mythicagents / thanatos Goto Github PK
View Code? Open in Web Editor NEWMythic C2 agent targeting Linux and Windows hosts written in Rust
License: BSD 3-Clause "New" or "Revised" License
Mythic C2 agent targeting Linux and Windows hosts written in Rust
License: BSD 3-Clause "New" or "Revised" License
Add HTTP library selection as a build option similar to how the crypto library build option functions.
Hello,
Now i'm able to compile the payload for Linux x64.
With default payload, 'cat' command works well, but when i run "shell id", then i get an error:
Following error in callback:
[STDOUT]:
[STDERR]:
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/mythic_container/agent_utils.py", line 337, in createTasking
createTaskingResponse = await cmd.create_tasking(task=task)
File "/Mythic/thanatos/mythic/agent_functions/shell.py", line 63, in create_tasking
MythicRPCArtifactCreateMessage(
TypeError: MythicRPCArtifactCreateMessage.__init__() missing 1 required positional argument: 'ArtifactMessage'
'docker logs thanatos' show this error:
ERROR 2023-11-30 17:54:55,644 createTasking 358 : Failed to run create tasking: MythicRPCArtifactCreateMessage.__init__() missing 1 required positional argument: 'ArtifactMessage'
Traceback (most recent call last):
File "/usr/local/lib/python3.10/site-packages/mythic_container/agent_utils.py", line 337, in createTasking
createTaskingResponse = await cmd.create_tasking(task=task)
File "/Mythic/thanatos/mythic/agent_functions/shell.py", line 63, in create_tasking
MythicRPCArtifactCreateMessage(
TypeError: MythicRPCArtifactCreateMessage.__init__() missing 1 required positional argument: 'ArtifactMessage'
When i run built-in commands 'ps' or 'ls', then payload exits with following message:
thread 'main' panicked at src/profiles/mod.rs:117:49:
called `Result::unwrap()` on an `Err` value: Custom { kind: ConnectionRefused, error: "Failed to make post request" }
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Add comments outlining safety guarantees in unsafe
code usage
Having high test coverage really isn't a huge priority; however, it would be nice to have a report highlighting areas which are missed.
Write Rust documentation for internal agent libraries
Hello,
When trying to build a Windows payload, I have the following error
/usr/lib/gcc/x86_64-w64-mingw32/11.2.1/../../../../x86_64-w64-mingw32/bin/ld: /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/libws2_32.a(lib64_libws2_32_a-WspiapiLoad.o):(.text+0xe5): undefined reference to `__strcpy_chk' /usr/lib/gcc/x86_64-w64-mingw32/11.2.1/../../../../x86_64-w64-mingw32/bin/ld: /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/libws2_32.a(lib64_libws2_32_a-WspiapiLoad.o):(.text+0xfa): undefined reference to `__strcat_chk' /usr/lib/gcc/x86_64-w64-mingw32/11.2.1/../../../../x86_64-w64-mingw32/bin/ld: /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/libws2_32.a(lib64_libws2_32_a-WspiapiLoad.o):(.text+0x195): undefined reference to `__strcpy_chk' /usr/lib/gcc/x86_64-w64-mingw32/11.2.1/../../../../x86_64-w64-mingw32/bin/ld: /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/libws2_32.a(lib64_libws2_32_a-WspiapiLoad.o):(.text+0x1aa): undefined reference to `__strcat_chk' /usr/lib/gcc/x86_64-w64-mingw32/11.2.1/../../../../x86_64-w64-mingw32/bin/ld: /usr/x86_64-w64-mingw32/sys-root/mingw/lib/../lib/libws2_32.a(lib64_libws2_32_a-WspiapiLegacyGetNameInfo.o):(.text+0x24f): undefined reference to `__chk_fail' collect2: error: ld returned 1 exit status
For some reason, the Linux user enumeration functions are behaving non-deterministically. The tests written have found inconsistencies with the returned users causing them to fail randomly.
https://github.com/MythicAgents/thanatos/actions/runs/8033451960/job/21943961240#logs
https://github.com/MythicAgents/thanatos/actions/runs/8033428411/job/21943908250#logs
It could be that I'm missing something in my code; however, it's weird that this is happening in CI.
