adding browserscript for jobs command

MythicAgents · Sep 16, 2024 · a9c59e7 · a9c59e7
1 parent 4b710fd
commit a9c59e7
Show file tree

Hide file tree

Showing 4 changed files with 58 additions and 18 deletions.
diff --git a/Payload_Type/poseidon/poseidon/agentfunctions/builder.go b/Payload_Type/poseidon/poseidon/agentfunctions/builder.go
@@ -7,7 +7,6 @@ import (
 	"encoding/json"
 	"fmt"
 	agentstructs "github.com/MythicMeta/MythicContainer/agent_structs"
-	"github.com/MythicMeta/MythicContainer/logging"
 	"github.com/MythicMeta/MythicContainer/mythicrpc"
 	"github.com/google/uuid"
 	"github.com/pelletier/go-toml"
@@ -21,7 +20,7 @@ import (
 	"time"
 )
 
-const version = "2.1.6"
+const version = "2.1.7"
 
 type sleepInfoStruct struct {
 	Interval int       `json:"interval"`
@@ -125,14 +124,14 @@ var payloadDefinition = agentstructs.PayloadType{
 	CheckIfCallbacksAliveFunction: func(message agentstructs.PTCheckIfCallbacksAliveMessage) agentstructs.PTCheckIfCallbacksAliveMessageResponse {
 		response := agentstructs.PTCheckIfCallbacksAliveMessageResponse{Success: true, Callbacks: make([]agentstructs.PTCallbacksToCheckResponse, 0)}
 		for _, callback := range message.Callbacks {
-			logging.LogInfo("callback info", "callback", callback)
+			//logging.LogInfo("callback info", "callback", callback)
 			if callback.SleepInfo == "" {
 				continue // can't do anything if we don't know the expected sleep info of the agent
 			}
 			sleepInfo := map[string]sleepInfoStruct{}
 			err := json.Unmarshal([]byte(callback.SleepInfo), &sleepInfo)
 			if err != nil {
-				logging.LogError(err, "failed to parse sleep info struct")
+				//logging.LogError(err, "failed to parse sleep info struct")
 				continue
 			}
 			atLeastOneCallbackWithinRange := false
@@ -141,20 +140,19 @@ var payloadDefinition = agentstructs.PayloadType{
 					atLeastOneCallbackWithinRange = true
 					continue
 				}
-				checkinRangeResponse, err := mythicrpc.SendMythicRPCCallbackNextCheckinRange(mythicrpc.MythicRPCCallbackNextCheckinRangeMessage{
-					LastCheckin:   callback.LastCheckin,
-					SleepJitter:   sleepInfo[activeC2].Jitter,
-					SleepInterval: sleepInfo[activeC2].Interval,
-				})
-				if err != nil {
-					logging.LogError(err, "failed to get checkin ranges")
-					continue
+				minAdd := sleepInfo[activeC2].Interval
+				maxAdd := sleepInfo[activeC2].Interval
+				if sleepInfo[activeC2].Jitter > 0 {
+					// minimum would be sleep_interval - (sleep_jitter % of sleep_interval)
+					minAdd = minAdd - ((sleepInfo[activeC2].Jitter / 100) * (sleepInfo[activeC2].Interval))
+					// maximum would be sleep_interval + (sleep_jitter % of sleep_interval)
+					maxAdd = maxAdd + ((sleepInfo[activeC2].Jitter / 100) * (sleepInfo[activeC2].Interval))
 				}
-				if !checkinRangeResponse.Success {
-					logging.LogError(nil, "Failed to get checkin range", "error", checkinRangeResponse.Error)
-					continue
-				}
-				if callback.LastCheckin.After(checkinRangeResponse.Min) && callback.LastCheckin.Before(checkinRangeResponse.Max) {
+				maxAdd *= 2 // double the high end in case we're on a close boundary
+				earliest := callback.LastCheckin.Add(time.Duration(minAdd) * time.Second)
+				latest := callback.LastCheckin.Add(time.Duration(maxAdd) * time.Second)
+
+				if callback.LastCheckin.After(earliest) && callback.LastCheckin.Before(latest) {
 					atLeastOneCallbackWithinRange = true
 				}
 			}

diff --git a/Payload_Type/poseidon/poseidon/agentfunctions/jobkill.go b/Payload_Type/poseidon/poseidon/agentfunctions/jobkill.go
@@ -11,7 +11,7 @@ func init() {
 		HelpString:          "jobkill SOME-GUID-GOES-HERE",
 		Version:             1,
 		MitreAttackMappings: []string{"T1033"},
-		SupportedUIFeatures: []string{},
+		SupportedUIFeatures: []string{"jobs:kill"},
 		Author:              "@xorrior",
 		CommandAttributes: agentstructs.CommandAttribute{
 			SupportedOS: []string{},

diff --git a/Payload_Type/poseidon/poseidon/agentfunctions/jobs.go b/Payload_Type/poseidon/poseidon/agentfunctions/jobs.go
@@ -2,6 +2,7 @@ package agentfunctions
 
 import (
 	agentstructs "github.com/MythicMeta/MythicContainer/agent_structs"
+	"path/filepath"
 )
 
 func init() {
@@ -16,6 +17,10 @@ func init() {
 		CommandAttributes: agentstructs.CommandAttribute{
 			SupportedOS: []string{},
 		},
+		AssociatedBrowserScript: &agentstructs.BrowserScript{
+			ScriptPath: filepath.Join(".", "poseidon", "browserscripts", "jobs.js"),
+			Author:     "@its_a_feature_",
+		},
 		TaskFunctionParseArgString: func(args *agentstructs.PTTaskMessageArgsData, input string) error {
 			return nil
 		},

diff --git a/Payload_Type/poseidon/poseidon/browserscripts/jobs.js b/Payload_Type/poseidon/poseidon/browserscripts/jobs.js
@@ -0,0 +1,37 @@
+function(task, response){
+	let headers = [
+            {"plaintext": "kill", "type": "button", "width": 70, "disableSort": true},
+			{"plaintext": "command", "type": "string", "width": 200},
+            {"plaintext": "params", "type": "string", "fillWidth": true},
+
+        ];
+	if(response.length === 0){
+		return {"plaintext": "No response yet from agent..."};
+	}
+	try{
+		let data = JSON.parse(response[0]);
+		let rows = [];
+		for(let j = 0; j < data.length; j++) {
+			rows.push({
+				"kill": {"button": {
+						"name": "",
+						"type": "task",
+						"ui_feature": "jobs:kill",
+						"parameters": data[j]["id"],
+						"hoverText": "Kill this job",
+						"startIcon": "kill",
+					}
+				},
+				"command": {"plaintext": data[j]["command"]},
+				"params": {"plaintext": data[j]["params"]},
+			});
+		}
+		return {"table": [{
+			"headers": headers,
+			"rows": rows
+		}]}
+	}catch(error){
+		//console.log("error trying to handle list_entitlements browser script", error, response);
+		return {"plaintext": response[0]}
+	}
+}