pkhazov/Sigma-C2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
113 Commits 1 Branch 0 Tags
main
Commit Graph

74 Commits

Author SHA1 Message Date
Pavlo Khazov
0df36d871e Read changelog 2025-08-18 16:03:04 +02:00
Pavlo Khazov
55f43f1f93 Added a check if port is already in use during listener creation. 2025-08-17 11:40:56 +02:00
Pavlo Khazov
7bc6f9e622 Agent parameters during generation are now based on yaml config file. Only things left are modules, working on it now. 2025-08-16 19:39:16 +02:00
Pavlo Khazov
460903bd18 Move some settings out of domain structure to overall optimize configuration 2025-08-16 15:40:40 +02:00
Pavlo Khazov
5710355832 Fully implemented domain configuration on server and client. Client now rotates connection to domains one by one and sets headers and cookies based on domain configuration. 2025-08-16 14:33:03 +02:00
Pavlo Khazov
9dd678f62c Implementing dynamic https configuration load from config file and removing old transport abstraction. 2025-08-16 13:05:58 +02:00
Pavlo Khazov
e968936f04 Downlaod message string is now also encrypted. Unfortunetely, I understand that I will need to refactor all of these, because 4 different functions for sending/receiving messages and data is bad architectural design by default, add overhead and makes it hard to maintain. 2025-08-15 21:13:56 +02:00
Pavlo Khazov
5db505b90d Implemented encryption for file upload command. Fixed few bugs with cookies not being correctly decoded because of wrong buffer creation ( wchar_t cookieValue[valueLength + 1]; ) and fixed few error codes. 2025-08-15 20:07:11 +02:00
Pavlo Khazov
759e1a107f I ditched SSL transport as managing two protocols at the same time is tiring. I decided to stich with HTTPS as it is enough for 99% cases and is more stealthy. Messages are now encrypted and sent in base64, on server side - decoded and decrypted. 2025-08-15 17:21:27 +02:00
Pavlo Khazov
65b787cb8a Cleaned up https upload logic 2025-08-15 09:24:27 +02:00
Pavlo Khazov
f6f130f6e7 Implemented file uploads in HTTPS communication channel 2025-08-14 21:16:01 +02:00
Pavlo Khazov
2d83259d58 Implemented strings encryption, message length header, remove beacon code, remove some useless flags and code 2025-08-14 17:25:46 +02:00
Pavlo Khazov
b0b2f226e8 Implmeneted task result reporting based on error codes 2025-08-14 10:53:57 +02:00
Pavlo Khazov
f0538cd3a8 I decided to stick with strings communication for now, as implementing TLV is a bit hard for me now and I do not want to do JSON either (mainly because of a need to use external linrary). But I implemented encryption for strings communication. 2025-08-13 20:19:44 +02:00
Pavlo Khazov
2c169e9eea Cleaning 2025-08-13 17:05:13 +02:00
Pavlo Khazov
ee2af29ef3 Introduced error codes and command codes - first step to move from string communication. Cleaned code a little bit, disabled "files" command as it seems to be useless now. Renamed few functions to better display it's purpose. 2025-08-13 13:12:47 +02:00
Pavlo Khazov
d5816dfdb4 Moved agent source files into src folder. Added output catch via pipe to inject-self command. Fixed "BOOL failed;" being initialized without value, which cause cleanup section to trigger and terminate spawned process. Added startup info to force a hidden windows on spawned processes. 2025-08-12 14:50:10 +02:00
Pavlo Khazov
e8f13167b8 Added named pipes to capture output from injected capabilities. Returned inject command for self injection. Split some commands into separate files. Fixed error logging. Cleaned code a little bit. 2025-08-11 19:36:45 +02:00
Pavlo Khazov
6beb460ea8 Finaly fixed the problem with "spawn" command. Previously it was spawning processes and injecting code into it, but it looked like nothing happened, and only 1 out of 10 times there was a sign of successfully injection (calc popping up or agent checking in). It was because function was going to cleanup label even on success. Now it is fixed. 2025-08-09 19:32:53 +02:00
Pavlo Khazov
6f67c9ba01 Func recv_alloc() was replaced with newly introduced func read_body() which extracts body from HTTP response, and http_recv() func now only gets message from cookie. This brings better readibility and ads robustness. 2025-08-08 16:25:28 +02:00
Pavlo Khazov
7050c6f2ca Cleaned up code a little bit. Stager prototype and listener aded. All configuration moved to config.h 2025-08-07 21:11:53 +02:00
Pavlo Khazov
d160b44190 HTTPS communication channel was implemented for agent. Uploading files to server is not yet supported, but will be in nearest future. 
Agent and server files have been restrucutred for convenience. Agent source files have also been split for convenience and readability.
Operator's terminal was enchanced to better display output. Also, some comands were renamed to be more intuitive and some errors have been fixed, which led to terminal's panic. Command parses has also been enchanced to not mismatch commands and handle them strictly. Command 'tasks' now work in both general and agent contexts.
Filepath handling was fixed in 'download', 'upload' and 'spawn' commands. Now filepaths with spaces are handled correctly.
WolfSSL was ditched, as it is not really necessary anymore.
