├── .gitignore ├── C2_Profiles ├── .keep └── discord │ ├── Dockerfile │ ├── discord │ ├── c2_code │ │ ├── config.json │ │ └── src │ │ │ ├── discord.sln │ │ │ └── discord │ │ │ ├── Clients │ │ │ ├── DiscordClient.cs │ │ │ ├── MythicClient.cs │ │ │ └── ServerConfig.cs │ │ │ ├── ContainerBuilder.cs │ │ │ ├── Models │ │ │ ├── Mythic │ │ │ │ └── MythicMessageWrapper.cs │ │ │ └── Server │ │ │ │ ├── IDiscordClient.cs │ │ │ │ ├── IMessageBroker.cs │ │ │ │ ├── IMythicClient.cs │ │ │ │ └── IServerConfig.cs │ │ │ ├── Program.cs │ │ │ ├── Protos │ │ │ └── pushC2GRPC.proto │ │ │ └── discord.csproj │ └── c2_functions │ │ └── discord.py │ ├── main.py │ └── rabbitmq_config.json ├── Example-config.png ├── Payload_Type └── .keep ├── README.md ├── agent_icons └── .keep ├── config.json ├── documentation-c2 ├── .keep └── discord │ └── _index.md ├── documentation-payload └── .keep └── documentation-wrapper └── .keep /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/main/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Mono auto generated files 17 | mono_crash.* 18 | 19 | # Build results 20 | [Dd]ebug/ 21 | [Dd]ebugPublic/ 22 | [Rr]elease/ 23 | [Rr]eleases/ 24 | x64/ 25 | x86/ 26 | [Ww][Ii][Nn]32/ 27 | [Aa][Rr][Mm]/ 28 | [Aa][Rr][Mm]64/ 29 | bld/ 30 | [Bb]in/ 31 | [Oo]bj/ 32 | [Ll]og/ 33 | [Ll]ogs/ 34 | 35 | # Visual Studio 2015/2017 cache/options directory 36 | .vs/ 37 | # Uncomment if you have tasks that create the project's static files in wwwroot 38 | #wwwroot/ 39 | 40 | # Visual Studio 2017 auto generated files 41 | Generated\ Files/ 42 | 43 | # MSTest test Results 44 | [Tt]est[Rr]esult*/ 45 | [Bb]uild[Ll]og.* 46 | 47 | # NUnit 48 | *.VisualState.xml 49 | TestResult.xml 50 | nunit-*.xml 51 | 52 | # Build Results of an ATL Project 53 | [Dd]ebugPS/ 54 | [Rr]eleasePS/ 55 | dlldata.c 56 | 57 | # Benchmark Results 58 | BenchmarkDotNet.Artifacts/ 59 | 60 | # .NET Core 61 | project.lock.json 62 | project.fragment.lock.json 63 | artifacts/ 64 | 65 | # ASP.NET Scaffolding 66 | ScaffoldingReadMe.txt 67 | 68 | # StyleCop 69 | StyleCopReport.xml 70 | 71 | # Files built by Visual Studio 72 | *_i.c 73 | *_p.c 74 | *_h.h 75 | *.ilk 76 | *.meta 77 | *.obj 78 | *.iobj 79 | *.pch 80 | *.pdb 81 | *.ipdb 82 | *.pgc 83 | *.pgd 84 | *.rsp 85 | *.sbr 86 | *.tlb 87 | *.tli 88 | *.tlh 89 | *.tmp 90 | *.tmp_proj 91 | *_wpftmp.csproj 92 | *.log 93 | *.tlog 94 | *.vspscc 95 | *.vssscc 96 | .builds 97 | *.pidb 98 | *.svclog 99 | *.scc 100 | 101 | # Chutzpah Test files 102 | _Chutzpah* 103 | 104 | # Visual C++ cache files 105 | ipch/ 106 | *.aps 107 | *.ncb 108 | *.opendb 109 | *.opensdf 110 | *.sdf 111 | *.cachefile 112 | *.VC.db 113 | *.VC.VC.opendb 114 | 115 | # Visual Studio profiler 116 | *.psess 117 | *.vsp 118 | *.vspx 119 | *.sap 120 | 121 | # Visual Studio Trace Files 122 | *.e2e 123 | 124 | # TFS 2012 Local Workspace 125 | $tf/ 126 | 127 | # Guidance Automation Toolkit 128 | *.gpState 129 | 130 | # ReSharper is a .NET coding add-in 131 | _ReSharper*/ 132 | *.[Rr]e[Ss]harper 133 | *.DotSettings.user 134 | 135 | # TeamCity is a build add-in 136 | _TeamCity* 137 | 138 | # DotCover is a Code Coverage Tool 139 | *.dotCover 140 | 141 | # AxoCover is a Code Coverage Tool 142 | .axoCover/* 143 | !.axoCover/settings.json 144 | 145 | # Coverlet is a free, cross platform Code Coverage Tool 146 | coverage*.json 147 | coverage*.xml 148 | coverage*.info 149 | 150 | # Visual Studio code coverage results 151 | *.coverage 152 | *.coveragexml 153 | 154 | # NCrunch 155 | _NCrunch_* 156 | .*crunch*.local.xml 157 | nCrunchTemp_* 158 | 159 | # MightyMoose 160 | *.mm.* 161 | AutoTest.Net/ 162 | 163 | # Web workbench (sass) 164 | .sass-cache/ 165 | 166 | # Installshield output folder 167 | [Ee]xpress/ 168 | 169 | # DocProject is a documentation generator add-in 170 | DocProject/buildhelp/ 171 | DocProject/Help/*.HxT 172 | DocProject/Help/*.HxC 173 | DocProject/Help/*.hhc 174 | DocProject/Help/*.hhk 175 | DocProject/Help/*.hhp 176 | DocProject/Help/Html2 177 | DocProject/Help/html 178 | 179 | # Click-Once directory 180 | publish/ 181 | 182 | # Publish Web Output 183 | *.[Pp]ublish.xml 184 | *.azurePubxml 185 | # Note: Comment the next line if you want to checkin your web deploy settings, 186 | # but database connection strings (with potential passwords) will be unencrypted 187 | *.pubxml 188 | *.publishproj 189 | 190 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 191 | # checkin your Azure Web App publish settings, but sensitive information contained 192 | # in these scripts will be unencrypted 193 | PublishScripts/ 194 | 195 | # NuGet Packages 196 | *.nupkg 197 | # NuGet Symbol Packages 198 | *.snupkg 199 | # The packages folder can be ignored because of Package Restore 200 | **/[Pp]ackages/* 201 | # except build/, which is used as an MSBuild target. 202 | !**/[Pp]ackages/build/ 203 | # Uncomment if necessary however generally it will be regenerated when needed 204 | #!