Merge Covenant version 0.6 and add broken named pipe detection to SMB…

… and HTTP Grunt

.gitignore

@@ -1,6 +1,8 @@
 # Sqlite DB
 covenant.db
 covenant.db-journal
+covenant.db-wal
+covenant.db-shm
 
 # Build results
 [Dd]ebug/
@@ -12,6 +14,9 @@ x86/
 bld/
 [Bb]in/
 [Oo]bj/
+dotnetwarp_temp/
+Optimize/
+_/
 
 # Covenant Logs
 [Ll]og/
@@ -20,6 +25,7 @@ bld/
 # Visual Studio cache/options
 .vs/
 .vscode/
+*.user
 *.userprefs
 
 # Mac files

.gitmodules

@@ -1,21 +1,32 @@
 [submodule "Covenant/Data/ReferenceSourceLibraries/Rubeus"]
 	path = Covenant/Data/ReferenceSourceLibraries/Rubeus
 	url = https://github.com/GhostPack/Rubeus
+	ignore = dirty
 [submodule "Covenant/Data/ReferenceSourceLibraries/SharpSploit"]
 	path = Covenant/Data/ReferenceSourceLibraries/SharpSploit
 	url = https://github.com/cobbr/SharpSploit
+	ignore = dirty
 [submodule "Covenant/Data/ReferenceSourceLibraries/SharpDPAPI"]
 	path = Covenant/Data/ReferenceSourceLibraries/SharpDPAPI
 	url = https://github.com/GhostPack/SharpDPAPI
+	ignore = dirty
 [submodule "Covenant/Data/ReferenceSourceLibraries/SharpUp"]
 	path = Covenant/Data/ReferenceSourceLibraries/SharpUp
 	url = https://github.com/GhostPack/SharpUp
+	ignore = dirty
 [submodule "Covenant/Data/ReferenceSourceLibraries/Seatbelt"]
 	path = Covenant/Data/ReferenceSourceLibraries/Seatbelt
 	url = https://github.com/GhostPack/Seatbelt
+	ignore = dirty
 [submodule "Covenant/Data/ReferenceSourceLibraries/SharpDump"]
 	path = Covenant/Data/ReferenceSourceLibraries/SharpDump
 	url = https://github.com/GhostPack/SharpDump
+	ignore = dirty
 [submodule "Covenant/Data/ReferenceSourceLibraries/SharpWMI"]
 	path = Covenant/Data/ReferenceSourceLibraries/SharpWMI
 	url = https://github.com/GhostPack/SharpWMI
+	ignore = dirty
+[submodule "Covenant/Data/ReferenceSourceLibraries/SharpSC"]
+	path = Covenant/Data/ReferenceSourceLibraries/SharpSC
+	url = https://github.com/djhohnstein/SharpSC
+        ignore = dirty

