-
Notifications
You must be signed in to change notification settings - Fork 46
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main-refactor' into dev
- Loading branch information
Showing
176 changed files
with
3,936 additions
and
7,059 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| { | ||
| "version": "2.0.0", | ||
| "tasks": [ | ||
| { | ||
| "label": "Deploy changes", | ||
| "type": "shell", | ||
| "options": { | ||
| "cwd": "${workspaceFolder}", | ||
| }, | ||
| "command": "ssh", | ||
| "args": [ | ||
| "mythic", | ||
| "./redeploy.sh", | ||
| ], | ||
| "group": "build", | ||
| "dependsOn": [ | ||
| "Build base Docker image" | ||
| ] | ||
| }, | ||
| { | ||
| "label": "Build base Docker image", | ||
| "type": "shell", | ||
| "options": { | ||
| "cwd": "${workspaceFolder}/Payload_Type/thanatos", | ||
| }, | ||
| "command": "docker", | ||
| "args": [ | ||
| "build", | ||
| "-f", | ||
| ".docker/Dockerfile", | ||
| "-t", | ||
| "ghcr.io/mythicagents/thanatos:${input:tag}", | ||
| "." | ||
| ], | ||
| "group": "build" | ||
| } | ||
| ], | ||
| "inputs": [ | ||
| { | ||
| "id": "tag", | ||
| "description": "Image tag", | ||
| "type": "promptString" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,122 @@ | ||
| ### Real Dockerfile for the thanatos payload | ||
|
|
||
| # Pull Alpine for musl libssl files | ||
| FROM docker.io/library/alpine:3.19 as musl-ssl | ||
| RUN apk update && apk add --no-cache \ | ||
| openssl-dev \ | ||
| openssl-libs-static | ||
|
|
||
| # Pull in Fedora for mingw libssl files | ||
| FROM docker.io/library/fedora:39 as mingw-ssl | ||
| RUN dnf install -y \ | ||
| mingw64-openssl-static \ | ||
| mingw32-openssl-static | ||
|
|
||
| # Thanatos builder image | ||
| FROM docker.io/library/debian:bookworm-slim | ||
|
|
||
| # Copy over openssl files | ||
| # x86_64-linux-musl | ||
| RUN mkdir -p /usr/lib/x86_64-linux-musl | ||
| COPY --from=musl-ssl /usr/lib/libcrypto.a /usr/lib/x86_64-linux-musl/libcrypto.a | ||
| COPY --from=musl-ssl /usr/lib/libssl.a /usr/lib/x86_64-linux-musl/libssl.a | ||
|
|
||
| RUN mkdir -p /usr/include/x86_64-linux-musl | ||
| COPY --from=musl-ssl /usr/include/openssl /usr/include/x86_64-linux-musl/openssl | ||
|
|
||
| # x86_64-w64-mingw32 | ||
| RUN mkdir -p /usr/x86_64-w64-mingw32/lib | ||
| COPY --from=mingw-ssl \ | ||
| /usr/x86_64-w64-mingw32/sys-root/mingw/lib/libcrypto.a \ | ||
| /usr/x86_64-w64-mingw32/lib/libcrypto.a | ||
| COPY --from=mingw-ssl \ | ||
| /usr/x86_64-w64-mingw32/sys-root/mingw/lib/libssl.a \ | ||
| /usr/x86_64-w64-mingw32/lib/libssl.a | ||
|
|
||
| RUN mkdir -p /usr/x86_64-w64-mingw32/include | ||
| COPY --from=mingw-ssl \ | ||
| /usr/x86_64-w64-mingw32/sys-root/mingw/include/openssl \ | ||
| /usr/x86_64-w64-mingw32/include | ||
|
|
||
| # i686-w64-mingw32 | ||
| RUN mkdir -p /usr/i686-w64-mingw32/lib | ||
| COPY --from=mingw-ssl \ | ||
| /usr/i686-w64-mingw32/sys-root/mingw/lib/libcrypto.a \ | ||
| /usr/i686-w64-mingw32/lib/libcrypto.a | ||
| COPY --from=mingw-ssl \ | ||
| /usr/i686-w64-mingw32/sys-root/mingw/lib/libssl.a \ | ||
| /usr/i686-w64-mingw32/lib/libssl.a | ||
|
|
||
| RUN mkdir -p /usr/i686-w64-mingw32/include | ||
| COPY --from=mingw-ssl \ | ||
| /usr/i686-w64-mingw32/sys-root/mingw/include/openssl \ | ||
| /usr/i686-w64-mingw32/include | ||
|
|
||
| # Install packages | ||
| RUN dpkg --add-architecture i386 | ||
| RUN apt-get update -y && apt-get install -y \ | ||
| curl \ | ||
| python3 \ | ||
| python3-venv \ | ||
| gcc \ | ||
| gcc-multilib \ | ||
| mingw-w64-x86-64-dev \ | ||
| gcc-mingw-w64-x86-64 \ | ||
| mingw-w64-i686-dev \ | ||
| gcc-mingw-w64-i686 \ | ||
| libssl-dev \ | ||
| libssl-dev:i386 \ | ||
| musl \ | ||
| musl-dev \ | ||
| && apt-get clean | ||
|
|
||
| # Create a thanatos service user for running the Mythic payload service | ||
| RUN useradd \ | ||
| -r \ | ||
| -c "Thanatos service account" \ | ||
| -m \ | ||
| -d /thanatos \ | ||
| -s /usr/sbin/nologin \ | ||
| thanatos | ||
|
|
||
| COPY mythic /thanatos/mythic | ||
| COPY agent /thanatos/agent | ||
| RUN chown -R thanatos:thanatos /thanatos | ||
|
|
||
| USER thanatos | ||
| WORKDIR /thanatos | ||
|
|
||
| # Install rust | ||
| RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs -o rustup.sh \ | ||
| && sh rustup.sh -y \ | ||
| --profile minimal \ | ||
| --default-toolchain stable \ | ||
| -t x86_64-unknown-linux-gnu \ | ||
| -t i686-unknown-linux-gnu \ | ||
| -t x86_64-unknown-linux-musl \ | ||
| -t x86_64-pc-windows-gnu \ | ||
| -t i686-pc-windows-gnu | ||
|
|
||
| RUN rm -vf rustup.sh | ||
| ENV PATH=$PATH:/thanatos/.cargo/bin | ||
|
|
||
| # Fetch Rust dependencies | ||
| WORKDIR /thanatos/agent | ||
| RUN cargo fetch | ||
|
|
||
| # Copy Rust Cargo config.toml | ||
| COPY .docker/config.toml /thanatos/.cargo/config.toml | ||
|
|
||
| WORKDIR /thanatos | ||
|
|
||
| # Setup poetry | ||
| RUN python3 -m venv .poetry-venv | ||
| RUN .poetry-venv/bin/pip install -U pip setuptools | ||
| RUN .poetry-venv/bin/pip install poetry | ||
| ENV PATH=$PATH:/thanatos/.poetry-venv/bin | ||
|
|
||
| # Install dependencies | ||
| WORKDIR /thanatos/mythic | ||
| RUN poetry install --only main | ||
|
|
||
| CMD ["poetry", "run", "thanatos"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| [env] | ||
| OPENSSL_STATIC = "true" | ||
|
|
||
| X86_64_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR = "/usr/lib/x86_64-linux-gnu" | ||
| X86_64_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR = "/usr/include/x86_64-linux-gnu" | ||
|
|
||
| I686_UNKNOWN_LINUX_GNU_OPENSSL_LIB_DIR = "/usr/lib/i386-linux-gnu" | ||
| I686_UNKNOWN_LINUX_GNU_OPENSSL_INCLUDE_DIR = "/usr/include/i386-linux-gnu" | ||
|
|
||
| X86_64_PC_WINDOWS_GNU_OPENSSL_LIB_DIR = "/usr/x86_64-w64-mingw32/lib" | ||
| X86_64_PC_WINDOWS_GNU_OPENSSL_INCLUDE_DIR = "/usr/x86_64-w64-mingw32/include" | ||
|
|
||
| I686_PC_WINDOWS_GNU_OPENSSL_LIB_DIR = "/usr/i686-w64-mingw32/lib" | ||
| I686_PC_WINDOWS_GNU_OPENSSL_INCLUDE_DIR = "/usr/i686-w64-mingw32/include" | ||
|
|
||
| CC_x86_64-unknown-linux-musl = "x86_64-linux-musl-gcc" | ||
| X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_LIB_DIR = "/usr/lib/x86_64-linux-musl" | ||
| X86_64_UNKNOWN_LINUX_MUSL_OPENSSL_INCLUDE_DIR = "/usr/include/x86_64-linux-musl" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| agent/target | ||
| mythic/.pytest_cache | ||
| __pycache__ | ||
| .vscode | ||
| .env* | ||
| .gitignore |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,10 +1,11 @@ | ||
| [build] | ||
| dep-info-basedir = "." | ||
| incremental = true | ||
|
|
||
| [target.x86_64-pc-windows-gnu] | ||
| linker = "x86_64-w64-mingw32-gcc" | ||
| rustflags = ["-C", "target-feature=+crt-static"] | ||
|
|
||
| [target.i686-pc-windows-gnu] | ||
| linker = "i686-w64-mingw32-gcc" | ||
| rustflags = "-C panic=abort" | ||
| rustflags = ["-C", "target-feature=+crt-static"] | ||
|
|
||
| [target.x86_64-pc-windows-msvc] | ||
| rustflags = ["-C", "target-feature=+crt-static"] | ||
|
|
||
| [target.i686-pc-windows-msvc] | ||
| rustflags = ["-C", "target-feature=+crt-static"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,21 @@ | ||
| $env:UUID="1234" | ||
| $env:connection_retries="1234" | ||
| $env:working_start="1234" | ||
| $env:working_end="1234" | ||
| $env:callback_port="1234" | ||
| $env:killdate="1234" | ||
| $env:callback_jitter="1234" | ||
| $env:headers="1234" | ||
| $env:AESKEY="1234" | ||
| $env:callback_host="1234" | ||
| $env:get_uri="1234" | ||
| $env:post_uri="1234" | ||
| $env:query_path_name="1234" | ||
