cobbr · khraoverflow · Apr 22, 2021 · Dec 9, 2022 · Dec 9, 2022 · Dec 9, 2022
diff --git a/.gitmodules b/.gitmodules
@@ -30,3 +30,9 @@
 	path = Covenant/Data/ReferenceSourceLibraries/SharpSC
 	url = https://github.com/djhohnstein/SharpSC
         ignore = dirty
+[submodule "Covenant/Data/ReferenceSourceLibraries/NET-scan"]
+	path = Covenant/Data/ReferenceSourceLibraries/NET-scan
+	url = https://github.com/khraoverflow/NET-scan
+[submodule "Covenant/Data/ReferenceSourceLibraries/ChromeDecryptor"]
+	path = Covenant/Data/ReferenceSourceLibraries/ChromeDecryptor
+	url = https://github.com/khraoverflow/ChromeDecryptor
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -149,6 +149,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Fixed Docker build Covenant.API project
 - Fixed low max file upload size for InputFile component
 - Fixed DateTimePicker for KillDate doesn't change via UI
+- Fixed missing DonutCore nuget package
 
 ## [v0.6] - 2020-08-04
 ### Added

diff --git a/Covenant/Components/Grunts/GruntCommandCard.razor b/Covenant/Components/Grunts/GruntCommandCard.razor
@@ -57,6 +57,23 @@
                 else if (GruntCommand.GruntTasking.Status == GruntTaskingStatus.Completed)
                 {<p class="text-white task-text-body" style="white-space:pre-wrap">Download completed: @if (download != null){<a type="button" class="btn btn-link text-white task-text-body" download href="/api/events/download/@download.Id/download">@download.FileName</a>}</p>}
             }
+             else if (GruntCommand.GruntTasking != null && GruntCommand.GruntTasking.GruntTask != null && GruntCommand.GruntTasking.GruntTask.Name == "Chrome_passwords")
+                {
+                    if (GruntCommand.GruntTasking.Status == GruntTaskingStatus.Progressed)
+                    {
+                        <p class="terminal-text-color task-text-body" style="white-space:pre-wrap">Decrypting... </p>
+                    }
+                    else if (GruntCommand.GruntTasking.Status == GruntTaskingStatus.Completed)
+                    {
+                        DecryptEvent decryptEvent = GetDecryptEvent(GruntCommand).WaitResult();
+                        <p class="text-white task-text-body" style="white-space:pre-wrap">Decrypted : @if (decryptEvent != null)
+                            {
+                                 <p class="terminal-text-color task-text-body" style="white-space:pre-wrap">@decryptEvent.DecryptedOutput</p>
+                            }
+                         </p>
+                    }
+                }
+
             else if (GruntCommand.CommandOutput != null)
             {
                 <p class="terminal-text-color task-text-body" style="white-space:pre-wrap">@GruntCommand.CommandOutput.Output</p>
@@ -168,7 +185,28 @@
                 return ev;
             }
         }
-        catch { return null; }
+       catch { return null; }
+    }
+
+    private async Task<DecryptEvent> GetDecryptEvent(GruntCommand command)
+    {
+
+        //try
+        //{
+        //    lock (_serviceLock)
+        //    {
+        //        DecryptEvent ev = Service.GetDecryptEventByGruntCommand(command.Id).WaitResult();
+        //        Service.DisposeContext();
+        //        return ev;
+        //    }
+        //}
+        //catch { return null; }
+
+        DecryptEvent dec = new DecryptEvent();
+
+        dec.EncryptedOutput = command.CommandOutput.Output;
+        dec.Decrypt();
+        return dec;
     }
 
     private ScreenshotEvent GetScreenshotEvent(GruntCommand command)

diff --git a/Covenant/Core/CovenantHubService.cs b/Covenant/Core/CovenantHubService.cs
@@ -259,6 +259,10 @@ public Task<ScreenshotEvent> CreateScreenshotEvent(ScreenshotEventContent screen
         {
             return _connection.InvokeAsync<ScreenshotEvent>("CreateScreenshotEvent", screenshotEvent);
         }
+        public Task<DecryptEvent> CreateDecryptEvent(DecryptEventContent decryptEvent)
+        {
+            return _connection.InvokeAsync<DecryptEvent>("CreateDecryptEvent", decryptEvent);
+        }
 
         public Task<CapturedTicketCredential> CreateTicketCredential(CapturedTicketCredential credential)
         {
@@ -1085,6 +1089,18 @@ public Task<IEnumerable<ScreenshotEvent>> GetScreenshotEvents()
             return _connection.InvokeAsync<IEnumerable<ScreenshotEvent>>("GetScreenshotEvents");
         }
 
