v3.1.0

CHANGELOG.MD

@@ -4,6 +4,55 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [3.1.0] 
+
+### Changed
+
+- Added new build step option for skipped steps (useful if you have conditional builds)
+- Added new "Split Tasking view" as a callback dropdown option for viewing tasking
+- Updated Graphing library (react-flow)
+- Updated UI to React18
+- Can now sort by last checkin time on active callbacks page
+- New "PushC2" style available for egress C2 Profiles
+  - Updated with Websocket C2 profile
+  - Uses gRPC connections between C2 Docker container and Mythic
+- New `TypedArray` parameter type available for commands, build parameters, and c2 profile parameters
+  - Useful for generic BoF/COFF style tasking where you need data and a type associated with it
+  - Data passed down as an array of tuples: `[ [type, value], [type, value] ]`
+  - PayloadType Commands need to supply a TypedArray Parsing Function to handle freeform input for typed array values
+    - ex: `my_bof -bof_args int:5 char*:testing wstring:"this is my string"` into proper array of arrays
+- New "Host File Through C2" option available for all payloads and files via globe icon
+  - Up to the C2 profile to support the RPC call from Mythic and make the file available though
+  - Updated with `http` and `websocket` C2 profiles
+- Shift+Tab will cycle backwards through options on the tasking CLI
+- Event feed format changed and is now also searchable
+- "alerts" keyword in responses from agents now allow setting a source, level (info, warning, debug)
+  - New `send_webhook` boolean field to indicate sending a custom webhook notification (even if the level isn't warning)
+  - New `webhook_alert` dictionary field for custom data to your webhook that's _not_ displayed to the user in the event log
+  - `alert` string field is what's displayed to the user in the event log
+- Mythic-cli updated to allow options for setting the main UI to listen on IPv4, IPv6, or both
+- Agents can now more easily support multiple C2 profiles and have it reflected in the UI
+  - Still only one instance of each c2 profile, but that will change in future releases
+- Updated callback's "update_info" and "checkin" actions so that callbacks can update their own metadata
+- New "Interactive" tasking type available to allow follow-on input in a PTY format
+  - Browser view has limitations compared to a full PTY/TTY since it's still in your browser (supports ASNI colors)
+    - Non-ANSI color sequence control sequences are ignored in the browser
+  - Use the new supported_ui_feature `SupportedUIFeatures:       []string{"task_response:interactive"},` to enable this for your task in the UI
+  - With MythicRPC you can open an "interactive" port with your task which you can connect to with a terminal for full PTY support
+    - *NOTE* _ALL_ output is still captured and stored in Mythic and viewable in the UI for the task, so be careful about long-running jobs that dump out a lot of data
+    - Inputs from the Web UI will appear as "tasks" that you can search. Inputs via the opened port will _not_ appear as tasks.
+- Your issued tasks will auto-expand, so it should reduce a click for tasks that finish immediately (help, clear, script_only)
+- File Search page updated to have `Bin` and `Strings` views available without needing to expand the dropdown
+- Updated `github.com/MythicMeta/MythicContainer` golang package and `mythic_container` PyPi packages
+- New database migrations so that you don't have to blow away the database between updates
+- Updated user login notification to be debug level (no UI popup)
+- Allow dynamic port binding with MythicRPCProxyStart
+  - specify a LocalPort of 0 for Socks/Interactive ports and the next lowest available port will be used and returned
+- Allow dynamic port closing with MythicRPCProxyStop
+  - specify a LocalPort of 0 for Socks/Interactive ports and Mythic will look up the port based on taskID and port type
+- Updated ProxyPorts to track "deleted" status so that they're never actually deleted and can be restarted if needed
+  - Allows for a better tracking of which callbacks had/have which ports open
+
 ## [3.0.1-rc46] - 2023-08-22
 
 ### Changed

LICENSE

@@ -29,7 +29,7 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
-## Licenses for other projects used:
+# Licenses for other projects used:
 
 ## arrgv - https://github.com/astur/arrgv
 MIT License
@@ -55,6 +55,7 @@ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
 
 ## https://pkg.go.dev/golang.org/x/mod/semver?tab=licenses
+
 Copyright (c) 2009 The Go Authors. All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -81,4 +82,76 @@ LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
-OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+## https://github.com/IonicaBizau/anser/blob/master/LICENSE
+
+The MIT License (MIT)
+
+Copyright (c) 2012-22 Ionică Bizău <[email protected]> (https://ionicabizau.net)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+## https://github.com/rubenv/sql-migrate/blob/v1.5.2/LICENSE
+
+MIT License
+
+Copyright (C) 2014-2021 by Ruben Vermeersch <[email protected]>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
+
+## https://github.com/rubenv/sql-migrate/blob/master/LICENSE
+
+MIT License
+
+Copyright (C) 2014-2021 by Ruben Vermeersch <[email protected]>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

MythicReactUI/CHANGELOG.MD

@@ -4,6 +4,21 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.1.16] - 2023-10-02
+
+### Changed
+
+- Updated to React18
+- Updated graphing library to react-flow
+- Updated to incorporate TypedArray fields
+- Updated File search table
+- Updated graphs to support multiple egress channels
+- Updated event feed view and made event feed searchable
+- Updated to support shift+tab doing a backwards cycle for commands and parameters
+- Added new task_response:interactive view for interactive tasking
+- Updated to support filtering on last checkin
+- Added split-tasking view as a callback dropdown option
+
 ## [0.1.15-rc38] - 2023-07-20
 
 ### Changed

MythicReactUI/Dockerfile

@@ -1,12 +1,13 @@
-FROM node:19-alpine
+FROM node:20-alpine
 
 WORKDIR /app
 
 COPY . .
 
 # ==== BUILD =====
 # Install dependencies (npm ci makes sure the exact versions in the lockfile gets installed)
-RUN npm ci
+RUN npm install --legacy-peer-deps
+#RUN npm ci
 
 # ==== RUN =====
 CMD npm run react-start