From 89adef6cc361c4ae0ab8017119fe5880349a1d79 Mon Sep 17 00:00:00 2001 From: spenceradolph Date: Tue, 23 Apr 2024 13:25:46 +0000 Subject: [PATCH 1/2] potential fix for windows --- .../sliverapi/SliverRequests/SliverAPI.py | 124 +++++++++--------- .../sliverapi/agent_functions/generate.py | 3 +- .../sliverapi/agent_functions/profiles.py | 3 +- .../sliverapi/agent_functions/use.py | 6 +- 4 files changed, 70 insertions(+), 66 deletions(-) diff --git a/Payload_Type/sliverapi/sliverapi/SliverRequests/SliverAPI.py b/Payload_Type/sliverapi/sliverapi/SliverRequests/SliverAPI.py index 7209a6d..8e23de0 100644 --- a/Payload_Type/sliverapi/sliverapi/SliverRequests/SliverAPI.py +++ b/Payload_Type/sliverapi/sliverapi/SliverRequests/SliverAPI.py @@ -64,66 +64,66 @@ async def read_server_events(): async def handleSliverEvent(event: client_pb2.Event, configFileId): print(event.EventType) - if (event.EventType == 'session-connected'): - # print(event.Session) - - # create payload - sliver_os_table = { - 'linux': 'Linux' - } - - # TODO: only include 'shell' for interactive sessions, not beacons - - new_payload = MythicRPCPayloadCreateFromScratchMessage( - # TODO: this may need some mythic improvements - TaskID=1, - - PayloadConfiguration=MythicRPCPayloadConfiguration( - payload_type="sliverimplant", - uuid=event.Session.ID, - selected_os=sliver_os_table[event.Session.OS], - description=f"(no download) using sliver interactive implant for {event.Session.ID}", - build_parameters=[], - c2_profiles=[], - # TODO: figure out if possible to not specify these manually - commands=['ifconfig', 'download', 'upload', 'ls', 'ps', 'ping', 'whoami', 'screenshot', 'netstat', 'getgid', 'getuid', 'getpid', 'cat', 'cd', 'pwd', 'info', 'execute', 'mkdir', 'shell', 'terminate', 'rm'] - ), - ) - scratchBuild = await SendMythicRPCPayloadCreateFromScratch(new_payload) - - # create callback - extra_info = json.dumps({ - # TODO: if buildparams changes, then this won't work anymore (could make it more resilient) - "slivercfg_fileid": configFileId, - "type": 'session' - }) - response = await SendMythicRPCCallbackCreate(MythicRPCCallbackCreateMessage( - PayloadUUID=event.Session.ID, - - C2ProfileName="", - IntegrityLevel=3, - Host=event.Session.Hostname, - User=event.Session.Username, - Ip=event.Session.RemoteAddress.split(':')[0], - ExtraInfo=extra_info, - PID=event.Session.PID - )) - - if (event.EventType == 'session-disconnected'): - # TODO: often hard-coding ID=1 cause not sure how else to get results back... - # This thread isn't running on behalf of a specific callback - # Could potentially pass down the CallbackID of the instantiated sliverapi callback - # All the way from the parent function that called this? - # it works for now tho........ - callbacks = await SendMythicRPCCallbackSearch(MythicRPCCallbackSearchMessage( - AgentCallbackID=1, - SearchCallbackPID=event.Session.PID - )) - - await SendMythicRPCCallbackUpdate(MythicRPCCallbackUpdateMessage( - CallbackID=callbacks.Results[0].ID, - TaskID=1, - PID=event.Session.PID, + # if (event.EventType == 'session-connected'): + # # print(event.Session) + + # # create payload + # sliver_os_table = { + # 'linux': 'Linux' + # } + + # # TODO: only include 'shell' for interactive sessions, not beacons + + # new_payload = MythicRPCPayloadCreateFromScratchMessage( + # # TODO: this may need some mythic improvements + # TaskID=1, + + # PayloadConfiguration=MythicRPCPayloadConfiguration( + # payload_type="sliverimplant", + # uuid=event.Session.ID, + # selected_os=sliver_os_table[event.Session.OS], + # description=f"(no download) using sliver interactive implant for {event.Session.ID}", + # build_parameters=[], + # c2_profiles=[], + # # TODO: figure out if possible to not specify these manually + # commands=['ifconfig', 'download', 'upload', 'ls', 'ps', 'ping', 'whoami', 'screenshot', 'netstat', 'getgid', 'getuid', 'getpid', 'cat', 'cd', 'pwd', 'info', 'execute', 'mkdir', 'shell', 'terminate', 'rm'] + # ), + # ) + # scratchBuild = await SendMythicRPCPayloadCreateFromScratch(new_payload) + + # # create callback + # extra_info = json.dumps({ + # # TODO: if buildparams changes, then this won't work anymore (could make it more resilient) + # "slivercfg_fileid": configFileId, + # "type": 