From 2e56333187bc92d3a136655caf0b1091722dd0d4 Mon Sep 17 00:00:00 2001 From: Russel Van Tuyl Date: Fri, 9 Feb 2024 17:52:28 -0500 Subject: [PATCH 1/6] Add HTTP Headers --- clients/mythic/mythic.go | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/clients/mythic/mythic.go b/clients/mythic/mythic.go index a030be1..24892ba 100644 --- a/clients/mythic/mythic.go +++ b/clients/mythic/mythic.go @@ -106,6 +106,7 @@ type Config struct { AuthPackage string // AuthPackage is the type of authentication the agent should use when communicating with the server PayloadID string // The UUID used with the Mythic framework Protocol string // Proto contains the transportation protocol the agent is using (i.e., http2 or http3) + Headers string // Headers is a new-line separated string of additional HTTP headers to add to client requests Host string // Host is used with the HTTP Host header for Domain Fronting activities URL string // URL is the protocol, domain, and page that the agent will communicate with (e.g., https://google.com/test.aspx) Proxy string // Proxy is the URL of the proxy that all traffic needs to go through, if applicable @@ -213,6 +214,27 @@ func New(config Config) (*Client, error) { cli.Message(cli.WARN, fmt.Sprintf("there was an error converting Padding string \"%s\" to an integer: %s", config.Padding, err)) } + // Parse additional HTTP Headers + if config.Headers != "" { + client.Headers = make(map[string]string) + for _, header := range strings.Split(config.Headers, "\\n") { + h := strings.Split(header, ":") + // Remove leading or trailing spaces + headerKey := strings.TrimSuffix(strings.TrimPrefix(h[0], " "), " ") + headerValue := strings.TrimSuffix(strings.TrimPrefix(h[1], " "), " ") + cli.Message( + cli.DEBUG, + fmt.Sprintf("HTTP Header (%d): %s, Value (%d): %s\n", + len(headerKey), + headerKey, + len(headerValue), + headerValue, + ), + ) + client.Headers[headerKey] = headerValue + } + } + cli.Message(cli.INFO, "Client information:") cli.Message(cli.INFO, fmt.Sprintf("\tMythic Payload ID: %s", client.MythicID)) cli.Message(cli.INFO, fmt.Sprintf("\tProtocol: %s", client.Protocol)) @@ -221,6 +243,7 @@ func New(config Config) (*Client, error) { cli.Message(cli.INFO, fmt.Sprintf("\tURL: %s", client.URL)) cli.Message(cli.INFO, fmt.Sprintf("\tUser-Agent: %s", client.UserAgent)) cli.Message(cli.INFO, fmt.Sprintf("\tHTTP Host Header: %s", client.Host)) + cli.Message(cli.INFO, fmt.Sprintf("\tHTTP Headers: %s", client.Headers)) cli.Message(cli.INFO, fmt.Sprintf("\tProxy: %s", client.Proxy)) cli.Message(cli.INFO, fmt.Sprintf("\tPayload Padding Max: %d", client.PaddingMax)) cli.Message(cli.INFO, fmt.Sprintf("\tJA3 String: %s", client.JA3)) @@ -351,6 +374,9 @@ func (client *Client) Send(m messages.Base) (returnMessages []messages.Base, err req.Host = client.Host } } + for header, value := range client.Headers { + req.Header.Set(header, value) + } // Send the request cli.Message(cli.DEBUG, fmt.Sprintf("Sending POST request size: %d to: %s", req.ContentLength, client.URL)) From 90b9d485fd04b786fb1d844d05f72b332edcf815 Mon Sep 17 00:00:00 2001 From: Russel Van Tuyl Date: Wed, 14 Feb 2024 07:52:10 -0500 Subject: [PATCH 2/6] Fix HTTP header parsing --- clients/http/http.go | 6 +++++- clients/mythic/mythic.go | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/clients/http/http.go b/clients/http/http.go index 387a48c..1971667 100644 --- a/clients/http/http.go +++ b/clients/http/http.go @@ -198,8 +198,12 @@ func New(config Config) (*Client, error) { // Parse additional HTTP Headers if config.Headers != "" { client.Headers = make(map[string]string) - for _, header := range strings.Split(config.Headers, "\\n") { + for _, header := range strings.Split(config.Headers, "\n") { h := strings.Split(header, ":") + if len(h) < 2 { + cli.Message(cli.DEBUG, fmt.Sprintf("unable to parse HTTP header: '%s'", header)) + continue + } // Remove leading or trailing spaces headerKey := strings.TrimSuffix(strings.TrimPrefix(h[0], " "), " ") headerValue := strings.TrimSuffix(strings.TrimPrefix(h[1], " "), " ") diff --git a/clients/mythic/mythic.go b/clients/mythic/mythic.go index 24892ba..23089e6 100644 --- a/clients/mythic/mythic.go +++ b/clients/mythic/mythic.go @@ -217,8 +217,12 @@ func New(config Config) (*Client, error) { // Parse additional HTTP Headers if config.Headers != "" { client.Headers = make(map[string]string) - for _, header := range strings.Split(config.Headers, "\\n") { + for _, header := range strings.Split(config.Headers, "\n") { h := strings.Split(header, ":") + if len(h) < 2 { + cli.Message(cli.DEBUG, fmt.Sprintf("unable to parse HTTP header: '%s'", header)) + continue + } // Remove leading or trailing spaces headerKey := strings.TrimSuffix(strings.TrimPrefix(h[0], " "), " ") headerValue := strings.TrimSuffix(strings.TrimPrefix(h[1], " "), " ") From 0d7d1fd36ea4ca4489e1e12bb0588cdfb07eb4eb Mon Sep 17 00:00:00 2001 From: Russel Van Tuyl Date: Fri, 8 Mar 2024 20:56:25 -0500 Subject: [PATCH 3/6] WIP Fix SOCKS --- clients/mythic/mythic.go | 26 +++++++++++- services/job/job.go | 5 ++- socks/socks.go | 89 +++++++++++++++++++++++++--------------- 3 files changed, 85 insertions(+), 35 deletions(-) diff --git a/clients/mythic/mythic.go b/clients/mythic/mythic.go index a030be1..2fb727f 100644 --- a/clients/mythic/mythic.go +++ b/clients/mythic/mythic.go @@ -77,6 +77,9 @@ var socksConnection = sync.Map{} // mythicSocksConnection is used to map Merlin's connection UUID to Mythic's integer server_id; Inverse of socksConnection var mythicSocksConnection = sync.Map{} +// socksCounter is used to track and order the SOCKS data packets coming from Mythic +var socksCounter = sync.Map{} + // Client is a type of MerlinClient that is used to send and receive Merlin messages from the Merlin server type Client struct { Authenticator authenticators.Authenticator @@ -738,7 +741,9 @@ func (client *Client) Construct(m messages.Base) ([]byte, error) { // Convert Merlin jobs to mythic response for _, job := range m.Payload.([]jobs.Job) { var response ClientTaskResponse - response.ID = uuid.MustParse(job.ID) + if job.ID != "" { + response.ID = uuid.MustParse(job.ID) + } response.Completed = true cli.Message(cli.DEBUG, fmt.Sprintf("Converting Merlin job type: %d to Mythic response", job.Type)) switch job.Type { @@ -844,6 +849,7 @@ func (client *Client) Construct(m messages.Base) ([]byte, error) { // Base64 encode the data sock.Data = base64.StdEncoding.EncodeToString(sockMsg.Data) + //fmt.Printf("\t[*] SOCKS Data size: %d\n", len(sockMsg.Data)) // Add to return messages returnMessage.SOCKS = append(returnMessage.SOCKS, sock) @@ -929,6 +935,7 @@ func (client *Client) Construct(m messages.Base) ([]byte, error) { // convertSocksToJobs takes in Mythic socks messages and translates them into Merlin jobs func (client *Client) convertSocksToJobs(socks []Socks) (base messages.Base, err error) { cli.Message(cli.DEBUG, fmt.Sprintf("Entering into clients.mythic.convertSocksToJobs() with %+v", socks)) + //fmt.Printf("Entering into clients.mythic.convertSocksToJobs() with %d socks messages: %+v\n", len(socks), socks) base.Type = messages.JOBS base.ID = client.AgentID @@ -951,10 +958,11 @@ func (client *Client) convertSocksToJobs(socks []Socks) (base messages.Base, err id = uuid.New() socksConnection.Store(sock.ServerId, id) mythicSocksConnection.Store(id, sock.ServerId) - + socksCounter.Store(id, 0) // Spoof SOCKS handshake with Merlin Agent payload.ID = id.(uuid.UUID) payload.Data = []byte{0x05, 0x01, 0x00} + payload.Index = 0 job.Payload = payload returnJobs = append(returnJobs, job) } @@ -966,7 +974,18 @@ func (client *Client) convertSocksToJobs(socks []Socks) (base messages.Base, err err = fmt.Errorf("there was an error base64 decoding the SOCKS message data: %s", err) return } + //fmt.Printf("\tID: %d, Data length: %d\n", sock.ServerId, len(payload.Data)) + // Load the data packet counter + i, ok := socksCounter.Load(id) + if !ok { + fmt.Println("******* ERROR ******") + err = fmt.Errorf("there was an error getting the SOCKS counter for the UUID: %s", id) + return + } + + payload.Index = i.(int) + 1 job.Payload = payload + socksCounter.Store(id, i.(int)+1) returnJobs = append(returnJobs, job) } base.Payload = returnJobs @@ -1036,11 +1055,14 @@ func (client *Client) convertTasksToJobs(tasks []Task) (messages.Base, error) { job.Payload = payload returnJobs = append(returnJobs, job) case jobs.SOCKS: + // TODO: I don't think this code is ever used? var payload jobs.Socks err = json.Unmarshal([]byte(mythicJob.Payload), &payload) if err != nil { return base, fmt.Errorf("there was an error unmarshalling the Mythic job payload to a jobs.Socks structure:\n%s", err) } + job.Payload = payload + returnJobs = append(returnJobs, job) case 0: // case 0 means that a job type was not added to the task from the Mythic server // Commonly seen with SOCKS messages diff --git a/services/job/job.go b/services/job/job.go index 2d3498e..6a10f06 100644 --- a/services/job/job.go +++ b/services/job/job.go @@ -305,7 +305,7 @@ func (s *Service) Handle(Jobs []jobs.Job) { case jobs.RESULT: out <- job case jobs.SOCKS: - socks.Handler(job, &out) + socks.Handler(job, &out, &in) default: var result jobs.Results result.Stderr = fmt.Sprintf("%s is not a valid job type", job.Type) @@ -397,6 +397,9 @@ func execute() { result = commands.Native(job.Payload.(jobs.Command)) case jobs.SHELLCODE: result = commands.ExecuteShellcode(job.Payload.(jobs.Shellcode)) + case jobs.SOCKS: + socks.Handler(job, &out, &in) + return default: result.Stderr = fmt.Sprintf("Invalid job type: %d", job.Type) } diff --git a/socks/socks.go b/socks/socks.go index 05e227b..67fe792 100644 --- a/socks/socks.go +++ b/socks/socks.go @@ -43,8 +43,9 @@ var done = sync.Map{} // Handler is the entry point for SOCKS connections. // This function starts a SOCKS server and processes incoming SOCKS connections -func Handler(msg jobs.Job, jobsOut *chan jobs.Job) { - //fmt.Printf("Received SOCKS job: %+v\n", msg) +func Handler(msg jobs.Job, jobsOut *chan jobs.Job, jobsIn *chan jobs.Job) { + //fmt.Printf("socks.Handler(): Received SOCKS job ID: %s, Index: %d, Close: %t, Data Length: %d\n", msg.Payload.