From d78d9a0026ae262526b67a1ff5062cecb7618479 Mon Sep 17 00:00:00 2001 From: its-a-feature Date: Mon, 16 Sep 2024 18:57:11 -0500 Subject: [PATCH] fixing an update with MythicRPC Encrypts/Decrypts RPC Calls --- Payload_Type/arachne/.docker/requirements.txt | 2 +- Payload_Type/arachne/arachne/agent_functions/cd.py | 6 ++++-- Payload_Type/arachne/arachne/agent_functions/checkin.py | 6 ++++-- Payload_Type/arachne/arachne/agent_functions/download.py | 6 ++++-- .../arachne/arachne/agent_functions/execute_assembly.py | 6 ++++-- Payload_Type/arachne/arachne/agent_functions/ls.py | 6 ++++-- Payload_Type/arachne/arachne/agent_functions/pwd.py | 6 ++++-- Payload_Type/arachne/arachne/agent_functions/rm.py | 6 ++++-- Payload_Type/arachne/arachne/agent_functions/shell.py | 6 ++++-- Payload_Type/arachne/arachne/agent_functions/upload.py | 6 ++++-- 10 files changed, 37 insertions(+), 19 deletions(-) diff --git a/Payload_Type/arachne/.docker/requirements.txt b/Payload_Type/arachne/.docker/requirements.txt index 1464f00..78de966 100644 --- a/Payload_Type/arachne/.docker/requirements.txt +++ b/Payload_Type/arachne/.docker/requirements.txt @@ -1,3 +1,3 @@ -mythic-container==0.5.9 +mythic-container==0.5.12 requests bs4 \ No newline at end of file diff --git a/Payload_Type/arachne/arachne/agent_functions/cd.py b/Payload_Type/arachne/arachne/agent_functions/cd.py index 050db72..53daddb 100644 --- a/Payload_Type/arachne/arachne/agent_functions/cd.py +++ b/Payload_Type/arachne/arachne/agent_functions/cd.py @@ -50,7 +50,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=message.encode(), IncludesUUID=False, - IsBase64Encoded=False + IsBase64Encoded=False, + C2Profile="webshell" )) if encrypted_resp.Success: try: @@ -66,7 +67,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=response_data, IncludesUUID=False, - IsBase64Encoded=True + IsBase64Encoded=True, + C2Profile="webshell" )) if decrypted_resp.Success: await SendMythicRPCResponseCreate(MythicRPCResponseCreateMessage( diff --git a/Payload_Type/arachne/arachne/agent_functions/checkin.py b/Payload_Type/arachne/arachne/agent_functions/checkin.py index 7a7bde8..44b45c4 100644 --- a/Payload_Type/arachne/arachne/agent_functions/checkin.py +++ b/Payload_Type/arachne/arachne/agent_functions/checkin.py @@ -34,7 +34,8 @@ async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllDa AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=message.encode(), IncludesUUID=False, - IsBase64Encoded=False + IsBase64Encoded=False, + C2Profile="webshell" )) if encrypted_resp.Success: try: @@ -50,7 +51,8 @@ async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllDa AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=response_data, IncludesUUID=False, - IsBase64Encoded=True + IsBase64Encoded=True, + C2Profile="webshell" )) if decrypted_resp.Success: info = decrypted_resp.Message.decode().split('|') diff --git a/Payload_Type/arachne/arachne/agent_functions/download.py b/Payload_Type/arachne/arachne/agent_functions/download.py index 2ee565f..dba4d9c 100644 --- a/Payload_Type/arachne/arachne/agent_functions/download.py +++ b/Payload_Type/arachne/arachne/agent_functions/download.py @@ -52,7 +52,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=message.encode(), IncludesUUID=False, - IsBase64Encoded=False + IsBase64Encoded=False, + C2Profile="webshell" )) if encrypted_resp.Success: try: @@ -68,7 +69,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=response_data, IncludesUUID=False, - IsBase64Encoded=True + IsBase64Encoded=True, + C2Profile="webshell" )) if decrypted_resp.Success: file_resp = await SendMythicRPCFileCreate(MythicRPCFileCreateMessage( diff --git a/Payload_Type/arachne/arachne/agent_functions/execute_assembly.py b/Payload_Type/arachne/arachne/agent_functions/execute_assembly.py index 0a22d2b..0ee2cef 100644 --- a/Payload_Type/arachne/arachne/agent_functions/execute_assembly.py +++ b/Payload_Type/arachne/arachne/agent_functions/execute_assembly.py @@ -53,7 +53,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=message.encode(), IncludesUUID=False, - IsBase64Encoded=False + IsBase64Encoded=False, + C2Profile="webshell" )) if encrypted_resp.Success: try: @@ -69,7 +70,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=response_data, IncludesUUID=False, - IsBase64Encoded=True + IsBase64Encoded=True, + C2Profile="webshell" )) if decrypted_resp.Success: await SendMythicRPCResponseCreate(MythicRPCResponseCreateMessage( diff --git a/Payload_Type/arachne/arachne/agent_functions/ls.py b/Payload_Type/arachne/arachne/agent_functions/ls.py index 798eeaa..0a80a69 100644 --- a/Payload_Type/arachne/arachne/agent_functions/ls.py +++ b/Payload_Type/arachne/arachne/agent_functions/ls.py @@ -47,7 +47,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=message.encode(), IncludesUUID=False, - IsBase64Encoded=False + IsBase64Encoded=False, + C2Profile="webshell" )) if encrypted_resp.Success: try: @@ -63,7 +64,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=response_data, IncludesUUID=False, - IsBase64Encoded=True + IsBase64Encoded=True, + C2Profile="webshell" )) if decrypted_resp.Success: await SendMythicRPCResponseCreate(MythicRPCResponseCreateMessage( diff --git a/Payload_Type/arachne/arachne/agent_functions/pwd.py b/Payload_Type/arachne/arachne/agent_functions/pwd.py index 74abe9c..bb2dd2c 100644 --- a/Payload_Type/arachne/arachne/agent_functions/pwd.py +++ b/Payload_Type/arachne/arachne/agent_functions/pwd.py @@ -35,7 +35,8 @@ async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllDa AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=message.encode(), IncludesUUID=False, - IsBase64Encoded=False + IsBase64Encoded=False, + C2Profile="webshell" )) if encrypted_resp.Success: try: @@ -52,7 +53,8 @@ async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllDa AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=response_data, IncludesUUID=False, - IsBase64Encoded=True + IsBase64Encoded=True, + C2Profile="webshell" )) logger.info(str(decrypted_resp.Message)) if decrypted_resp.Success: diff --git a/Payload_Type/arachne/arachne/agent_functions/rm.py b/Payload_Type/arachne/arachne/agent_functions/rm.py index e3d3ab5..07e50f5 100644 --- a/Payload_Type/arachne/arachne/agent_functions/rm.py +++ b/Payload_Type/arachne/arachne/agent_functions/rm.py @@ -48,7 +48,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=message.encode(), IncludesUUID=False, - IsBase64Encoded=False + IsBase64Encoded=False, + C2Profile="webshell" )) if encrypted_resp.Success: try: @@ -64,7 +65,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=response_data, IncludesUUID=False, - IsBase64Encoded=True + IsBase64Encoded=True, + C2Profile="webshell" )) if decrypted_resp.Success: await SendMythicRPCResponseCreate(MythicRPCResponseCreateMessage( diff --git a/Payload_Type/arachne/arachne/agent_functions/shell.py b/Payload_Type/arachne/arachne/agent_functions/shell.py index 163c9d4..2f3c445 100644 --- a/Payload_Type/arachne/arachne/agent_functions/shell.py +++ b/Payload_Type/arachne/arachne/agent_functions/shell.py @@ -48,7 +48,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=message.encode(), IncludesUUID=False, - IsBase64Encoded=False + IsBase64Encoded=False, + C2Profile="webshell" )) if encrypted_resp.Success: try: @@ -64,7 +65,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=response_data, IncludesUUID=False, - IsBase64Encoded=True + IsBase64Encoded=True, + C2Profile="webshell" )) if decrypted_resp.Success: await SendMythicRPCResponseCreate(MythicRPCResponseCreateMessage( diff --git a/Payload_Type/arachne/arachne/agent_functions/upload.py b/Payload_Type/arachne/arachne/agent_functions/upload.py index 6392dae..cf6a058 100644 --- a/Payload_Type/arachne/arachne/agent_functions/upload.py +++ b/Payload_Type/arachne/arachne/agent_functions/upload.py @@ -50,7 +50,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=message.encode(), IncludesUUID=False, - IsBase64Encoded=False + IsBase64Encoded=False, + C2Profile="webshell" )) if encrypted_resp.Success: try: @@ -66,7 +67,8 @@ async def create_go_tasking(self, AgentCallbackUUID=taskData.Callback.AgentCallbackID, Message=response_data, IncludesUUID=False, - IsBase64Encoded=True + IsBase64Encoded=True, + C2Profile="webshell" )) if decrypted_resp.Success: await SendMythicRPCResponseCreate(MythicRPCResponseCreateMessage(