adding chmod, fixing a few errors, adding depth to ls

Author: its-a-feature

Payload_Type/poseidon/go.sum

@@ -1,4 +1,3 @@
-github.com/MythicMeta/MythicContainer v1.4.16/go.mod h1:BnUYftqQ9KsGxBd6RlyRcAHBrqV1CUcrRCjktWwc2Do=
 github.com/MythicMeta/MythicContainer v1.4.17 h1:t5B2RWUGLxzoJGnI3zy9w7lS7NYfWmGNv2vcF7GWZKY=
 github.com/MythicMeta/MythicContainer v1.4.17/go.mod h1:BnUYftqQ9KsGxBd6RlyRcAHBrqV1CUcrRCjktWwc2Do=
 github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=

Payload_Type/poseidon/poseidon/agent_code/CHANGELOG.MD

@@ -4,6 +4,18 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## 2.2.2 - 2025-02-24
+
+### Changed
+
+- Updated `upload` to allow specifying existing filename to upload
+- Updated `ls` to report back symlink data to browser script outputs
+- Added `chmod` command
+- Updated `rm` display parameters
+- Updated `ls` browser script to support new features
+- Updated `ls` to allow a `depth` parameter for recursively doing file listings
+- Fixed a bug with `persist_launchd` if no path was specified
+
 ## 2.2.0 - 2025-02-10
 
 ### Changed

Payload_Type/poseidon/poseidon/agent_code/chmod/chmod.go

@@ -0,0 +1,54 @@
+package chmod
+
+import (
+	// Standard
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strconv"
+	"strings"
+
+	// Poseidon
+
+	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/pkg/utils/structs"
+)
+
+type Arguments struct {
+	Path string `json:"path"`
+	Mode string `json:"mode"`
+}
+
+// Run - Function that executes the copy command
+func Run(task structs.Task) {
+	msg := task.NewResponse()
+	args := &Arguments{}
+	err := json.Unmarshal([]byte(task.Params), args)
+	if err != nil {
+		msg.SetError(err.Error())
+		task.Job.SendResponses <- msg
+		return
+	}
+	fixedFilePath := args.Path
+	if strings.HasPrefix(fixedFilePath, "~/") {
+		dirname, _ := os.UserHomeDir()
+		fixedFilePath = filepath.Join(dirname, fixedFilePath[2:])
+	}
+	FullPath, _ := filepath.Abs(fixedFilePath)
+	octalValue, err := strconv.ParseInt(args.Mode, 8, 64)
+	if err != nil {
+		msg.SetError(err.Error())
+		task.Job.SendResponses <- msg
+		return
+	}
+	err = os.Chmod(FullPath, os.FileMode(octalValue))
+	if err != nil {
+		msg.SetError(err.Error())
+		task.Job.SendResponses <- msg
+		return
+	}
+	msg.Completed = true
+	msg.UserOutput = fmt.Sprintf("Set %s to %s", FullPath, args.Mode)
+	task.Job.SendResponses <- msg
+	return
+}

Payload_Type/poseidon/poseidon/agent_code/curl/curl.go

@@ -3,11 +3,13 @@ package curl
 import (
 	// Standard
 	"bytes"
+	"context"
 	"crypto/tls"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"io"
+	"net"
 	"net/http"
 	"strings"
 	"sync"
@@ -27,14 +29,12 @@ type Arguments struct {
 	ClearEnv    []string `json:"clearEnv"`
 	ClearAllEnv bool     `json:"clearAllEnv"`
 	GetEnv      bool     `json:"getEnv"`
+	SocketPath  string   `json:"socketPath"`
 }
 
 // env are substitution environment variables to apply in the Arguments.Url and Arguments.Headers fields
 var env = make(map[string]string, 0)
 var envMtx = sync.RWMutex{}
-var tr = &http.Transport{
-	TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-}
 