+        public Task<DecryptEvent> GetDecryptEvent(int eventId)
+        {
+            return _connection.InvokeAsync<DecryptEvent>("GetDecryptEvent", eventId);
+        }
+
+
+
+        public Task<IEnumerable<DecryptEvent>> GetDecryptEvents()
+        {
+            return _connection.InvokeAsync<IEnumerable<DecryptEvent>>("GetDecryptEvents");
+        }
+
         public Task<ShellCodeLauncher> GetShellCodeLauncher()
         {
             return _connection.InvokeAsync<ShellCodeLauncher>("GetShellCodeLauncher");
@@ -1234,5 +1250,10 @@ public Task ResetCovenantToFactoryDefault(ClaimsPrincipal principal)
         {
             return _connection.InvokeAsync("ResetCovenantToFactoryDefault", principal);
         }
+
+         public Task<DecryptEvent> GetDecryptEventByGruntCommand(int id)
+        {
+            return _connection.InvokeAsync<DecryptEvent>("GetDecryptEventByGruntCommand", id);
+        }
     }
 }
diff --git a/Covenant/Core/CovenantService.cs b/Covenant/Core/CovenantService.cs
@@ -25,6 +25,7 @@
 using Covenant.Models.Grunts;
 using Covenant.Models.Indicators;
 using NLog;
+using Org.BouncyCastle.Crypto;
 
 namespace Covenant.Core
 {
@@ -87,6 +88,10 @@ public interface IEventService
         Task<ScreenshotEvent> GetScreenshotEventByGruntCommand(int id);
         Task<ScreenshotEvent> CreateScreenshotEvent(ScreenshotEventContent screenshotEvent);
         Task DeleteEvent(int id);
+        Task<IEnumerable<DecryptEvent>> GetDecryptEvents();
+        Task<DecryptEvent> GetDecryptEventByGruntCommand(int id);
+        Task<DecryptEvent> GetDecryptEvent(int eventId);
+        Task<DecryptEvent> CreateDecryptEvent(DecryptEventContent decryptEvent);
     }
 
     public interface IImplantTemplateService
@@ -1014,6 +1019,61 @@ public async Task<ScreenshotEvent> CreateScreenshotEvent(ScreenshotEventContent
             return await this.GetScreenshotEvent(screenshotEvent.Id);
         }
 
+        public async Task<IEnumerable<DecryptEvent>> GetDecryptEvents()
+        {
+
+            return await _context.Events.Where(E => E.Type == EventType.Decrypt).Select(E => (DecryptEvent)E).ToListAsync();
+        }
+
+        public async Task<DecryptEvent> GetDecryptEvent(int eventId)
+        {
+            DecryptEvent anEvent = (DecryptEvent)await _context.Events.FirstOrDefaultAsync(E => E.Id == eventId && E.Type == EventType.Decrypt);
+            if (anEvent == null)
+            {
+                throw new ControllerNotFoundException($"NotFound - DecryptEvent with id: {eventId}");
+            }
+            return anEvent;
+        }
+
+        public async Task<DecryptEvent> GetDecryptEventByGruntCommand(int id)
+        {
+            DecryptEvent anEvent = await _context.Events
+                .Where(E => E.Type == EventType.Decrypt)
+                .Select(E => (DecryptEvent)E)
+                .FirstOrDefaultAsync(E => E.GruntCommandId == id);
+            if (anEvent == null)
+            {
+                throw new ControllerNotFoundException($"NotFound - DecryptEvent with GruntCommandId: {id}");
+            }
+            return anEvent;
+        }
+
+        private async Task<DecryptEvent> CreateDecryptEvent(DecryptEvent DecryptEvent, string contents)
+        {
+            return await this.CreateDecryptEvent(new DecryptEventContent
+            {
+                Name = DecryptEvent.Name,
+                GruntCommandId = DecryptEvent.GruntCommandId,
+                Time = DecryptEvent.Time,
+                MessageHeader = DecryptEvent.MessageHeader,
+                MessageBody = DecryptEvent.MessageBody,
+                Level = DecryptEvent.Level,
+                Context = DecryptEvent.Context,
+                EncryptedOutput = contents
+            });
+        }
+
+        public async Task<DecryptEvent> CreateDecryptEvent(DecryptEventContent decryptEvent)
+        {
+            decryptEvent.Time = DateTime.UtcNow;
+
+            decryptEvent.Decrypt();
+            await _context.Events.AddAsync(decryptEvent);
+            await _context.SaveChangesAsync();
+            await _notifier.NotifyCreateEvent(this, decryptEvent);
+            return await this.GetDecryptEvent(decryptEvent.Id);
+        }
+
         public async Task DeleteEvent(int id)
         {
             Event e = await this.GetEvent(id);
@@ -3187,6 +3247,21 @@ public static string Execute()
                     Progress = DownloadEvent.DownloadProgress.Portion
                 }, new byte[] { });
             }
+            else if (tasking.GruntTask.Name.Equals("Chrome_passwords", StringComparison.CurrentCultureIgnoreCase))
+            {
+
+                DecryptEvent Decrypt = await this.CreateDecryptEvent(new DecryptEvent
+                {
+                    GruntCommandId = tasking.GruntCommandId,
+                    // Time = updatingGruntTasking.CompletionTime,
+                    MessageHeader = "Getting saved passwords",
+                    MessageBody = "Decrypted passwords: " + tasking.GruntCommand.CommandOutput.Output,
+                    EncryptedOutput = tasking.GruntCommand.CommandOutput.Output,
+                    Level = EventLevel.Info,
+                    Context = tasking.Grunt.Name,
+
+                }, "") ;
+            }
 
