fixing opsec check bypass request

its-a-feature · Nov 5, 2024 · 4d95dc8 · 4d95dc8
1 parent 6b2de0c
commit 4d95dc8
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 8 deletions.
diff --git a/CHANGELOG.MD b/CHANGELOG.MD
@@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.3.1-rc21] - 2024-11-5
+
+### Changed
+
+- Fixed an issue where bot accounts were considered as operators for opsec checks
+
 ## [3.3.1-rc20] - 2024-11-5
 
 ### Changed

diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-3.3.1-rc20
+3.3.1-rc21
diff --git a/mythic-docker/src/VERSION b/mythic-docker/src/VERSION
@@ -1 +1 @@
-3.3.1-rc20
+3.3.1-rc21
diff --git a/mythic-docker/src/rabbitmq/util_request_opsec_bypass.go b/mythic-docker/src/rabbitmq/util_request_opsec_bypass.go
@@ -75,9 +75,15 @@ func RequestOpsecBypass(input RequestOpsecBypassMessage) RequestOpsecBypassMessa
 				} else {
 					// need to check if we're the only possible choice, if we're the only option, then we succeed
 					operators := []databaseStructs.Operatoroperation{}
-					if err := database.DB.Select(&operators, `SELECT id
-						FROM operatoroperation WHERE operation_id=$1 AND view_mode!=$2`,
-						input.OperatorOperation.CurrentOperation.ID, database.OPERATOR_OPERATION_VIEW_MODE_SPECTATOR); err != nil {
+					if err := database.DB.Select(&operators, `SELECT 
+    					operatoroperation.id
+						FROM operatoroperation 
+						JOIN operator ON operatoroperation.operator_id = operator.id
+						WHERE operatoroperation.operation_id=$1 AND operatoroperation.view_mode!=$2
+						AND operator.account_type!=$3`,
+						input.OperatorOperation.CurrentOperation.ID,
+						database.OPERATOR_OPERATION_VIEW_MODE_SPECTATOR,
+						databaseStructs.AccountTypeBot); err != nil {
 						logging.LogError(err, "Failed to search for other operator / lead users for the operation")
 						response.Error = err.Error()
 						return response
@@ -133,9 +139,15 @@ func RequestOpsecBypass(input RequestOpsecBypassMessage) RequestOpsecBypassMessa
 				} else {
 					// need to check if we're the only possible choice, if we're the only option, then we succeed
 					operators := []databaseStructs.Operatoroperation{}
-					if err := database.DB.Select(&operators, `SELECT id
-						FROM operatoroperation WHERE operation_id=$1 AND view_mode!=$2`,
-						input.OperatorOperation.CurrentOperation.ID, database.OPERATOR_OPERATION_VIEW_MODE_SPECTATOR); err != nil {
+					if err := database.DB.Select(&operators, `SELECT 
+    					operatoroperation.id
+						FROM operatoroperation 
+						JOIN operator ON operatoroperation.operator_id = operator.id
+						WHERE operatoroperation.operation_id=$1 AND operatoroperation.view_mode!=$2
+						AND operator.account_type!=$3`,
+						input.OperatorOperation.CurrentOperation.ID,
+						database.OPERATOR_OPERATION_VIEW_MODE_SPECTATOR,
+						databaseStructs.AccountTypeBot); err != nil {
 						logging.LogError(err, "Failed to search for other operator / lead users for the operation")
 						response.Error = err.Error()
 						return response