(jobs.Socks).ID, msg.Payload.(jobs.Socks).Index, msg.Payload.(jobs.Socks).Close, len(msg.Payload.(jobs.Socks).Data)) + //defer fmt.Printf("\tsocks.Handler(): Exiting ID: %s, Index: %d, Close: %t, Data Length: %d\n", msg.Payload.(jobs.Socks).ID, msg.Payload.(jobs.Socks).Index, msg.Payload.(jobs.Socks).Close, len(msg.Payload.(jobs.Socks).Data)) job := msg.Payload.(jobs.Socks) // See if the SOCKS server has already been created @@ -58,7 +59,7 @@ func Handler(msg jobs.Job, jobsOut *chan jobs.Job) { // See if this connection is new _, ok := connections.Load(job.ID) - if !ok { + if !ok && !job.Close { client, target := net.Pipe() connection := Connection{ Job: msg, @@ -80,8 +81,43 @@ func Handler(msg jobs.Job, jobsOut *chan jobs.Job) { return } + // Check to ensure the index is correct, if not, return it to the job channel to be processed again + + if conn.(*Connection).Count != job.Index { + //fmt.Printf("Index mismatch, expected %d, got %d\n", conn.(*Connection).Count, job.Index) + *jobsIn <- msg + return + } + + // If there is data, write it to the SOCKS server + // Send data, if any, before closing the connection + if len(job.Data) > 0 { + conn.(*Connection).Count++ + // Write the received data to the agent side pipe + var buff bytes.Buffer + _, err := buff.Write(job.Data) + if err != nil { + cli.Message(cli.WARN, fmt.Sprintf("there was an error writing SOCKS data to the buffer: %s", err)) + return + } + + //fmt.Printf("Writing %d bytes to SOCKS target \n", len(job.Data)) + n, err := conn.(*Connection).Out.Write(buff.Bytes()) + if err != nil { + cli.Message(cli.WARN, fmt.Sprintf("there was an error writing data to the SOCKS %s OUTBOUND pipe: %s", job.ID, err)) + return + } + //time.Sleep(40 * time.Millisecond) + + cli.Message(cli.DEBUG, fmt.Sprintf("Wrote %d bytes to the SOCKS %s OUTBOUND pipe with error %s", n, job.ID, err)) + } + // If the SOCKS client has sent io.EOF to close the connection if job.Close { + // Mythic is sending two Close messages so the counter needs to increment on close too + if len(job.Data) <= 0 { + conn.(*Connection).Count++ + } cli.Message(cli.NOTE, fmt.Sprintf("Closing SOCKS connection %s", job.ID)) cli.Message(cli.DEBUG, fmt.Sprintf("Closing SOCKS connection %s OUTBOUND pipe", job.ID)) @@ -97,39 +133,26 @@ func Handler(msg jobs.Job, jobsOut *chan jobs.Job) { } // Send a message back to the server, so it knows the connection has been shutdown/completed - j := jobs.Job{ - AgentID: msg.AgentID, - ID: msg.ID, - Token: msg.Token, - Type: jobs.SOCKS, - } - j.Payload = jobs.Socks{ - ID: job.ID, - Close: true, - } - *conn.(*Connection).JobChan <- j - + /* + j := jobs.Job{ + AgentID: msg.AgentID, + ID: msg.ID, + Token: msg.Token, + Type: jobs.SOCKS, + } + j.Payload = jobs.Socks{ + ID: job.ID, + Close: true, + } + *conn.(*Connection).JobChan <- j + */ // Remove the connection from the map + // Don't remove the connection, it is removed in the receiveFromSOCKSServer function connections.Delete(job.ID) done.Store(job.ID, true) return } - - // Write the received data to the agent side pipe - var buff bytes.Buffer - _, err := buff.Write(job.Data) - if err != nil { - cli.Message(cli.WARN, fmt.Sprintf("there was an error writing SOCKS data to the buffer: %s", err)) - return - } - - //fmt.Printf("Writing bytes to SOCKS target %X\n", job.Data) - n, err := conn.(*Connection).Out.Write(buff.Bytes()) - if err != nil { - cli.Message(cli.WARN, fmt.Sprintf("there was an error writing data to the SOCKS %s OUTBOUND pipe: %s", job.ID, err)) - return - } - cli.Message(cli.DEBUG, fmt.Sprintf("Wrote %d bytes to the SOCKS %s OUTBOUND pipe with error %s", n, job.ID, err)) + // TODO: When is the connection removed from the map? } // start uses an empty SOCKS server configuration and creates a new instance @@ -188,7 +211,7 @@ func receiveFromSOCKSServer(id uuid.UUID) { n, err := connection.(*Connection).Out.Read(data) cli.Message(cli.DEBUG, fmt.Sprintf("Read %d bytes from the OUTBOUND pipe with error %s", n, err)) - + //fmt.Printf("[+] Read %d bytes from the OUTBOUND pipe %s with error %s, Data: %x\n", n, id, err, data[:n]) // Check to see if we closed the connection because we are done with it fin, good := done.Load(id) if !good { @@ -202,6 +225,7 @@ func receiveFromSOCKSServer(id uuid.UUID) { if err != nil { cli.Message(cli.WARN, fmt.Sprintf("there was an error reading from the OUTBOUND pipe: %s", err)) + //fmt.Printf("ERROR reading %d bytes for ID: %s, Index: %d, Close: %t, Data Length: %d, Error: %s\n", n, id, i, j.Payload.(jobs.Socks).Close, len(j.Payload.