Merge pull request #107 from its-a-feature/2.2-updates

added in a few more pages for the new ui, updated mythic-cli to inclu…
its-a-feature · Jul 30, 2021 · f15ec77 · f15ec77
2 parents df0ca66 + 0bac5d6
commit f15ec77
Show file tree

Hide file tree

Showing 96 changed files with 4,271 additions and 9,966 deletions.
diff --git a/README.md b/README.md
@@ -9,7 +9,7 @@ A cross-platform, post-exploit, red teaming framework built with python3, docker
 * Objective By the Sea 2019 talk on JXA: https://objectivebythesea.com/v2/talks/OBTS_v2_Thomas.pdf  
 * Objective By the sea 2019 Video: https://www.youtube.com/watch?v=E-QEsGsq3uI&list=PLliknDIoYszvTDaWyTh6SYiTccmwOsws8&index=17  
 
-* Current Version: 2.2.12
+* Current Version: 2.2.13
 
 ## Installing Agents and C2 Profiles
 

diff --git a/hasura-docker/metadata/actions.graphql b/hasura-docker/metadata/actions.graphql
@@ -1,3 +1,9 @@
+type Query {
+  config_check (
+    uuid: String!
+  ): ConfigCheckOutput
+}
+
 type Mutation {
   createAPIToken (
     tokenType: String!
@@ -38,12 +44,39 @@ type Query {
   ): ContainerFile
 }
 
+type Mutation {
+  download_bulk (
+    files: [String!]!
+  ): BulkDownloadOutput
+}
+
+type Mutation {
+  dynamic_query_function (
+    command: String!
+    parameter_name: String!
+    payload_type: String!
+    callback: Int!
+  ): dynamicQueryOutput
+}
+
 type Query {
   getProfileOutput (
     id: Int!
   ): ProfileOutput
 }
 
+type Mutation {
+  rebuild_payload (
+    uuid: String!
+  ): rebuildOutput
+}
+
+type Query {
+  redirect_rules (
+    uuid: String!
+  ): redirectOutput
+}
+
 type Mutation {
   requestOpsecBypass (
     task_id: Int!
@@ -173,3 +206,33 @@ type updateCallbackOutput {
   error : String
 }
 
