mythicagents / thanatos Goto Github PK

View Code? Open in Web Editor NEW

281.0 281.0 41.0 3.03 MB

Mythic C2 agent targeting Linux and Windows hosts written in Rust

License: BSD 3-Clause "New" or "Revised" License

Dockerfile 0.80% Rust 59.23% Python 32.38% JavaScript 7.59%

thanatos's People

Contributors

Stargazers

Watchers

thanatos's Issues

Payload build failed

Hello,

Building Thanatos payload for Linux x64 fails on latest Mythic.

Payload Build Messages output:

......
   Compiling autocfg v1.1.0
   Compiling getrandom v0.2.11
   Compiling openssl-src v300.1.6+3.1.4
   Compiling openssl-sys v0.9.96
   Compiling syn v2.0.39
   Compiling ring v0.17.6
error: failed to run custom build command for `openssl-sys v0.9.96`

Caused by:
  process didn't exit successfully: `/tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/release/build/openssl-sys-175f10b6d20d832a/build-script-main` (exit status: 101)
  --- stdout
  cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_NO_VENDOR
  X86_64_UNKNOWN_LINUX_GNU_OPENSSL_NO_VENDOR unset
  cargo:rerun-if-env-changed=OPENSSL_NO_VENDOR
......

......
  cargo:rerun-if-env-changed=RANLIBFLAGS
  RANLIBFLAGS = None
  running cd "/tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src" && AR="ar" CC="cc" RANLIB="ranlib" "perl" "./Configure" "--prefix=/tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/install" "--openssldir=/usr/local/ssl" "no-dso" "no-shared" "no-ssl3" "no-tests" "no-comp" "no-zlib" "no-zlib-dynamic" "--libdir=lib" "no-md2" "no-rc5" "no-weak-ssl-ciphers" "no-camellia" "no-idea" "no-seed" "linux-x86_64" "-O2" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64"

  --- stderr
  Can't locate IPC/Cmd.pm in @INC (you may need to install the IPC::Cmd module) (@INC contains: /tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src/util/perl /usr/local/lib64/perl5/5.34 /usr/local/share/perl5/5.34 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 /tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src/external/perl/Text-Template-1.56/lib) at /tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src/util/perl/OpenSSL/config.pm line 19.
  BEGIN failed--compilation aborted at /tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src/util/perl/OpenSSL/config.pm line 19.
  Compilation failed in require at ./Configure line 23.
  BEGIN failed--compilation aborted at ./Configure line 23.
  thread 'main' panicked at '


  Error configuring OpenSSL build:
      Command: cd "/tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src" && AR="ar" CC="cc" RANLIB="ranlib" "perl" "./Configure" "--prefix=/tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/install" "--openssldir=/usr/local/ssl" "no-dso" "no-shared" "no-ssl3" "no-tests" "no-comp" "no-zlib" "no-zlib-dynamic" "--libdir=lib" "no-md2" "no-rc5" "no-weak-ssl-ciphers" "no-camellia" "no-idea" "no-seed" "linux-x86_64" "-O2" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64"
      Exit status: exit status: 2


      ', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-src-300.1.6+3.1.4/src/lib.rs:585:9
  note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Error building payload: Failed to build payload. Check Build Errors traceback: ['Traceback (most recent call last):\n', '  File "/Mythic/thanatos/mythic/agent_functions/builder.py", line 218, in build\n    raise Exception("Failed to build payload. Check Build Errors")\n', 'Exception: Failed to build payload. Check Build Errors\n']
......

SSL Certifications Verification Error

Hi!

While trying to launch the generated artifact executable on a linux running inside of a corporate network, it will fail due to SSL certificates being verified before accepting handshake:

thread 'main' panicked at 'called Result::unwrap() on an Err value: IoError(Custom { kind: InvalidData, error: InvalidCertificateData("invalid peer certificate: UnknownIssuer") })', src/profiles/mod.rs:117:49
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

Please introduce an option to disable certificates verification.

Regards,
Mariusz.

