Merge pull request #139 from its-a-feature/v2.3-testing

Update Mythic to 2.3.7

.gitignore

@@ -17,6 +17,7 @@ ssl/
 # Mythic files
 files/
 mythic_access.*
+mythic_sync/
 postgres-docker/database/
 rabbitmq-docker/storage/
 C2_profiles/
@@ -147,4 +148,4 @@ _ReSharper*/
 *.DotSettings.user
 
 # vscode
-.vscode/
+.vscode/

Example_Translator/Dockerfile

@@ -1 +1 @@
-FROM itsafeaturemythic/python38_translator_container:0.0.3
+FROM itsafeaturemythic/python38_translator_container:0.0.4

Example_Translator/mythic/c2_functions/C2_RPC_functions.py

@@ -6,7 +6,7 @@
 # If the associated C2Profile has `mythic_encrypts` set to False, then this function should also decrypt
 #     the message
 # request will be JSON with the following format:
-# { "action": "translate_from_c2_format",
+# {
 #   "enc_key": None or base64 of key if Mythic knows of one,
 #   "dec_key": None or base64 of key if Mythic knows of one,
 #   "uuid": uuid of the message,
@@ -30,7 +30,7 @@ async def translate_from_c2_format(request) -> dict:
 # If the associated C2Profile has `mythic_encrypts` set to False, then this function should also encrypt
 #     the message
 # request will be JSON with the following format:
-# { "action": "translate_to_c2_format",
+# {
 #   "enc_key": None or base64 of key if Mythic knows of one,
 #   "dec_key": None or base64 of key if Mythic knows of one,
 #   "uuid": uuid of the message,

Example_Translator/mythic/mythic_service.py

@@ -1,3 +1,3 @@
 #!/usr/bin/env python3
 from mythic_translator_container import mythic_service
-mythic_service.start_service_and_heartbeat(debug=True)
+mythic_service.start_service_and_heartbeat()

LICENSE

@@ -30,16 +30,17 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
 ## Licenses for other projects used:
-MIT License
 
-Copyright (c) 2017 Toastr Maintainers
+## Wait For It - https://github.com/vishnubob/wait-for-it
+The MIT License (MIT)
+Copyright (c) 2016 Giles Hall
 
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+Permission is hereby granted, free of charge, to any person obtaining a copy of
+this software and associated documentation files (the "Software"), to deal in
+the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
 
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
@@ -52,10 +53,10 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 
+## arrgv - https://github.com/astur/arrgv
+MIT License
 
-## Wait For It - https://github.com/vishnubob/wait-for-it
-The MIT License (MIT)
-Copyright (c) 2016 Giles Hall
+Copyright (c) astur <astur@yandex.ru> (http://kozlov.am/)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

README.md

@@ -9,7 +9,7 @@ A cross-platform, post-exploit, red teaming framework built with python3, docker
 * Objective By the Sea 2019 talk on JXA: https://objectivebythesea.com/v2/talks/OBTS_v2_Thomas.pdf  
 * Objective By the sea 2019 Video: https://www.youtube.com/watch?v=E-QEsGsq3uI&list=PLliknDIoYszvTDaWyTh6SYiTccmwOsws8&index=17  
 
-* Current Version: 2.2.14
+* Current Version is found in the VERSION file
 
 ## Installing Agents and C2 Profiles
 
@@ -22,7 +22,7 @@ To install an agent, simply run the script and provide an argument of the path t
 sudo ./mythic-cli install github https://github.com/MythicAgents/apfell
 ```
 
-The same is true for isntalling C2 Profiles:
+The same is true for installing C2 Profiles:
 ```bash
 sudo ./mythic-cli install github https://github.com/MythicC2Profiles/http
 ```

SECURITY.md

@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+The following the table details the supported versions of Mythic.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 2.3.7   | :white_check_mark: |
+| < 2.3.0 | :x:                |
+
+
+## Reporting a Vulnerability
+
+If you find a vulnerability with Mythic, please reach out via twitter (@its_a_feature_), open an issue on this GitHub repo, or reach out via the Bloodhound Slack to the user @its_a_feature_.
+
+Please make sure you include what the vulnerability/issue is and have either replication steps or a proof of concept for me to look at. 
+I'll do my best to reproduce it locally and hopefully get a fix within 48 hours. If it's not something I can easily fix, we can work on a timeline.
+I can't offer any cash prize for finding issues, but I can get a swag bag sent out to you.
+
+If it's something that you send privately to me, please don't publicly report it until we're able to determine a fix. 

VERSION

@@ -0,0 +1 @@
+2.3.7

hasura-docker/Dockerfile

@@ -1,3 +1,4 @@
-From hasura/graphql-engine:v2.0.3.cli-migrations-v2
+FROM hasura/graphql-engine:v2.1.1.cli-migrations-v2
+#From hasura/graphql-engine:v2.0.3.cli-migrations-v2
 #From hasura/graphql-engine:v2.0.0-alpha.9.cli-migrations-v2
 #From hasura/graphql-engine:v1.3.4-beta.2.cli-migrations-v2