**/[Pp]ackages/repositories.config 205 | # NuGet v3's project.json files produces more ignorable files 206 | *.nuget.props 207 | *.nuget.targets 208 | 209 | # Microsoft Azure Build Output 210 | csx/ 211 | *.build.csdef 212 | 213 | # Microsoft Azure Emulator 214 | ecf/ 215 | rcf/ 216 | 217 | # Windows Store app package directories and files 218 | AppPackages/ 219 | BundleArtifacts/ 220 | Package.StoreAssociation.xml 221 | _pkginfo.txt 222 | *.appx 223 | *.appxbundle 224 | *.appxupload 225 | 226 | # Visual Studio cache files 227 | # files ending in .cache can be ignored 228 | *.[Cc]ache 229 | # but keep track of directories ending in .cache 230 | !?*.[Cc]ache/ 231 | 232 | # Others 233 | ClientBin/ 234 | ~$* 235 | *~ 236 | *.dbmdl 237 | *.dbproj.schemaview 238 | *.jfm 239 | *.pfx 240 | *.publishsettings 241 | orleans.codegen.cs 242 | 243 | # Including strong name files can present a security risk 244 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 245 | #*.snk 246 | 247 | # Since there are multiple workflows, uncomment next line to ignore bower_components 248 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 249 | #bower_components/ 250 | 251 | # RIA/Silverlight projects 252 | Generated_Code/ 253 | 254 | # Backup & report files from converting an old project file 255 | # to a newer Visual Studio version. Backup files are not needed, 256 | # because we have git ;-) 257 | _UpgradeReport_Files/ 258 | Backup*/ 259 | UpgradeLog*.XML 260 | UpgradeLog*.htm 261 | ServiceFabricBackup/ 262 | *.rptproj.bak 263 | 264 | # SQL Server files 265 | *.mdf 266 | *.ldf 267 | *.ndf 268 | 269 | # Business Intelligence projects 270 | *.rdl.data 271 | *.bim.layout 272 | *.bim_*.settings 273 | *.rptproj.rsuser 274 | *- [Bb]ackup.rdl 275 | *- [Bb]ackup ([0-9]).rdl 276 | *- [Bb]ackup ([0-9][0-9]).rdl 277 | 278 | # Microsoft Fakes 279 | FakesAssemblies/ 280 | 281 | # GhostDoc plugin setting file 282 | *.GhostDoc.xml 283 | 284 | # Node.js Tools for Visual Studio 285 | .ntvs_analysis.dat 286 | node_modules/ 287 | 288 | # Visual Studio 6 build log 289 | *.plg 290 | 291 | # Visual Studio 6 workspace options file 292 | *.opt 293 | 294 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 295 | *.vbw 296 | 297 | # Visual Studio 6 auto-generated project file (contains which files were open etc.) 298 | *.vbp 299 | 300 | # Visual Studio 6 workspace and project file (working project files containing files to include in project) 301 | *.dsw 302 | *.dsp 303 | 304 | # Visual Studio 6 technical files 305 | *.ncb 306 | *.aps 307 | 308 | # Visual Studio LightSwitch build output 309 | **/*.HTMLClient/GeneratedArtifacts 310 | **/*.DesktopClient/GeneratedArtifacts 311 | **/*.DesktopClient/ModelManifest.xml 312 | **/*.Server/GeneratedArtifacts 313 | **/*.Server/ModelManifest.xml 314 | _Pvt_Extensions 315 | 316 | # Paket dependency manager 317 | .paket/paket.exe 318 | paket-files/ 319 | 320 | # FAKE - F# Make 321 | .fake/ 322 | 323 | # CodeRush personal settings 324 | .cr/personal 325 | 326 | # Python Tools for Visual Studio (PTVS) 327 | __pycache__/ 328 | *.pyc 329 | 330 | # Cake - Uncomment if you are using it 331 | # tools/** 332 | # !tools/packages.config 333 | 334 | # Tabs Studio 335 | *.tss 336 | 337 | # Telerik's JustMock configuration file 338 | *.jmconfig 339 | 340 | # BizTalk build output 341 | *.btp.cs 342 | *.btm.cs 343 | *.odx.cs 344 | *.xsd.cs 345 | 346 | # OpenCover UI analysis results 347 | OpenCover/ 348 | 349 | # Azure Stream Analytics local run output 350 | ASALocalRun/ 351 | 352 | # MSBuild Binary and Structured Log 353 | *.binlog 354 | 355 | # NVidia Nsight GPU debugger configuration file 356 | *.nvuser 357 | 358 | # MFractors (Xamarin productivity tool) working folder 359 | .mfractor/ 360 | 361 | # Local History for Visual Studio 362 | .localhistory/ 363 | 364 | # Visual Studio History (VSHistory) files 365 | .vshistory/ 366 | 367 | # BeatPulse healthcheck temp database 368 | healthchecksdb 369 | 370 | # Backup folder for Package Reference Convert tool in Visual Studio 2017 371 | MigrationBackup/ 372 | 373 | # Ionide (cross platform F# VS Code tools) working folder 374 | .ionide/ 375 | 376 | # Fody - auto-generated XML schema 377 | FodyWeavers.xsd 378 | 379 | # VS Code files for those working on multiple tools 380 | .vscode/* 381 | !.vscode/settings.json 382 | !.vscode/tasks.json 383 | !.vscode/launch.json 384 | !.vscode/extensions.json 385 | *.code-workspace 386 | 387 | # Local History for Visual Studio Code 388 | .history/ 389 | 390 | # Windows Installer files from build outputs 391 | *.cab 392 | *.msi 393 | *.msix 394 | *.msm 395 | *.msp 396 | 397 | # JetBrains Rider 398 | *.sln.iml 399 | 400 | *\C2_Profiles\discord\c2_code\src\discord\bin\* 401 | *\C2_Profiles\discord\c2_code\src\.vs\* 402 | *\c2_code\src\discord\obj\* 403 | *dev_config.json -------------------------------------------------------------------------------- /C2_Profiles/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MythicC2Profiles/discord/bceb3d9b2521e1032e187317fdc7aa73658b525f/C2_Profiles/.keep -------------------------------------------------------------------------------- /C2_Profiles/discord/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM itsafeaturemythic/mythic_python_dotnet:latest 2 | 3 | WORKDIR /Mythic/ 4 | COPY [".", "."] 