def powershell_function(rat: Rat, script_anchor: str,
command: PSFunction) -> Job:
stdin = "[[" + script_anchor + "]] " + command.command.command_line
return Job.create_rat_command(rat,
Opcodes.EXECUTE,
command_line=powershell.PS_COMMAND,
stdin=stdin)
def exfil_network_connection(rat: Rat, addr: str, port: str, file_path: str,
method: str) -> Job:
return Job.create_rat_command(rat,
Opcodes.EXFIL_CONNECTION,
address=addr,
port=port,
file_path=file_path,
method=method)
def create_process(host: Host,
process_args: str,
parent: Union[str, int] = None,
hide: bool = True,
output: bool = False) -> Job:
return Job.create_agent_command(host,
'create_process',
process_args=process_args,
parent=parent,
hide=hide,
output=output)
async def get_api_jobs(status, agent_id, wait):
query = {}
if status:
query['status'] = status
agent = Agent.objects.with_id(agent_id)
if not agent:
raise web.HTTPForbidden
agen = Agent.objects.with_id(agent.id)
agen.modify(**{'check_in': datetime.now(timezone.utc), 'alive': True})
query.update({'agent': agent.id})
jobs = list(Job.objects(**query))
return jobs
async def put_job_details(json, job):
if type(job) is not Job:
job = Job.objects(id=ObjectId(job['id']))[0]
if 'result' in json['action']:
# decode stdout from new rat
try:
temp = json['action']['result']
if 'stdout' in temp:
core = base64.b64decode(temp['stdout'])
encoding = chardet.detect(core)['encoding']
if encoding is None:
logging.info('No encoding was found')
temp['stdout'] = ''
else:
temp['stdout'] = core.decode(encoding)
job['action']['result'] = temp
except TypeError:
# Contains RAT pid number
pass
if 'error' in json['action']:
job['action']['error'] = json['action']['error']
if 'exception' in json['action']:
job['action']['exception'] = json['action']['exception']
job['status'] = json.get('status', job.status)
if job['status'] == "failed" and 'error' in job['action'] and job[
'action']['error'] == "no client":
# Force update the clients list
interface.get_clients(job.agent.host)
# find the rat
try:
iv_name = job['action']["rats"]["args"][0]
iv = Rat.objects(agent=job.agent, name=iv_name)
iv.modify(**{'active': False})
except KeyError:
logging.warning("Could not find rat to remove for failed job")
j = job.save()
if job.status in ('success', 'failure'):
Job.wakeup_job(job.id)
return j
def create_process_as_user(host: Host,
process_args: str,
user_domain: str,
user_name: str,
user_pass: str,
parent: str = None,
hide: bool = True,
output: bool = False) -> Job:
return Job.create_agent_command(host,
'create_process_as_user',
process_args=process_args,
user_domain=user_domain,
user_name=user_name,
user_pass=user_pass,
parent=parent,
hide=hide,
output=output)
def send_shell_command(rat: Rat, cmd: str) -> Job:
return Job.create_rat_command(rat, Opcodes.EXECUTE, command_line=cmd)
def agent_shell_command(host: Host, command_line: str) -> Job:
return Job.create_agent_command(host, 'execute', command_line=command_line)
def write_commander(host: Host, path: str) -> Job:
return Job.create_agent_command(host, "write_commander", path=path)
def get_clients(host: Host) -> Job:
return Job.create_agent_command(host, 'clients')
def read_file(rat: Rat, file_path: str):
return Job.create_rat_command(rat, Opcodes.READ_FILE, file_path=file_path)
def drop_file(rat: Rat, file_path: str, contents: bytes):
return Job.create_rat_command(
rat,
Opcodes.WRITE_FILE,
file_path=file_path,
contents=base64.encodebytes(contents).decode('utf-8'))