diff --git a/Covenant/API/Models/Grunt.cs b/Covenant/API/Models/Grunt.cs
index 647e8d37..a3678716 100644
--- a/Covenant/API/Models/Grunt.cs
+++ b/Covenant/API/Models/Grunt.cs
@@ -40,7 +40,7 @@ public Grunt()
/// 'Disconnected', 'Hidden'
/// Possible values include: 'Untrusted',
/// 'Low', 'Medium', 'High', 'System'
- public Grunt(string name, string originalServerGuid, int implantTemplateId, bool validateCert, bool useCertPinning, string smbPipeName, int delay, int jitterPercent, int connectAttempts, System.DateTime killDate, DotNetVersion dotNetVersion, RuntimeIdentifier runtimeIdentifier, GruntStatus status, IntegrityLevel integrity, int? id = default(int?), string guid = default(string), IList children = default(IList), ImplantTemplate implantTemplate = default(ImplantTemplate), int? listenerId = default(int?), Listener listener = default(Listener), string note = default(string), string process = default(string), string userDomainName = default(string), string userName = default(string), string ipAddress = default(string), string hostname = default(string), string operatingSystem = default(string), string gruntSharedSecretPassword = default(string), string gruntRSAPublicKey = default(string), string gruntNegotiatedSessionKey = default(string), string gruntChallenge = default(string), System.DateTime? activationTime = default(System.DateTime?), System.DateTime? lastCheckIn = default(System.DateTime?), string powerShellImport = default(string), IList gruntCommands = default(IList))
+ public Grunt(string name, string originalServerGuid, int implantTemplateId, bool validateCert, bool useCertPinning, string smbPipeName, int delay, int jitterPercent, int connectAttempts, System.DateTime killDate, string guardrails, DotNetVersion dotNetVersion, RuntimeIdentifier runtimeIdentifier, GruntStatus status, IntegrityLevel integrity, int? id = default(int?), string guid = default(string), IList children = default(IList), ImplantTemplate implantTemplate = default(ImplantTemplate), int? listenerId = default(int?), Listener listener = default(Listener), string note = default(string), string process = default(string), string userDomainName = default(string), string userName = default(string), string ipAddress = default(string), string hostname = default(string), string operatingSystem = default(string), string gruntSharedSecretPassword = default(string), string gruntRSAPublicKey = default(string), string gruntNegotiatedSessionKey = default(string), string gruntChallenge = default(string), System.DateTime? activationTime = default(System.DateTime?), System.DateTime? lastCheckIn = default(System.DateTime?), string powerShellImport = default(string), IList gruntCommands = default(IList))
{
Id = id;
Name = name;
@@ -59,6 +59,7 @@ public Grunt()
JitterPercent = jitterPercent;
ConnectAttempts = connectAttempts;
KillDate = killDate;
+ Guardrails = guardrails;
DotNetVersion = dotNetVersion;
RuntimeIdentifier = runtimeIdentifier;
Status = status;
@@ -170,6 +171,11 @@ public Grunt()
[JsonProperty(PropertyName = "killDate")]
public System.DateTime KillDate { get; set; }
+ ///
+ ///
+ [JsonProperty(PropertyName = "guardrails")]
+ public string Guardrails { get; set; }
+
///
/// Gets or sets possible values include: 'Net35', 'Net40', 'NetCore31'
///
diff --git a/Covenant/API/Models/Launcher.cs b/Covenant/API/Models/Launcher.cs
index 3491c131..b0b6ded5 100644
--- a/Covenant/API/Models/Launcher.cs
+++ b/Covenant/API/Models/Launcher.cs
@@ -39,7 +39,7 @@ public Launcher()
/// 'ConsoleApplication', 'WindowsApplication',
/// 'DynamicallyLinkedLibrary', 'NetModule', 'WindowsRuntimeMetadata',
/// 'WindowsRuntimeApplication'
- public Launcher(int? id = default(int?), int? listenerId = default(int?), int? implantTemplateId = default(int?), string name = default(string), string description = default(string), LauncherType? type = default(LauncherType?), DotNetVersion? dotNetVersion = default(DotNetVersion?), RuntimeIdentifier? runtimeIdentifier = default(RuntimeIdentifier?), bool? validateCert = default(bool?), bool? useCertPinning = default(bool?), string smbPipeName = default(string), int? delay = default(int?), int? jitterPercent = default(int?), int? connectAttempts = default(int?), System.DateTime? killDate = default(System.DateTime?), string launcherString = default(string), string stagerCode = default(string), OutputKind? outputKind = default(OutputKind?), bool? compressStager = default(bool?))