TODO: Figure out why these are failing and what I'm doing wrong.
Configuring a proxy in the payload http c2 config appears to have no effect. All connections are attempted direct even if the https_proxy env variable is additionally specified prior to running the agent.
For info - in our test env we only require the host and port, there are no credentials to pass.
searching "proxy" in this repo returns nothing...
many thanks
Ubuntu Error:
thread 'main' panicked at 'called Result::unwrap()
on an Err
value: IoError(Custom { kind: InvalidData, error: InvalidCertificateData("invalid peer certificate: UnsupportedCertVersion") })', src/profiles/mod.rs:117:49
note: run with RUST_BACKTRACE=1
environment variable to display a backtrace
how to fix it?
Add no_std suport for ffiwrappers
I cant select which commands to include in agent. Actually, I cant to include even single command, its grayed out and says: "Disabled Reason: Agent doesn't support dynamic loading".
I installed agent by classic way:
sudo ./mythic-cli install github https://github.com/MythicAgents/thanatos
and its ONLINE. I restarted Mythic server also but still unable to generate payload.
May I know if domain fronting is supported in this case? Tried to change the host header but then it shows this error upon execution:
thread 'main' panicked at 'called Result::unwrap()
on an Err
value: Custom { kind: ConnectionRefused, error: "Failed to make post request" }', src/profiles/mod.rs:117:49
note: run with RUST_BACKTRACE=1
environment variable to display a backtrace
*Run on linux
Thanks!
Tested on Linux and Windows same error for both.
Seems to be line 56, best guess the argument "path" doesn't exist.
Other commands seem to work as expected.
Running on an Ubuntu 22.04 server.
I setup the mythic server with the following commands:
apt update && apt install tmux vim docker.io docker-compose git
git clone https://github.com/its-a-feature/Mythic.git
cd Mythic
./mythic-cli install github https://github.com/MythicAgents/apfell
./mythic-cli install github https://github.com/MythicC2Profiles/http
./mythic-cli start
./mythic-cli install github https://github.com/MythicAgents/tetanus
./mythic-cli install github https://github.com/MythicAgents/freyja
Add p2p support over SMB and TCP. Make agent link compatible with Athena.
Hey when you get a chance, can you upload a LICENSE file for this project?
platform
field into separate fields and merging them server-side.Hello, I tried injecting the generated shellcode from mythic with the injector present on the pe2shc project which uses the most common routine to inject a shellcode on a remote process and it doesn't work, it simply does absolutely nothing when injected. I find it really intriguing is that you create the shellcode with donut but donut as of right now apparently doesn't support binaries with no relocation data, same with pe2shc. I also tried creating the shellcode myself from the Windows binary (which works perfectly) and it won't work out because it doesn't have relocation data.
Hello!
Have issue after executing it in target machine, it does nothing, no connection back to c2! Target machine windows 2012 R2 server! I can see from process explorer that tetanus.exe starts but after some seconds it stops!
Http is configured with ssl!
Have no idea from where to start troubleshooting it, tried reinstall agent issue persist!
Thanks
As the title says, are there any plans to implement dynamichttp? that would be a really great as well ๐
Otherwise are there any hints or some sort of draft code which I could try to implement myself ? Since the documentation on mythic is kinda confusing on implementing it ourselves
COMPILING eRROr on kali linux machine, compiling takes to long and is running with stdout error
Hello,
Building Thanatos payload for Linux x64 fails on latest Mythic.
Payload Build Messages output:
......
Compiling autocfg v1.1.0
Compiling getrandom v0.2.11
Compiling openssl-src v300.1.6+3.1.4
Compiling openssl-sys v0.9.96
Compiling syn v2.0.39
Compiling ring v0.17.6
error: failed to run custom build command for `openssl-sys v0.9.96`
Caused by:
process didn't exit successfully: `/tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/release/build/openssl-sys-175f10b6d20d832a/build-script-main` (exit status: 101)
--- stdout
cargo:rerun-if-env-changed=X86_64_UNKNOWN_LINUX_GNU_OPENSSL_NO_VENDOR
X86_64_UNKNOWN_LINUX_GNU_OPENSSL_NO_VENDOR unset
cargo:rerun-if-env-changed=OPENSSL_NO_VENDOR
......
