v3.2.20-rc3

SOCKS and logging tweaks

CHANGELOG.MD

@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.2.20-rc3] - 2024-03-19
+
+### Changed
+
+- Updated the logging library to just be zerolog and not zerolog/logr which was messing with logging levels
+- Removed a section of socks/rpfwd code that resulted in double closure messages getting sent to the agent
+- Updated a section of socks to do multiple reads with smaller buffers
+
 ## [3.2.20-rc2] - 2024-03-14
 
 ### Changed

VERSION

@@ -1 +1 @@
-3.2.20-rc2
+3.2.20-rc3

mythic-docker/src/authentication/jwt.go

@@ -181,7 +181,6 @@ func ExtractCookieToken(c *gin.Context) (string, error) {
 		return "", ErrMissingCookieValue
 	}
 	if len(token) > 0 {
-		logging.LogTrace("got cookie header", "cookie", token)
 		return token, nil
 	}
 	logging.LogDebug("Failed to find cookie value")

mythic-docker/src/database/utils.go

@@ -65,17 +65,17 @@ func GetUserCurrentOperation(userID int) (*databaseStructs.Operatoroperation, er
 
 func GetUserFromID(userID int) (*databaseStructs.Operator, error) {
 	operator := databaseStructs.Operator{}
-	if err := DB.Get(&operator, `SELECT 
+	err := DB.Get(&operator, `SELECT 
 	username, id, "admin", last_login, failed_login_count, salt, "password", secrets, preferences,
 	last_failed_login_timestamp, active, deleted, current_operation_id, view_utc_time, 
 	current_operation_id  
 	FROM operator 
-	WHERE id=$1`, userID); err != nil {
+	WHERE id=$1`, userID)
+	if err != nil {
 		logging.LogError(err, "Failed to find operator", "user_id", userID)
 		return nil, err
-	} else {
-		return &operator, nil
 	}
+	return &operator, nil
 }
 
 func GetOperationsForUser(userID int) (*[]databaseStructs.Operatoroperation, error) {

mythic-docker/src/go.mod

@@ -55,11 +55,11 @@ require (
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/arch v0.7.0 // indirect
 	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f // indirect
+	golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect
 	golang.org/x/net v0.22.0 // indirect
 	golang.org/x/sys v0.18.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20240311173647-c811ad7063a7 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

mythic-docker/src/go.sum

@@ -140,6 +140,8 @@ golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
 golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
 golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f h1:3CW0unweImhOzd5FmYuRsD4Y4oQFKZIjAnKbjV4WIrw=
 golang.org/x/exp v0.0.0-20240314144324-c7f7c6466f7f/go.mod h1:CxmFvTBINI24O/j8iY7H1xHzx2i4OsyguNBmN/uPtqc=
+golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc=
+golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ=
 golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic=
 golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
 golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc=
@@ -154,6 +156,8 @@ golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
 golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240311173647-c811ad7063a7 h1:8EeVk1VKMD+GD/neyEHGmz7pFblqPjHoi+PGQIlLx2s=
 google.golang.org/genproto/googleapis/rpc v0.0.0-20240311173647-c811ad7063a7/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237 h1:NnYq6UN9ReLM9/Y01KWNOWyI5xQ9kbIms5GGJVwS/Yc=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240318140521-94a12d6c2237/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY=
 google.golang.org/grpc v1.62.1 h1:B4n+nfKzOICUXMgyrNd19h/I9oH0L1pizfk1d4zSgTk=
 google.golang.org/grpc v1.62.1/go.mod h1:IWTG0VlJLCh1SkC58F7np9ka9mx/WNkjl4PGJaiq+QE=
 google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=

mythic-docker/src/logging/initialize.go

@@ -1,24 +1,31 @@
 package logging
 
 import (
-	"errors"
 	"os"
 	"runtime"
 	"time"
 
-	"github.com/go-logr/logr"
-	"github.com/go-logr/zerologr"
 	"github.com/its-a-feature/Mythic/utils"
 	"github.com/rs/zerolog"
 )
 
 var (
-	logger logr.Logger
+	logger zerolog.Logger
 )
 
+/*
+zerolog allows for logging at the following levels (from highest to lowest):
+
+panic (zerolog.PanicLevel, 5)
+fatal (zerolog.FatalLevel, 4)
+error (zerolog.ErrorLevel, 3)
+warn (zerolog.WarnLevel, 2)
+info (zerolog.InfoLevel, 1)
+debug (zerolog.DebugLevel, 0)
+trace (zerolog.TraceLevel, -1)
+*/
+
 func Initialize() {
-	zerologr.NameFieldName = "logger"
-	zerologr.NameSeparator = "/"
 	var zl zerolog.Logger
 	switch utils.MythicConfig.DebugLevel {
 	case "warning":
@@ -39,71 +46,87 @@ func Initialize() {
 	}
 
 	zl = zl.With().Timestamp().Logger()
-	logger = zerologr.New(&zl)
-	logger.Info("Logging Initialized")
+	logger = zl
+	logger.Info().Msg("Logging Initialized")
 }
 
 func LogFatalError(err error, message string, messages ...interface{}) {
 	if pc, _, line, ok := runtime.Caller(1); ok {
 		if err == nil {
-			logger.Error(errors.New(message), "", messages...)
+			logger.Error().Fields(messages).Msg(message)
+			//logger.Error(errors.New(message), "", messages...)
 		} else {
-			logger.Error(err, message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
+			logger.Error().Err(err).Fields(append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)).Msg(message)
+			//logger.Error(err, message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
 		}
 	} else {
 		if err == nil {
-			logger.Error(errors.New(message), "", messages...)
+			logger.Error().Fields(messages).Msg(message)
+			//logger.Error(errors.New(message), "", messages...)
 		} else {
-			logger.Error(err, message, messages...)
+			logger.Error().Err(err).Fields(messages).Msg(message)
+			//logger.Error(err, message, messages...)
 		}
 	}
 	os.Exit(1)
 }
 