'session' + # }) + # response = await SendMythicRPCCallbackCreate(MythicRPCCallbackCreateMessage( + # PayloadUUID=event.Session.ID, + + # C2ProfileName="", + # IntegrityLevel=3, + # Host=event.Session.Hostname, + # User=event.Session.Username, + # Ip=event.Session.RemoteAddress.split(':')[0], + # ExtraInfo=extra_info, + # PID=event.Session.PID + # )) + + # if (event.EventType == 'session-disconnected'): + # # TODO: often hard-coding ID=1 cause not sure how else to get results back... + # # This thread isn't running on behalf of a specific callback + # # Could potentially pass down the CallbackID of the instantiated sliverapi callback + # # All the way from the parent function that called this? + # # it works for now tho........ + # callbacks = await SendMythicRPCCallbackSearch(MythicRPCCallbackSearchMessage( + # AgentCallbackID=1, + # SearchCallbackPID=event.Session.PID + # )) + + # await SendMythicRPCCallbackUpdate(MythicRPCCallbackUpdateMessage( + # CallbackID=callbacks.Results[0].ID, + # TaskID=1, + # PID=event.Session.PID, - Description='disconnected!' - )) + # Description='disconnected!' + # )) diff --git a/Payload_Type/sliverapi/sliverapi/agent_functions/generate.py b/Payload_Type/sliverapi/sliverapi/agent_functions/generate.py index eb111a6..a7603e2 100644 --- a/Payload_Type/sliverapi/sliverapi/agent_functions/generate.py +++ b/Payload_Type/sliverapi/sliverapi/agent_functions/generate.py @@ -98,7 +98,8 @@ async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllDa sliverconfig_file_uuid = taskData.BuildParameters[0].Value sliver_os_table = { - 'linux': 'Linux' + 'linux': 'Linux', + 'windows': "Windows" } # TODO: include 'shell' for sessions, but not for beaconers diff --git a/Payload_Type/sliverapi/sliverapi/agent_functions/profiles.py b/Payload_Type/sliverapi/sliverapi/agent_functions/profiles.py index 93a91f1..835c0a7 100644 --- a/Payload_Type/sliverapi/sliverapi/agent_functions/profiles.py +++ b/Payload_Type/sliverapi/sliverapi/agent_functions/profiles.py @@ -383,7 +383,8 @@ async def profiles_generate(taskData: PTTaskMessageAllData): break sliver_os_table = { - 'linux': 'Linux' + 'linux': 'Linux', + 'windows': "Windows" } sliverconfig_file_uuid = taskData.BuildParameters[0].Value diff --git a/Payload_Type/sliverapi/sliverapi/agent_functions/use.py b/Payload_Type/sliverapi/sliverapi/agent_functions/use.py index 6ddf4fb..5fb7f6d 100644 --- a/Payload_Type/sliverapi/sliverapi/agent_functions/use.py +++ b/Payload_Type/sliverapi/sliverapi/agent_functions/use.py @@ -107,7 +107,8 @@ async def use(taskData: PTTaskMessageAllData, sliver_id: int): # create the payload # TODO: figure out mappings for windows or mac... sliver_os_table = { - 'linux': 'Linux' + 'linux': 'Linux', + 'windows': "Windows" } # TODO: only include 'shell' for interactive sessions, not beacons @@ -118,7 +119,8 @@ async def use(taskData: PTTaskMessageAllData, sliver_id: int): PayloadConfiguration=MythicRPCPayloadConfiguration( payload_type="sliverimplant", uuid=sliver_id, - selected_os=sliver_os_table[implant_info.OS], + # selected_os=sliver_os_table[implant_info.OS], + selected_os='Windows', description=f"(no download) using sliver {'beaconing' if isBeacon else 'interactive'} implant for {sliver_id}", build_parameters=[], c2_profiles=[], From 017053b40b25cbfb4e1386c4cf3e4d6adde33532 Mon Sep 17 00:00:00 2001 From: spenceradolph Date: Tue, 23 Apr 2024 14:05:33 +0000 Subject: [PATCH 2/2] re-enabled callback creation --- .../sliverapi/SliverRequests/SliverAPI.py | 125 +++++++++--------- 1 file changed, 63 insertions(+), 62 deletions(-) diff --git a/Payload_Type/sliverapi/sliverapi/SliverRequests/SliverAPI.py b/Payload_Type/sliverapi/sliverapi/SliverRequests/SliverAPI.py index 8e23de0..efb099f 100644 --- a/Payload_Type/sliverapi/sliverapi/SliverRequests/SliverAPI.py +++ b/Payload_Type/sliverapi/sliverapi/SliverRequests/SliverAPI.py @@ -64,66 +64,67 @@ async def read_server_events(): async def handleSliverEvent(event: client_pb2.Event, configFileId): print(event.EventType) - # if (event.EventType == 'session-connected'): - # # print(event.Session) - - # # create payload - # sliver_os_table = { - # 'linux': 'Linux' - # } - - # # TODO: only include 'shell' for interactive sessions, not beacons - - # new_payload = MythicRPCPayloadCreateFromScratchMessage( - # # TODO: this may need some mythic improvements - # TaskID=1, - - # PayloadConfiguration=MythicRPCPayloadConfiguration( - # payload_type="sliverimplant", - # uuid=event.Session.ID, - # selected_os=sliver_os_table[event.Session.OS], - # description=f"(no download) using sliver interactive implant for {event.Session.ID}", - # build_parameters=[], - # c2_profiles=[], - # # TODO: figure out if possible to not specify these manually - # commands=['ifconfig', 'download', 'upload', 'ls', 'ps', 'ping', 'whoami', 'screenshot', 'netstat', 'getgid', 'getuid', 'getpid', 'cat', 'cd', 'pwd', 'info', 'execute', 'mkdir', 'shell', 'terminate', 'rm'] - # ), - # ) - # scratchBuild = await SendMythicRPCPayloadCreateFromScratch(new_payload) - - # # create callback - # extra_info = json.dumps({ - # # TODO: if buildparams changes, then this won't work anymore (could make it more resilient) - # "slivercfg_fileid": configFileId, - # "type": 'session' - # }) - # response = await SendMythicRPCCallbackCreate(MythicRPCCallbackCreateMessage( - # PayloadUUID=event.Session.ID, - - # C2ProfileName="", - # IntegrityLevel=3, - # Host=event.Session.Hostname, - # User=event.Session.Username, - # Ip=event.Session.RemoteAddress.split(':')[0], - # ExtraInfo=extra_info, - # PID=event.Session.PID - # )) - - # if (event.EventType == 'session-disconnected'): - # # TODO: often hard-coding ID=1 cause not sure how else to get results back... - # # This thread isn't running on behalf of a specific callback - # # Could potentially pass down the CallbackID of the instantiated sliverapi callback - # # All the way from the parent function that called this? - # # it works for now tho........ - # callbacks = await SendMythicRPCCallbackSearch(MythicRPCCallbackSearchMessage( - # AgentCallbackID=1, - # SearchCallbackPID=event.Session.PID - # )) - - # await SendMythicRPCCallbackUpdate(MythicRPCCallbackUpdateMessage( - # CallbackID=callbacks.Results[0].ID, - # TaskID=1, - # PID=event.Session.PID, + if (event.EventType == 'session-connected'): + # print(event.Session) + + # create payload + sliver_os_table = { + 'linux': 'Linux', + 'windows': 'Windows' + } + + # TODO: only include 'shell' for interactive sessions, not beacons + + new_payload = MythicRPCPayloadCreateFromScratchMessage( + # TODO: this may need some mythic improvements + TaskID=1, + + PayloadConfiguration=MythicRPCPayloadConfiguration( + payload_type="sliverimplant", + uuid=event.Session.ID, + selected_os=sliver_os_table[event.Session.OS], + description=f"(no download) using sliver interactive implant for {event.Session.ID}", + build_parameters=[], + c2_profiles=[], + # TODO: figure out if possible to not specify these manually + commands=['ifconfig', 'download', 'upload', 'ls', 'ps', 'ping', 'whoami', 'screenshot', 'netstat', 'getgid', 'getuid', 'getpid', 'cat', 'cd', 'pwd', 'info', 'execute', 'mkdir', 'shell', 'terminate', 'rm'] + ), + ) + scratchBuild = await SendMythicRPCPayloadCreateFromScratch(new_payload) + + # create callback + extra_info = json.dumps({ + # TODO: if buildparams changes, then this won't work anymore (could make it more resilient) + "slivercfg_fileid": configFileId, + "type": 'session' + }) + response = await SendMythicRPCCallbackCreate(MythicRPCCallbackCreateMessage( + PayloadUUID=event.Session.ID, + + C2ProfileName="", + IntegrityLevel=3, + Host=event.Session.Hostname, + User=event.Session.Username, + Ip=event.Session.RemoteAddress.split(':')[0], + ExtraInfo=extra_info, + PID=event.Session.PID + )) + + if (event.EventType == 'session-disconnected'): + # TODO: often hard-coding ID=1 cause not sure how else to get results back... + # This thread isn't running on behalf of a specific callback + # Could potentially pass down the CallbackID of the instantiated sliverapi callback + # All the way from the parent function that called this? + # it works for now tho........ + callbacks = await SendMythicRPCCallbackSearch(MythicRPCCallbackSearchMessage( + AgentCallbackID=1, + SearchCallbackPID=event.Session.PID + )) + + await SendMythicRPCCallbackUpdate(MythicRPCCallbackUpdateMessage( + CallbackID=callbacks.Results[0].ID, + TaskID=1, + PID=event.Session.PID, - # Description='disconnected!' - # )) + Description='disconnected!' + ))