5 | CMD ["python3", "main.py"] 6 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "botToken": "", 3 | "channelID": "" 4 | } -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 17 4 | VisualStudioVersion = 17.2.32505.173 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "discord", "discord\discord.csproj", "{D855007F-6277-4F31-9E8B-473147B64BD2}" 7 | EndProject 8 | Global 9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 10 | Debug|Any CPU = Debug|Any CPU 11 | Release|Any CPU = Release|Any CPU 12 | EndGlobalSection 13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 14 | {D855007F-6277-4F31-9E8B-473147B64BD2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 15 | {D855007F-6277-4F31-9E8B-473147B64BD2}.Debug|Any CPU.Build.0 = Debug|Any CPU 16 | {D855007F-6277-4F31-9E8B-473147B64BD2}.Release|Any CPU.ActiveCfg = Release|Any CPU 17 | {D855007F-6277-4F31-9E8B-473147B64BD2}.Release|Any CPU.Build.0 = Release|Any CPU 18 | EndGlobalSection 19 | GlobalSection(SolutionProperties) = preSolution 20 | HideSolutionNode = FALSE 21 | EndGlobalSection 22 | GlobalSection(ExtensibilityGlobals) = postSolution 23 | SolutionGuid = {376A86AE-E394-472D-929A-4478FA792827} 24 | EndGlobalSection 25 | EndGlobal 26 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/Clients/DiscordClient.cs: -------------------------------------------------------------------------------- 1 | using discord.Models.Server; 2 | using Discord; 3 | using Discord.Models.Mythic; 4 | using Discord.WebSocket; 5 | using Newtonsoft.Json; 6 | using System.Threading.Channels; 7 | using IDiscordClient = discord.Models.Server.IDiscordClient; 8 | 9 | namespace discord.Clients 10 | { 11 | public class DiscordClient : IDiscordClient 12 | { 13 | private readonly DiscordSocketClient _discordClient; 14 | private readonly HttpClient _httpClient; 15 | private readonly IMythicClient _mythicClient; 16 | private AutoResetEvent _ready = new AutoResetEvent(false); 17 | private ITextChannel _channel; 18 | private readonly string _uuid; 19 | private readonly IServerConfig _config; 20 | public DiscordClient(IMythicClient mythicClient, IServerConfig config) 21 | { 22 | var discordConfig = new DiscordSocketConfig() 23 | { 24 | GatewayIntents = GatewayIntents.AllUnprivileged | GatewayIntents.MessageContent 25 | }; 26 | _uuid = Guid.NewGuid().ToString(); 27 | _config = config; 28 | _discordClient = new DiscordSocketClient(discordConfig); 29 | _discordClient.MessageReceived += MessageReceivedAsync; 30 | _discordClient.Ready += _client_Ready; 31 | _discordClient.StartAsync(); 32 | _httpClient = new HttpClient(); 33 | _mythicClient = mythicClient; 34 | _mythicClient.ReceiveFromMythicAsync(); 35 | _mythicClient.OnMessageReceived += _mythicClient_OnMessageReceived; 36 | 37 | } 38 | private async Task _client_Ready() 39 | { 40 | _channel = (ITextChannel)_discordClient.GetChannel(ulong.Parse(_config.ChannelID)); 41 | 42 | if (_channel is null) 43 | { 44 | Console.WriteLine("[WriteToChannel] Unable to get channel: Channel is null"); 45 | Environment.Exit(0); 46 | } 47 | await this.CatchUp(); 48 | _ready.Set(); 49 | } 50 | 51 | private void _mythicClient_OnMessageReceived(object? sender, PushC2Services.PushC2MessageFromMythic e) 52 | { 53 | this.WriteToChannel(e.Message.ToStringUtf8(), e.TrackingID); 54 | } 55 | 56 | private async Task CatchUp() 57 | { 58 | try 59 | { 60 | var messages = await _channel.GetMessagesAsync().FlattenAsync(); 61 | foreach (var message in messages) 62 | { 63 | await this.MessageReceivedAsync(message); 64 | } 65 | } 66 | catch (Exception e) 67 | { 68 | Console.WriteLine($"[CatchUp] {e.ToString()}"); 69 | } 70 | } 71 | 72 | public async Task Start() 73 | { 74 | await _discordClient.LoginAsync(TokenType.Bot, _config.BotToken); 75 | 76 | if (_discordClient.LoginState != LoginState.LoggedIn) 77 | { 78 | Console.WriteLine("[Start] Failed to login to discord"); 79 | } 80 | 81 | _ready.WaitOne(); 82 | await Task.Delay(Timeout.Infinite); 83 | } 84 | 85 | private async Task MessageReceivedAsync(IMessage message) 86 | { 87 | MythicMessageWrapper discordMessage = null; 88 | if (message.Attachments.Count > 0 && message.Attachments.FirstOrDefault().Filename.EndsWith("server")) 89 | { 90 | try 91 | { 92 | discordMessage = JsonConvert.DeserializeObject(await GetFileContentsAsync(message.Attachments.FirstOrDefault().Url)); 93 | } 94 | catch (Exception e) 95 | { 96 | Console.WriteLine($"[MessageReceivedAsync] {e.Message}"); 97 | } 98 | } 99 | else 100 | { 101 | try 102 | { 103 | discordMessage = JsonConvert.DeserializeObject(message.Content); 104 | } 105 | catch (Exception e) 106 | { 107 | Console.WriteLine($"[MessageReceivedAsync] {e.Message}"); 108 | } 109 | } 110 | 111 | if (discordMessage is not null && discordMessage.to_server) //It belongs to us 112 | { 113 | try 114 | { 115 | _ = message.DeleteAsync(); 116 | } 117 | catch (Exception e) 118 | { 119 | Console.WriteLine($"[MessageReceivedAsync] {e.Message}"); 120 | } 121 | 122 | await _mythicClient.SendToMythic(discordMessage.sender_id, discordMessage.message); 123 | } 124 | } 125 | public async Task WriteToChannel(string message, string id) 126 | { 127 | MythicMessageWrapper discordMessage = new MythicMessageWrapper() 128 | { 129 | to_server = false, 130 | sender_id = _uuid, 131 | message = message, 132 | client_id = id, 133 | }; 134 | 135 | if(_channel is null) 136 | { 137 | Console.WriteLine("[WriteToChannel] Unable to get channel: Channel is null"); 138 | return; 139 | } 140 | 141 | if (message.Length > 1950) 142 | { 143 | using (MemoryStream stream = new MemoryStream(System.Text.Encoding.ASCII.GetBytes(System.Text.Json.JsonSerializer.Serialize(discordMessage)))) 144 | { 145 | try { 146 | await _channel.SendFileAsync(stream, discordMessage.client_id); 147 | } 148 | catch (Exception e) 149 | { 150 | Console.WriteLine($"[WriteToChannel] {e.ToString()}"); 151 | } 152 | } 153 | } 154 | else 155 | { 156 | try 157 | { 158 | await _channel.SendMessageAsync(JsonConvert.SerializeObject(discordMessage)); 159 | } 160 | catch (Exception e) 161 | { 162 | Console.WriteLine($"[WriteToChannel] {e.ToString()}"); 163 | } 164 | } 165 | 166 | } 167 | private async Task GetFileContentsAsync(string url) 168 | { 169 | string message = String.Empty; 170 | 171 | try 172 | { 173 | using (HttpResponseMessage response = await _httpClient.GetAsync(url)) 174 | { 175 | using (HttpContent content = response.Content) 176 | { 177 | message = await content.ReadAsStringAsync(); 178 | } 179 | if (!response.IsSuccessStatusCode) 180 | { 181 | Console.WriteLine($"[GetFileContentsAsync] {response.StatusCode.ToString()}"); 182 | } 183 | } 184 | } 185 | catch (Exception e) 186 | { 187 | Console.WriteLine($"[GetFileContentsAsync] {e.ToString()}"); 188 | } 189 | return Unescape(message) ?? ""; 190 | } 191 | private string Unescape(string message) 192 | { 193 | return message.TrimStart('"').TrimEnd('"').Replace("\\\"", "\""); 194 | 195 | } 196 | } 197 | } 198 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/Clients/MythicClient.cs: -------------------------------------------------------------------------------- 1 | using System.Text; 2 | using discord.Models.Server; 3 | using Google.Protobuf; 4 | using Grpc.Core; 5 | using Grpc.Net.Client; 6 | using PushC2Services; 7 | 8 | namespace discord.Clients 9 | { 10 | public class MythicClient : IMythicClient 11 | { 12 | private readonly GrpcChannel _mythicChannel; 13 | private readonly PushC2.PushC2Client _mythicConnection; 14 | private readonly AsyncDuplexStreamingCall _mythicConnector; 15 | public event EventHandler OnMessageReceived; 16 | public MythicClient() 17 | { 18 | #if DEBUG 19 | _mythicChannel = GrpcChannel.ForAddress("http://10.30.26.108:17444"); 20 | #else 21 | _mythicChannel = GrpcChannel.ForAddress("http://127.0.0.1:17444"); 22 | #endif 23 | _mythicConnection = new PushC2.PushC2Client(_mythicChannel); 24 | try 25 | { 26 | _mythicConnector = _mythicConnection.StartPushC2StreamingOneToMany(); 27 | _mythicConnector.RequestStream.WriteAsync(new PushC2MessageFromAgent() 28 | { 29 | C2ProfileName = "discord" 30 | }).Wait(); 31 | } 32 | catch (Exception e) 33 | { 34 | Console.WriteLine($"[MythicClient] {e.ToString()}"); 35 | } 36 | } 37 | public async Task SendToMythic(string id, string data) 38 | { 39 | try 40 | { 41 | await _mythicConnector.RequestStream.WriteAsync(new PushC2MessageFromAgent 42 | { 43 | C2ProfileName = "discord", 44 | Base64Message = ByteString.CopyFrom(data, Encoding.UTF8), 45 | TrackingID = id, 46 | RemoteIP = "", 47 | }); 48 | } 49 | catch (Exception e) 50 | { 51 | Console.WriteLine($"[SendToMythic] {e.ToString()}"); 52 | } 53 | } 54 | public async Task ReceiveFromMythicAsync() 55 | { 56 | _ = Task.Run(async () => 57 | { 58 | await foreach (var message in _mythicConnector.ResponseStream.ReadAllAsync()) 59 | { 60 | if (OnMessageReceived != null) 61 | { 62 | OnMessageReceived(this, _mythicConnector.ResponseStream.Current); 63 | } 64 | } 65 | }); 66 | } 67 | } 68 | } -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/Clients/ServerConfig.cs: -------------------------------------------------------------------------------- 1 | using discord.Models.Server; 2 | using System.Text.Json; 3 | 4 | namespace discord.Clients 5 | { 6 | public class ServerConfig : IServerConfig 7 | { 8 | public ServerConfig() 9 | { 10 | #if DEBUG 11 | string configText = File.ReadAllText(@"../../../../discord/dev_config.json"); 12 | var configValues = JsonSerializer.Deserialize>(configText); 13 | this.BotToken = configValues["botToken"]; 14 | this.ChannelID = configValues["channelID"]; 15 | #else 16 | string configText = File.ReadAllText(@"config.json"); 17 | var configValues = JsonSerializer.Deserialize>(configText); 18 | this.BotToken = configValues["botToken"]; 19 | this.ChannelID = configValues["channelID"]; 20 | #endif 21 | } 22 | public string BotToken { get; set; } 23 | public string ChannelID { get; set; } 24 | public bool IsValid() 25 | { 26 | return BotToken != null && ChannelID != null && ulong.TryParse(ChannelID, out _); 27 | } 28 | } 29 | } 30 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/ContainerBuilder.cs: -------------------------------------------------------------------------------- 1 | using Autofac; 2 | using discord.Clients; 3 | using discord.Models.Server; 4 | 5 | namespace discord 6 | { 7 | public static class ContainerBuilder 8 | { 9 | public static Autofac.ContainerBuilder Build() 10 | { 11 | var containerBuilder = new Autofac.ContainerBuilder(); 12 | containerBuilder.RegisterType().As().SingleInstance(); 13 | containerBuilder.RegisterType().As().SingleInstance(); 14 | containerBuilder.RegisterType().As().SingleInstance(); 15 | return containerBuilder; 16 | } 17 | } 18 | } 19 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/Models/Mythic/MythicMessageWrapper.