-func LogWarning(message string, messages ...interface{}) {
+func LogTrace(message string, messages ...interface{}) {
 	if pc, _, line, ok := runtime.Caller(1); ok {
-		logger.V(-1).Info(message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
+		logger.Trace().Fields(append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)).Msg(message)
+		//logger.V(2).Info(message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
 	} else {
-		logger.V(-1).Info(message, messages...)
+		logger.Trace().Fields(messages).Msg(message)
+		//logger.V(2).Info(message, messages...)
 	}
 }
 
-func LogTrace(message string, messages ...interface{}) {
+func LogDebug(message string, messages ...interface{}) {
 	if pc, _, line, ok := runtime.Caller(1); ok {
-		logger.V(2).Info(message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
+		logger.Debug().Fields(append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)).Msg(message)
+		//logger.V(1).Info(message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
 	} else {
-		logger.V(2).Info(message, messages...)
+		logger.Debug().Fields(messages).Msg(message)
+		//logger.V(1).Info(message, messages...)
 	}
 }
 
-func LogDebug(message string, messages ...interface{}) {
+func LogInfo(message string, messages ...interface{}) {
 	if pc, _, line, ok := runtime.Caller(1); ok {
-		logger.V(1).Info(message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
+		logger.Info().Fields(append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)).Msg(message)
+		//logger.V(0).Info(message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
 	} else {
-		logger.V(1).Info(message, messages...)
+		logger.Info().Fields(messages).Msg(message)
+		//logger.V(0).Info(message, messages...)
 	}
 }
 
-func LogInfo(message string, messages ...interface{}) {
+func LogWarning(message string, messages ...interface{}) {
 	if pc, _, line, ok := runtime.Caller(1); ok {
-		logger.V(0).Info(message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
+		logger.Warn().Fields(append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)).Msg(message)
+		//logger.V(1).Info(message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
 	} else {
-		logger.V(0).Info(message, messages...)
+		logger.Warn().Fields(messages).Msg(message)
+		//logger.V(1).Info(message, messages...)
 	}
 }
 
 func LogError(err error, message string, messages ...interface{}) {
 	if pc, _, line, ok := runtime.Caller(1); ok {
 		if err == nil {
-			logger.Error(errors.New(message), "", messages...)
+			logger.Error().Fields(messages).Msg(message)
+			//logger.Error(errors.New(message), "", messages...)
 		} else {
-			logger.Error(err, message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
+			logger.Error().Err(err).Fields(append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)).Msg(message)
+			//logger.Error(err, message, append([]interface{}{"func", runtime.FuncForPC(pc).Name(), "line", line}, messages...)...)
 		}
 	} else {
 		if err == nil {
-			logger.Error(errors.New(message), "", messages...)
+			logger.Error().Fields(messages).Msg(message)
+			//logger.Error(errors.New(message), "", messages...)
 		} else {
-			logger.Error(err, message, messages...)
+			logger.Error().Err(err).Fields(messages).Msg(message)
+			//logger.Error(err, message, messages...)
 		}
 	}
 

mythic-docker/src/rabbitmq/recv_mythic_rpc_callback_encrypt_bytes.go

@@ -75,15 +75,15 @@ func CallbackEncryptMessage(agentCallbackUUID string, message []byte, includeUUI
 			logging.LogError(err, "Failed to encrypt message")
 			return nil, err
 		}
-		logging.LogTrace("CallbackEncryptMessage", "encrypted", cipherText)
+		//logging.LogDebug("CallbackEncryptMessage", "encrypted", cipherText)
 		if includeUUID {
 			cipherText = append([]byte(agentCallbackUUID), cipherText...)
 		}
 		if base64ReturnMessage {
-			logging.LogTrace("CallbackEncryptMessage", "about to base64", cipherText)
+			//logging.LogDebug("CallbackEncryptMessage", "about to base64", cipherText)
 			base64Message := make([]byte, base64.StdEncoding.EncodedLen(len(cipherText)))
 			base64.StdEncoding.Encode(base64Message, cipherText)
-			logging.LogTrace("CallbackEncryptMessage", "base64 encoded", base64Message)
+			//logging.LogDebug("CallbackEncryptMessage", "base64 encoded", base64Message)
 			return base64Message, nil
 		} else {
 			return cipherText, nil

mythic-docker/src/rabbitmq/util_agent_message.go

@@ -854,7 +854,7 @@ func DecryptMessage(uuidInfo *cachedUUIDInfo, agentMessage []byte) (map[string]i
 }
 
 func EncryptMessage(uuidInfo *cachedUUIDInfo, outerUUID string, agentMessage map[string]interface{}, agentUUIDLength int, shouldBase64Encode bool) ([]byte, error) {
-	logging.LogTrace("Sending back final message", "response", agentMessage)
+	//logging.LogDebug("Sending back final message", "response", agentMessage)
 	if uuidInfo.MythicEncrypts {
 		if uuidInfo.TranslationContainerName == "" {
 			// we encrypt the JSON bytes and return raw bytes