Shellcode doesn't work with the most common process injection technique

Hello, I tried injecting the generated shellcode from mythic with the injector present on the pe2shc project which uses the most common routine to inject a shellcode on a remote process and it doesn't work, it simply does absolutely nothing when injected. I find it really intriguing is that you create the shellcode with donut but donut as of right now apparently doesn't support binaries with no relocation data, same with pe2shc. I also tried creating the shellcode myself from the Windows binary (which works perfectly) and it won't work out because it doesn't have relocation data.

Linux agent Does not respect proxy config

Configuring a proxy in the payload http c2 config appears to have no effect. All connections are attempted direct even if the https_proxy env variable is additionally specified prior to running the agent.
For info - in our test env we only require the host and port, there are no credentials to pass.

searching "proxy" in this repo returns nothing...
many thanks

Latest thanatos v0.1.4 - build failed.

Hello,

Tried to update Thanatos on latest Mythic, but it failed with following error:

Building thanatos
Sending build context to Docker daemon  441.3kB
Step 1/1 : FROM ghcr.io/mythicagents/thanatos:v0.1.4
Head "https://ghcr.io/v2/mythicagents/thanatos/manifests/v0.1.4": unauthorized
Service 'thanatos' failed to build : Build failed
[-] Error from docker-compose: exit status 1
[*] Docker compose command: [up --build -d thanatos]
[-] Failed to start service: exit status 1

License

Hey when you get a chance, can you upload a LICENSE file for this project?

UnsupportedCertVersion

Ubuntu Error:
thread 'main' panicked at 'called Result::unwrap() on an Err value: IoError(Custom { kind: InvalidData, error: InvalidCertificateData("invalid peer certificate: UnsupportedCertVersion") })', src/profiles/mod.rs:117:49
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

how to fix it?

Thanatos payload cannot connect to self-signed http service.

Hi,

Using latest Thanatos with latest Mythic.

Built default thanatos payload for Linux x64 with http profile. Http profile's ip address is basic Apache https redirector.
When starting payload, then i get following error:

thread 'main' panicked at src/profiles/mod.rs:117:49:
called `Result::unwrap()` on an `Err` value: IoError(Custom { kind: InvalidData, error: InvalidCertificate(UnknownIssuer) })
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

On https redirector i have self-signed certificate, with SAN records and CA:FALSE.

Other payloads medusa, poseidon and merlin work fine over same https redirector.

Sounds like a bug?

tetanus connects not back

Installed working environment, installed tetanus as every other agent in Mythic!
testing on windows 20212 R2 server, running with powershell getting this error:

PS C:\Users\Administrator\Downloads> ./tetanus.exe
thread 'main' panicked at 'called Result::unwrap() on an Err value: IoError(Custom { kind: InvalidData, error: Inval
idCertificateData("invalid peer certificate: CaUsedAsEndEntity") })', src/profiles/mod.rs:117:49
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
PS C:\Users\Administrator\Downloads>
i am.running http profile through ssl, with selfsigned certificates!

Payload Failed to Build!

Trying to build a test and I received "Payload Failed to Build!"

   Compiling autocfg v1.1.0
   Compiling cc v1.0.79
   Compiling winapi-x86_64-pc-windows-gnu v0.4.0
   Compiling winapi v0.3.9
   Compiling cfg-if v1.0.0
   Compiling proc-macro2 v1.0.51
   Compiling unicode-ident v1.0.7
   Compiling quote v1.0.23
   Compiling syn v1.0.109
   Compiling pkg-config v0.3.26
   Compiling typenum v1.16.0
   Compiling libc v0.2.139
   Compiling version_check v0.9.4
   Compiling windows_x86_64_gnu v0.42.1
   Compiling log v0.4.17
   Compiling untrusted v0.7.1
   Compiling serde_derive v1.0.152
   Compiling spin v0.5.2
   Compiling serde v1.0.152
   Compiling parking_lot_core v0.8.6
   Compiling memchr v2.5.0
   Compiling thiserror v1.0.38
   Compiling rustls v0.20.8
   Compiling smallvec v1.10.0
   Compiling scopeguard v1.1.0
   Compiling base64 v0.21.0
   Compiling bitflags v1.3.2
   Compiling subtle v2.4.1
   Compiling ppv-lite86 v0.2.17
   Compiling openssl v0.10.45
   Compiling foreign-types-shared v0.1.1
   Compiling cpufeatures v0.2.5
   Compiling minreq v2.6.0
   Compiling opaque-debug v0.3.0
   Compiling serde_json v1.0.93
   Compiling ryu v1.0.13
   Compiling widestring v0.3.0
   Compiling block-padding v0.2.1
   Compiling once_cell v1.17.1
   Compiling lazy_static v1.4.0
   Compiling field-offset v0.1.1
   Compiling widestring v0.5.1
   Compiling num_cpus v1.15.0
   Compiling bytes v1.4.0
   Compiling itoa v1.0.6
   Compiling pin-project-lite v0.2.9
   Compiling path-clean v0.1.0
   Compiling base64 v0.13.1
   Compiling openssl-src v111.25.1+1.1.1t
   Compiling num-traits v0.2.15
error[E0599]: the method `join` exists for struct `Vec<&OsStr>`, but its trait bounds were not satisfied
   --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-src-111.25.1+1.1.1t/src/lib.rs:335:55
    |
335 |                     ar.get_args().collect::<Vec<_>>().join(OsStr::new(" ")),
    |                                                       ^^^^ method cannot be called on `Vec<&OsStr>` due to unsatisfied trait bounds
    |
    = note: the following trait bounds were not satisfied:
            `[&OsStr]: Join<_>`