(jobs.Socks).Data), err) return } @@ -222,4 +246,5 @@ type Connection struct { In net.Conn Out net.Conn JobChan *chan jobs.Job + Count int } From d1a76eeccbdcf8bb7b3d1d824b24164d8ba00a79 Mon Sep 17 00:00:00 2001 From: Russel Van Tuyl Date: Thu, 21 Mar 2024 07:56:30 -0400 Subject: [PATCH 4/6] Fixed SOCKS issues --- clients/mythic/mythic.go | 22 ++--- clients/mythic/structs.go | 3 +- docs/CHANGELOG.MD | 8 ++ services/job/job.go | 8 +- socks/socks.go | 169 +++++++++++++++++++------------------- 5 files changed, 109 insertions(+), 101 deletions(-) diff --git a/clients/mythic/mythic.go b/clients/mythic/mythic.go index 2fb727f..4bd7485 100644 --- a/clients/mythic/mythic.go +++ b/clients/mythic/mythic.go @@ -666,6 +666,17 @@ func (client *Client) Deconstruct(data []byte) (returnMessages []messages.Base, err = fmt.Errorf("there was an error unmarshalling the JSON object to a mythic.ServerTaskResponse structure in the message handler:\n%s", err) return } + // SOCKS5 + if len(msg.SOCKS) > 0 { + // There is SOCKS data to send to the SOCKS server + returnMessage, err = client.convertSocksToJobs(msg.SOCKS) + if err != nil { + cli.Message(cli.WARN, err.Error()) + } + if len(returnMessage.Payload.([]jobs.Job)) > 0 { + returnMessages = append(returnMessages, returnMessage) + } + } cli.Message(cli.DEBUG, fmt.Sprintf("post_response results from the server: %+v", msg)) for _, response := range msg.Responses { if response.Error != "" { @@ -978,7 +989,6 @@ func (client *Client) convertSocksToJobs(socks []Socks) (base messages.Base, err // Load the data packet counter i, ok := socksCounter.Load(id) if !ok { - fmt.Println("******* ERROR ******") err = fmt.Errorf("there was an error getting the SOCKS counter for the UUID: %s", id) return } @@ -1054,15 +1064,6 @@ func (client *Client) convertTasksToJobs(tasks []Task) (messages.Base, error) { } job.Payload = payload returnJobs = append(returnJobs, job) - case jobs.SOCKS: - // TODO: I don't think this code is ever used? - var payload jobs.Socks - err = json.Unmarshal([]byte(mythicJob.Payload), &payload) - if err != nil { - return base, fmt.Errorf("there was an error unmarshalling the Mythic job payload to a jobs.Socks structure:\n%s", err) - } - job.Payload = payload - returnJobs = append(returnJobs, job) case 0: // case 0 means that a job type was not added to the task from the Mythic server // Commonly seen with SOCKS messages @@ -1075,7 +1076,6 @@ func (client *Client) convertTasksToJobs(tasks []Task) (messages.Base, error) { } switch params.Action { case "start", "stop": - // TODO Set agent sleep to 0 if start // Send message back to Mythic that SOCKS has been started/stopped job.Type = jobs.RESULT job.Payload = jobs.Results{} diff --git a/clients/mythic/structs.go b/clients/mythic/structs.go index 6581367..b550dd4 100644 --- a/clients/mythic/structs.go +++ b/clients/mythic/structs.go @@ -91,7 +91,7 @@ type Tasking struct { type Tasks struct { Action string `json:"action"` Tasks []Task `json:"tasks"` - SOCKS []Socks `json:"socks"` + SOCKS []Socks `json:"socks,omitempty"` } // Task contains the task identifier, command, and parameters for the agent to execute @@ -139,6 +139,7 @@ type ServerTaskResponse struct { type ServerPostResponse struct { Action string `json:"action"` Responses []ServerTaskResponse `json:"responses"` + SOCKS []Socks `json:"socks,omitempty"` } // PostResponseFile is the structure used to send a list of messages from the agent to the server diff --git a/docs/CHANGELOG.MD b/docs/CHANGELOG.MD index c033621..db00675 100644 --- a/docs/CHANGELOG.MD +++ b/docs/CHANGELOG.MD @@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). +## 2.3.1 - 2024-03-21 + +### Fixed + +- Resolved several SOCKS5 issues + - Updated Mythic client to handle `post_response` actions with `ServerPostResponse` structure to include SOCKS information + - Created a go routine and a channel just for sending SOCKS data in place of using the Jobs channel + ## 2.3.0 - 2023-12-26 ### Added diff --git a/services/job/job.go b/services/job/job.go index 6a10f06..d2e0932 100644 --- a/services/job/job.go +++ b/services/job/job.go @@ -76,7 +76,7 @@ func NewJobService(agentID uuid.UUID) *Service { return memoryService } -// AddResult creates a Job Results structure and places it in the out going channel +// AddResult creates a Job Results structure and places it in the outgoing channel func (s *Service) AddResult(agent uuid.UUID, stdOut, stdErr string) { cli.Message(cli.DEBUG, fmt.Sprintf("services/job.AddResult(): entering into function with agent: %s, stdOut: %s, stdErr: %s", agent, stdOut, stdErr)) result := jobs.Results{ @@ -278,7 +278,7 @@ func (s *Service) Control(job jobs.Job) { cli.Message(cli.DEBUG, fmt.Sprintf("services/job.Control(): leaving function with %+v", aInfo)) } -// Handle takes a list of jobs and places them into job channel if they are a valid type, so they can be executed +// Handle takes a list of jobs and places them into a job channel if they are a valid type, so they can be executed func (s *Service) Handle(Jobs []jobs.Job) { cli.Message(cli.DEBUG, fmt.Sprintf("services/job.Handle(): entering into function with %+v", Jobs)) for _, job := range Jobs { @@ -305,7 +305,7 @@ func (s *Service) Handle(Jobs []jobs.Job) { case jobs.RESULT: out <- job case jobs.SOCKS: - socks.Handler(job, &out, &in) + socks.Handler(job, &out) default: var result jobs.Results result.Stderr = fmt.Sprintf("%s is not a valid job type", job.Type) @@ -398,7 +398,7 @@ func execute() { case jobs.SHELLCODE: result = commands.ExecuteShellcode(job.Payload.