first commit

.devcontainer/Dockerfile

@@ -0,0 +1,22 @@
+# TODO: figure out if the devcontainer can simply point to the Dockerfile within Payload_Type (but not start main.py?)
+FROM itsafeaturemythic/mythic_python_go:latest
+
+RUN apt-get update
+RUN apt-get install -y git gnupg software-properties-common openssh-client
+
+WORKDIR /Mythic/
+
+RUN git clone --depth 1 https://github.com/grpc/grpc
+RUN cd grpc && git submodule update --init
+RUN cd grpc && pip install -r requirements.txt
+RUN cd grpc && pip uninstall -y protobuf
+RUN cd grpc && pip install protobuf==3.20.*
+RUN cd grpc && GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=True GRPC_PYTHON_BUILD_WITH_CYTHON=1 pip install .
+
+# RUN pip install sliver-py
+RUN git clone --depth 1 https://github.com/spenceradolph/sliver-py.git
+RUN cd sliver-py && git submodule update --init
+RUN pip install -e sliver-py
+
+RUN pip install mythic_container==v0.4.18
+RUN pip install tabulate

.devcontainer/devcontainer.json

@@ -0,0 +1,29 @@
+{
+	"name": "slithic_devcontainer",
+	"build": {
+		"dockerfile": "Dockerfile"
+	},
+	"mounts": [
+		// useful for git
+		"type=bind,source=/home/${localEnv:USER}/.ssh,target=/root/.ssh,readonly"
+	],
+	"customizations": {
+		"vscode": {
+			"settings": {
+				"python.defaultInterpreterPath": "/usr/local/bin/python",
+				"pylint.args": [
+					"--disable=E1101",
+					"--disable=W0212"
+				]
+			},
+			"extensions": [
+				"ms-python.python",
+				"ms-azuretools.vscode-docker",
+				"ms-python.pylint",
+				"golang.go",
+				"ms-vscode.makefile-tools"
+			]
+		}
+	},
+	"postStartCommand": "git config --global --add safe.directory ${containerWorkspaceFolder}"
+}

.github/workflows/docker.yml

@@ -0,0 +1,144 @@
+# Pulled from Thanatos (https://github.com/MythicAgents/thanatos/blob/rewrite/.github/workflows/image.yml) - MEhrn00
+
+# Name for the Github actions workflow
+name: Build and push container images
+
+on:
+  # Only run workflow when there is a new release published in Github
+  #release:
+  #  types: [published]
+  push:
+    branches:
+      - 'master'
+      - 'main'
+    tags:
+      - "v*.*.*"
+
+# Variables holding configuration settings
+env:
+  # Container registry the built container image will be pushed to
+  REGISTRY: ghcr.io
+
+  # Set the container image name to the Github repository name. (MythicAgents/apfell)
+  AGENT_IMAGE_NAME: ${{ github.repository }}
+
+  # Description label for the package in Github
+  IMAGE_DESCRIPTION: ${{ github.repository }} container for use with Mythic
+
+  # Source URL for the package in Github. This links the Github repository packages list
+  # to this container image
+  IMAGE_SOURCE: ${{ github.server_url }}/${{ github.repository }}
+
+  # License for the container image
+  IMAGE_LICENSE: BSD-3-Clause
+
+  # Set the container image version to the Github release tag
+  VERSION: ${{ github.ref_name }}
+  #VERSION: ${{ github.event.head_commit.message }}
+
+  RELEASE_BRANCH: master
+
+jobs:
+  # Builds the base container image and pushes it to the container registry
+  agent_build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+    steps:
+      - name: Checkout the repository
+        uses: actions/checkout@v4 # ref: https://github.com/marketplace/actions/checkout
+      - name: Log in to the container registry
+        uses: docker/login-action@v3 # ref: https://github.com/marketplace/actions/docker-login
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: 'arm64,arm'
+      - name: Set up Docker Buildx
+        id: buildx
+        uses: docker/setup-buildx-action@v2
+      # the following are unique to this job
+      - name: Lowercase the server container image name
+        run: echo "AGENT_IMAGE_NAME=${AGENT_IMAGE_NAME,,}" >> ${GITHUB_ENV}
+      - name: Build and push the server container image
+        uses: docker/build-push-action@v5 # ref: https://github.com/marketplace/actions/build-and-push-docker-images
+        with:
+          context: Payload_Type/sliverapi
+          file: Payload_Type/sliverapi/.docker/Dockerfile
+          tags: |
+            ${{ env.REGISTRY }}/${{ env.AGENT_IMAGE_NAME }}:${{ env.VERSION }}
+            ${{ env.REGISTRY }}/${{ env.AGENT_IMAGE_NAME }}:latest
+          push: ${{ github.ref_type == 'tag' }}
+          # These container metadata labels allow configuring the package in Github
+          # packages. The source will link the package to this Github repository
+          labels: |
+            org.opencontainers.image.source=${{ env.IMAGE_SOURCE }}
+            org.opencontainers.image.description=${{ env.IMAGE_DESCRIPTION }}
+            org.opencontainers.image.licenses=${{ env.IMAGE_LICENSE }}
+          platforms: linux/amd64,linux/arm64
+
+  update_files:
+    runs-on: ubuntu-latest
+    needs:
+      - agent_build
+    permissions:
+      contents: write
+      packages: write
+
+    steps:
+      # Pull in the repository code
+      - name: Checkout the repository
+        uses: actions/checkout@v4 # ref: https://github.com/marketplace/actions/checkout
+
+      # update names to lowercase
+      - name: Lowercase the container image name
+        run: echo "AGENT_IMAGE_NAME=${AGENT_IMAGE_NAME,,}" >> ${GITHUB_ENV}
+
+      # The Dockerfile which Mythic uses to pull in the base container image needs to be
+      # updated to reference the newly built container image
+      - name: Fix the server Dockerfile reference to reference the new release tag (implant)
+        working-directory: Payload_Type/sliverimplant
+        run: |
+          sed -i "s|^FROM ghcr\.io.*$|FROM ${REGISTRY}/${AGENT_IMAGE_NAME}:${VERSION}|" Dockerfile
+
+      - name: Fix the server Dockerfile reference to reference the new release tag (api)
+        working-directory: Payload_Type/sliverapi
+        run: |
+          sed -i "s|^FROM ghcr\.io.*$|FROM ${REGISTRY}/${AGENT_IMAGE_NAME}:${VERSION}|" Dockerfile
+
+      - name: Update package.json version
+        uses: jossef/[email protected]
+        with:
+          file: config.json
+          field: remote_images.sliver
+          value: ${{env.REGISTRY}}/${{env.AGENT_IMAGE_NAME}}:${{env.VERSION}}
+
+      # Push the changes to the Dockerfile
+      - name: Push the updated base Dockerfile image reference changes
+        if: ${{ github.ref_type == 'tag' }}
+        uses: EndBug/add-and-commit@v9 # ref: https://github.com/marketplace/actions/add-commit
+        with:
+          # Only add the Dockerfile changes. Nothing else should have been modified
+          add: "['Payload_Type/sliverapi/Dockerfile', 'Payload_Type/sliverimplant/Dockerfile', 'config.json']"
+          # Use the Github actions bot for the commit author
+          default_author: github_actions
+          committer_email: github-actions[bot]@users.noreply.github.com
+
+          # Set the commit message
+          message: "Bump Dockerfile tag to match release '${{ env.VERSION }}'"
+
+          # Overwrite the current git tag with the new changes
+          tag: '${{ env.VERSION }} --force'
+
+          # Push the new changes with the tag overwriting the current one
+          tag_push: '--force'
+
+          # Push the commits to the branch marked as the release branch
+          push: origin HEAD:${{ env.RELEASE_BRANCH }} --set-upstream
+
+          # Have the workflow fail in case there are pathspec issues
+          pathspec_error_handling: exitImmediately

.gitignore

@@ -0,0 +1,5 @@
+# setup for local testing
+rabbitmq_config.json
+
+__pycache__/
+mythic_go_services*

.vscode/launch.json

@@ -0,0 +1,36 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "SliverApi",
+            "type": "debugpy",
+            "request": "launch",
+            "program": "${workspaceFolder}/Payload_Type/sliverapi/main.py",
+            "console": "integratedTerminal",
+            "cwd": "${workspaceFolder}/Payload_Type/sliverapi",
+            "consoleTitle": "SliverApi"
+        },
+        {
+            "name": "SliverImplant",
+            "type": "debugpy",
+            "request": "launch",
+            "program": "${workspaceFolder}/Payload_Type/sliverimplant/main.py",
+            "console": "integratedTerminal",
+            "cwd": "${workspaceFolder}/Payload_Type/sliverimplant",
+            "consoleTitle": "SliverImplant",
+            "justMyCode": false
+        },
+    ],
+    "compounds": [
+        {
+            "name": "SliverApi && SliverImplant",
+            "configurations": [
+                "SliverApi",
+                "SliverImplant"
+            ]
+        }
+    ]
+}

Payload_Type/sliverapi/.docker/Dockerfile

@@ -0,0 +1,19 @@
+FROM itsafeaturemythic/mythic_python_base:latest
+
+RUN apt-get update
+RUN apt-get install -y git gnupg software-properties-common openssh-client
+
+WORKDIR /Mythic/
+
+RUN pip install sliver-py
+RUN git clone --depth 1 https://github.com/grpc/grpc
+RUN cd grpc && git submodule update --init
+RUN cd grpc && pip install -r requirements.txt
+RUN cd grpc && pip uninstall -y protobuf
+RUN cd grpc && pip install protobuf==3.20.*
+RUN cd grpc && GRPC_PYTHON_BUILD_SYSTEM_OPENSSL=True GRPC_PYTHON_BUILD_WITH_CYTHON=1 pip install .
+
+RUN pip install mythic_container==v0.4.18
+RUN pip install tabulate
+
+CMD ["python3", "main.py"]

Payload_Type/sliverapi/Dockerfile

@@ -0,0 +1 @@
+FROM ghcr.io/mythicagents/sliverimplant:v0.0.0.1

Payload_Type/sliverapi/main.py

@@ -0,0 +1,5 @@
+import mythic_container
+import asyncio
+import sliverapi
+
+mythic_container.mythic_service.start_and_run_forever()

Payload_Type/sliverapi/rabbitmq_config.json.example

@@ -0,0 +1,6 @@
+{
+    "rabbitmq_host": "127.0.0.1",
+    "rabbitmq_password": "<paste_password_here>",
+    "mythic_server_host": "127.0.0.1",
+    "debug_level": "debug"
+}