+ public Launcher(int? id = default(int?), int? listenerId = default(int?), int? implantTemplateId = default(int?), string name = default(string), string description = default(string), LauncherType? type = default(LauncherType?), DotNetVersion? dotNetVersion = default(DotNetVersion?), RuntimeIdentifier? runtimeIdentifier = default(RuntimeIdentifier?), bool? validateCert = default(bool?), bool? useCertPinning = default(bool?), string smbPipeName = default(string), int? delay = default(int?), int? jitterPercent = default(int?), int? connectAttempts = default(int?), System.DateTime? killDate = default(System.DateTime?), string guardrails = default(string), string launcherString = default(string), string stagerCode = default(string), OutputKind? outputKind = default(OutputKind?), bool? compressStager = default(bool?))
{
Id = id;
ListenerId = listenerId;
@@ -56,6 +56,7 @@ public Launcher()
JitterPercent = jitterPercent;
ConnectAttempts = connectAttempts;
KillDate = killDate;
+ Guardrails = guardrails;
LauncherString = launcherString;
StagerCode = stagerCode;
OutputKind = outputKind;
@@ -154,6 +155,11 @@ public Launcher()
[JsonProperty(PropertyName = "killDate")]
public System.DateTime? KillDate { get; set; }
+ ///
+ ///
+ [JsonProperty(PropertyName = "guardrails")]
+ public string Guardrails { get; set; }
+
///
///
[JsonProperty(PropertyName = "launcherString")]
diff --git a/Covenant/Components/Launchers/LauncherForm.razor b/Covenant/Components/Launchers/LauncherForm.razor
index 12fce246..908363ad 100644
--- a/Covenant/Components/Launchers/LauncherForm.razor
+++ b/Covenant/Components/Launchers/LauncherForm.razor
@@ -129,6 +129,11 @@
+
@switch (Launcher.Name)
diff --git a/Covenant/Core/CovenantService.cs b/Covenant/Core/CovenantService.cs
index 46bf952b..6a286f8f 100644
--- a/Covenant/Core/CovenantService.cs
+++ b/Covenant/Core/CovenantService.cs
@@ -1623,6 +1623,7 @@ private string GruntTemplateReplace(string CodeTemplate, ImplantTemplate templat
.Replace("{{REPLACE_JITTER_PERCENT}}", this.FormatForVerbatimString(grunt.JitterPercent.ToString()))
.Replace("{{REPLACE_CONNECT_ATTEMPTS}}", this.FormatForVerbatimString(grunt.ConnectAttempts.ToString()))
.Replace("{{REPLACE_KILL_DATE}}", this.FormatForVerbatimString(grunt.KillDate.ToBinary().ToString()))
+ .Replace("{{REPLACE_GUARDRAILS}}", grunt.Guardrails)
.Replace("{{REPLACE_GRUNT_SHARED_SECRET_PASSWORD}}", this.FormatForVerbatimString(grunt.GruntSharedSecretPassword));
}
else if (template.CommType == CommunicationType.SMB)
@@ -4299,6 +4300,7 @@ public async Task GenerateBinaryLauncher()
JitterPercent = launcher.JitterPercent,
ConnectAttempts = launcher.ConnectAttempts,
KillDate = launcher.KillDate,
+ Guardrails = launcher.Guardrails,
DotNetVersion = launcher.DotNetVersion,
RuntimeIdentifier = launcher.RuntimeIdentifier
};
@@ -4346,6 +4348,7 @@ public async Task EditBinaryLauncher(BinaryLauncher launcher)
matchingLauncher.JitterPercent = launcher.JitterPercent;
matchingLauncher.ConnectAttempts = launcher.ConnectAttempts;
matchingLauncher.KillDate = launcher.KillDate;
+ matchingLauncher.Guardrails = launcher.Guardrails;
