pkhazov/Sigma-C2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
95 Commits 1 Branch 0 Tags
d5816dfdb4c4458b83796db99d96b95df73b9ca1
Commit Graph

58 Commits

Author SHA1 Message Date
Pavlo Khazov
d5816dfdb4 Moved agent source files into src folder. Added output catch via pipe to inject-self command. Fixed "BOOL failed;" being initialized without value, which cause cleanup section to trigger and terminate spawned process. Added startup info to force a hidden windows on spawned processes. 2025-08-12 14:50:10 +02:00
Pavlo Khazov
e8f13167b8 Added named pipes to capture output from injected capabilities. Returned inject command for self injection. Split some commands into separate files. Fixed error logging. Cleaned code a little bit. 2025-08-11 19:36:45 +02:00
Pavlo Khazov
6beb460ea8 Finaly fixed the problem with "spawn" command. Previously it was spawning processes and injecting code into it, but it looked like nothing happened, and only 1 out of 10 times there was a sign of successfully injection (calc popping up or agent checking in). It was because function was going to cleanup label even on success. Now it is fixed. 2025-08-09 19:32:53 +02:00
Pavlo Khazov
6f67c9ba01 Func recv_alloc() was replaced with newly introduced func read_body() which extracts body from HTTP response, and http_recv() func now only gets message from cookie. This brings better readibility and ads robustness. 2025-08-08 16:25:28 +02:00
Pavlo Khazov
7050c6f2ca Cleaned up code a little bit. Stager prototype and listener aded. All configuration moved to config.h 2025-08-07 21:11:53 +02:00
Pavlo Khazov
d160b44190 HTTPS communication channel was implemented for agent. Uploading files to server is not yet supported, but will be in nearest future. 
Agent and server files have been restrucutred for convenience. Agent source files have also been split for convenience and readability.
Operator's terminal was enchanced to better display output. Also, some comands were renamed to be more intuitive and some errors have been fixed, which led to terminal's panic. Command parses has also been enchanced to not mismatch commands and handle them strictly. Command 'tasks' now work in both general and agent contexts.
Filepath handling was fixed in 'download', 'upload' and 'spawn' commands. Now filepaths with spaces are handled correctly.
WolfSSL was ditched, as it is not really necessary anymore.
 2025-08-05 20:48:22 +02:00
Pavlo Khazov
1a7c30cfbd Changed operator's command parsing logic to not panic in certain cases. Changed how "show task" command works and replaced with "tasks", which works both in general and agent contexts 2025-08-05 15:03:12 +02:00
Pavlo Khazov
91ecbc8b4a Enchanced operator prompt to better display output and history 2025-08-03 18:57:10 +02:00
Pavlo Khazov
e8de1b8e9b Fixed file path handling in download/upload commands. Removed debugLog() and infoLog(), will see if it will be comfortable for me to work like this. Made server log a bit clearer by removing unnecessary log statements. Removed WolfSSL as it's not needed anymore. Changed logging style in agent. And overall cleaned unused pieces of code in both agent and server. 2025-08-03 15:07:01 +02:00
Pavlo Khazov
b4ce0d21bc Fixed files downloading bug in stream protocols communication 2025-08-02 15:04:00 +02:00
Pavlo Khazov
8b810e78d7 File downloading works for http agent now 2025-08-02 13:15:38 +02:00
Pavlo Khazov
5827982fa0 Added http communication channel to agent. Fixed minor bug with system info reporting. Thinking to get rid of beacon at all, or repurpose it. 2025-08-01 21:45:55 +02:00
Pavlo Khazov
92e1ba5723 Implemented optional logging. It only works in debug mode. In production builds - strings are striped from binary 2025-07-25 17:28:23 +02:00
Pavlo Khazov
93cfc91e88 Payload now runs windows-less. Added possibility to enable windows mode when using make. Added instructions to makefile. 2025-07-17 19:10:39 +02:00
Pavlo Khazov
cb79f61c25 Fixed agent's receive module func signature. Fixed task result message not sent to operator. And added PID to agent's info. 2025-07-13 19:40:11 +02:00
Pavlo Khazov
4dbbb47694 Beacon is now fully integrated into http transport. Enchanced structure of htpp listener on server. Fixed problems with pid and ppid in injection logic. 2025-07-13 16:35:10 +02:00
Pavlo Khazov
88e433a3d3 File structure change. TaskID fix in task result sending logic. PID is now formated and sent correctly. 2025-07-12 22:36:15 +02:00
Pavlo Khazov
a674b5135a Cosmetics 2025-07-12 20:57:54 +02:00
John Doe
925bb8fd92 Added task id logic: now agent reports task result with task id after "TASKRESULT" message part, which helps identify task and operator who issued it. 
Added size optimization flags to payload generator.
Corrected source files list in payload generator.
Corrected macros for transport selection.
 2025-05-24 14:00:58 +02:00
Pavlo Khazov
4df020a226 Beacon supports Win Schannel + minor adjustments 2025-05-03 13:25:41 +02:00
Pavlo Khazov
d0652b9aa5 Windows Schannel transport and prototype of https listener 2025-05-03 12:32:19 +02:00
Pavlo Khazov
2ad1a58c3a Minor adjustments 2025-04-27 12:19:45 +02:00
Pavlo Khazov
70896bb6c2 Run command was divided into runexe and rundll 2025-04-27 11:48:12 +02:00
Pavlo Khazov
723aa168f6 Added new beacon to repo. Fixed injection logic for new beacon. 2025-04-27 09:53:28 +02:00
Pavlo Khazov
1f01d1bdf0 Refactored sysinfo command and some bug fixed 2025-04-27 08:49:59 +02:00
Pavlo Khazov
14ad90a2b7 2025-04-26 21:11:19 +02:00
Pavlo Khazov
a60dc7b647 Preparing for unity build. Got tired of header files and includes. 2025-04-25 16:21:54 +02:00
Pavlo Khazov
f04fa16670 Dynamic encryption key generation for shellcode. 2025-04-23 21:34:35 +02:00
Pavlo Khazov
3c63ed08cc Added missing header files and new compiler flags. 2025-04-23 12:37:25 +02:00
Pavlo Khazov
a81eec18bb Removed unnecessary WSACleanUp, which prevented agent from reconnection after server went offline and back online. 