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | 7 | namespace Discord.Models.Mythic 8 | { 9 | public class MythicMessageWrapper 10 | { 11 | public string message { get; set; } = String.Empty; 12 | public string sender_id { get; set; } //Who sent the message 13 | public bool to_server { get; set; } 14 | public string client_id { get; set; } 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/Models/Server/IDiscordClient.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | 7 | namespace discord.Models.Server 8 | { 9 | public interface IDiscordClient 10 | { 11 | public Task WriteToChannel(string data, string id); 12 | public Task Start(); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/Models/Server/IMessageBroker.cs: -------------------------------------------------------------------------------- 1 | using Discord.Models.Mythic; 2 | using PushC2Services; 3 | using System; 4 | using System.Collections.Generic; 5 | using System.Linq; 6 | using System.Text; 7 | using System.Threading.Tasks; 8 | 9 | namespace discord.Models.Server 10 | { 11 | public interface IMessageBroker 12 | { 13 | public Task QueueMessage(MythicMessageWrapper message); 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/Models/Server/IMythicClient.cs: -------------------------------------------------------------------------------- 1 | using PushC2Services; 2 | using System; 3 | using System.Collections.Generic; 4 | using System.Linq; 5 | using System.Text; 6 | using System.Threading.Tasks; 7 | 8 | namespace discord.Models.Server 9 | { 10 | public interface IMythicClient 11 | { 12 | Task SendToMythic(string id, string data); 13 | Task ReceiveFromMythicAsync(); 14 | public event EventHandler OnMessageReceived; 15 | } 16 | } 17 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/Models/Server/IServerConfig.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Linq; 4 | using System.Text; 5 | using System.Threading.Tasks; 6 | 7 | namespace discord.Models.Server 8 | { 9 | public interface IServerConfig 10 | { 11 | public string BotToken { get; set; } 12 | public string ChannelID { get; set; } 13 | public bool IsValid(); 14 | } 15 | } 16 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/Program.cs: -------------------------------------------------------------------------------- 1 | using Discord; 2 | using Discord.Commands; 3 | using discord.Clients; 4 | using Autofac; 5 | using discord.Models.Server; 6 | 7 | namespace C2Send 8 | { 9 | class Program 10 | { 11 | /// 12 | /// Main loop 13 | /// 14 | public static void Main(string[] args) 15 | { 16 | //Start the handler 17 | AsyncMain(args).GetAwaiter().GetResult(); 18 | } 19 | public static async Task AsyncMain(string[] args) 20 | { 21 | var containerBuilder = discord.ContainerBuilder.Build(); 22 | var container = containerBuilder.Build(); 23 | using (var scope = container.BeginLifetimeScope()) 24 | { 25 | var discordClient = scope.Resolve(); 26 | await discordClient.Start(); 27 | } 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/Protos/pushC2GRPC.proto: -------------------------------------------------------------------------------- 1 | syntax = "proto3"; 2 | option go_package = "github.com/its-a-feature/Mythic/grpc/services"; 3 | package pushC2Services; 4 | 5 | 6 | service PushC2 { 7 | // rpc function(messageFromClient) messageToClient 8 | rpc StartPushC2Streaming (stream PushC2MessageFromAgent) returns (stream PushC2MessageFromMythic) {} 9 | rpc StartPushC2StreamingOneToMany (stream PushC2MessageFromAgent) returns (stream PushC2MessageFromMythic) {} 10 | } 11 | 12 | // agent sends along the base64 message like normal and c2 profile adds in c2 profile name 13 | // this is all normal c2 profiles pass along to mythic anyway 14 | // C2ProfileName is required 15 | // RemoteIP should be the IP of the remote connection to the c2 profile if known 16 | // Message is a base64 decoded message if you want the c2 profile to base64 decode what the agents are saying 17 | // Base64Message is what an agent would normally send. This is mutually exclusive with Message 18 | // TrackingID is some custom string that the c2 server provides so that it can correlate input with output from the stream 19 | message PushC2MessageFromAgent { 20 | string C2ProfileName = 1; 21 | string RemoteIP = 2; 22 | bytes Message = 3; 23 | string OuterUUID = 4; 24 | bytes Base64Message = 5; 25 | string TrackingID = 6; 26 | bool AgentDisconnected = 7; 27 | } 28 | 29 | // mythic sends along success/error information if any 30 | // mythic sends along the messages 31 | message PushC2MessageFromMythic { 32 | bool Success = 1; 33 | string Error = 2; 34 | bytes Message = 3; 35 | string TrackingID = 4; 36 | } -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_code/src/discord/discord.