+type BulkDownloadOutput {
+  status : String!
+  error : String
+  file_id : String
+}
+
+type dynamicQueryOutput {
+  status : String!
+  error : String
+  choices : [String]
+}
+
+type rebuildOutput {
+  status : String!
+  error : String
+  uuid : String
+}
+
+type redirectOutput {
+  status : String!
+  error : String
+  output : String
+}
+
+type ConfigCheckOutput {
+  status : String!
+  error : String
+  output : String
+}
+
diff --git a/hasura-docker/metadata/actions.yaml b/hasura-docker/metadata/actions.yaml
@@ -1,4 +1,15 @@
 actions:
+- name: config_check
+  definition:
+    kind: ""
+    handler: '{{MYTHIC_ACTIONS_URL_BASE}}/config_check_webhook'
+    forward_client_headers: true
+  permissions:
+  - role: spectator
+  - role: operator
+  - role: operation_admin
+  - role: mythic_admin
+  - role: developer
 - name: createAPIToken
   definition:
     kind: synchronous
@@ -60,6 +71,27 @@ actions:
   - role: operation_admin
   - role: operator
   - role: spectator
+- name: download_bulk
+  definition:
+    kind: synchronous
+    handler: '{{MYTHIC_ACTIONS_URL_BASE}}/download_bulk_webhook'
+    forward_client_headers: true
+  permissions:
+  - role: operator
+  - role: operation_admin
+  - role: mythic_admin
+  - role: developer
+- name: dynamic_query_function
+  definition:
+    kind: synchronous
+    handler: '{{MYTHIC_ACTIONS_URL_BASE}}/dynamic_query_webhook'
+    forward_client_headers: true
+  permissions:
+  - role: spectator
+  - role: operator
+  - role: operation_admin
+  - role: mythic_admin
+  - role: developer
 - name: getProfileOutput
   definition:
     kind: ""
@@ -70,6 +102,27 @@ actions:
   - role: mythic_admin
   - role: operation_admin
   - role: operator
+- name: rebuild_payload
+  definition:
+    kind: synchronous
+    handler: '{{MYTHIC_ACTIONS_URL_BASE}}/rebuild_webhook'
+    forward_client_headers: true
+  permissions:
+  - role: operator
+  - role: operation_admin
+  - role: mythic_admin
+  - role: developer
+- name: redirect_rules
+  definition:
+    kind: ""
+    handler: '{{MYTHIC_ACTIONS_URL_BASE}}/redirect_rules_webhook'
+    forward_client_headers: true
+  permissions:
+  - role: spectator
+  - role: operator
+  - role: operation_admin
+  - role: mythic_admin
+  - role: developer
 - name: requestOpsecBypass
   definition:
     kind: synchronous
@@ -147,4 +200,9 @@ custom_types:
         id: id
   - name: BypassOutput
   - name: updateCallbackOutput
+  - name: BulkDownloadOutput
+  - name: dynamicQueryOutput
+  - name: rebuildOutput
+  - name: redirectOutput
+  - name: ConfigCheckOutput
   scalars: []
diff --git a/hasura-docker/metadata/databases/databases.yaml b/hasura-docker/metadata/databases/databases.yaml
@@ -0,0 +1 @@
+[]
diff --git a/hasura-docker/metadata/tables.yaml b/hasura-docker/metadata/tables.yaml
@@ -2133,87 +2133,97 @@
   - role: developer
     permission:
       columns:
-      - choice_filter_by_command_attributes
-      - choices
-      - choices_are_all_commands
-      - choices_are_loaded_commands
-      - command_id
-      - default_value
-      - description
       - id
+      - command_id
       - name
+      - type
+      - default_value
+      - choices
       - required
-      - supported_agent_build_parameters
+      - description
       - supported_agents
-      - type
+      - supported_agent_build_parameters
+      - choice_filter_by_command_attributes
+      - choices_are_all_commands
+      - choices_are_loaded_commands
+      - ui_position
+      - dynamic_query_function
       filter: {}
   - role: mythic_admin
     permission:
       columns:
       - choices_are_all_commands
       - choices_are_loaded_commands
       - required
+      - type
       - command_id
       - id
+      - ui_position
       - choice_filter_by_command_attributes
       - choices
       - default_value
       - description
+      - dynamic_query_function
       - name
       - supported_agent_build_parameters
       - supported_agents
-      - type
       filter: {}
   - role: operation_admin
     permission:
       columns:
       - choices_are_all_commands
       - choices_are_loaded_commands
       - required
+      - type
       - command_id
       - id
+      - ui_position
       - choice_filter_by_command_attributes
       - choices
       - default_value
       - description
+      - dynamic_query_function
       - name
       - supported_agent_build_parameters
       - supported_agents
-      - type
       filter: {}
   - role: operator
     permission:
       columns:
       - choices_are_all_commands
       - choices_are_loaded_commands
       - required
+      - type
       - command_id
       - id
+      - ui_position
       - choice_filter_by_command_attributes
       - choices
       - default_value
       - description
+      - dynamic_query_function
       - name
       - supported_agent_build_parameters
       - supported_agents
-      - type
       filter: {}
   - role: spectator
     permission:
       columns:
       - choices_are_all_commands
       - choices_are_loaded_commands
       - required
+      - type
       - command_id
       - id
+      - ui_position
       - choice_filter_by_command_attributes
       - choices
       - default_value
       - description
+      - dynamic_query_function
       - name
       - supported_agent_build_parameters
       - supported_agents
-      - type
       filter: {}
 - table:
     schema: public
@@ -2656,6 +2666,7 @@
       filter:
         operation_id:
           _in: X-Hasura-operations
+      allow_aggregations: true
   - role: mythic_admin
     permission:
       columns:
@@ -2687,6 +2698,7 @@
       filter:
         operation_id:
           _in: X-Hasura-operations
+      allow_aggregations: true
   - role: operation_admin
     permission:
       columns:
@@ -2718,6 +2730,7 @@
       filter:
         operation_id:
           _in: X-Hasura-operations
+      allow_aggregations: true
   - role: operator
     permission:
       columns:
@@ -2749,6 +2762,7 @@
       filter:
         operation_id:
           _in: X-Hasura-operations
+      allow_aggregations: true
   - role: spectator
     permission:
       columns:
@@ -2780,6 +2794,7 @@
       filter:
         operation_id:
           _in: X-Hasura-operations
+      allow_aggregations: true
   update_permissions:
   - role: developer
     permission:

diff --git a/mythic-cli b/mythic-cli
diff --git a/mythic-docker/app/api/c2profiles_api.py b/mythic-docker/app/api/c2profiles_api.py
@@ -16,6 +16,7 @@
 import uuid
 from app.api.operation_api import send_all_operations_message
 from app.api.rabbitmq_api import MythicBaseRPC
+from sanic.log import logger
 
 
 c2_rpc = MythicBaseRPC()
@@ -118,19 +119,22 @@ async def start_stop_c2profile_webhook(request, user):
     # print(status)
     if not successfully_sent:
         await send_all_operations_message(message=f"C2 Profile {profile.name} couldn't be contacted. Is it online? Check with ./status_check.sh",
-                                          level="info", source="update_c2_profile")
+                                          level="warning")
         profile.running = False
         await app.db_objects.update(profile)
         return json({"status": "error", "error": "Failed to contact C2 profile"})
     status = js.loads(status)
     if "running" in status:
         if status["running"]:
             await send_all_operations_message(message=f"C2 Profile {profile.name} started by {user['username']}",
-                                              level="info", source="update_c2_profile")
+                                              level="info")
+            from app.api.operation_api import resolve_all_operations_message
+            await resolve_all_operations_message(f"{profile.name}'s internal server stopped")
+            await resolve_all_operations_message(f"C2 Profile {profile.name}.*")
         else:
             await send_all_operations_message(
                 message=f"C2 Profile {profile.name} was manually stopped by {user['username']}",
-                level="warning", source="update_c2_profile")
+                level="warning")
         profile.running = status.pop("running")
         await app.db_objects.update(profile)
     return json(status)

diff --git a/mythic-docker/app/api/file_api.py b/mythic-docker/app/api/file_api.py
@@ -812,19 +812,20 @@ async def get_screencapture(request, user, id):
         )
 
 
-@mythic.route(mythic.config["API_BASE"] + "/files/download/bulk", methods=["POST"])
+@mythic.route(mythic.config["API_BASE"] + "/download_bulk_webhook", methods=["POST"])
 @inject_user()
 @scoped(
     ["auth:user", "auth:apitoken_user"], False
 )  # user or user-level api token are ok
-async def download_zipped_files(request, user):
+async def download_zipped_files_webhook(request, user):
     if user["auth"] not in ["access_token", "apitoken"]:
         abort(
             status_code=403,
             message="Cannot access via Cookies. Use CLI or access via JS in browser",
         )
     try:
         data = request.json
+        data = data["input"]
         if "files" not in data:
             return abort(404, "missing 'files' value")
         # need to make aa temporary directory, copy all the files there, zip it, return that and clean up temp dir
@@ -860,6 +861,11 @@ async def download_zipped_files(request, user):
             delete_after_fetch=False,
             filename="Mythic_Downloads.zip".encode("utf-8"),
         )
+        with open("./app/files/{}.zip".format(temp_id), "rb") as f:
+            ziped_bytes = f.read()
+            file_meta.md5 = await hash_MD5(ziped_bytes)
+            file_meta.sha1 = await hash_SHA1(ziped_bytes)
+            await app.db_objects.update(file_meta)
         return json({"status": "success", "file_id": file_meta.agent_file_id})
     except Exception as e:
         print(str(e))