             tasking.Parameters = parameters;
             try

diff --git a/Covenant/Core/DbInitializer.cs b/Covenant/Core/DbInitializer.cs
@@ -18,6 +18,8 @@
 using Covenant.Models.Covenant;
 using Covenant.Models.Listeners;
 using Covenant.Models.Grunts;
+using YamlDotNet.Core;
+using Microsoft.AspNetCore.Mvc.ViewComponents;
 
 namespace Covenant.Core
 {
@@ -335,6 +337,38 @@ await service.GetReferenceAssemblyByName("System.ServiceProcess.dll", Common.Dot
                             await service.GetReferenceAssemblyByName("System.ServiceProcess.dll", Common.DotNetVersion.Net40)
                         },
                         EmbeddedResources = new List<EmbeddedResource>()
+                    },
+                    new ReferenceSourceLibrary
+                    {
+                        Name = "NET-scan", Description = "network host and port scanner ",
+                        Location = "NET-scan" + Path.DirectorySeparatorChar,
+                        CompatibleDotNetVersions = new List<Common.DotNetVersion>{Common.DotNetVersion.Net40,Common.DotNetVersion.Net35},
+                        ReferenceAssemblies = new List<ReferenceAssembly>
+                        {
+                            await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net35),
+                            await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net40),
+                            await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net35),
+                            await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net40),
+                            await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net35),
+                            await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net40)
+                        },
+                        EmbeddedResources = new List<EmbeddedResource>()
+                    },
+                    new ReferenceSourceLibrary
+                    {
+                        Name = "ChromeDecryptor", Description = "Chrome password extrating tool ",
+                        Location = "ChromeDecryptor" + Path.DirectorySeparatorChar,
+                        CompatibleDotNetVersions = new List<Common.DotNetVersion>{Common.DotNetVersion.Net40,Common.DotNetVersion.Net35},
+                        ReferenceAssemblies = new List<ReferenceAssembly>
+                        {
+                            await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net35),
+                            await service.GetReferenceAssemblyByName("mscorlib.dll", Common.DotNetVersion.Net40),
+                            await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net35),
+                            await service.GetReferenceAssemblyByName("System.dll", Common.DotNetVersion.Net40),
+                            await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net35),
+                            await service.GetReferenceAssemblyByName("System.Core.dll", Common.DotNetVersion.Net40)
+                        },
+                        EmbeddedResources = new List<EmbeddedResource>()
                     }
                 };
                 await service.CreateReferenceSourceLibraries(ReferenceSourceLibraries);

diff --git a/Covenant/Covenant.csproj b/Covenant/Covenant.csproj
@@ -29,6 +29,8 @@
   </ItemGroup>
 
   <ItemGroup>
+    <PackageReference Include="BlazorInputFile" Version="0.1.0-preview-00002" />
+    <PackageReference Include="BouncyCastle" Version="1.8.9" />
     <PackageReference Include="McMaster.Extensions.CommandLineUtils" Version="3.1.0" />
     <PackageReference Include="Microsoft.AspNetCore.Blazor" Version="3.1.0-preview2.19528.8" />
     <PackageReference Include="Microsoft.AspNetCore.Components" Version="5.0.3" />

diff --git a/Covenant/Data/ReferenceSourceLibraries/ChromeDecryptor b/Covenant/Data/ReferenceSourceLibraries/ChromeDecryptor
diff --git a/Covenant/Data/ReferenceSourceLibraries/NET-scan b/Covenant/Data/ReferenceSourceLibraries/NET-scan