Implement install subcommand (#393)

* Allow imix install through tomes. * fix moveto test. * Fix loader cross compile. * Build docs updated.
spellshift · Dec 17, 2023 · 7819591 · 7819591
1 parent aa79fe9
commit 7819591
Show file tree

Hide file tree

Showing 16 changed files with 557 additions and 32 deletions.
diff --git a/bin/reflective_loader/.cargo/config.toml b/bin/reflective_loader/.cargo/config.toml
@@ -1,4 +1,4 @@
 [build]
 target = "x86_64-pc-windows-msvc"
 rustflags = ["-Z", "share-generics=n"]
-profiler = false
+profiler = false
diff --git a/docs/_docs/user-guide/getting-started.md b/docs/_docs/user-guide/getting-started.md
@@ -1,15 +1,17 @@
 ---
 title: Getting Started
-tags: 
+tags:
  - User Guide
 description: Getting started with Realm
 permalink: user-guide/getting-started
 ---
 
 # Getting Started
+
 *To deploy a production ready instance see the [tavern setup guide](https://docs.realm.pub/user-guide/tavern).*
 
 ### Start the server
+
 ```bash
 git clone https://github.com/KCarretto/realm.git
 cd realm
@@ -20,14 +22,22 @@ ENABLE_TEST_DATA=1 go run ./tavern
 ```
 
 ### Start the agent
+
 ```bash
 git clone https://github.com/KCarretto/realm.git
 cd realm/implants/imix
 
 # Create the config file
 cat <<EOF > /tmp/imix-config.json
 {
-    "service_configs": [],
+    "service_configs": [
+        {
+            "name": "imix",
+            "description": "Imix c2 agent",
+            "executable_name": "imix",
+            "executable_args": ""
+        }
+    ],
     "target_forward_connect_ip": "127.0.0.1",
     "target_name": "test1234",
     "callback_config": {

diff --git a/docs/_docs/user-guide/imix.md b/docs/_docs/user-guide/imix.md
@@ -25,7 +25,14 @@ The imix config is as follows:
 
 ```json
 {
-    "service_configs": [],
+    "service_configs": [
+        {
+            "name": "imix",
+            "description": "Imix c2 agent",
+            "executable_name": "imix",
+            "executable_args": ""
+        }
+    ],
     "target_forward_connect_ip": "127.0.0.1",
     "target_name": "test1234",
     "callback_config": {
@@ -42,7 +49,11 @@ The imix config is as follows:
 }
 ```
 
-- `service_configs`: Currently unused.
+- `service_configs`: Defining persistence variables.
+  - `name`: The name of the service to install as.
+  - `description`: If possible set a description for the service.
+  - `executable_name`: What imix should be named Eg. `not-supicious-serviced`.
+  - `executable_args`: Args to append after the executable.
 - `target_forward_connect_ip`: The IP address that you the red teamer would interact with the host through. This is to help keep track of agents when a hosts internal IP is different from the one you interact with in the case of a host behind a proxy.
 - `target_name`: Currently unused.
 - `callback_config`: Define where and when the agent should callback.
@@ -53,6 +64,29 @@ The imix config is as follows:
     - `priority`: The index that a domain should have.
     - `uri`: The full URI of the callback endpoint.
 
+## Installation
+
+The install subcommand executes embedded tomes similar to golem.
+It will loop through all embedded files looking for main.eld
+Each main.eld will execute in a new thread. This is done to allow imix to install redundantly or install additional (non dependent) tools.
+
+The install subcommand makes allows some variables to be passed form the user into the tomes through the -c flag.
+When specified input_params['custom_config'] is set to the file path of the config specified Eg.
+./imix install -c /tmp/imix-config.json will result in input_params['custom_config'] = "/tmp/imix-config.json
+
+Tomes can parse this with the following:
+
+```python
+def main():
+    if 'custom_config' in input_params:
+        config_data = crypto.from_json(file.read(input_params['custom_config']))
+        print(config_data)
+
+main()
+```
+
+Installation scripts are specified in the `realm/implants/imix/install_scripts` directeroy.
+
 ## Functionality
 
 Imix derives all it's functionality from the eldritch language.
@@ -70,8 +104,8 @@ Every callback interval imix will query each active thread for new output and re
 ```bash
 rustup target add x86_64-unknown-linux-musl
 
-apt update
-apt install musl-tools
+sudo apt update
+sudo apt install musl-tools
 
 RUSTFLAGS="-C target-feature=+crt-static" cargo build --release --target=x86_64-unknown-linux-musl
 ```
@@ -90,8 +124,18 @@ Check out this blog a starting point for cross compiling.
 ```bash
 rustup target add x86_64-pc-windows-gnu
 
-apt update
+sudo apt update
 sudo apt install gcc-mingw-w64
 
+# Build the reflective loader
+cd realm/bin/reflective_loader
+RUSTFLAGS="-C target-feature=+crt-static" cargo build --release --lib --target=x86_64-pc-windows-gnu
+# You may have to adjust `LOADER_BYTES` include path in `dll_reflect_impl.rs` changing `x86_64-pc-windows-msvc` ---> `x86_64-pc-windows-gnu`
+
+# Build imix
+cd realm/implants/imix/
+# Build imix.exe
 RUSTFLAGS="-C target-feature=+crt-static" cargo build --release --target=x86_64-pc-windows-gnu
+# Build imix.dll
+RUSTFLAGS="-C target-feature=+crt-static" cargo build --release --lib --target=x86_64-pc-windows-gnu
 ```
diff --git a/implants/imix/Cargo.toml b/implants/imix/Cargo.toml
@@ -8,7 +8,7 @@ anyhow = { workspace = true }
 chrono = { workspace = true , features = ["serde"] }
 clap = { workspace = true }
 default-net = { workspace = true }
-eldritch = { workspace = true }
+eldritch = { workspace = true, features = ["imix"] }
 hyper = { workspace = true }
 openssl = { workspace = true, features = ["vendored"] }
 prost-types = { workspace = true }

diff --git a/implants/imix/install_scripts/.gitkeep b/implants/imix/install_scripts/.gitkeep