pkhazov/Sigma-C2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
76 Commits 1 Branch 0 Tags
cb79f61c250be2b943b8018a6978237c75431a6f
Commit Graph

44 Commits

Author SHA1 Message Date
Pavlo Khazov
cb79f61c25 Fixed agent's receive module func signature. Fixed task result message not sent to operator. And added PID to agent's info. 2025-07-13 19:40:11 +02:00
Pavlo Khazov
4dbbb47694 Beacon is now fully integrated into http transport. Enchanced structure of htpp listener on server. Fixed problems with pid and ppid in injection logic. 2025-07-13 16:35:10 +02:00
Pavlo Khazov
88e433a3d3 File structure change. TaskID fix in task result sending logic. PID is now formated and sent correctly. 2025-07-12 22:36:15 +02:00
Pavlo Khazov
a674b5135a Cosmetics 2025-07-12 20:57:54 +02:00
John Doe
925bb8fd92 Added task id logic: now agent reports task result with task id after "TASKRESULT" message part, which helps identify task and operator who issued it. 
Added size optimization flags to payload generator.
Corrected source files list in payload generator.
Corrected macros for transport selection.
 2025-05-24 14:00:58 +02:00
Pavlo Khazov
4df020a226 Beacon supports Win Schannel + minor adjustments 2025-05-03 13:25:41 +02:00
Pavlo Khazov
d0652b9aa5 Windows Schannel transport and prototype of https listener 2025-05-03 12:32:19 +02:00
Pavlo Khazov
2ad1a58c3a Minor adjustments 2025-04-27 12:19:45 +02:00
Pavlo Khazov
70896bb6c2 Run command was divided into runexe and rundll 2025-04-27 11:48:12 +02:00
Pavlo Khazov
723aa168f6 Added new beacon to repo. Fixed injection logic for new beacon. 2025-04-27 09:53:28 +02:00
Pavlo Khazov
1f01d1bdf0 Refactored sysinfo command and some bug fixed 2025-04-27 08:49:59 +02:00
Pavlo Khazov
14ad90a2b7 2025-04-26 21:11:19 +02:00
Pavlo Khazov
a60dc7b647 Preparing for unity build. Got tired of header files and includes. 2025-04-25 16:21:54 +02:00
Pavlo Khazov
f04fa16670 Dynamic encryption key generation for shellcode. 2025-04-23 21:34:35 +02:00
Pavlo Khazov
3c63ed08cc Added missing header files and new compiler flags. 2025-04-23 12:37:25 +02:00
Pavlo Khazov
a81eec18bb Removed unnecessary WSACleanUp, which prevented agent from reconnection after server went offline and back online. 
Rewrote some blocks to use sync.Map instead of mutex.
Added PID and process name retrieving for "ps" command.
Added nice output for "ps" command and it is now handled separately, like sysinfo and keylogger.
Devel mode: if message is bigger than 512 chars, console will print only 512 chars.
Laying the foundation for new task-result logic in future:
Task handler: now generates task id for every task.
Task handler: does not delete task after sending to agent, but just marks it as dispatched.
Task handler: operator conn and ID retrieval by task id.
 2025-04-22 23:54:40 +02:00
Pavlo Khazov
82033c21d5 Agent and BeaconC have new injection capabilities. 
"inject" - writes shellcode into process, which can be specified by PID.
"spawn" - launches new suspended process, writes shellcode and creates thread. PPID can be specified.
Shellcode is encrypted on server, decrypted right before writing to memory and cleared right after it. Tiny-AES is used for decryption.
Modules are now dynamically loaded from folder and not harcoded.
 2025-04-21 15:45:19 +02:00
Pavlo Khazov
64c2187688 Added "ps" command to get list of processes on target. 2025-04-18 21:35:52 +02:00
Pavlo Khazov
b4179af455 Added "ps" command. TODO: add nice formating on operator side. 
Prepare base for beacon in C, because GO executables are too big.
 2025-04-18 21:32:21 +02:00
Pavlo Khazov
ebc489af61 Server now sends encrypted shellcode and agent decrypts it in-memory before executions. 2025-04-16 14:48:10 +02:00
Pavlo Khazov
bcca9af323 Little enchancement for proxy server and some performance testing. 2025-04-15 22:16:39 +02:00
Pavlo Khazov
41b637459b Added prototype of socks5 proxy on agent. Command "proxy start" starts listening on server:30900 and tunnels through target system, where agent runs. Current implementation support only 1 connection. Multiplexing to be added. Custom ports to be added. 
