-
-
Notifications
You must be signed in to change notification settings - Fork 80
Client API
p3nt4 edited this page May 3, 2020
·
20 revisions
Nuages is based on FeatherJS, so referring to the FeatherJS documentation is a good way to get started: https://docs.feathersjs.com/api/client.
The example clients can also be used as an example.
The following RESTful objects can be accessed using the API:
| Object | Url | Description | Restrictions |
|---|---|---|---|
| Implants | /implants | The implants managed by the Nuages instance | Implants can only be deleted |
| Jobs | /jobs | The jobs assigned to implants | Jobs can be created but cannot be modified by the user |
| Files | /files | The GridFS files stored on the Nuages server | This API is a wrapper against the MongoDB GridFS objects created in the database. It should only be used for find/get/remove operations. Creating files is done through pipes |
| Modules | /modules | The modules loaded by the server | Modules can be created but cannot be modified by the user |
| Module runs | /modules/runs | Used to track a module run | Modules runs can be created but cannot be modified by the user |
| Handlers | /modules | The handlers loaded by the server | Handlers can be created and deleted |
| Listeners | /listeners | The active handler instances | Listeners can be created and deleted |
| Users | /users | The Nuages users | Multi user support will be added in the future, additional users cannot be created yet |
| Pipes | /pipes | Duplex pipes used for interactive channels, tunneling or downloading/uploading files | Pipes can be created and deleted |
| Tunnels | /tunnels | Tunnels are ports listening on the server, on connections they will create a pipe and a job for a handler to communicate with that pipe | Tunnels can be created and deleted |
| Logs | /logs | Logs for different modules/listeners to communicate with the client | Logs can only be read by clients |
The following additional endpoint can be used:
| Url | Method | Description |
|---|---|---|
| /modules/load | POST | Used to load a module into the database |
| /handlers/load | POST | Used to load a handlers into the database |
| /listeners/startstop | POST | Used to stop or start listeners |
| /pipes/io | POST | Used to communicate with a pipe |
{
"_id": "9IEF644Nka5oT1oeAEE085yMKGut8y2y", // The id of the implant
"createdAt":1556122589365, // The creation time of the implant
"lastSeen":1556122589365, // The last heartbeat of the implant
"hostname": "John-PC", // The hostname of the implant
"username": "John", // The Username of the implant
"localIp": "192.168.0.3", // The local IP of the implant
"sourceIp": "", // The remote IP of the implant, this would need to be filled by the handler
"os": "windows", // The OS of the implant
"handler": "Direct", // The type of handler
"connectionString": "http://127.0.0.1:3333", // The connection used by the implant
"options": {}, // Additional optional fields
"supportedPayloads": [ //The payloads supported by the implant
"Command",
"Exit",
"Download",
"Upload",
"Configure"
]
}{
"_id":"xqq5oU0lMOOTKAaMhro14FolxptVpAhY", // The Job ID
"implantId":"9IEF644Nka5oT1oeAEE085yMKGut8y2y", // The Implant ID
"timeout":1556122717740, // The timeout (implemented server side)
"fileUpload": false, // Informs the server that a file must be created to receive the output of the job (Optional)
"chunkSize": 2400000, // If a file must be created, the size of the chunks of that file (Optional)
fileName: "test.txt", // If a file must be created, the name of the file in the DB (Optional)
pipe_id: "9IEF644Nka5oT1oeAEE085yMKGut8y2y", // If a pipe is used by the job, and should be deleted when it ends (Optional)
"payload": //The payload of the job, refer the implants API documentation for common payloads
{
"type":"Command",
"options":{"path":".","cmd":"hostname"}
},
"createdAt":1556122657741, // The job creation date
"lastUpdated":1556122657741, // The last time the job was updated
"jobStatus":0, // The job status (0:Submitted, 1: Received, 2: Awaiting more data from the implant, 3: Succeeded, 4: Failed)