 // Run - Function that executes a curl command with Golang APIs
 func Run(task structs.Task) {
@@ -103,7 +103,20 @@ func Run(task structs.Task) {
 			return
 		}
 	}
-
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+	if args.SocketPath != "" {
+		dialer := &net.Dialer{
+			Timeout: 5 * time.Second,
+		}
+		tr = &http.Transport{
+			TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			DialContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
+				return dialer.DialContext(ctx, "unix", args.SocketPath)
+			},
+		}
+	}
 	client := &http.Client{
 		Timeout:   30 * time.Second,
 		Transport: tr,
@@ -134,6 +147,9 @@ func Run(task structs.Task) {
 	finalHeaders := ""
 	for _, h := range args.Headers {
 		headerPieces := strings.SplitN(h, ":", 2)
+		if len(headerPieces) != 2 {
+			continue
+		}
 		envMtx.Lock()
 		for key, val := range env {
 			headerPieces[1] = strings.ReplaceAll(headerPieces[1], fmt.Sprintf("$%s", key), val)
@@ -155,7 +171,7 @@ func Run(task structs.Task) {
 	defer resp.Body.Close()
 	initialHeaders := strings.Join(args.Headers, "\n")
 	output := fmt.Sprintf("Initial URL: %s\nInitial Headers:\n%s\n", args.Url, initialHeaders)
-	output += fmt.Sprintf("Final URL: %s\nFinal Headers:\n%s\nOutput:\n", url, finalHeaders)
+	output += fmt.Sprintf("Final URL: %s\nFinal Headers:\n%s\n", url, finalHeaders)
 	respBody, err = io.ReadAll(resp.Body)
 	if err != nil {
 		msg.UserOutput = output
@@ -164,7 +180,8 @@ func Run(task structs.Task) {
 		return
 	}
 	msg.Completed = true
-	msg.UserOutput = output + string(respBody)
+	msg.UserOutput = string(respBody)
+	msg.Stdout = &output
 	task.Job.SendResponses <- msg
 	return
 }

Payload_Type/poseidon/poseidon/agent_code/ls/ls.go

@@ -3,6 +3,7 @@ package ls
 import (
 	// Standard
 	"encoding/json"
+	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/pkg/utils/functions"
 	"os"
 	"os/user"
 	"path/filepath"
@@ -57,32 +58,28 @@ func GetPermission(finfo os.FileInfo) structs.FilePermission {
 	return perms
 }
 
-func Run(task structs.Task) {
-	msg := task.NewResponse()
-	args := structs.FileBrowserArguments{}
-	err := json.Unmarshal([]byte(task.Params), &args)
-	if err != nil {
-		msg.SetError(err.Error())
-		task.Job.SendResponses <- msg
-		return
-	}
+func ProcessPath(path string) (*structs.FileBrowser, error) {
 	var e structs.FileBrowser
 	e.SetAsUserOutput = true
-	fixedPath := args.Path
+	e.Files = make([]structs.FileData, 0)
+	fixedPath := path
 	if strings.HasPrefix(fixedPath, "~/") {
 		dirname, _ := os.UserHomeDir()
 		fixedPath = filepath.Join(dirname, fixedPath[2:])
 	}
 	abspath, _ := filepath.Abs(fixedPath)
+	//abspath, _ = filepath.EvalSymlinks(abspath)
 	dirInfo, err := os.Stat(abspath)
+	filepath.EvalSymlinks(abspath)
 	if err != nil {
-		msg.SetError(err.Error())
-		task.Job.SendResponses <- msg
-		return
+		return &e, err
 	}
 	e.IsFile = !dirInfo.IsDir()
-
 	e.Permissions = GetPermission(dirInfo)
+	symlinkPath, _ := filepath.EvalSymlinks(abspath)
+	if symlinkPath != abspath {
+		e.Permissions.Symlink = symlinkPath
+	}
 	e.Filename = dirInfo.Name()
 	e.ParentPath = filepath.Dir(abspath)
 	if strings.Compare(e.ParentPath, e.Filename) == 0 {
@@ -101,13 +98,9 @@ func Run(task structs.Task) {
 	if dirInfo.IsDir() {
 		files, err := os.ReadDir(abspath)
 		if err != nil {
-			msg.SetError(err.Error())
 			e.Success = false
-			msg.FileBrowser = &e
-			task.Job.SendResponses <- msg
-			return
+			return &e, err
 		}
-
 		fileEntries := make([]structs.FileData, len(files))
 		for i := 0; i < len(files); i++ {
 			fileEntries[i].IsFile = !files[i].IsDir()
@@ -123,7 +116,11 @@ func Run(task structs.Task) {
 			}
 			fileEntries[i].Name = files[i].Name()
 			fileEntries[i].FullName = filepath.Join(abspath, files[i].Name())
-			at, err := atime.Stat(abspath)
+			symlinkPath, _ = filepath.EvalSymlinks(fileEntries[i].FullName)
+			if symlinkPath != fileEntries[i].FullName {
+				fileEntries[i].Permissions.Symlink = symlinkPath
+			}
+			at, err = atime.Stat(fileEntries[i].FullName)
 			if err != nil {
 				fileEntries[i].LastAccess = 0
 			} else {
@@ -135,10 +132,55 @@ func Run(task structs.Task) {
 		fileEntries := make([]structs.FileData, 0)
 		e.Files = fileEntries
 	}
+	return &e, nil
+}
+func Run(task structs.Task) {
+	args := structs.FileBrowserArguments{}
+	err := json.Unmarshal([]byte(task.Params), &args)
+	if err != nil {
+		msg := task.NewResponse()
+		msg.SetError(err.Error())
+		task.Job.SendResponses <- msg
+		return
+	}
+	if args.Depth == 0 {
+		args.Depth = 1
+	}
+	if args.Host != "" {
+		if strings.ToLower(args.Host) != strings.ToLower(functions.GetHostname()) {
+			if args.Host != "127.0.0.1" && args.Host != "localhost" {
+				msg := task.NewResponse()
+				msg.SetError("can't currently list files on remote hosts")
+				task.Job.SendResponses <- msg
+				return
+			}
+		}
+	}
+	var paths = []string{args.Path}
+	for args.Depth >= 1 {
+		nextPaths := []string{}
+		for _, path := range paths {
+			msg := task.NewResponse()
+			fb, err := ProcessPath(path)
+			if err != nil {
+				msg.SetError(err.Error())
+			}
+			msg.FileBrowser = fb
+			task.Job.SendResponses <- msg
+			if fb == nil {
+				continue
+			}
+			for _, child := range fb.Files {
+				if !child.IsFile {
+					nextPaths = append(nextPaths, child.FullName)
+				}
+			}
+		}
+		paths = nextPaths
+		args.Depth--
+	}
+	msg := task.NewResponse()
 	msg.Completed = true
-	msg.FileBrowser = &e
-	//temp, _ := json.Marshal(msg.FileBrowser)
-	//msg.UserOutput = string(temp)
 	task.Job.SendResponses <- msg
 	return
 }

Payload_Type/poseidon/poseidon/agent_code/persist_launchd/persist_launchd_darwin.go

@@ -27,6 +27,11 @@ func runCommand(task structs.Task) {
 		task.Job.SendResponses <- msg
 		return
 	}
+	if len(args.Path) == 0 {
+		msg.SetError("No path supplied")
+		task.Job.SendResponses <- msg
+		return
+	}
 	if args.Path[0] == '~' {
 		if functions.GetUser() == "root" {
 			msg.SetError("Can't use ~ with root user. Please specify an absolute path.")

Payload_Type/poseidon/poseidon/agent_code/pkg/tasks/newTasking.go

@@ -4,6 +4,7 @@ import (
 	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/caffeinate"
 	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/cat"
 	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/cd"
+	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/chmod"
 	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/clipboard"
 	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/clipboard_monitor"
 	"github.com/MythicAgents/poseidon/Payload_Type/poseidon/agent_code/config"
@@ -201,6 +202,8 @@ func listenForNewTask() {
 			go caffeinate.Run(task)
 		case "lsopen":
 			go lsopen.Run(task)
+		case "chmod":
+			go chmod.Run(task)
 		default:
 			// No tasks, do nothing
 			break

Payload_Type/poseidon/poseidon/agent_code/pkg/utils/structs/definitions.go

@@ -255,6 +255,8 @@ type Response struct {
 	Artifacts         *[]Artifact          `json:"artifacts,omitempty"`
 	Alerts            *[]Alert             `json:"alerts,omitempty"`
 	ProcessResponse   *string              `json:"process_response,omitempty"`
+	Stdout            *string              `json:"stdout"`
+	Stderr            *string              `json:"stder"`
 	removeRunningTask chan string
 }
 
@@ -280,6 +282,7 @@ type FilePermission struct {
 	Sticky      bool   `json:"sticky"`
 	User        string `json:"user,omitempty"`
 	Group       string `json:"group,omitempty"`
+	Symlink     string `json:"symlink,omitempty"`
 }
 type FileBrowser struct {
 	Files           []FileData     `json:"files"`
@@ -356,6 +359,7 @@ type FileBrowserArguments struct {
 	Path        string `json:"path"`
 	Host        string `json:"host"`
 	FileBrowser bool   `json:"file_browser"`
+	Depth       int    `json:"depth"`
 }
 
 // SocksMsg struct for dealing with Socks and rpfwd messages

Payload_Type/poseidon/poseidon/agent_code/upload/upload.go

@@ -21,10 +21,7 @@ type uploadArgs struct {
 // Run - interface method that retrieves a process list
 func Run(task structs.Task) {
 	msg := task.NewResponse()
-
-	// File upload
 	args := uploadArgs{}
-
 	err := json.Unmarshal([]byte(task.Params), &args)
 	if err != nil {
 		msg.SetError(fmt.Sprintf("Failed to unmarshal parameters: %s", err.Error()))

Payload_Type/poseidon/poseidon/agentfunctions/builder.go

@@ -20,7 +20,7 @@ import (
 	"time"
 )
 
-const version = "2.2.1"
+const version = "2.2.2"
 
 type sleepInfoStruct struct {
 	Interval int       `json:"interval"`