......
cargo:rerun-if-env-changed=RANLIBFLAGS
RANLIBFLAGS = None
running cd "/tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src" && AR="ar" CC="cc" RANLIB="ranlib" "perl" "./Configure" "--prefix=/tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/install" "--openssldir=/usr/local/ssl" "no-dso" "no-shared" "no-ssl3" "no-tests" "no-comp" "no-zlib" "no-zlib-dynamic" "--libdir=lib" "no-md2" "no-rc5" "no-weak-ssl-ciphers" "no-camellia" "no-idea" "no-seed" "linux-x86_64" "-O2" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64"
--- stderr
Can't locate IPC/Cmd.pm in @INC (you may need to install the IPC::Cmd module) (@INC contains: /tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src/util/perl /usr/local/lib64/perl5/5.34 /usr/local/share/perl5/5.34 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 /tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src/external/perl/Text-Template-1.56/lib) at /tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src/util/perl/OpenSSL/config.pm line 19.
BEGIN failed--compilation aborted at /tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src/util/perl/OpenSSL/config.pm line 19.
Compilation failed in require at ./Configure line 23.
BEGIN failed--compilation aborted at ./Configure line 23.
thread 'main' panicked at '
Error configuring OpenSSL build:
Command: cd "/tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/build/src" && AR="ar" CC="cc" RANLIB="ranlib" "perl" "./Configure" "--prefix=/tmp/tmpchaj7gn5f284d50e-9dc7-45f0-9e36-2d266047b881/target/x86_64-unknown-linux-gnu/release/build/openssl-sys-0001427ca9ce9566/out/openssl-build/install" "--openssldir=/usr/local/ssl" "no-dso" "no-shared" "no-ssl3" "no-tests" "no-comp" "no-zlib" "no-zlib-dynamic" "--libdir=lib" "no-md2" "no-rc5" "no-weak-ssl-ciphers" "no-camellia" "no-idea" "no-seed" "linux-x86_64" "-O2" "-ffunction-sections" "-fdata-sections" "-fPIC" "-m64"
Exit status: exit status: 2
', /root/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-src-300.1.6+3.1.4/src/lib.rs:585:9
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
Error building payload: Failed to build payload. Check Build Errors traceback: ['Traceback (most recent call last):\n', ' File "/Mythic/thanatos/mythic/agent_functions/builder.py", line 218, in build\n raise Exception("Failed to build payload. Check Build Errors")\n', 'Exception: Failed to build payload. Check Build Errors\n']
......
Installed working environment, installed tetanus as every other agent in Mythic!
testing on windows 20212 R2 server, running with powershell getting this error:
PS C:\Users\Administrator\Downloads> ./tetanus.exe
thread 'main' panicked at 'called Result::unwrap()
on an Err
value: IoError(Custom { kind: InvalidData, error: Inval
idCertificateData("invalid peer certificate: CaUsedAsEndEntity") })', src/profiles/mod.rs:117:49
note: run with RUST_BACKTRACE=1
environment variable to display a backtrace
PS C:\Users\Administrator\Downloads>
i am.running http profile through ssl, with selfsigned certificates!
Hello,
Tried to update Thanatos on latest Mythic, but it failed with following error:
Building thanatos
Sending build context to Docker daemon 441.3kB
Step 1/1 : FROM ghcr.io/mythicagents/thanatos:v0.1.4
Head "https://ghcr.io/v2/mythicagents/thanatos/manifests/v0.1.4": unauthorized
Service 'thanatos' failed to build : Build failed
[-] Error from docker-compose: exit status 1
[*] Docker compose command: [up --build -d thanatos]
[-] Failed to start service: exit status 1
Add egress profile rotation for switching between multiple egress profiles dynamically
Hi,
Using latest Thanatos with latest Mythic.
Built default thanatos payload for Linux x64 with http profile. Http profile's ip address is basic Apache https redirector.
When starting payload, then i get following error:
thread 'main' panicked at src/profiles/mod.rs:117:49:
called `Result::unwrap()` on an `Err` value: IoError(Custom { kind: InvalidData, error: InvalidCertificate(UnknownIssuer) })
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
On https redirector i have self-signed certificate, with SAN records and CA:FALSE.