Rewrote some blocks to use sync.Map instead of mutex.
Added PID and process name retrieving for "ps" command.
Added nice output for "ps" command and it is now handled separately, like sysinfo and keylogger.
Devel mode: if message is bigger than 512 chars, console will print only 512 chars.
Laying the foundation for new task-result logic in future:
Task handler: now generates task id for every task.
Task handler: does not delete task after sending to agent, but just marks it as dispatched.
Task handler: operator conn and ID retrieval by task id.
 2025-04-22 23:54:40 +02:00
Pavlo Khazov
82033c21d5 Agent and BeaconC have new injection capabilities. 
"inject" - writes shellcode into process, which can be specified by PID.
"spawn" - launches new suspended process, writes shellcode and creates thread. PPID can be specified.
Shellcode is encrypted on server, decrypted right before writing to memory and cleared right after it. Tiny-AES is used for decryption.
Modules are now dynamically loaded from folder and not harcoded.
 2025-04-21 15:45:19 +02:00
Pavlo Khazov
64c2187688 Added "ps" command to get list of processes on target. 2025-04-18 21:35:52 +02:00
Pavlo Khazov
b4179af455 Added "ps" command. TODO: add nice formating on operator side. 
Prepare base for beacon in C, because GO executables are too big.
 2025-04-18 21:32:21 +02:00
Pavlo Khazov
ebc489af61 Server now sends encrypted shellcode and agent decrypts it in-memory before executions. 2025-04-16 14:48:10 +02:00
Pavlo Khazov
bcca9af323 Little enchancement for proxy server and some performance testing. 2025-04-15 22:16:39 +02:00
Pavlo Khazov
41b637459b Added prototype of socks5 proxy on agent. Command "proxy start" starts listening on server:30900 and tunnels through target system, where agent runs. Current implementation support only 1 connection. Multiplexing to be added. Custom ports to be added. 
Now all print statements are showed only with --devel flag.
 2025-04-15 10:42:21 +02:00
Pavlo Khazov
7bfaa345e6 Added testing build flag and optimization build to makefile. 2025-04-09 19:57:36 +02:00
Pavlo Khazov
b7225b92f1 Local file path checking in "upload" command. 
Added navigation commands "cd", "ls", "dir", "pwd".
Now you can navigate to parent directory also via "cd ../" not only "cd .."
Adjusted README
Also, adjusting list of global and context commands for operator. Still cannot decide which one of global commands should be accessible from agent context.
 2025-04-09 18:24:45 +02:00
Pavlo Khazov
b3e9ce2b42 Implemented file uploading to target machine with command "upload" 
Added local system navigation in operator's terminal + tab completion for "upload" command
 2025-04-09 16:19:51 +02:00
Pavlo Khazov
2150ee16c8 Added cd, ls, pwd, dir commands. 2025-04-08 21:35:55 +02:00
Pavlo Khazov
72acddbad3 Okay, I give up on keylogger. Currently I cannot implement auto keystrokes reporting after keylogger shuts down. 
You need either set up low reporting interval in <agent.c> or wait until it reports and then shut it down.
Why? Because reporting somehow blocks some wolfssl stuff and agent stops heartbeating.
This behaviour is acceptable, but I would like to find elegant solution later.
 2025-04-08 17:10:32 +02:00
Pavlo Khazov
87e54675f3 Added task reporting after modules execution. 
Got rid of unnecessary static and const statements. I think nobody is going ever to read this code.
Minor adjustments for readability and logging.
 2025-04-08 14:42:11 +02:00
Pavlo Khazov
a3e0674a1f Refactored file/folder downloading logic 2025-04-08 12:32:46 +02:00
Pavlo Khazov
8044155a39 Moved all command-related stuff to separate file commands.c/h 2025-04-07 14:00:24 +02:00
Pavlo Khazov
3f60761836 Added full support for TCP communication. Agent now can be generated with TCP transport by selecting TCP listener during generation. Such executable will not include any SSL code and libraries. 
Size of agent.exe with TCP transport is ~270kb, agent.exe with SSL transport is ~800kb
 2025-04-06 20:48:05 +02:00
Pavlo Khazov
79c707b4fe + You can now change context and directly interact with agents by typing "interact <agent id>" and sending commands directly. 
+ But uou can still issue command without switching to agent's context, just by typing <agent id> <command> <args>
+ Some minor refinements, like output beautify and cleaning
 2025-04-06 09:36:31 +02:00
Pavlo Khazov
9d87226065 Fixed shellcode in memory execution: now shellcode is not saved to disk; added some opsec for execution 2025-03-29 09:47:37 +01:00
Pavlo Khazov
062d3c2b02 Added sysinfo command for beacon 2025-03-28 19:56:19 +01:00
Pavlo Khazov
84fa2a98d4 Added possibility to set startup delay during payload generation 2025-03-23 11:47:19 +01:00
Pavlo Khazov
3ffe76950a Added flag to specify interval between connection during compilation 2025-03-19 16:11:27 +01:00