(jobs.Shellcode)) case jobs.SOCKS: - socks.Handler(job, &out, &in) + socks.Handler(job, &out) return default: result.Stderr = fmt.Sprintf("Invalid job type: %d", job.Type) diff --git a/socks/socks.go b/socks/socks.go index 67fe792..b6e5574 100644 --- a/socks/socks.go +++ b/socks/socks.go @@ -43,14 +43,14 @@ var done = sync.Map{} // Handler is the entry point for SOCKS connections. // This function starts a SOCKS server and processes incoming SOCKS connections -func Handler(msg jobs.Job, jobsOut *chan jobs.Job, jobsIn *chan jobs.Job) { +func Handler(msg jobs.Job, jobsOut *chan jobs.Job) { //fmt.Printf("socks.Handler(): Received SOCKS job ID: %s, Index: %d, Close: %t, Data Length: %d\n", msg.Payload.(jobs.Socks).ID, msg.Payload.(jobs.Socks).Index, msg.Payload.(jobs.Socks).Close, len(msg.Payload.(jobs.Socks).Data)) //defer fmt.Printf("\tsocks.Handler(): Exiting ID: %s, Index: %d, Close: %t, Data Length: %d\n", msg.Payload.(jobs.Socks).ID, msg.Payload.(jobs.Socks).Index, msg.Payload.(jobs.Socks).Close, len(msg.Payload.(jobs.Socks).Data)) job := msg.Payload.(jobs.Socks) // See if the SOCKS server has already been created if server == nil { - err := start() + err := newSOCKSServer() if err != nil { cli.Message(cli.WARN, err.Error()) return @@ -61,18 +61,21 @@ func Handler(msg jobs.Job, jobsOut *chan jobs.Job, jobsIn *chan jobs.Job) { _, ok := connections.Load(job.ID) if !ok && !job.Close { client, target := net.Pipe() + in := make(chan jobs.Socks, 100) connection := Connection{ Job: msg, In: client, Out: target, JobChan: jobsOut, + in: &in, } connections.Store(job.ID, &connection) done.Store(job.ID, false) // Start the go routine to send read data in and send it to the SOCKS server - go sendToSOCKSServer(job.ID) - go receiveFromSOCKSServer(job.ID) + go start(job.ID) + go listen(job.ID) + go send(job.ID) } conn, ok := connections.Load(job.ID) @@ -80,83 +83,11 @@ func Handler(msg jobs.Job, jobsOut *chan jobs.Job, jobsIn *chan jobs.Job) { cli.Message(cli.WARN, fmt.Sprintf("connection ID %s was not found", job.ID)) return } - - // Check to ensure the index is correct, if not, return it to the job channel to be processed again - - if conn.(*Connection).Count != job.Index { - //fmt.Printf("Index mismatch, expected %d, got %d\n", conn.(*Connection).Count, job.Index) - *jobsIn <- msg - return - } - - // If there is data, write it to the SOCKS server - // Send data, if any, before closing the connection - if len(job.Data) > 0 { - conn.(*Connection).Count++ - // Write the received data to the agent side pipe - var buff bytes.Buffer - _, err := buff.Write(job.Data) - if err != nil { - cli.Message(cli.WARN, fmt.Sprintf("there was an error writing SOCKS data to the buffer: %s", err)) - return - } - - //fmt.Printf("Writing %d bytes to SOCKS target \n", len(job.Data)) - n, err := conn.(*Connection).Out.Write(buff.Bytes()) - if err != nil { - cli.Message(cli.WARN, fmt.Sprintf("there was an error writing data to the SOCKS %s OUTBOUND pipe: %s", job.ID, err)) - return - } - //time.Sleep(40 * time.Millisecond) - - cli.Message(cli.DEBUG, fmt.Sprintf("Wrote %d bytes to the SOCKS %s OUTBOUND pipe with error %s", n, job.ID, err)) - } - - // If the SOCKS client has sent io.EOF to close the connection - if job.Close { - // Mythic is sending two Close messages so the counter needs to increment on close too - if len(job.Data) <= 0 { - conn.(*Connection).Count++ - } - cli.Message(cli.NOTE, fmt.Sprintf("Closing SOCKS connection %s", job.ID)) - - cli.Message(cli.DEBUG, fmt.Sprintf("Closing SOCKS connection %s OUTBOUND pipe", job.ID)) - err := conn.(*Connection).Out.Close() - if err != nil { - cli.Message(cli.WARN, fmt.Sprintf("there was an error closing the SOCKS connection %s OUTBOUND pipe: %s", job.ID, err)) - } - - cli.Message(cli.DEBUG, fmt.Sprintf("Closing SOCKS connection %s INBOUND pipe", job.ID)) - err = conn.(*Connection).In.Close() - if err != nil { - cli.Message(cli.WARN, fmt.Sprintf("there was an error closing the SOCKS connection %s INBOUND pipe: %s", job.ID, err)) - } - - // Send a message back to the server, so it knows the connection has been shutdown/completed - /* - j := jobs.Job{ - AgentID: msg.AgentID, - ID: msg.ID, - Token: msg.Token, - Type: jobs.SOCKS, - } - j.Payload = jobs.Socks{ - ID: job.ID, - Close: true, - } - *conn.(*Connection).JobChan <- j - */ - // Remove the connection from the map - // Don't remove the connection, it is removed in the receiveFromSOCKSServer function - connections.Delete(job.ID) - done.Store(job.ID, true) - return - } - // TODO: When is the connection removed from the map? + *conn.