CHANGELOG.md

@@ -5,15 +5,111 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## Unreleased
+### Changed
+- Disallow Administrators from changing other user's passwords
+- Restrict non-admin users from visiting other user's profile in UI
+- Updated ShellCode task to use file upload of raw binary
+
+### Fixed
+- Fix edit roles for CovenantUser UI bug
+- Fix profile bug when HttpGetResponse differs from HttpPostResponse
+- Fix TaskKill display bug
+- Fix token impersonation issues
+
+## [v0.6] - 2020-08-04
+### Added
+- Added CreateDirectory task
+- Add SharpSC submodule, ReferenceSourceLibrary, and GruntTask
+- Added CreateProcessWithToken task
+- Added aliases for Shell tasks
+- Added ShellCodeLauncher using Donut
+- Added Copy command
+- Added missing Keylogger task
+- Added streaming task output
+- Added Download/Upload .NET Core Tasks
+- Added ReadTextFile,CreateDirectory,Delete .NET Core Tasks
+- Added UI Themes, new Heathen Mode theme
+- Added a TabbedTerminal view to GruntIndex component
+- Added message that Covenant has started
+
+### Changed
+- Add SharpSploit.LateralMovement namespace to SharpShell command
+- Updated PowerShellRemoting tasks to show output
+- Update implants to use WellKnownSidType enum rather than string for non-english systems
+- Update all launchers to support non-http profiles
+- Changed Shell tasks to use CreateProcess to get output
+- Updated SharpSploit, Rubeus, Seatbelt ReferenceSourceLibaries to latest versions
+- Simplified compilation optimization to use HashSet
+- Limited compilation optimization for SharpSC
+- Updated Seatbelt to latest version
+- Updated SharpSploit to latest version, PowerShell task should include verbose/error output
+- Changed GruntTask export to exclude GruntTaskOption value property
+- Updated codemirror, added night theme for codemirror
+- Removed Covenant certificate hash message
+
+### Fixed
+- Fixed order of Upload parameters
+- Fixed Brute compilation path for case-sensitive file systems
+- Fixed HttpPost issue on Linux servers
+- Fixed Listeners stop issue
+- Fixed Seatbelt command group suggestions
+- Fixed EditGruntTask for task with aliases, validationmessage issue
+- Fixed Task aliases to be able to be edited
+- Fixed InstallUtil launcher
+- Fixed PowerShellLauncher maxlength too short
+- Fixed BridgeListener null exception on creation
+- Fixed Dockerfile to use sdk for runtime
+- Fixed ordering of deserialized GruntTask Options
+- Fixed Assembly tasks to do command-line style parsing
+- Updated YAML task file code options to use literal strings, may have been causing some problems
+- Fixed parameter parsing bug when multiple trailing double-quotes
+- Fixed command parameter parsing bug when multiple trailing double-quotes
+- Fixed command parameter parsing bug when labeled parameter
+- Fixed CovenantUser default properties set to null, not following OpenApi spec
+- Fixed task aliases use incorrect case comparisons
+- Fixed LauncherForm exception when no active listeners
+- Fixed missing ReferenceAssemblies for SharpSploit
+- Fixed WMICommand/WMIGrunt output format
+- Fixed ConnectAttempts bug
+- Fixed BridgeListener ArgumentOutOfRangeException
+- Fix/tweak Connect/Disconnect tasks
+- Fixed JwtKey issue
+- Fixed ImplantTemplateForm options resetting issue
+- Fixed terminal typeahead issues
+- Fixed HttpProfile editing issue
+- Fixed POST /api/users API endpoint authentication issue
+- Fixed profiles using Cookie header
+- Fixed profile using curly brace character
+- Fix create/edit for ReferenceSourceLibraries,ReferenceAssemblies,EmbeddedResources
+- Fix launcher commands (i.e. BypassUacGrunt, WMIGrunt, PowerShellRemotingGrunt)
+- Fix Launcher properties not being applied during generation
+- Fixed Graph with BridgeListener issue
+
+## [v0.5] - 2020-06-04
 ### Added
 - Added GetNetShare task
 - Added Keylogger task
+- Added Brute .NET Core implant
+- Added .NET Core tasks: shell, shellcmd, ls, cd, ps, assembly
+- Added GruntTask import/export ability
 
 ### Changed
 - Improved ComputerName parsing and output for Domain tasks
+- Upgraded to .NET Core 3.1
+- Changed UI to use Blazor
+- Changed profiles to use .NET Core 3.1
+- Downloaded launchers filename set to implanttemplate name
+- Update Dockerfile for .NET Core 3.1
+- Moved GruntTasks to yaml files
+- Changed delay/jitter/killdate commands to not use 'Set'
 
 ### Fixed
 - Fixed missing http profiles on Ubuntu w/ workaround due to corefx issue
+- Made changes necessary for C3 integration, allowing outbound SMB grunts
+- Fixed missing http profiles on Ubuntu w/ workaround due to corefx issue
+- Fix GET /api/gruntcommand/{id} endpoint missing output
+- Fix #122 multiple connection addresses issue
+- Fix #137 grunt last checked-in field sorting issue on table
 
 ## [v0.4] - 2019-10-30
 ### Added
@@ -184,3 +280,5 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [v0.3.1]: https://github.com/cobbr/Covenant/compare/v0.3...v0.3.1
 [v0.3.2]: https://github.com/cobbr/Covenant/compare/v0.3.1...v0.3.2
 [v0.4]: https://github.com/cobbr/Covenant/compare/v0.3.2...v0.4
+[v0.5]: https://github.com/cobbr/Covenant/compare/v0.4...v0.5
+[v0.6]: https://github.com/cobbr/Covenant/compare/v0.5...v0.6

Covenant.sln

@@ -1,9 +1,9 @@
 
 Microsoft Visual Studio Solution File, Format Version 12.00
-# Visual Studio 15
-VisualStudioVersion = 15.0.27004.2010
+# Visual Studio Version 16
+VisualStudioVersion = 16.0.29519.161
 MinimumVisualStudioVersion = 10.0.40219.1
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Covenant", "Covenant\Covenant.csproj", "{D5865774-CD82-4CCE-A3F1-7F2C4639301B}"
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Covenant", "Covenant\Covenant.csproj", "{D5865774-CD82-4CCE-A3F1-7F2C4639301B}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution