Skip to content

Commit

Permalink
v1.2.3
Browse files Browse the repository at this point in the history 
fixed an issue with `ls` not working when some attributes are unfetchable
  • Loading branch information
@its-a-feature
its-a-feature committed Feb 29, 2024
1 parent e0d7d0c commit c2f8698
Show file tree
Hide file tree
Showing 4 changed files with 44 additions and 64 deletions.
38 changes: 21 additions & 17 deletions Payload_Type/apfell/apfell/agent_code/ls.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,9 +46,8 @@ exports.ls = function(task, command, params){
let time_attr = ObjC.unwrap(fileManager.attributesOfItemAtPathError($(path + sub_files[i]), error));
let file_add = {};
file_add['name'] = sub_files[i];
file_add['is_file'] = attr['NSFileType'] !== "NSFileTypeDirectory";
let plistPerms = ObjC.unwrap(fileManager.attributesOfItemAtPathError($(path + sub_files[i]), $()));
if(plistPerms['NSFileExtendedAttributes'] !== undefined){
if(plistPerms !== undefined && plistPerms['NSFileExtendedAttributes'] !== undefined){
let extended = {};
let perms = plistPerms['NSFileExtendedAttributes'].js;
for(let j in perms){
Expand All @@ -58,22 +57,27 @@ exports.ls = function(task, command, params){
}else{
file_add['permissions'] = {};
}
file_add['size'] = attr['NSFileSize'];
let nsposix = attr['NSFilePosixPermissions'];
// we need to fix this mess to actually be real permission bits that make sense
file_add['permissions']['posix'] = ((nsposix >> 6) & 0x7).toString() + ((nsposix >> 3) & 0x7).toString() + (nsposix & 0x7).toString();
file_add['permissions']['owner'] = attr['NSFileOwnerAccountName'] + "(" + attr['NSFileOwnerAccountID'] + ")";
file_add['permissions']['group'] = attr['NSFileGroupOwnerAccountName'] + "(" + attr['NSFileGroupOwnerAccountID'] + ")";
file_add['permissions']['hidden'] = attr['NSFileExtensionAttribute'] === true;
file_add['permissions']['create_time'] = Math.floor(Math.trunc(time_attr['NSFileCreationDate'].timeIntervalSince1970 * 1000));
if(file_add['permissions']['create_time'] < 0){
file_add['permissions']['create_time'] = 0;
}
file_add['modify_time'] = Math.floor(Math.trunc(time_attr['NSFileModificationDate'].timeIntervalSince1970 * 1000));
if(file_add['modify_time'] < 0){
file_add['modify_time'] = 0;
if(attr !== undefined){
file_add['is_file'] = attr['NSFileType'] !== "NSFileTypeDirectory";
file_add['size'] = attr['NSFileSize'];
let nsposix = attr['NSFilePosixPermissions'];
// we need to fix this mess to actually be real permission bits that make sense
file_add['permissions']['posix'] = ((nsposix >> 6) & 0x7).toString() + ((nsposix >> 3) & 0x7).toString() + (nsposix & 0x7).toString();
file_add['permissions']['owner'] = attr['NSFileOwnerAccountName'] + "(" + attr['NSFileOwnerAccountID'] + ")";
file_add['permissions']['group'] = attr['NSFileGroupOwnerAccountName'] + "(" + attr['NSFileGroupOwnerAccountID'] + ")";
file_add['permissions']['hidden'] = attr['NSFileExtensionAttribute'] === true;
file_add['permissions']['create_time'] = Math.floor(Math.trunc(time_attr['NSFileCreationDate'].timeIntervalSince1970 * 1000));
if(file_add['permissions']['create_time'] < 0){
file_add['permissions']['create_time'] = 0;
}
file_add['modify_time'] = Math.floor(Math.trunc(time_attr['NSFileModificationDate'].timeIntervalSince1970 * 1000));
if(file_add['modify_time'] < 0){
file_add['modify_time'] = 0;
}
file_add['access_time'] = 0;
} else {

}
file_add['access_time'] = 0;
files_data.push(file_add);
}
output['files'] = files_data;
Expand Down
2 changes: 1 addition & 1 deletion Payload_Type/apfell/apfell/agent_functions/builder.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ class Apfell(PayloadType):
supported_os = [SupportedOS.MacOS]
wrapper = False
wrapped_payloads = []
note = """This payload uses JavaScript for Automation (JXA) for execution on macOS boxes. Version 0.1.2"""
note = """This payload uses JavaScript for Automation (JXA) for execution on macOS boxes. Version 0.1.3"""
supports_dynamic_loading = True
c2_profiles = ["http", "dynamichttp"]
mythic_encrypts = True
Expand Down
66 changes: 21 additions & 45 deletions Payload_Type/apfell/apfell/browser_scripts/clipboard_new.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,50 +12,26 @@ function(task, responses){
try{
let data = JSON.parse(responses[0]);
let output_table = [];
let all_keys = [];
for(const [k,v] of Object.entries(data)){
all_keys.push(k);
if(k === "public.utf8-plain-text"){
output_table.push({
"key":{"plaintext": k},
"value": {"plaintext": atob(v), "copyIcon": v.length > 0},
"fetch": {"button": {
"name": "Fetch Data",
"type": "task",
"ui_feature": "clipboard:list",
"parameters": {"read": [k]}
}},
"view": {"button": {
"name": v=== "" ? "Empty": "View",
"type": "dictionary",
"value": {[k]:atob(v)},
"disabled": v === "",
"leftColumnTitle": "Key",
"rightColumnTitle": "Values",
"title": "Viewing " + k
}}
})
}else{
output_table.push({
"key":{"plaintext": k},
"value": {"plaintext": v, "copyIcon": v.length > 0},
"fetch": {"button": {
"name": "Fetch Data",
"type": "task",
"ui_feature": "clipboard:list",
"parameters":{"read": [k]}
}},
"view": {"button": {
"name": v=== "" ? "Empty": "View",
"type": "dictionary",
"value": {[k]:v},
"disabled": v === "",
"leftColumnTitle": "Key",
"rightColumnTitle": "Values",
"title": "Viewing " + k
}}
})
}
output_table.push({
"key":{"plaintext": k},
"value": {"plaintext": atob(v), "copyIcon": v.length > 0},
"fetch": {"button": {
"name": "Fetch Data",
"type": "task",
"ui_feature": "clipboard:list",
"parameters":{"read": [k]}
}},
"view": {"button": {
"name": v=== "" ? "Empty": "View",
"type": "dictionary",
"value": {[k]:atob(v)},
"disabled": v === "",
"leftColumnTitle": "Key",
"rightColumnTitle": "Values",
"title": "Viewing " + k
}}
})
}
output_table.push({
"key":{"plaintext": "Fetch All Clipboard Data"},
Expand All @@ -80,8 +56,8 @@ function(task, responses){
"table": [
{
"headers": [
{"plaintext": "fetch", "type": "button", "width": 150, "disableSort": true},
{"plaintext": "view", "type": "button", "width": 100, "disableSort": true},
{"plaintext": "fetch", "type": "button", "width": 70, "disableSort": true},
{"plaintext": "view", "type": "button", "width": 70, "disableSort": true},
{"plaintext": "key", "type": "string", "fillWidth": true},
{"plaintext": "value", "type": "string", "fillWidth": true},

Expand Down
2 changes: 1 addition & 1 deletion agent_capabilities.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@
"architectures": ["x86_64", "arm_64"],
"c2": ["http", "dynamichttp"],
"mythic_version": "3.2",
"agent_version": "0.1.2",
"agent_version": "0.1.3",
"supported_wrappers": []
}

0 comments on commit c2f8698

Please sign in to comment.