(*Connection).in <- job } -// start uses an empty SOCKS server configuration and creates a new instance -func start() (err error) { +// newSOCKSServer is a factory to create and return a global SOCKS5 server instance +func newSOCKSServer() (err error) { cli.Message(cli.NOTE, "Starting SOCKS5 server") // Create SOCKS5 server conf := &socks5.Config{} @@ -167,8 +98,8 @@ func start() (err error) { return } -// sendToSOCKSServer reads data from an incoming job and sends it to the SOCKS server which will in turn send it to the target -func sendToSOCKSServer(id uuid.UUID) { +// start the SOCKS server to serve the connection +func start(id uuid.UUID) { cli.Message(cli.NOTE, fmt.Sprintf("Serving new SOCKS connection ID %s", id)) connection, ok := connections.Load(id) @@ -184,8 +115,8 @@ func sendToSOCKSServer(id uuid.UUID) { cli.Message(cli.DEBUG, fmt.Sprintf("Finished serving SOCKS connection ID %s", id)) } -// receiveFromSOCKSServer continuously listens for data being returned from the SOCKS server to be sent to the agent -func receiveFromSOCKSServer(id uuid.UUID) { +// listen continuously for data being returned from the SOCKS server to be sent to the agent +func listen(id uuid.UUID) { // Listen for data on the agent-side write pipe connection, ok := connections.Load(id) if !ok { @@ -240,11 +171,79 @@ func receiveFromSOCKSServer(id uuid.UUID) { } } +// send continuously sends data to the SOCKS server from the SOCKS client +func send(id uuid.UUID) { + conn, ok := connections.Load(id) + if !ok { + cli.Message(cli.WARN, fmt.Sprintf("connection ID %s was not found", id)) + return + } + + for { + // Get SOCKS job from the channel + job := <-*conn.(*Connection).in + + // Check to ensure the index is correct, if not, return it to the channel to be processed again + if conn.(*Connection).Count != job.Index { + *conn.(*Connection).in <- job + continue + } + + // If there is data, write it to the SOCKS server + // Send data, if any, before closing the connection + if len(job.Data) > 0 { + conn.(*Connection).Count++ + // Write the received data to the agent side pipe + var buff bytes.Buffer + _, err := buff.Write(job.Data) + if err != nil { + cli.Message(cli.WARN, fmt.Sprintf("there was an error writing SOCKS data to the buffer: %s", err)) + return + } + + //fmt.Printf("Writing %d bytes to SOCKS target \n", len(job.Data)) + n, err := conn.(*Connection).Out.Write(buff.Bytes()) + if err != nil { + cli.Message(cli.WARN, fmt.Sprintf("there was an error writing data to the SOCKS %s OUTBOUND pipe: %s", job.ID, err)) + return + } + cli.Message(cli.DEBUG, fmt.Sprintf("Wrote %d bytes to the SOCKS %s OUTBOUND pipe with error %s", n, job.ID, err)) + } + + // If the SOCKS client has sent io.EOF to close the connection + if job.Close { + // Mythic is sending two Close messages so the counter needs to increment on close too + if len(job.Data) <= 0 { + conn.(*Connection).Count++ + } + cli.Message(cli.NOTE, fmt.Sprintf("Closing SOCKS connection %s", job.ID)) + + cli.Message(cli.DEBUG, fmt.Sprintf("Closing SOCKS connection %s OUTBOUND pipe", job.ID)) + err := conn.(*Connection).Out.Close() + if err != nil { + cli.Message(cli.WARN, fmt.Sprintf("there was an error closing the SOCKS connection %s OUTBOUND pipe: %s", job.ID, err)) + } + + cli.Message(cli.DEBUG, fmt.Sprintf("Closing SOCKS connection %s INBOUND pipe", job.ID)) + err = conn.(*Connection).In.Close() + if err != nil { + cli.Message(cli.WARN, fmt.Sprintf("there was an error closing the SOCKS connection %s INBOUND pipe: %s", job.ID, err)) + } + + // Remove the connection from the map + connections.Delete(job.ID) + done.Store(job.ID, true) + return + } + } +} + // Connection is a structure used to track new SOCKS client connections type Connection struct { Job jobs.Job In net.Conn Out net.Conn - JobChan *chan jobs.Job - Count int + JobChan *chan jobs.Job // Channel to send jobs back to the server + in *chan jobs.Socks // Channel to receive and process SOCKS data locally + Count int // Counter to track the number of SOCKS messages sent } From 994d3ea468e0c6d52e5550116fd6df818ed0b535 Mon Sep 17 00:00:00 2001 From: Russel Van Tuyl Date: Thu, 21 Mar 2024 08:22:28 -0400 Subject: [PATCH 5/6] Upgraded libraries --- docs/CHANGELOG.MD | 12 +++++ go.mod | 35 +++++++------- go.sum | 116 ++++++++++++++++++++++++++++++---------------- 3 files changed, 107 insertions(+), 56 deletions(-) diff --git a/docs/CHANGELOG.MD b/docs/CHANGELOG.MD index db00675..a3ed1b0 100644 --- a/docs/CHANGELOG.MD +++ b/docs/CHANGELOG.MD @@ -12,6 +12,18 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - Updated Mythic client to handle `post_response` actions with `ServerPostResponse` structure to include SOCKS information - Created a go routine and a channel just for sending SOCKS data in place of using the Jobs channel +### Changed + +- Upgraded the following libraries to their latest version + - upgraded golang.org/x/net v0.21.0 => v0.22.0 + - upgraded github.com/google/uuid v1.5.0 => v1.6.0 + - upgraded github.com/quic-go/quic-go v0.40.1 => v0.42.0 + - upgraded github.com/refraction-networking/utls v1.6.0 => v1.6.3 + +### Security + +- Upgraded go-jose/v3 to v3.0.3 to address CVE-2024-28180 + ## 2.3.0 - 2023-12-26 ### Added diff --git