Now all print statements are showed only with --devel flag.
 2025-04-15 10:42:21 +02:00
Pavlo Khazov
7bfaa345e6 Added testing build flag and optimization build to makefile. 2025-04-09 19:57:36 +02:00
Pavlo Khazov
b7225b92f1 Local file path checking in "upload" command. 
Added navigation commands "cd", "ls", "dir", "pwd".
Now you can navigate to parent directory also via "cd ../" not only "cd .."
Adjusted README
Also, adjusting list of global and context commands for operator. Still cannot decide which one of global commands should be accessible from agent context.
 2025-04-09 18:24:45 +02:00
Pavlo Khazov
b3e9ce2b42 Implemented file uploading to target machine with command "upload" 
Added local system navigation in operator's terminal + tab completion for "upload" command
 2025-04-09 16:19:51 +02:00
Pavlo Khazov
2150ee16c8 Added cd, ls, pwd, dir commands. 2025-04-08 21:35:55 +02:00
Pavlo Khazov
72acddbad3 Okay, I give up on keylogger. Currently I cannot implement auto keystrokes reporting after keylogger shuts down. 
You need either set up low reporting interval in <agent.c> or wait until it reports and then shut it down.
Why? Because reporting somehow blocks some wolfssl stuff and agent stops heartbeating.
This behaviour is acceptable, but I would like to find elegant solution later.
 2025-04-08 17:10:32 +02:00
Pavlo Khazov
87e54675f3 Added task reporting after modules execution. 
Got rid of unnecessary static and const statements. I think nobody is going ever to read this code.
Minor adjustments for readability and logging.
 2025-04-08 14:42:11 +02:00
Pavlo Khazov
a3e0674a1f Refactored file/folder downloading logic 2025-04-08 12:32:46 +02:00
Pavlo Khazov
8044155a39 Moved all command-related stuff to separate file commands.c/h 2025-04-07 14:00:24 +02:00
Pavlo Khazov
3f60761836 Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. 
Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb
 2025-04-06 20:48:05 +02:00
Pavlo Khazov
79c707b4fe + You can now change context and directly interact with agents by typing "interact <agent id>" and sending commands directly. 
+ But uou can still issue command without switching to agent's context, just by typing <agent id> <command> <args>
+ Some minor refinements, like output beautify and cleaning
 2025-04-06 09:36:31 +02:00
Pavlo Khazov
9d87226065 Fixed shellcode in memory execution: now shellcode is not saved to disk; added some opsec for execution 2025-03-29 09:47:37 +01:00
Pavlo Khazov
062d3c2b02 Added sysinfo command for beacon 2025-03-28 19:56:19 +01:00
Pavlo Khazov
84fa2a98d4 Added possibility to set startup delay during payload generation 2025-03-23 11:47:19 +01:00
Pavlo Khazov
3ffe76950a Added flag to specify interval between connection during compilation 2025-03-19 16:11:27 +01:00
Pavlo Khazov
b744d518cb Payload became more modular. 
Now you can choose whether to include keylogger and persistence functionality and whether to launch it on start-up or not.
 2025-03-19 15:23:45 +01:00
Pavlo Khazov
fecb89db46 Payload generator now passes feature flags directly to compiler and does not replace macro's text in config.h - this is better as if more files require to include config.h - more text replacements would need to be done, which makes code messy. 2025-03-19 11:46:12 +01:00
Pavlo Khazov
dc9c97df7e Moved startup settings to config.h and modified generator.go accordingly 2025-03-15 16:57:44 +01:00
Pavlo Khazov
04ce63c70c Minor adjustments before moving all settings to config.h 2025-03-15 16:05:15 +01:00
Pavlo Khazov
29dfffbedb Modified generator.go to be wolfssl-version-agnostic and edited README & Makefile accordingly 2025-03-15 13:07:17 +01:00
Pavlo Khazov
67586891d6 Correct installtion instructions in Readme, edited some comments 2025-03-15 12:47:55 +01:00
Pavlo Khazov
b36c45d700 generate_certs.sh now accepts IP address as argument for certificate generation 
corrected Makefile
update insctructions in README
 2025-03-15 11:08:06 +01:00
test
8310fac492 Initialised a repository 2025-02-06 14:42:06 +01:00