Other payloads medusa, poseidon and merlin work fine over same https redirector.
Sounds like a bug?
Hi!
While trying to launch the generated artifact executable on a linux running inside of a corporate network, it will fail due to SSL certificates being verified before accepting handshake:
thread 'main' panicked at 'called Result::unwrap() on an Err value: IoError(Custom { kind: InvalidData, error: InvalidCertificateData("invalid peer certificate: UnknownIssuer") })', src/profiles/mod.rs:117:49
note: run with RUST_BACKTRACE=1 environment variable to display a backtrace
Please introduce an option to disable certificates verification.
Regards,
Mariusz.
Trying to build a test and I received "Payload Failed to Build!"
Compiling autocfg v1.1.0
Compiling cc v1.0.79
Compiling winapi-x86_64-pc-windows-gnu v0.4.0
Compiling winapi v0.3.9
Compiling cfg-if v1.0.0
Compiling proc-macro2 v1.0.51
Compiling unicode-ident v1.0.7
Compiling quote v1.0.23
Compiling syn v1.0.109
Compiling pkg-config v0.3.26
Compiling typenum v1.16.0
Compiling libc v0.2.139
Compiling version_check v0.9.4
Compiling windows_x86_64_gnu v0.42.1
Compiling log v0.4.17
Compiling untrusted v0.7.1
Compiling serde_derive v1.0.152
Compiling spin v0.5.2
Compiling serde v1.0.152
Compiling parking_lot_core v0.8.6
Compiling memchr v2.5.0
Compiling thiserror v1.0.38
Compiling rustls v0.20.8
Compiling smallvec v1.10.0
Compiling scopeguard v1.1.0
Compiling base64 v0.21.0
Compiling bitflags v1.3.2
Compiling subtle v2.4.1
Compiling ppv-lite86 v0.2.17
Compiling openssl v0.10.45
Compiling foreign-types-shared v0.1.1
Compiling cpufeatures v0.2.5
Compiling minreq v2.6.0
Compiling opaque-debug v0.3.0
Compiling serde_json v1.0.93
Compiling ryu v1.0.13
Compiling widestring v0.3.0
Compiling block-padding v0.2.1
Compiling once_cell v1.17.1
Compiling lazy_static v1.4.0
Compiling field-offset v0.1.1
Compiling widestring v0.5.1
Compiling num_cpus v1.15.0
Compiling bytes v1.4.0
Compiling itoa v1.0.6
Compiling pin-project-lite v0.2.9
Compiling path-clean v0.1.0
Compiling base64 v0.13.1
Compiling openssl-src v111.25.1+1.1.1t
Compiling num-traits v0.2.15
error[E0599]: the method `join` exists for struct `Vec<&OsStr>`, but its trait bounds were not satisfied
--> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-src-111.25.1+1.1.1t/src/lib.rs:335:55
|
335 | ar.get_args().collect::<Vec<_>>().join(OsStr::new(" ")),
| ^^^^ method cannot be called on `Vec<&OsStr>` due to unsatisfied trait bounds
|
= note: the following trait bounds were not satisfied:
`[&OsStr]: Join<_>`
error[E0599]: the method `join` exists for struct `Vec<&OsStr>`, but its trait bounds were not satisfied
--> /root/.cargo/registry/src/github.com-1ecc6299db9ec823/openssl-src-111.25.1+1.1.1t/src/lib.rs:344:59
|
344 | ranlib.get_args().collect::<Vec<_>>().join(OsStr::new(" ")),
| ^^^^ method cannot be called on `Vec<&OsStr>` due to unsatisfied trait bounds
|
= note: the following trait bounds were not satisfied:
`[&OsStr]: Join<_>`
For more information about this error, try `rustc --explain E0599`.
error: could not compile `openssl-src` due to 2 previous errors
warning: build failed, waiting for other jobs to finish...
error: build failed
Error building payload: Failed to build payload. Check Build Errors traceback: ['Traceback (most recent call last):\n', ' File "/Mythic/mythic/agent_functions/builder.py", line 215, in build\n raise Exception("Failed to build payload. Check Build Errors")\n', 'Exception: Failed to build payload. Check Build Errors\n']```
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.