admin/conquest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented 'cd' and 'ls' commands using Windows APIs.

Browse Source
This commit is contained in:
Jakob Friedl
2025-07-07 21:30:05 +02:00
parent 6a92a19b9e
commit ba7c8b6841
12 changed files with 290 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
server/agent/agent.nim
View File

@@ -223,7 +223,16 @@ proc handleResult*(listener, agent, task: string, taskResult: TaskResult) =
let date: string = now().format("dd-MM-yyyy HH:mm:ss")
if taskResult.status == Failed:
cq.writeLine(fgBlack, styleBright, fmt"[{date}]", fgRed, styleBright, " [-] ", resetStyle, fmt"Task {task} failed.", "\n")
cq.writeLine(fgBlack, styleBright, fmt"[{date}]", fgRed, styleBright, " [-] ", resetStyle, fmt"Task {task} failed.")
if taskResult.data != "":
cq.writeLine(fgBlack, styleBright, fmt"[{date}]", fgRed, styleBright, " [-] ", resetStyle, "Output:")
# Split result string on newline to keep formatting
for line in decode(taskResult.data).split("\n"):
cq.writeLine(line)
else:
cq.writeLine()
else:
cq.writeLine(fgBlack, styleBright, fmt"[{date}]", fgGreen, " [+] ", resetStyle, fmt"Task {task} finished.")

19
server/agent/commands/cd.nim Normal file
View File

@@ -0,0 +1,19 @@
import nanoid, sequtils, strutils, strformat, terminal, times
import ../../types
proc taskSetWorkingDirectory*(cq: Conquest, arguments: seq[string]) =
# Create a new task
let
date: string = now().format("dd-MM-yyyy HH:mm:ss")
task = Task(
id: generate(alphabet=join(toSeq('A'..'Z'), ""), size=8),
agent: cq.interactAgent.name,
command: SetWorkingDirectory,
args: arguments,
)
# Add new task to the agent's task queue
cq.interactAgent.tasks.add(task)
cq.writeLine(fgBlack, styleBright, fmt"[{date}] [*] ", resetStyle, fmt"Tasked agent to change current working directory.")

44
server/agent/commands/commands.nim
View File

@@ -1,19 +1,38 @@
import ./[shell, sleep, pwd]
export shell, sleep, pwd
import ./[shell, sleep, pwd, cd, ls]
export shell, sleep, pwd, cd, ls
#[
"Monarch" Agent commands:
Basic
-----
[~] shell : Execute shell command (to be implemented using Windows APIs instead of execCmdEx)
[ ] pwd : Get current working directory
[ ] cd : Change directory
[ ] ls/dir : List all files in directory (including hidden ones)
[ ] cat/type : Display contents of a file
House-keeping
-------------
[~] sleep : Set sleep obfuscation duration to a different value and persist that value in the agent
Post-exploitation
Basic API-only Commands
-----------------------
[~] pwd : Get current working directory
[~] cd : Change directory
[ ] ls/dir : List all files in directory (including hidden ones)
[ ] cat/type : Display contents of a file
[ ] env : Display environment variables
[ ] ps : List processes
[ ] whoami : Get UID and privileges, etc.
[ ] token : Token impersonation
[ ] make : Create a token from a user's plaintext password
[ ] steal : Steal the access token from a process
[ ] use : Impersonate a token from the token vault
Execution Commands
------------------
[~] shell : Execute shell command (to be implemented using Windows APIs instead of execCmdEx)
[ ] bof : Execute Beacon Object File in memory and retrieve output (bof /local/path/file.o)
- Read from listener endpoint directly to memory
- Base for all kinds of BOFs (Situational Awareness, ...)
[ ] pe : Execute PE file in memory and retrieve output (pe /local/path/mimikatz.exe)
[ ] dotnet : Execute .NET assembly inline in memory and retrieve output (dotnet /local/path/Rubeus.exe )
Post-Exploitation
-----------------
[ ] upload : Upload file from server to agent (upload /local/path/to/file C:\Windows\Tasks)
- File to be downloaded moved to specific endpoint on listener, e.g. GET /<listener>/<agent>/<upload-task>/file
@@ -22,9 +41,4 @@ export shell, sleep, pwd
- Create loot directory for agent to store files in
- Read file into memory and send byte stream to specific endpoint, e.g. POST /<listener>/<agent>/<download>-task/file
- Encrypt file in-transit!!!
[ ] bof : Execute Beacon Object File in memory and retrieve output (bof /local/path/file.o)
- Read from listener endpoint directly to memory
[ ] pe : Execute PE file in memory and retrieve output (pe /local/path/mimikatz.exe)
[ ] dotnet : Execute .NET assembly inline in memory and retrieve output (dotnet /local/path/Rubeus.exe )
]#

19
server/agent/commands/ls.nim Normal file
View File

@@ -0,0 +1,19 @@
import nanoid, sequtils, strutils, strformat, terminal, times
import ../../types
proc taskListDirectory*(cq: Conquest, arguments: seq[string]) =
# Create a new task
let
date: string = now().format("dd-MM-yyyy HH:mm:ss")
task = Task(
id: generate(alphabet=join(toSeq('A'..'Z'), ""), size=8),
agent: cq.interactAgent.name,
command: ListDirectory,
args: arguments,
)
# Add new task to the agent's task queue
cq.interactAgent.tasks.add(task)
cq.writeLine(fgBlack, styleBright, fmt"[{date}] [*] ", resetStyle, fmt"Tasked agent to list files and directories.")

16
server/agent/interact.nim
View File

@@ -21,7 +21,15 @@ var parser = newParser:
help("Display agent information and current settings.")
command("pwd"):
help("Retrieve current working directory")
help("Retrieve current working directory.")
command("cd"):
help("Change current working directory.")
arg("directory", help="Relative or absolute path of the directory to change to.", nargs = -1)
command("ls"):
help("List files and directories.")
arg("directory", help="Relative or absolute path. Default: current working directory.", nargs = -1)
command("help"):
nohelpflag()
@@ -64,6 +72,12 @@ proc handleAgentCommand*(cq: Conquest, args: varargs[string]) =
of "pwd":
cq.taskGetWorkingDirectory()
of "cd":
cq.taskSetWorkingDirectory(opts.cd.get.directory)
of "ls":
cq.taskListDirectory(opts.ls.get.directory)
# Handle help flag
except ShortCircuit as err:
if err.flag == "argparse_help":

2
server/types.nim
View File

@@ -16,6 +16,8 @@ type
ExecutePe = "pe"
Sleep = "sleep"
GetWorkingDirectory = "pwd"
SetWorkingDirectory = "cd"
ListDirectory = "ls"
TaskStatus* = enum
Completed = "completed"