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | Exe 5 | net7.0 6 | enable 7 | enable 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | all 23 | runtime; build; native; contentfiles; analyzers; buildtransitive 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | -------------------------------------------------------------------------------- /C2_Profiles/discord/discord/c2_functions/discord.py: -------------------------------------------------------------------------------- 1 | from mythic_container.C2ProfileBase import * 2 | from pathlib import Path 3 | import os 4 | 5 | class Discord(C2Profile): 6 | name = "discord" 7 | description = "discord" 8 | author = "@tr41nwr3ck & @checkymander" 9 | is_p2p = False 10 | is_server_routed = False 11 | server_binary_path = Path(os.path.join(".", "discord", "c2_code","discord")) 12 | server_folder_path = Path(os.path.join(".", "discord", "c2_code")) 13 | parameters = [ 14 | C2ProfileParameter( 15 | name="discord_token", 16 | description="A Bot Token for sending messages", 17 | default_value="", 18 | #verifier_regex="", 19 | required=True, 20 | ), 21 | C2ProfileParameter( 22 | name="bot_channel", 23 | description="The channel ID for the messages", 24 | default_value="", 25 | required=True, 26 | ), 27 | C2ProfileParameter( 28 | name="message_checks", 29 | description="The number of times to attempt to send a message or check for a response from the server before assuming a failure", 30 | default_value="10", 31 | required=False, 32 | ), 33 | C2ProfileParameter( 34 | name="time_between_checks", 35 | description="The amount of time the agent should wait between checks in seconds", 36 | default_value="10", 37 | required=False, 38 | ), 39 | C2ProfileParameter( 40 | name="callback_interval", 41 | description="Callback Interval in seconds", 42 | default_value="60", 43 | verifier_regex="^[0-9]+$", 44 | required=False, 45 | ), 46 | C2ProfileParameter( 47 | name="callback_jitter", 48 | description="Callback Jitter in percent", 49 | default_value="10", 50 | verifier_regex="^[0-9]+$", 51 | required=False, 52 | ), 53 | C2ProfileParameter( 54 | name="encrypted_exchange_check", 55 | description="Perform Key Exchange", 56 | choices=["T", "F"], 57 | parameter_type=ParameterType.ChooseOne, 58 | required=False, 59 | ), 60 | C2ProfileParameter( 61 | name="AESPSK", 62 | description="Crypto type", 63 | default_value="aes256_hmac", 64 | parameter_type=ParameterType.ChooseOne, 65 | choices=["aes256_hmac", "none"], 66 | required=False, 67 | crypto_type=True 68 | ), 69 | C2ProfileParameter( 70 | name="user_agent", 71 | description="User Agent", 72 | default_value="Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko", 73 | required=False, 74 | ), 75 | C2ProfileParameter( 76 | name="proxy_host", 77 | description="Proxy Host", 78 | default_value="", 79 | required=False, 80 | verifier_regex="^$|^(http|https):\/\/[a-zA-Z0-9]+", 81 | ), 82 | C2ProfileParameter( 83 | name="proxy_port", 84 | description="Proxy Port", 85 | default_value="", 86 | verifier_regex="^$|^[0-9]+$", 87 | required=False, 88 | ), 89 | C2ProfileParameter( 90 | name="proxy_user", 91 | description="Proxy Username", 92 | default_value="", 93 | required=False, 94 | ), 95 | C2ProfileParameter( 96 | name="proxy_pass", 97 | description="Proxy Password", 98 | default_value="", 99 | required=False, 100 | ), 101 | C2ProfileParameter( 102 | name="killdate", 103 | description="Kill Date", 104 | parameter_type=ParameterType.Date, 105 | default_value=365, 106 | required=False, 107 | ), 108 | ] 109 | -------------------------------------------------------------------------------- /C2_Profiles/discord/main.py: -------------------------------------------------------------------------------- 1 | import mythic_container 2 | import subprocess 3 | from discord.c2_functions.discord import * 4 | 5 | p = subprocess.Popen(["dotnet", "publish", "-c", "Release", "-o", "/Mythic/discord/c2_code/"], cwd="/Mythic/discord/c2_code/src/discord") 6 | p.wait() 7 | 8 | mythic_container.mythic_service.start_and_run_forever() 9 | -------------------------------------------------------------------------------- /C2_Profiles/discord/rabbitmq_config.json: -------------------------------------------------------------------------------- 1 | {} 2 | -------------------------------------------------------------------------------- /Example-config.