matchingLauncher.LauncherString = launcher.LauncherString;
matchingLauncher.StagerCode = launcher.StagerCode;
_context.Launchers.Update(matchingLauncher);
@@ -4389,6 +4392,7 @@ public async Task GenerateShellCodeLauncher()
JitterPercent = launcher.JitterPercent,
ConnectAttempts = launcher.ConnectAttempts,
KillDate = launcher.KillDate,
+ Guardrails = launcher.Guardrails,
DotNetVersion = launcher.DotNetVersion,
RuntimeIdentifier = launcher.RuntimeIdentifier
};
@@ -4436,6 +4440,7 @@ public async Task EditShellCodeLauncher(ShellCodeLauncher lau
matchingLauncher.JitterPercent = launcher.JitterPercent;
matchingLauncher.ConnectAttempts = launcher.ConnectAttempts;
matchingLauncher.KillDate = launcher.KillDate;
+ matchingLauncher.Guardrails = launcher.Guardrails;
matchingLauncher.LauncherString = launcher.LauncherString;
matchingLauncher.StagerCode = launcher.StagerCode;
_context.Launchers.Update(matchingLauncher);
@@ -4473,6 +4478,7 @@ public async Task GeneratePowerShellLauncher()
JitterPercent = launcher.JitterPercent,
ConnectAttempts = launcher.ConnectAttempts,
KillDate = launcher.KillDate,
+ Guardrails = launcher.Guardrails,
DotNetVersion = launcher.DotNetVersion,
RuntimeIdentifier = launcher.RuntimeIdentifier
};
@@ -4520,6 +4526,7 @@ public async Task EditPowerShellLauncher(PowerShellLauncher
matchingLauncher.JitterPercent = launcher.JitterPercent;
matchingLauncher.ConnectAttempts = launcher.ConnectAttempts;
matchingLauncher.KillDate = launcher.KillDate;
+ matchingLauncher.Guardrails = launcher.Guardrails;
matchingLauncher.LauncherString = launcher.LauncherString;
matchingLauncher.StagerCode = launcher.StagerCode;
matchingLauncher.ParameterString = launcher.ParameterString;
@@ -4560,6 +4567,7 @@ public async Task GenerateMSBuildLauncher()
JitterPercent = launcher.JitterPercent,
ConnectAttempts = launcher.ConnectAttempts,
KillDate = launcher.KillDate,
+ Guardrails = launcher.Guardrails,
DotNetVersion = launcher.DotNetVersion,
RuntimeIdentifier = launcher.RuntimeIdentifier
};
@@ -4607,6 +4615,7 @@ public async Task EditMSBuildLauncher(MSBuildLauncher launcher)
matchingLauncher.JitterPercent = launcher.JitterPercent;
matchingLauncher.ConnectAttempts = launcher.ConnectAttempts;
matchingLauncher.KillDate = launcher.KillDate;
+ matchingLauncher.Guardrails = launcher.Guardrails;
matchingLauncher.LauncherString = launcher.LauncherString;
matchingLauncher.StagerCode = launcher.StagerCode;
matchingLauncher.DiskCode = launcher.DiskCode;
@@ -4647,6 +4656,7 @@ public async Task GenerateInstallUtilLauncher()
JitterPercent = launcher.JitterPercent,
ConnectAttempts = launcher.ConnectAttempts,
KillDate = launcher.KillDate,
+ Guardrails = launcher.Guardrails,
DotNetVersion = launcher.DotNetVersion,
RuntimeIdentifier = launcher.RuntimeIdentifier
};
@@ -4694,6 +4704,7 @@ public async Task EditInstallUtilLauncher(InstallUtilLaunch
matchingLauncher.JitterPercent = launcher.JitterPercent;
matchingLauncher.ConnectAttempts = launcher.ConnectAttempts;
matchingLauncher.KillDate = launcher.KillDate;
+ matchingLauncher.Guardrails = launcher.Guardrails;
matchingLauncher.LauncherString = launcher.LauncherString;
matchingLauncher.DiskCode = launcher.DiskCode;