"result":"" // The job result
}Refer to the GridFS documentation for additional information
{
"_id" : "RqNIUE93b9X6QynUezjpIwETArSDTyLW", // The file ID
"metadata" :
{
"path": "N/A", // The original file path, for files uploaded by implants
},
"length" : 20, // The file (encoded in base64) size in bytes
"filename" : "calc.bat", // The file name
"uploadedBy" : "user" The implant/user who uploaded the file
"chunkSize" : 2400000, // The chunk size
"uploadDate" : 1556136458023 // The upload date
}{
"_id": "5cc0bee3a2902a19bc6c69c6", // The module ID
"name": "windows/admin/download_and_run", // The module name
"options": { // The module options
"file": { // The name of the option
"value": "", // The default value of the option
"required": true, // Is this option required
"description": "The ID of the file to download" // The description of the option
},
"path": { "value": "C:\\Temp", "required": true, "description": "The path to download the file to" },
"arguments": { "value": "", "required": false, "description": "The arguments to execute the program with" },
"implant": { "value": "", "required": true, "description": "The ID of the implant" } },
"supportedOS": [ "windows" ], // An array of supported OS
"description": "Downloads and runs a file on the target implant", // The module description
"requiredPayloads": [ "Command", "Download" ] // The list of payloads the implant must support
}{
_id: ""
name: "external/http/aes256_py"
options: {python: {…}, port: {…}, key: {…}, uri: {…}, directory: {…}} //options, see modules for example
description: "HTTP handler using AES256 encryption" // Description
external: true //The handler requires the creation of an external process
}{
"_id":"06jJkWYJCrGIelFI3x1OYM8G3w0BGtRi", // The run ID
"createdAt":1556134947236, // The creation time
"lastUpdated":1556134947282, // The last update time
"moduleName":"windows/admin/download_and_run", // The module being run
"creator":"user", // The creator of the run
"options":{ // The options of the run
"file":{
"value":"wwsb0xXmIvnlwOAqYwKY68yhAhb9iTle",
"required":true,
"description":"The ID of the file to download"
},
"path":{
"value":"C:\\Temp",
"required":true,
"description":"The path to download the file to"
},
"arguments":{
"value":"",
"required":false,
"description":"The arguments to execute the program with"
},
"implant":{
"value":"wwsb0xXmIvnlwOAqYwKY68yhAhb9iTle",
"required":true,
"description":"The ID of the implant"
}
},
"moduleId":"5cc0a8a83c3c3418bc73e5b2", // The ID of the module
"runStatus":4 //The status of the run (0:Submitted, 1: In progress, 3: Succeeded, 4: Failed)
}{
_id: "UQVHUz1RET2fBY52RHRplCcBkW3DuYAC"
createdAt: 1587402009441
handlerName: "external/http/aes256_py"
creator: "user" // Listener creator
options: {python: {…}, port: {…}, key: {…}, uri: {…}, directory: {…}} // Options, see modules run for examples
handlerId: "5e9dd5082c19333adccab961"
runStatus: 3 // Status 1 = Submitted, 2 = Stopped, 3 = Running, 4 = Failed
external: true // If this required the creation of an external process
pid: 9856 // The PID of the external process if needed
lastUpdated: 1587404142529
}{
id: 'btSU37icUh6KgitvxdvlnBvGgioUKHgx', // Dont ask...
_id: 'btSU37icUh6KgitvxdvlnBvGgioUKHgx',
implantId: 'vzu1SgOdpo80gWAsx8V1rOTevC9vI7IM',
type: 'interactive',
destination: 'cmd.exe',
bufferSize: 4096
}{
"_id": "9IEF644Nka5oT1oeAEE085yMKGut8y2y", // The id of the file
}{
"id": "9IEF644Nka5oT1oeAEE085yMKGut8y2y", // The id of the file
data: {} // Data is not actually needed
}{
"modulePath": "windows/admin/download_and_run" // The path of the module to load
}{
"handlerPath": "external/http/aes256_py" // The path of the handler to load
}{
"wantedStatus": 2 // 2 for Stopped, 3 for Start
"id" : "9IEF644Nka5oT1oeAEE085yMKGut8y2y" // The id of the listener
}{
"in": "", // Data, base64 encoded
"maxSize": 0, // A maximum of bytes to read from the pipe
"pipe_id" : "9IEF644Nka5oT1oeAEE085yMKGut8y2y" // The id of the pipe
}Response:
{
"out": "" // Data, base64 encoded
}