a/go.mod b/go.mod index 0a0e6e2..62cf774 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,8 @@ module github.com/Ne0nd0g/merlin-agent/v2 -go 1.20 +go 1.21 + +toolchain go1.22.1 require ( github.com/C-Sto/BananaPhone v0.0.0-20220220002628-6585e5913761 @@ -10,34 +12,33 @@ require ( github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 github.com/cretz/gopaque v0.1.0 github.com/fatih/color v1.16.0 - github.com/go-jose/go-jose/v3 v3.0.1 + github.com/go-jose/go-jose/v3 v3.0.3 github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 - github.com/google/uuid v1.5.0 - github.com/quic-go/quic-go v0.40.1 - github.com/refraction-networking/utls v1.6.0 - golang.org/x/crypto v0.17.0 - golang.org/x/net v0.19.0 - golang.org/x/sys v0.15.0 + github.com/google/uuid v1.6.0 + github.com/quic-go/quic-go v0.42.0 + github.com/refraction-networking/utls v1.6.3 + golang.org/x/crypto v0.21.0 + golang.org/x/net v0.22.0 + golang.org/x/sys v0.18.0 golang.org/x/text v0.14.0 ) require ( github.com/Binject/debug v0.0.0-20211007083345-9605c99179ee // indirect - github.com/andybalholm/brotli v1.0.6 // indirect + github.com/andybalholm/brotli v1.1.0 // indirect github.com/awgh/rawreader v0.0.0-20200626064944-56820a9c6da4 // indirect - github.com/cloudflare/circl v1.3.6 // indirect + github.com/cloudflare/circl v1.3.7 // indirect github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect - github.com/google/pprof v0.0.0-20231212022811-ec68065c825e // indirect - github.com/klauspost/compress v1.17.4 // indirect + github.com/google/pprof v0.0.0-20240320155624-b11c3daa6f07 // indirect + github.com/klauspost/compress v1.17.7 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/onsi/ginkgo/v2 v2.13.2 // indirect + github.com/onsi/ginkgo/v2 v2.17.0 // indirect github.com/quic-go/qpack v0.4.0 // indirect - github.com/quic-go/qtls-go1-20 v0.4.1 // indirect go.dedis.ch/fixbuf v1.0.3 // indirect go.dedis.ch/kyber/v3 v3.1.0 // indirect go.uber.org/mock v0.4.0 // indirect - golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 // indirect - golang.org/x/mod v0.14.0 // indirect - golang.org/x/tools v0.16.1 // indirect + golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 // indirect + golang.org/x/mod v0.16.0 // indirect + golang.org/x/tools v0.19.0 // indirect ) diff --git a/go.sum b/go.sum index d503d25..c345680 100644 --- a/go.sum +++ b/go.sum @@ -9,14 +9,14 @@ github.com/Ne0nd0g/merlin-message v1.3.0 h1:HelXwN6Gtk80C2ted0+PAprq+zRiQRGLG6s6 github.com/Ne0nd0g/merlin-message v1.3.0/go.mod h1:6eAh2KI4XrOAF+y4W2DN0qfRVWiAGzYlq148iKe3sSA= github.com/Ne0nd0g/npipe v1.1.0 h1:oTDJfD8yrr2BLGZpKEllCmeGpcbmx6LW1uuS2bxIBoM= github.com/Ne0nd0g/npipe v1.1.0/go.mod h1:GKyLKRkYambQuI9VIfMrz1Mf5hOGlEvZkhw1chph/IQ= -github.com/andybalholm/brotli v1.0.6 h1:Yf9fFpf49Zrxb9NlQaluyE92/+X7UVHlhMNJN2sxfOI= -github.com/andybalholm/brotli v1.0.6/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig= +github.com/andybalholm/brotli v1.1.0 h1:eLKJA0d02Lf0mVpIDgYnqXcUn0GqVmEFny3VuID1U3M= +github.com/andybalholm/brotli v1.1.0/go.mod h1:sms7XGricyQI9K10gOSf56VKKWS4oLer58Q+mhRPtnY= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/awgh/rawreader v0.0.0-20200626064944-56820a9c6da4 h1:cIAK2NNf2yafdgpFRNJrgZMwvy61BEVpGoHc2n4/yWs= github.com/awgh/rawreader v0.0.0-20200626064944-56820a9c6da4/go.mod h1:SalMPBCab3yuID8nIhLfzwoBV+lBRyaC7NhuN8qL8xE= -github.com/cloudflare/circl v1.3.6 h1:/xbKIqSHbZXHwkhbrhrt2YOHIwYJlXH94E3tI/gDlUg= -github.com/cloudflare/circl v1.3.6/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/cretz/gopaque v0.1.0 h1:rC+coO7LzXnstyG7FmwK0XD7oV93tg9EZ+Fl2yZOeto= github.com/cretz/gopaque v0.1.0/go.mod h1:0npz8L/gL98OX2nWKF8WRSP8ZCAg89UKBBrBVrDXJQg= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -24,44 +24,48 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= -github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA= -github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY= +github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= +github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= +github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= -github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= +github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= -github.com/google/pprof v0.0.0-20231212022811-ec68065c825e h1:bwOy7hAFd0C91URzMIEBfr6BAz29yk7Qj0cy6S7DJlU= -github.com/google/pprof v0.0.0-20231212022811-ec68065c825e/go.mod h1:czg5+yv1E0ZGTi6S6vVK1mke0fV+FaUhNGcd6VRS9Ik= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/google/pprof v0.0.0-20240320155624-b11c3daa6f07 h1:57oOH2Mu5Nw16KnZAVLdlUjmPH/TSYCKTJgG0OVfX0Y= +github.com/google/pprof v0.0.0-20240320155624-b11c3daa6f07/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= -github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= -github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= -github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/klauspost/compress v1.17.7 h1:ehO88t2UGzQK66LMdE8tibEd1ErmzZjNEqWkjLAKQQg= +github.com/klauspost/compress