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MythicC2Profiles/discord/bceb3d9b2521e1032e187317fdc7aa73658b525f/Example-config.png -------------------------------------------------------------------------------- /Payload_Type/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MythicC2Profiles/discord/bceb3d9b2521e1032e187317fdc7aa73658b525f/Payload_Type/.keep -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # discord 2 | 3 | A C2 profile that uses the Discord REST API for communication. V2 added support for Push profiles to help with rate limiting issues. 4 | 5 | ## How to install an agent in this format within Mythic 6 | 7 | When it's time for you to test out your install or for another user to install your c2 profile, it's pretty simple. Within Mythic you can run: 8 | 9 | * `sudo ./mythic-cli install github https://github.com/MythicC2Profiles/discord` to install the main branch 10 | 11 | ## Configuring Proper Tokens 12 | 13 | - Navigate to https://discord.com/developers/applications 14 | - Click New Application, Enter a name for your bot and click Create. 15 | - Navigate to Bot and turn on MESSAGE CONTENT INTENT 16 | - Next hit “Reset Token” and save your Token to use in Mythic 17 | - Navigate to Settings > Oauth2 and grab your ClientID 18 | - Replace the ClientID with yours and Navigate to the URL : https://discord.com/api/oauth2/authorize?client_id=&permissions=0&scope=bot 19 | - Select Your Server from the Menu and Authorize. Your bot should now appear your Discord Server 20 | 21 | 22 | ## Getting Channel ID 23 | 24 | - In Discord go to Settings -> Advanced -> and enable "Developer Mode" 25 | - Go to your server and right click the channel you want your comms to happen in 26 | - Right Click the Text Channel you wish to use "Copy ID" and the channel ID will be copied to your clipboard 27 | 28 | ## Configuring C2 Profile in Mythic 29 | - Navigate to https://[ServerIP]:7443/new/payloadtypes 30 | - Start profile > View/Edit Config 31 | - Enter your botToken And ChannelID 32 | - Start profile 33 | 34 | ![Screenshot](Example-config.png) 35 | 36 | ## Troubleshooting 37 | - If your bot is offline run: sudo ./mythic-cli discord restart 38 | -------------------------------------------------------------------------------- /agent_icons/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MythicC2Profiles/discord/bceb3d9b2521e1032e187317fdc7aa73658b525f/agent_icons/.keep -------------------------------------------------------------------------------- /config.json: -------------------------------------------------------------------------------- 1 | { 2 | "exclude_payload_type": false, 3 | "exclude_c2_profiles": false, 4 | "exclude_documentation_payload": false, 5 | "exclude_documentation_c2": false, 6 | "exclude_agent_icons": false 7 | } -------------------------------------------------------------------------------- /documentation-c2/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MythicC2Profiles/discord/bceb3d9b2521e1032e187317fdc7aa73658b525f/documentation-c2/.keep -------------------------------------------------------------------------------- /documentation-c2/discord/_index.md: -------------------------------------------------------------------------------- 1 | +++ 2 | title = "discord" 3 | chapter = false 4 | weight = 5 5 | +++ 6 | 7 | ## Overview 8 | This C2 profile consists of a server that listens for new event messages on a specific discord channel, on receive of a new message, it deserializes the message and passes the contents on to the Mythic server via the standard REST API. It then takes the result, serializes it, and writes the result to that same channel. 9 | 10 | ### Discord C2 Workflow 11 | {{}} 12 | sequenceDiagram 13 | participant M as Mythic 14 | participant H as Discord Channel 15 | participant A as Agent 16 | A ->>+ H: Write to channel for tasking 17 | H ->>+ M: forward request to Mythic 18 | M -->>- H: reply with tasking 19 | H -->>- A: Write to channel with tasking 20 | {{< /mermaid >}} 21 | 22 | Legend: 23 | 24 | 1.) The agent writes a message to the discord channel indicating it's serverbound 25 | 26 | 2.) The server gets a notification of the message, deletes it, and forwards the message to Mythic 27 | 28 | 2a.) If the message is too large for a standard message, the message contents are instead written to a file, and the deserialized message will be an empty string 29 | 30 | 3.) The server receives the response from the Mythic server, serializes it, and writes it to the discord channel 31 | 32 | 3a.) If the message is too large for a standard message, the message contents are instead written to a file, and the deserialized message will be an empty string 33 | 34 | 4.) The agent polls for new messages in the channel, waiting for messages designated for its GUID 35 | 36 | 5.) The agent deserializes the message and performs the requested tasks 37 | 38 | ## Configuration Options 39 | The profile reads a `config.json` file for the required tokens, channel to write to, and whether to output debug messages. 40 | 41 | ```JSON 42 | { 43 | "botToken": "OTkzMTY4MDUxMDY5NTE3OD...ZfPTf03-mgU", 44 | "channelID": "9931...734622" 45 | } 46 | ``` 47 | 48 | 49 | ## Generating a token 50 | 51 | - Navigate to https://discord.com/developers/applications 52 | - Click New Application, Enter your Bot name and click create. 