matchingLauncher.StagerCode = launcher.StagerCode;
@@ -4732,6 +4743,7 @@ public async Task GenerateWmicLauncher()
JitterPercent = launcher.JitterPercent,
ConnectAttempts = launcher.ConnectAttempts,
KillDate = launcher.KillDate,
+ Guardrails = launcher.Guardrails,
DotNetVersion = launcher.DotNetVersion,
RuntimeIdentifier = launcher.RuntimeIdentifier
};
@@ -4779,6 +4791,7 @@ public async Task EditWmicLauncher(WmicLauncher launcher)
matchingLauncher.JitterPercent = launcher.JitterPercent;
matchingLauncher.ConnectAttempts = launcher.ConnectAttempts;
matchingLauncher.KillDate = launcher.KillDate;
+ matchingLauncher.Guardrails = launcher.Guardrails;
matchingLauncher.ScriptLanguage = launcher.ScriptLanguage;
matchingLauncher.LauncherString = launcher.LauncherString;
matchingLauncher.StagerCode = launcher.StagerCode;
@@ -4820,6 +4833,7 @@ public async Task GenerateRegsvr32Launcher()
JitterPercent = launcher.JitterPercent,
ConnectAttempts = launcher.ConnectAttempts,
KillDate = launcher.KillDate,
+ Guardrails = launcher.Guardrails,
DotNetVersion = launcher.DotNetVersion,
RuntimeIdentifier = launcher.RuntimeIdentifier
};
@@ -4867,6 +4881,7 @@ public async Task EditRegsvr32Launcher(Regsvr32Launcher launch
matchingLauncher.JitterPercent = launcher.JitterPercent;
matchingLauncher.ConnectAttempts = launcher.ConnectAttempts;
matchingLauncher.KillDate = launcher.KillDate;
+ matchingLauncher.Guardrails = launcher.Guardrails;
matchingLauncher.ParameterString = launcher.ParameterString;
matchingLauncher.DllName = launcher.DllName;
matchingLauncher.ScriptLanguage = launcher.ScriptLanguage;
@@ -4912,6 +4927,7 @@ public async Task GenerateMshtaLauncher()
JitterPercent = launcher.JitterPercent,
ConnectAttempts = launcher.ConnectAttempts,
KillDate = launcher.KillDate,
+ Guardrails = launcher.Guardrails,
DotNetVersion = launcher.DotNetVersion,
RuntimeIdentifier = launcher.RuntimeIdentifier
};
@@ -4959,6 +4975,7 @@ public async Task EditMshtaLauncher(MshtaLauncher launcher)
matchingLauncher.JitterPercent = launcher.JitterPercent;
matchingLauncher.ConnectAttempts = launcher.ConnectAttempts;
matchingLauncher.KillDate = launcher.KillDate;
+ matchingLauncher.Guardrails = launcher.Guardrails;
matchingLauncher.ScriptLanguage = launcher.ScriptLanguage;
matchingLauncher.LauncherString = launcher.LauncherString;
matchingLauncher.StagerCode = launcher.StagerCode;
@@ -5000,6 +5017,7 @@ public async Task GenerateCscriptLauncher()
JitterPercent = launcher.JitterPercent,
ConnectAttempts = launcher.ConnectAttempts,
KillDate = launcher.KillDate,
+ Guardrails = launcher.Guardrails,
DotNetVersion = launcher.DotNetVersion,
RuntimeIdentifier = launcher.RuntimeIdentifier
};
@@ -5047,6 +5065,7 @@ public async Task EditCscriptLauncher(CscriptLauncher launcher)
matchingLauncher.JitterPercent = launcher.JitterPercent;
matchingLauncher.ConnectAttempts = launcher.ConnectAttempts;
matchingLauncher.KillDate = launcher.KillDate;
+ matchingLauncher.Guardrails = launcher.Guardrails;
matchingLauncher.ScriptLanguage = launcher.ScriptLanguage;
matchingLauncher.LauncherString = launcher.LauncherString;
matchingLauncher.StagerCode = launcher.StagerCode;
