re-enabled callback creation

MythicAgents · Apr 23, 2024 · 017053b · 017053b
1 parent 89adef6
commit 017053b
Showing 1 changed file with 63 additions and 62 deletions.
diff --git a/Payload_Type/sliverapi/sliverapi/SliverRequests/SliverAPI.py b/Payload_Type/sliverapi/sliverapi/SliverRequests/SliverAPI.py
@@ -64,66 +64,67 @@ async def read_server_events():
 async def handleSliverEvent(event: client_pb2.Event, configFileId):
     print(event.EventType)
 
-    # if (event.EventType == 'session-connected'):
-    #     # print(event.Session)
-
-    #     # create payload
-    #     sliver_os_table = {
-    #         'linux': 'Linux'
-    #     }
-
-    #     # TODO: only include 'shell' for interactive sessions, not beacons
-
-    #     new_payload = MythicRPCPayloadCreateFromScratchMessage(
-    #         # TODO: this may need some mythic improvements
-    #         TaskID=1,
-
-    #         PayloadConfiguration=MythicRPCPayloadConfiguration(
-    #             payload_type="sliverimplant",
-    #             uuid=event.Session.ID,
-    #             selected_os=sliver_os_table[event.Session.OS],                 
-    #             description=f"(no download) using sliver interactive implant for {event.Session.ID}",
-    #             build_parameters=[],
-    #             c2_profiles=[],
-    #             # TODO: figure out if possible to not specify these manually
-    #             commands=['ifconfig', 'download', 'upload', 'ls', 'ps', 'ping', 'whoami', 'screenshot', 'netstat', 'getgid', 'getuid', 'getpid', 'cat', 'cd', 'pwd', 'info', 'execute', 'mkdir', 'shell', 'terminate', 'rm']
-    #         ),
-    #     )
-    #     scratchBuild = await SendMythicRPCPayloadCreateFromScratch(new_payload)
-
-    #     # create callback
-    #     extra_info = json.dumps({
-    #         # TODO: if buildparams changes, then this won't work anymore (could make it more resilient)
-    #         "slivercfg_fileid": configFileId,
-    #         "type": 'session'
-    #     })
-    #     response = await SendMythicRPCCallbackCreate(MythicRPCCallbackCreateMessage(
-    #         PayloadUUID=event.Session.ID,
-
-    #         C2ProfileName="",
-    #         IntegrityLevel=3,
-    #         Host=event.Session.Hostname,
-    #         User=event.Session.Username,
-    #         Ip=event.Session.RemoteAddress.split(':')[0],
-    #         ExtraInfo=extra_info,
-    #         PID=event.Session.PID
-    #     ))
-
-    # if (event.EventType == 'session-disconnected'):
-    #     # TODO: often hard-coding ID=1 cause not sure how else to get results back...
-    #     # This thread isn't running on behalf of a specific callback
-    #     # Could potentially pass down the CallbackID of the instantiated sliverapi callback
-    #     # All the way from the parent function that called this?
-    #     # it works for now tho........
-    #     callbacks = await SendMythicRPCCallbackSearch(MythicRPCCallbackSearchMessage(
-    #         AgentCallbackID=1,
-    #         SearchCallbackPID=event.Session.PID
-    #     ))
-
-    #     await SendMythicRPCCallbackUpdate(MythicRPCCallbackUpdateMessage(
-    #         CallbackID=callbacks.Results[0].ID,
-    #         TaskID=1,
-    #         PID=event.Session.PID,
+    if (event.EventType == 'session-connected'):
+        # print(event.Session)
+
+        # create payload
+        sliver_os_table = {
+            'linux': 'Linux',
+            'windows': 'Windows'
+        }
+
+        # TODO: only include 'shell' for interactive sessions, not beacons
+
+        new_payload = MythicRPCPayloadCreateFromScratchMessage(
+            # TODO: this may need some mythic improvements
+            TaskID=1,
+
+            PayloadConfiguration=MythicRPCPayloadConfiguration(
+                payload_type="sliverimplant",
+                uuid=event.Session.ID,
+                selected_os=sliver_os_table[event.Session.OS],                 
+                description=f"(no download) using sliver interactive implant for {event.Session.ID}",
+                build_parameters=[],
+                c2_profiles=[],
+                # TODO: figure out if possible to not specify these manually
+                commands=['ifconfig', 'download', 'upload', 'ls', 'ps', 'ping', 'whoami', 'screenshot', 'netstat', 'getgid', 'getuid', 'getpid', 'cat', 'cd', 'pwd', 'info', 'execute', 'mkdir', 'shell', 'terminate', 'rm']
+            ),
+        )
+        scratchBuild = await SendMythicRPCPayloadCreateFromScratch(new_payload)
+
+        # create callback
+        extra_info = json.dumps({
+            # TODO: if buildparams changes, then this won't work anymore (could make it more resilient)
+            "slivercfg_fileid": configFileId,
+            "type": 'session'
+        })
+        response = await SendMythicRPCCallbackCreate(MythicRPCCallbackCreateMessage(
+            PayloadUUID=event.Session.ID,
+
+            C2ProfileName="",
+            IntegrityLevel=3,
+            Host=event.Session.Hostname,
+            User=event.Session.Username,
+            Ip=event.Session.RemoteAddress.split(':')[0],
+            ExtraInfo=extra_info,
+            PID=event.Session.PID
+        ))
+
+    if (event.EventType == 'session-disconnected'):
+        # TODO: often hard-coding ID=1 cause not sure how else to get results back...
+        # This thread isn't running on behalf of a specific callback
+        # Could potentially pass down the CallbackID of the instantiated sliverapi callback
+        # All the way from the parent function that called this?
+        # it works for now tho........
+        callbacks = await SendMythicRPCCallbackSearch(MythicRPCCallbackSearchMessage(
+            AgentCallbackID=1,
+            SearchCallbackPID=event.Session.PID
+        ))
+
+        await SendMythicRPCCallbackUpdate(MythicRPCCallbackUpdateMessage(
+            CallbackID=callbacks.Results[0].ID,
+            TaskID=1,
+            PID=event.Session.PID,
 
-    #         Description='disconnected!'
-    #     ))
+            Description='disconnected!'
+        ))