| $env:proxy_port="1234" | ||
| $env:proxy_user="1234" | ||
| $env:proxy_pass="1234" | ||
| $env:callback_interval="1234" | ||
| $env:OPENSSL_STATIC="true" | ||
| $env:OPENSSL_LIBS="ssl" | ||
| $env:OPENSSL_INCLUDE_DIR="C:\Strawberry\c\include\" | ||
| $env:OPENSSL_LIB_DIR="C:\Strawberry\c\lib\" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| { | ||
| "rust-analyzer.server.extraEnv": { | ||
| "UUID": "1234", | ||
| "AESPSK": "1234", | ||
| "callback_host": "1234", | ||
| "callback_interval": "1234", | ||
| "callback_jitter": "1234", | ||
| "callback_port": "1234", | ||
| "connection_retries": "1234", | ||
| "encrypted_exchange_check": "1234", | ||
| "get_uri": "1234", | ||
| "headers": "1234", | ||
| "post_uri": "1234", | ||
| "working_hours": "1234" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,73 +1,57 @@ | ||
| [package] | ||
| name = "thanatos" | ||
| version.workspace = true | ||
| authors.workspace = true | ||
| edition.workspace = true | ||
| license.workspace = true | ||
| homepage.workspace = true | ||
|
|
||
| [workspace] | ||
| members = ["binary", "library"] | ||
|
|
||
| [workspace.package] | ||
| version = "0.1.9" | ||
| authors = ["Matt Ehrnschwender (@M_alphaaa)"] | ||
| edition = "2021" | ||
|
|
||
|
|
||
| [lib] | ||
| name = "thanatos" | ||
| path = "src/lib.rs" | ||
| crate-type = ["cdylib", "lib"] | ||
|
|
||
|
|
||
| [[bin]] | ||
| name = "thanatos" | ||
| path = "src/main.rs" | ||
| license = "BSD-3-Clause" | ||
| homepage = "https://github.com/MythicAgents/thanatos" | ||
|
|
||
| [profile.release] | ||
| strip = "symbols" | ||
| lto = true | ||
| codegen-units = 1 | ||
| panic = "abort" | ||
| strip = true | ||
| opt-level = 'z' | ||
|
|
||
| [dependencies] | ||
| aes = "0.7.5" | ||
| base64 = "0.13" | ||
| block-modes = "0.8.1" | ||
| cfg-if = "1.0" | ||
| chrono = "0.4" | ||
| ctor = "0.1.21" | ||
| hmac = "0.11" | ||
| path-clean = "0.1.0" | ||
| rand = "0.8" | ||
| generic-array = "1.0.0" | ||
| serde_json = "1.0" | ||
| sha2 = "0.9.8" | ||
|
|
||
| [dependencies.minreq] | ||
| version = "2.4.2" | ||
| features = ["https-rustls-probe"] | ||
|
|
||
| [dependencies.openssl] | ||
| version = "0.10.45" | ||
| features = ["vendored"] | ||
|
|
||
| [dependencies.serde] | ||
| version = "1" | ||
| features = ["derive"] | ||
|
|
||
| [dependencies.ssh2] | ||
| version = "0.9.3" | ||
| features = ["vendored-openssl"] | ||
|
|
||
| [dependencies.tokio] | ||
| version = "1.16.1" | ||
| features = ["net", "rt-multi-thread", "io-util", "macros", "process"] | ||
| version = "0.9" | ||
| git = "https://github.com/alexcrichton/ssh2-rs" | ||
| rev = "ec94100b4a1c1730bfb30c3a1c88af3ea54fdd78" | ||
|
|
||
| [target.'cfg(target_os = "linux")'.dependencies] | ||
| libc = "0.2" | ||
| openssl = "0.10.45" | ||
|
|
||
| [target.'cfg(target_os = "windows")'.dependencies] | ||
| windows-acl = "0.1.0" | ||
| wmi = "0.9.2" | ||
|
|
||
| [target.'cfg(target_os = "windows")'.dependencies.winapi] | ||
| version = "0.3.9" | ||
| [target.'cfg(target_os = "windows")'.dependencies.windows] | ||
| version = "0.56.0" | ||
| features = [ | ||
| "aclapi", | ||
| "errhandlingapi", | ||
| "impl-default", | ||
| "securitybaseapi", | ||
| "tlhelp32", | ||
| "winbase", | ||
| "wincon", | ||
| "wow64apiset", | ||
| "sysinfoapi", | ||
| "Wdk_System_SystemServices", | ||
| "Win32_Networking_WinSock", | ||
| "Win32_NetworkManagement_IpHelper", | ||
| "Win32_NetworkManagement_Ndis", | ||
| "Win32_Security_Cryptography", | ||
| "Win32_System_LibraryLoader", | ||
| "Win32_System_Performance", | ||
| "Win32_System_SystemInformation", | ||
| "Win32_System_SystemServices", | ||
| "Win32_System_Threading", | ||
| "Win32_System_WindowsProgramming", | ||
| ] |
Oops, something went wrong.