@@ -5088,6 +5107,7 @@ public async Task GenerateWscriptLauncher()
JitterPercent = launcher.JitterPercent,
ConnectAttempts = launcher.ConnectAttempts,
KillDate = launcher.KillDate,
+ Guardrails = launcher.Guardrails,
DotNetVersion = launcher.DotNetVersion,
RuntimeIdentifier = launcher.RuntimeIdentifier
};
@@ -5135,6 +5155,7 @@ public async Task EditWscriptLauncher(WscriptLauncher launcher)
matchingLauncher.JitterPercent = launcher.JitterPercent;
matchingLauncher.ConnectAttempts = launcher.ConnectAttempts;
matchingLauncher.KillDate = launcher.KillDate;
+ matchingLauncher.Guardrails = launcher.Guardrails;
matchingLauncher.ScriptLanguage = launcher.ScriptLanguage;
matchingLauncher.LauncherString = launcher.LauncherString;
matchingLauncher.StagerCode = launcher.StagerCode;
diff --git a/Covenant/Data/Grunt/GruntHTTP/GruntHTTPStager.cs b/Covenant/Data/Grunt/GruntHTTP/GruntHTTPStager.cs
index 63a8d10f..e0e7c760 100644
--- a/Covenant/Data/Grunt/GruntHTTP/GruntHTTPStager.cs
+++ b/Covenant/Data/Grunt/GruntHTTP/GruntHTTPStager.cs
@@ -14,11 +14,15 @@ public class GruntStager
{
public GruntStager()
{
- ExecuteStager();
+ string Guardrails = @"{{REPLACE_GUARDRAILS}}";
+
+ if (EnvCheck(Guardrails)){
+ ExecuteStager();
+ }
}
[STAThread]
public static void Main(string[] args)
- {
+ {
new GruntStager();
}
public static void Execute()
@@ -207,7 +211,25 @@ public void ExecuteStager()
}
catch (Exception e) { Console.Error.WriteLine(e.Message + Environment.NewLine + e.StackTrace); }
}
-
+
+ public bool EnvCheck(string envString)
+ {
+ if (String.IsNullOrEmpty(envString))
+ {
+ return true;
+ }
+ List envSplitted = envString.Split(';').ToList();
+ foreach (string s in envSplitted)
+ {
+ if (!System.Environment.GetEnvironmentVariable(s.Split('=')[0]).Equals(s.Split('=')[1], StringComparison.InvariantCultureIgnoreCase))
+ {
+ return false;
+ }
+ }
+ return true;
+ }
+
+
public class CookieWebClient : WebClient
{
public CookieContainer CookieContainer { get; private set; }
@@ -250,4 +272,4 @@ public static List Parse(string data, string format)
// {{REPLACE_PROFILE_MESSAGE_TRANSFORM}}
}
-}
\ No newline at end of file
+}
diff --git a/Covenant/Models/Grunts/Grunt.cs b/Covenant/Models/Grunts/Grunt.cs
index fa62e86e..bda372b8 100644
--- a/Covenant/Models/Grunts/Grunt.cs
+++ b/Covenant/Models/Grunts/Grunt.cs
@@ -75,6 +75,7 @@ public class Grunt
public int ConnectAttempts { get; set; } = 5000;
[Required]
public DateTime KillDate { get; set; } = DateTime.MaxValue;
+ public string Guardrails { get; set; } = "";
// Attributes of the remote Grunt
[Required]
diff --git a/Covenant/Models/Launchers/Launcher.cs b/Covenant/Models/Launchers/Launcher.cs
index bd6a2e8b..b0ecaedb 100644
--- a/Covenant/Models/Launchers/Launcher.cs
+++ b/Covenant/Models/Launchers/Launcher.cs
@@ -57,6 +57,7 @@ public class Launcher
public int JitterPercent { get; set; } = 10;
public int ConnectAttempts { get; set; } = 5000;
public DateTime KillDate { get; set; } = DateTime.Now.AddDays(30);
+ public string Guardrails { get; set; } = "";
public string LauncherString { get; set; } = "";
public string StagerCode { get; set; } = "";