bunny-lab/Borealis-Github-Replica
1
0
Fork 0
mirror of https://github.com/bunny-lab-io/Borealis.git synced 2025-09-11 04:38:42 -06:00
Code Issues Packages Projects Releases Wiki Activity

Successfully Incorporated CurrentUser and BUILTIN\SYSTEM Remote Script Execution

Browse Source
This commit is contained in:
Nicole Rappe
2025-09-04 05:41:00 -06:00
parent b9fe9b0965
commit f905a50501
4 changed files with 43 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
Borealis.ps1
View File

@@ -340,20 +340,29 @@ function Ensure-AgentTasks {
if (-not (Test-Path $regScript)) { Write-Host "Register helper script not found: $regScript" -ForegroundColor Red; return } if (-not (Test-Path $regScript)) { Write-Host "Register helper script not found: $regScript" -ForegroundColor Red; return }
if (-not (Test-Path $wdSource)) { Write-Host "Watchdog script not found: $wdSource" -ForegroundColor Red; return } if (-not (Test-Path $wdSource)) { Write-Host "Watchdog script not found: $wdSource" -ForegroundColor Red; return }
$psi = New-Object System.Diagnostics.ProcessStartInfo # Launch registrar elevated using -EncodedCommand to avoid quoting/binding issues
$psi.FileName = 'powershell.exe' $qSupName = $supName -replace "'","''"
$psi.Verb = 'runas' $qPy = $py -replace "'","''"
$psi.UseShellExecute = $true $qSupScript= $supScript-replace "'","''"
$psi.ArgumentList = @( $qWdName = $wdName -replace "'","''"
'-NoProfile','-ExecutionPolicy','Bypass', $qWdSource = $wdSource -replace "'","''"
'-File', $regScript, $qRegScript= $regScript-replace "'","''"
'-SupName', $supName, $inline = @"
'-PythonExe', $py, `$p = @{
'-SupScript', $supScript, SupName = '$qSupName'
'-WdName', $wdName, PythonExe = '$qPy'
'-WdSource', $wdSource SupScript = '$qSupScript'
) WdName = '$qWdName'
try { $proc = [System.Diagnostics.Process]::Start($psi); $proc.WaitForExit() } catch { WdSource = '$qWdSource'
}
& '$qRegScript' @p
"@
$bytes = [System.Text.Encoding]::Unicode.GetBytes($inline)
$encoded = [Convert]::ToBase64String($bytes)
$argList = @('-NoProfile','-ExecutionPolicy','Bypass','-EncodedCommand', $encoded)
try {
Start-Process -FilePath 'powershell.exe' -ArgumentList ($argList -join ' ') -Verb RunAs -Wait | Out-Null
} catch {
Write-Host "Failed to elevate for task registration." -ForegroundColor Red Write-Host "Failed to elevate for task registration." -ForegroundColor Red
} }
} }

3
Data/Agent/Scripts/register_agent_tasks.ps1
View File

@@ -1,4 +1,4 @@
1param( param(
[Parameter(Mandatory=$true)] [string]$SupName, [Parameter(Mandatory=$true)] [string]$SupName,
[Parameter(Mandatory=$true)] [string]$PythonExe, [Parameter(Mandatory=$true)] [string]$PythonExe,
[Parameter(Mandatory=$true)] [string]$SupScript, [Parameter(Mandatory=$true)] [string]$SupScript,
@@ -40,4 +40,3 @@ try {
Write-Error $_ Write-Error $_
exit 1 exit 1
} }

9
Data/Agent/agent_deployment.py
View File

@@ -108,14 +108,14 @@ def ensure_user_logon_task(paths):
pyw = paths.get("venv_pythonw") or paths["venv_python"] pyw = paths.get("venv_pythonw") or paths["venv_python"]
cmd = f'"{pyw}" -W ignore::SyntaxWarning "{paths["agent_script"]}"' cmd = f'"{pyw}" -W ignore::SyntaxWarning "{paths["agent_script"]}"'
# Try create non-elevated # Try create non-elevated
q = run(["schtasks.exe", "/Query", "/TN", task_name]) q = run(["schtasks.exe", "/Query", "/TN", task_name], capture=True)
if q.returncode == 0: if q.returncode == 0:
d = run(["schtasks.exe", "/Delete", "/TN", task_name, "/F"]) d = run(["schtasks.exe", "/Delete", "/TN", task_name, "/F"], capture=True)
if d.returncode != 0: if d.returncode != 0:
pass pass
c = run(["schtasks.exe", "/Create", "/SC", "ONLOGON", "/TN", task_name, "/TR", cmd, "/F", "/RL", "LIMITED"]) c = run(["schtasks.exe", "/Create", "/SC", "ONLOGON", "/TN", task_name, "/TR", cmd, "/F", "/RL", "LIMITED"], capture=True)
if c.returncode == 0: if c.returncode == 0:
run(["schtasks.exe", "/Run", "/TN", task_name]) run(["schtasks.exe", "/Run", "/TN", task_name], capture=True)
return True return True
# Elevated fallback using ScheduledTasks cmdlets for better reliability # Elevated fallback using ScheduledTasks cmdlets for better reliability
ps = f""" ps = f"""
@@ -160,4 +160,3 @@ def main(argv):
if __name__ == "__main__": if __name__ == "__main__":
sys.exit(main(sys.argv)) sys.exit(main(sys.argv))

14
Data/Server/server.py
View File

@@ -1278,10 +1278,22 @@ def on_agent_heartbeat(data):
hostname = data.get("hostname") hostname = data.get("hostname")
if hostname: if hostname:
# Avoid duplicate entries per-hostname. Prefer non-script agents over script helpers.
try:
is_current_script = isinstance(agent_id, str) and agent_id.lower().endswith('-script')
except Exception:
is_current_script = False
for aid, info in list(registered_agents.items()): for aid, info in list(registered_agents.items()):
if aid != agent_id and info.get("hostname") == hostname: if aid == agent_id:
continue
if info.get("hostname") == hostname:
if info.get('is_script_agent') and not is_current_script:
# Replace script helper with full agent record
registered_agents.pop(aid, None) registered_agents.pop(aid, None)
agent_configurations.pop(aid, None) agent_configurations.pop(aid, None)
else:
# Keep existing non-script agent; do not evict it for script heartbeats
pass
rec = registered_agents.setdefault(agent_id, {}) rec = registered_agents.setdefault(agent_id, {})
rec["agent_id"] = agent_id rec["agent_id"] = agent_id