error[E0599]: the method `join` exists for struct `Vec<&OsStr>`, but its trait bounds were not satisfied
   --> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-src-111.25.1+1.1.1t/src/lib.rs:344:59
    |
344 |                     ranlib.get_args().collect::<Vec<_>>().join(OsStr::new(" ")),
    |                                                           ^^^^ method cannot be called on `Vec<&OsStr>` due to unsatisfied trait bounds
    |
    = note: the following trait bounds were not satisfied:
            `[&OsStr]: Join<_>`

For more information about this error, try `rustc --explain E0599`.
error: could not compile `openssl-src` due to 2 previous errors
warning: build failed, waiting for other jobs to finish...
error: build failed
Error building payload: Failed to build payload. Check Build Errors traceback: ['Traceback (most recent call last):\n', '  File "/Mythic/mythic/agent_functions/builder.py", line 215, in build\n    raise Exception("Failed to build payload. Check Build Errors")\n', 'Exception: Failed to build payload. Check Build Errors\n']```

Add safety comments to unsafe code

Add comments outlining safety guarantees in unsafe code usage

Domain fronting support

May I know if domain fronting is supported in this case? Tried to change the host header but then it shows this error upon execution:

thread 'main' panicked at 'called Result::unwrap() on an Err value: Custom { kind: ConnectionRefused, error: "Failed to make post request" }', src/profiles/mod.rs:117:49
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace

*Run on linux

Thanks!

Add dependabot

Linux tests failing non-deterministically

For some reason, the Linux user enumeration functions are behaving non-deterministically. The tests written have found inconsistencies with the returned users causing them to fail randomly.

https://github.com/MythicAgents/thanatos/blob/rewrite/Payload_Type/thanatos/agent/ffiwrappers/src/linux/user.rs

https://github.com/MythicAgents/thanatos/actions/runs/8033451960/job/21943961240#logs
https://github.com/MythicAgents/thanatos/actions/runs/8033428411/job/21943908250#logs

It could be that I'm missing something in my code; however, it's weird that this is happening in CI.

TODO: Figure out why these are failing and what I'm doing wrong.

Does not connect back

Hello!

Have issue after executing it in target machine, it does nothing, no connection back to c2! Target machine windows 2012 R2 server! I can see from process explorer that tetanus.exe starts but after some seconds it stops!
Http is configured with ssl!
Have no idea from where to start troubleshooting it, tried reinstall agent issue persist!
Thanks

Setup sanitizers for CI tests

'download' command does not work

Hi,

Running latest Mythic with latest Thanatos.

'download' command does not download specified file.
'No file id' error is shown:

Same file is successfully fetched with 'cat' and 'shell cat' commands.

P.s. Also noticed, that callback does not show process name:

Write documentation for agent libraries

Write Rust documentation for internal agent libraries

Egress profile rotation

Add egress profile rotation for switching between multiple egress profiles dynamically

Dynamic checkin info

Make checkin info more dynamic by splitting up the platform field into separate fields and merging them server-side.
Change SELinux enumeration function to parse mountinfo.