 2025-08-05 20:48:22 +02:00
Pavlo Khazov
1a7c30cfbd Changed operator's command parsing logic to not panic in certain cases. Changed how "show task" command works and replaced with "tasks", which works both in general and agent contexts 2025-08-05 15:03:12 +02:00
Pavlo Khazov
91ecbc8b4a Enchanced operator prompt to better display output and history 2025-08-03 18:57:10 +02:00
Pavlo Khazov
e8de1b8e9b Fixed file path handling in download/upload commands. Removed debugLog() and infoLog(), will see if it will be comfortable for me to work like this. Made server log a bit clearer by removing unnecessary log statements. Removed WolfSSL as it's not needed anymore. Changed logging style in agent. And overall cleaned unused pieces of code in both agent and server. 2025-08-03 15:07:01 +02:00
Pavlo Khazov
b4ce0d21bc Fixed files downloading bug in stream protocols communication 2025-08-02 15:04:00 +02:00
Pavlo Khazov
8b810e78d7 File downloading works for http agent now 2025-08-02 13:15:38 +02:00
Pavlo Khazov
5827982fa0 Added http communication channel to agent. Fixed minor bug with system info reporting. Thinking to get rid of beacon at all, or repurpose it. 2025-08-01 21:45:55 +02:00
Pavlo Khazov
92e1ba5723 Implemented optional logging. It only works in debug mode. In production builds - strings are striped from binary 2025-07-25 17:28:23 +02:00
Pavlo Khazov
93cfc91e88 Payload now runs windows-less. Added possibility to enable windows mode when using make. Added instructions to makefile. 2025-07-17 19:10:39 +02:00
Pavlo Khazov
cb79f61c25 Fixed agent's receive module func signature. Fixed task result message not sent to operator. And added PID to agent's info. 2025-07-13 19:40:11 +02:00
Pavlo Khazov
4dbbb47694 Beacon is now fully integrated into http transport. Enchanced structure of htpp listener on server. Fixed problems with pid and ppid in injection logic. 2025-07-13 16:35:10 +02:00
Pavlo Khazov
88e433a3d3 File structure change. TaskID fix in task result sending logic. PID is now formated and sent correctly. 2025-07-12 22:36:15 +02:00
Pavlo Khazov
a674b5135a Cosmetics 2025-07-12 20:57:54 +02:00
John Doe
925bb8fd92 Added task id logic: now agent reports task result with task id after "TASKRESULT" message part, which helps identify task and operator who issued it. 
Added size optimization flags to payload generator.
Corrected source files list in payload generator.
Corrected macros for transport selection.
 2025-05-24 14:00:58 +02:00
Pavlo Khazov
4df020a226 Beacon supports Win Schannel + minor adjustments 2025-05-03 13:25:41 +02:00
Pavlo Khazov
d0652b9aa5 Windows Schannel transport and prototype of https listener 2025-05-03 12:32:19 +02:00
Pavlo Khazov
2ad1a58c3a Minor adjustments 2025-04-27 12:19:45 +02:00
Pavlo Khazov
70896bb6c2 Run command was divided into runexe and rundll 2025-04-27 11:48:12 +02:00
Pavlo Khazov
723aa168f6 Added new beacon to repo. Fixed injection logic for new beacon. 2025-04-27 09:53:28 +02:00
Pavlo Khazov
1f01d1bdf0 Refactored sysinfo command and some bug fixed 2025-04-27 08:49:59 +02:00
Pavlo Khazov
14ad90a2b7 2025-04-26 21:11:19 +02:00
Pavlo Khazov
a60dc7b647 Preparing for unity build. Got tired of header files and includes. 2025-04-25 16:21:54 +02:00
Pavlo Khazov
f04fa16670 Dynamic encryption key generation for shellcode. 2025-04-23 21:34:35 +02:00
Pavlo Khazov
3c63ed08cc Added missing header files and new compiler flags. 2025-04-23 12:37:25 +02:00
Pavlo Khazov
a81eec18bb Removed unnecessary WSACleanUp, which prevented agent from reconnection after server went offline and back online. 
Rewrote some blocks to use sync.Map instead of mutex.
Added PID and process name retrieving for "ps" command.
Added nice output for "ps" command and it is now handled separately, like sysinfo and keylogger.
Devel mode: if message is bigger than 512 chars, console will print only 512 chars.
Laying the foundation for new task-result logic in future:
Task handler: now generates task id for every task.
Task handler: does not delete task after sending to agent, but just marks it as dispatched.
Task handler: operator conn and ID retrieval by task id.
 2025-04-22 23:54:40 +02:00
Pavlo Khazov
82033c21d5 Agent and BeaconC have new injection capabilities. 
"inject" - writes shellcode into process, which can be specified by PID.
"spawn" - launches new suspended process, writes shellcode and creates thread. PPID can be specified.
Shellcode is encrypted on server, decrypted right before writing to memory and cleared right after it. Tiny-AES is used for decryption.
Modules are now dynamically loaded from folder and not harcoded.
 2025-04-21 15:45:19 +02:00
Pavlo Khazov
64c2187688 Added "ps" command to get list of processes on target. 2025-04-18 21:35:52 +02:00
Pavlo Khazov
b4179af455 Added "ps" command. TODO: add nice formating on operator side. 
Prepare base for beacon in C, because GO executables are too big.
 2025-04-18 21:32:21 +02:00
Pavlo Khazov
ebc489af61 Server now sends encrypted shellcode and agent decrypts it in-memory before executions. 2025-04-16 14:48:10 +02:00