53 | - Next hit “Reset Token” and save your Token 54 | - Navigate to Settings > Oauth2 and grab your ClientID 55 | - Replace the ClientID with yours and navigate to the URL : https://discord.com/api/oauth2/authorize?client_id=&permissions=0&scope=bot 56 | - Select your server from the menu and Authorise. Your bot should now appear your Discord server. 57 | 58 | ### Profile Options 59 | #### Discord Channel ID 60 | The channel ID where discord messages will be written to. 61 | 62 | #### Discord Bot Token 63 | A token that will be used by the agent to read and write messages to the associate channel. 64 | 65 | #### Message Checks 66 | How many times to check for a response from the server before assuming something went wrong with the message send. 67 | 68 | #### Time Between Checks 69 | How long to wait between each message check. 70 | 71 | #### Callback Interval 72 | A number to indicate how many seconds the agent should wait in between tasking requests. 73 | 74 | #### Callback Jitter 75 | Percentage of jitter effect for callback interval. 76 | 77 | #### Crypto Type 78 | Indicate if you want to use no crypto (i.e. plaintext) or if you want to use Mythic's aes256_hmac. Using no crypto is really helpful for agent development so that it's easier to see messages and get started faster, but for actual operations you should leave the default to aes256_hmac. 79 | 80 | #### Perform Key Exchange 81 | T or F for if you want to perform a key exchange with the Mythic Server. When this is true, the agent uses the key specified by the base64 32Byte key to send an initial message to the Mythic server with a newly generated RSA public key. If this is set to `F`, then the agent tries to just use the base64 of the key as a static AES key for encryption. If that key is also blanked out, then the requests will all be in plaintext. 82 | 83 | #### User Agent 84 | The User Agent to be passed in the HTTP requests for calls to the REST API 85 | 86 | #### Proxy Host 87 | If you need to manually specify a proxy endpoint, do that here. This follows the same format as the callback host. 88 | 89 | #### Proxy Password 90 | If you need to authenticate to the proxy endpoint, specify the password here. 91 | 92 | #### Proxy Username 93 | If you need to authenticate to the proxy endpoint, specify the username here. 94 | 95 | #### Proxy Port 96 | If you need to manually specify a proxy endpoint, this is where you specify the associated port number. 97 | 98 | #### Kill Date 99 | Date for the agent to automatically exit, typically the after an assessment is finished. 100 | 101 | ## OPSEC 102 | All message contents are written in plaintext and will be available to anyone who has permissions to read messages within your discord server. To avoid accidental leakage of operational data, ensure that encryption is being used for the actual message contents. 103 | 104 | ## Development 105 | 106 | All of the code for the server is .NET 7 and located in `C2_Profiles/discord/discord/c2_code`. 107 | 108 | The server will be notified of any new messages written in the specified channel, it will deserialize the message and attempt to determine whether `to_server` is set to `true` or `false` if `true` then it forwards the message to the Mythic server and writes the response to the channel. If not, it does nothing. 109 | 110 | The message format serializes into the following JSON: 111 | 112 | ``` 113 | { 114 | "message":"base64encoded mythic message", 115 | "sender_id":"GUID", 116 | "to_server":false, 117 | "id":1, 118 | "final":true 119 | } 120 | ``` 121 | 122 | The `message` parameter contains the raw mythic message to be forwarded to the server. If the message parameter is empty, the agent/server should check for a file for the contents of the mythic message. A good rule of thumb is if the message is larger than 3850 characters, then it should be uploaded as a file. 123 | 124 | The `sender_id` is a guid generated by the agent to be included with every message. Any messages with an agents generated GUID and the to_server parameter set to `false` are intended to be processed by the agent. 125 | 126 | THe `to_server` parameter indicates the intended recipient. If set to `true` the server will process the message, if `false` the agent is meant to. 127 | 128 | The `id` parameter is not currently in use, so safe to just set it to `1` or `0` for now. 129 | 130 | The `final` parameter is not currently in use, so safe to just set it to `true` for now. 131 | -------------------------------------------------------------------------------- /documentation-payload/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MythicC2Profiles/discord/bceb3d9b2521e1032e187317fdc7aa73658b525f/documentation-payload/.keep -------------------------------------------------------------------------------- /documentation-wrapper/.keep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/MythicC2Profiles/discord/bceb3d9b2521e1032e187317fdc7aa73658b525f/documentation-wrapper/.keep --------------------------------------------------------------------------------