ERROT STDOUT: WHEN COMPILING LINUX OR WINDOWS APP

COMPILING eRROr on kali linux machine, compiling takes to long and is running with stdout error

Windows Payload not getting generated

While generating the windows payload we're facing build error once all the steps are done.

Windows Payload - Build Error

Hello,

When trying to build a Windows payload, I have the following error

/usr/lib/gcc/x86_64-w64-mingw32/11.2.1/../../../../x86_64-w64-mingw32/bin/ld: /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/libws2_32.a(lib64_libws2_32_a-WspiapiLoad.o):(.text+0xe5): undefined reference to `__strcpy_chk' /usr/lib/gcc/x86_64-w64-mingw32/11.2.1/../../../../x86_64-w64-mingw32/bin/ld: /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/libws2_32.a(lib64_libws2_32_a-WspiapiLoad.o):(.text+0xfa): undefined reference to `__strcat_chk' /usr/lib/gcc/x86_64-w64-mingw32/11.2.1/../../../../x86_64-w64-mingw32/bin/ld: /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/libws2_32.a(lib64_libws2_32_a-WspiapiLoad.o):(.text+0x195): undefined reference to `__strcpy_chk' /usr/lib/gcc/x86_64-w64-mingw32/11.2.1/../../../../x86_64-w64-mingw32/bin/ld: /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/libws2_32.a(lib64_libws2_32_a-WspiapiLoad.o):(.text+0x1aa): undefined reference to `__strcat_chk' /usr/lib/gcc/x86_64-w64-mingw32/11.2.1/../../../../x86_64-w64-mingw32/bin/ld: /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/libws2_32.a(lib64_libws2_32_a-WspiapiLegacyGetNameInfo.o):(.text+0x24f): undefined reference to `__chk_fail' collect2: error: ld returned 1 exit status

Here are the Build parameters used :

Shell, ps, ls commands fire errors.

Hello,

Now i'm able to compile the payload for Linux x64.

With default payload, 'cat' command works well, but when i run "shell id", then i get an error:

Following error in callback:

[STDOUT]:

[STDERR]:
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/mythic_container/agent_utils.py", line 337, in createTasking
    createTaskingResponse = await cmd.create_tasking(task=task)
  File "/Mythic/thanatos/mythic/agent_functions/shell.py", line 63, in create_tasking
    MythicRPCArtifactCreateMessage(
TypeError: MythicRPCArtifactCreateMessage.__init__() missing 1 required positional argument: 'ArtifactMessage'

'docker logs thanatos' show this error:

ERROR 2023-11-30 17:54:55,644 createTasking  358 : Failed to run create tasking: MythicRPCArtifactCreateMessage.__init__() missing 1 required positional argument: 'ArtifactMessage'
Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/mythic_container/agent_utils.py", line 337, in createTasking
    createTaskingResponse = await cmd.create_tasking(task=task)
  File "/Mythic/thanatos/mythic/agent_functions/shell.py", line 63, in create_tasking
    MythicRPCArtifactCreateMessage(
TypeError: MythicRPCArtifactCreateMessage.__init__() missing 1 required positional argument: 'ArtifactMessage'

When i run built-in commands 'ps' or 'ls', then payload exits with following message:

thread 'main' panicked at src/profiles/mod.rs:117:49:
called `Result::unwrap()` on an `Err` value: Custom { kind: ConnectionRefused, error: "Failed to make post request" }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Running on an Ubuntu 22.04 server.
I setup the mythic server with the following commands:

apt update && apt install tmux vim docker.io docker-compose git
git clone https://github.com/its-a-feature/Mythic.git
cd Mythic
./mythic-cli install github https://github.com/MythicAgents/apfell
./mythic-cli install github https://github.com/MythicC2Profiles/http
./mythic-cli start
./mythic-cli install github https://github.com/MythicAgents/tetanus
./mythic-cli install github https://github.com/MythicAgents/freyja

P2P support

Add p2p support over SMB and TCP. Make agent link compatible with Athena.

mythicagents / thanatos Goto Github PK

thanatos's People

Contributors

Stargazers

Watchers

Forkers

thanatos's Issues

Recommend Projects

Recommend Topics

Recommend Org