {
-			fmt.Printf("failed to connect to read header: %v\n", err)
+			//fmt.Printf("failed to connect to read header: %v\n", err)
 			msg := structs.SocksMsg{
 				ServerId: channelId,
 				Exit:     true,
@@ -467,7 +468,7 @@ func writeToUDPProxy(recvChan chan structs.SocksMsg, conn net.Conn, channelId ui
 		}
 		_, err = ReadAddrSpec(r)
 		if err != nil {
-			fmt.Printf("failed to read remote address: %v\n", err)
+			//fmt.Printf("failed to read remote address: %v\n", err)
 			msg := structs.SocksMsg{
 				ServerId: channelId,
 				Exit:     true,
diff --git a/Payload_Type/poseidon/poseidon/agentfunctions/builder.go b/Payload_Type/poseidon/poseidon/agentfunctions/builder.go
index 0508b07..72ba510 100644
--- a/Payload_Type/poseidon/poseidon/agentfunctions/builder.go
+++ b/Payload_Type/poseidon/poseidon/agentfunctions/builder.go
@@ -20,7 +20,7 @@ import (
 	"time"
 )
 
-const version = "2.1.8"
+const version = "2.1.9"
 
 type sleepInfoStruct struct {
 	Interval int       `json:"interval"`
@@ -140,6 +140,10 @@ var payloadDefinition = agentstructs.PayloadType{
 					atLeastOneCallbackWithinRange = true
 					continue
 				}
+				if activeC2 == "poseidon_tcp" {
+					atLeastOneCallbackWithinRange = true
+					continue
+				}
 				minAdd := sleepInfo[activeC2].Interval
 				maxAdd := sleepInfo[activeC2].Interval
 				if sleepInfo[activeC2].Jitter > 0 {
diff --git a/Payload_Type/poseidon/poseidon/browserscripts/download_new.js b/Payload_Type/poseidon/poseidon/browserscripts/download_new.js
index c53c689..e62297c 100644
--- a/Payload_Type/poseidon/poseidon/browserscripts/download_new.js
+++ b/Payload_Type/poseidon/poseidon/browserscripts/download_new.js
@@ -1 +1 @@
-function(task, responses){

    if(task.status.includes("error")){
        const combined = responses.reduce( (prev, cur) => {
            return prev + cur;
        }, "");
        return {'plaintext': combined};
    }else if(task.completed){
        if(responses.length > 0){
            try{
                let data = JSON.parse(responses[0]);
                return { "media": [{
                        "filename": `${task.display_params}`,
                        "agent_file_id": data["file_id"],
                    }]};
            }catch(error){
                const combined = responses.reduce( (prev, cur) => {
                    return prev + cur;
                }, "");
                return {'plaintext': combined};
            }

        }else{
            return {"plaintext": "No data to display..."}
        }

    }else{
        if(responses.length > 0){
            const task_data = JSON.parse(responses[0]);
            return {"plaintext": "Downloading a file with " + task_data["total_chunks"] + " total chunks..."};
        }
        return {"plaintext": "No data yet..."}
    }
}
\ No newline at end of file
+function(task, responses){

    if(task.status.includes("error")){
        const combined = responses.reduce( (prev, cur) => {
            return prev + cur;
        }, "");
        return {'plaintext': combined};
    }else if(task.completed){
        if(responses.length > 0){
            try{
                let data = JSON.parse(responses[0]);
                let filename_pieces = task.display_params.split("/");
                return { "media": [{
                        "filename": `${filename_pieces[filename_pieces.length -1]}`,
                        "agent_file_id": data["file_id"],
                    }]};
            }catch(error){
                const combined = responses.reduce( (prev, cur) => {
                    return prev + cur;
                }, "");
                return {'plaintext': combined};
            }

        }else{
            return {"plaintext": "No data to display..."}
        }

    }else{
        if(responses.length > 0){
            const task_data = JSON.parse(responses[0]);
            return {"plaintext": "Downloading a file with " + task_data["total_chunks"] + " total chunks..."};
        }
        return {"plaintext": "No data yet..."}
    }
}
\ No newline at end of file
diff --git a/agent_capabilities.json b/agent_capabilities.json
index e005f51..7e1cc31 100644
--- a/agent_capabilities.json
+++ b/agent_capabilities.json
@@ -10,6 +10,6 @@
   "architectures": ["x86_64", "arm_64"],
   "c2": ["http", "websocket", "dynamichttp", "poseidon_tcp"],
   "mythic_version": "3.3.0",
-  "agent_version": "2.1.8",
+  "agent_version": "2.1.9",
   "supported_wrappers": []
 }
\ No newline at end of file