v1.17.7/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/onsi/ginkgo/v2 v2.13.2 h1:Bi2gGVkfn6gQcjNjZJVO8Gf0FHzMPf2phUei9tejVMs= -github.com/onsi/ginkgo/v2 v2.13.2/go.mod h1:XStQ8QcGwLyF4HdfcZB8SFOS/MWCgDuXMSBe6zrvLgM= -github.com/onsi/gomega v1.29.0 h1:KIA/t2t5UBzoirT4H9tsML45GEbo3ouUnBHsCfD2tVg= +github.com/onsi/ginkgo/v2 v2.17.0 h1:kdnunFXpBjbzN56hcJHrXZ8M+LOkenKA7NnBzTNigTI= +github.com/onsi/ginkgo/v2 v2.17.0/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/quic-go/qpack v0.4.0 h1:Cr9BXA1sQS2SmDUWjSofMPNKmvF6IiIfDRmgU0w1ZCo= github.com/quic-go/qpack v0.4.0/go.mod h1:UZVnYIfi5GRk+zI9UMaCPsmZ2xKJP7XBUvVyT1Knj9A= -github.com/quic-go/qtls-go1-20 v0.4.1 h1:D33340mCNDAIKBqXuAvexTNMUByrYmFYVfKfDN5nfFs= -github.com/quic-go/qtls-go1-20 v0.4.1/go.mod h1:X9Nh97ZL80Z+bX/gUXMbipO6OxdiDi58b/fMC9mAL+k= -github.com/quic-go/quic-go v0.40.1 h1:X3AGzUNFs0jVuO3esAGnTfvdgvL4fq655WaOi1snv1Q= -github.com/quic-go/quic-go v0.40.1/go.mod h1:PeN7kuVJ4xZbxSv/4OX6S1USOX8MJvydwpTx31vx60c= -github.com/refraction-networking/utls v1.6.0 h1:X5vQMqVx7dY7ehxxqkFER/W6DSjy8TMqSItXm8hRDYQ= -github.com/refraction-networking/utls v1.6.0/go.mod h1:kHJ6R9DFFA0WsRgBM35iiDku4O7AqPR6y79iuzW7b10= +github.com/quic-go/quic-go v0.42.0 h1:uSfdap0eveIl8KXnipv9K7nlwZ5IqLlYOpJ58u5utpM= +github.com/quic-go/quic-go v0.42.0/go.mod h1:132kz4kL3F9vxhW3CtQJLDVwcFe5wdWeJXXijhsO57M= +github.com/refraction-networking/utls v1.6.3 h1:MFOfRN35sSx6K5AZNIoESsBuBxS2LCgRilRIdHb6fDc= +github.com/refraction-networking/utls v1.6.3/go.mod h1:yil9+7qSl+gBwJqztoQseO6Pr3h62pQoY1lXiNR/FPs= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= -github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= go.dedis.ch/fixbuf v1.0.3 h1:hGcV9Cd/znUxlusJ64eAlExS+5cJDIyTyEG+otu5wQs= go.dedis.ch/fixbuf v1.0.3/go.mod h1:yzJMt34Wa5xD37V5RTdmp38cz3QhMagdGoem9anUalw= go.dedis.ch/kyber/v3 v3.0.4/go.mod h1:OzvaEnPvKlyrWyp3kGXlFdp7ap1VC6RkZDTaPikqhsQ= @@ -77,37 +81,71 @@ go.uber.org/mock v0.4.0 h1:VcM4ZOtdbR4f6VXfiOpwpVJDL6lCReaZ6mw31wqh7KU= go.uber.org/mock v0.4.0/go.mod h1:a6FSlNadKUHUa9IP5Vyt1zh4fC7uAwxMutEAscFbkZc= golang.org/x/crypto v0.0.0-20190123085648-057139ce5d2b/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/exp v0.0.0-20231219180239-dc181d75b848 h1:+iq7lrkxmFNBM7xx+Rae2W6uyPfhPeDWD+n+JgppptE= -golang.org/x/exp v0.0.0-20231219180239-dc181d75b848/go.mod h1:iRJReGqOEeBhDZGkGbynYwcHlctCvnjTYIamk7uXpHI= -golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0= -golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81 h1:6R2FC06FonbXQ8pK11/PDFY6N6LWlf9KlzibaCapmqc= +golang.org/x/exp v0.0.0-20240318143956-a85f2c67cd81/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ= +golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= +golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= +golang.org/x/mod v0.16.0 h1:QX4fJ0Rr5cPQCF7O9lh9Se4pmwfwskqZfq5moyldzic= +golang.org/x/mod v0.16.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= -golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= +golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= +golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= +golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190124100055-b90733256f2e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200625212154-ddb9806d33ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200828194041-157a740278f4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220330033206-e17cdc41300f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= -golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= +golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= +golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= +golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= +golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= +golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.16.1 h1:TLyB3WofjdOEepBHAU20JdNC1Zbg87elYofWYAY5oZA= -golang.org/x/tools v0.16.1/go.mod h1:kYVVN6I1mBNoB1OX+noeBjbRk4IUEPa7JJ+TJMEooJ0= -golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= +golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= +golang.org/x/tools v0.19.0 h1:tfGCXNR1OsFG+sVdLAitlpjAvD/I6dHDKnYrpEZUHkw= +golang.org/x/tools v0.19.0/go.mod h1:qoJWxmGSIBmAeriMx19ogtrEPrGtDbPK634QFIcLAhc= +golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/protobuf v1.28.0 h1:w43yiav+6bVFTBQFZX0r7ipe9JQ1QsbMgHwbBziscLw= +google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= From 3fdaf9e5dbea42b745fd06eb4e18c34c273be661 Mon Sep 17 00:00:00 2001 From: Russel Van Tuyl Date: Thu, 21 Mar 2024 08:32:35 -0400 Subject: [PATCH 6/6] Upgraded libraries --- docs/CHANGELOG.MD | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/CHANGELOG.MD b/docs/CHANGELOG.MD index a3ed1b0..2a79a9f 100644 --- a/docs/CHANGELOG.MD +++ b/docs/CHANGELOG.MD @@ -4,7 +4,11 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## 2.3.1 - 2024-03-21 +## 2.4.0 - 2024-03-21 + +### Added + +- Mythic client handles multiple HTTP headers with the Mythic `http` C2 Profile ### Fixed