mirror of
https://github.com/Aryma-f4/Ares-mythic.git
synced 2026-06-25 11:14:13 +00:00
Compare commits
2 Commits
afac72ad49
...
286accf271
| Author | SHA1 | Date | |
|---|---|---|---|
|
286accf271 | ||
|
|
3ba28c3197 |
@@ -15,7 +15,7 @@
|
||||
<Reference Include="System.Security" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
<ProjectReference Include="..\DInvokeResolver\DInvokeResolver.csproj" />
|
||||
<ProjectReference Include="..\EncryptedFileStore\EncryptedFileStore.csproj" />
|
||||
<ProjectReference Include="..\HttpProfile\HttpProfile.csproj" />
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
#define C2PROFILE_NAME_UPPER
|
||||
#define C2PROFILE_NAME_UPPER
|
||||
|
||||
//#define LOCAL_BUILD
|
||||
|
||||
@@ -280,14 +280,14 @@ namespace Apollo
|
||||
public static int RegistryComparison = 1; // 1=Matches, 2=Contains
|
||||
#else
|
||||
// Environmental Keying Configuration
|
||||
public static bool KeyingEnabled = keying_enabled_here;
|
||||
public static int KeyingMethod = keying_method_here; // 1=Hostname, 2=Domain, 3=Registry
|
||||
public static bool KeyingEnabled = "keying_enabled_here" == "true";
|
||||
public static int KeyingMethod = int.Parse("keying_method_here"); // 1=Hostname, 2=Domain, 3=Registry
|
||||
public static string KeyingValueHash = "keying_value_hash_here";
|
||||
|
||||
// Registry Keying Configuration
|
||||
public static string RegistryPath = "registry_path_here";
|
||||
public static string RegistryValue = "registry_value_here";
|
||||
public static int RegistryComparison = registry_comparison_here; // 1=Matches, 2=Contains
|
||||
public static int RegistryComparison = int.Parse("registry_comparison_here"); // 1=Matches, 2=Contains
|
||||
#endif
|
||||
|
||||
}
|
||||
|
||||
@@ -10,7 +10,6 @@ using AS = ApolloInterop.Structs.ApolloStructs;
|
||||
using TTasks = System.Threading.Tasks;
|
||||
using ApolloInterop.Classes.Core;
|
||||
using ApolloInterop.Structs.ApolloStructs;
|
||||
using Tasks;
|
||||
using ApolloInterop.Utils;
|
||||
using System.Net;
|
||||
using System.IO;
|
||||
|
||||
@@ -12,6 +12,7 @@ using System.Collections.Concurrent;
|
||||
using ApolloInterop.Classes.Core;
|
||||
using ApolloInterop.Classes.Events;
|
||||
using ApolloInterop.Enums.ApolloEnums;
|
||||
using System.IO;
|
||||
using System.Runtime.InteropServices;
|
||||
using ApolloInterop.Utils;
|
||||
using System.Security.Cryptography;
|
||||
|
||||
@@ -3,9 +3,10 @@
|
||||
<TargetFramework>net451</TargetFramework>
|
||||
<OutputType>Library</OutputType>
|
||||
<LangVersion>12</LangVersion>
|
||||
<Nullable>enable</Nullable>
|
||||
<Nullable>disable</Nullable>
|
||||
<GenerateAssemblyInfo>false</GenerateAssemblyInfo>
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
<NoWarn>$(NoWarn);0168;0169;0659;0660;0661;8632</NoWarn>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<Reference Include="System.Security" />
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="PolySharp" Version="1.14.1" />
|
||||
|
||||
@@ -44,9 +44,9 @@
|
||||
<Compile Include="Properties\AssemblyInfo.cs" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj">
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj">
|
||||
<Project>{5b5bd587-7dca-4306-b1c3-83a70d755f37}</Project>
|
||||
<Name>ApolloInterop</Name>
|
||||
<Name>AresInterop</Name>
|
||||
</ProjectReference>
|
||||
<ProjectReference Include="..\PSKCrypto\PSKCryptography.csproj">
|
||||
<Project>{c8fc8d87-30db-4fc5-880a-9cd7d156127a}</Project>
|
||||
|
||||
@@ -11,7 +11,7 @@
|
||||
<Reference Include="System.Security" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Costura.Fody" Version="5.7.0" PrivateAssets="All" />
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
<ProjectReference Include="..\ExecutePE\ExecutePE.csproj" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<Content Include="FodyWeavers.xml" />
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
<ProjectReference Include="..\HttpxTransform\HttpxTransform.csproj" />
|
||||
<ProjectReference Include="..\PSKCrypto\PSKCryptography.csproj" />
|
||||
</ItemGroup>
|
||||
|
||||
@@ -9,7 +9,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
|
||||
|
||||
@@ -8,6 +8,6 @@
|
||||
<GenerateAssemblyInfo>false</GenerateAssemblyInfo>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
</Project>
|
||||
@@ -10,7 +10,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<Content Include="FodyWeavers.xml" />
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Costura.Fody" Version="5.7.0" PrivateAssets="All" />
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<Content Include="FodyWeavers.xml" />
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="PolySharp" Version="1.14.1" />
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
<Reference Include="System.ServiceProcess" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Costura.Fody" Version="5.7.0" PrivateAssets="All" />
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
<Platforms>AnyCPU;x64;x86</Platforms>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
<AssemblyName>WebsocketProfile</AssemblyName>
|
||||
</PropertyGroup>
|
||||
<ItemGroup>
|
||||
<ProjectReference Include="..\ApolloInterop\ApolloInterop.csproj" />
|
||||
<ProjectReference Include="..\AresInterop\AresInterop.csproj" />
|
||||
</ItemGroup>
|
||||
<ItemGroup>
|
||||
<PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
|
||||
|
||||
@@ -135,19 +135,21 @@ def validate_httpx_config(config_data):
|
||||
class Ares(PayloadType):
|
||||
name = "ares"
|
||||
file_extension = "exe"
|
||||
author = "@djhohnstein, @its_a_feature_"
|
||||
author = "Aryma-f4"
|
||||
mythic_encrypts = True
|
||||
supported_os = [
|
||||
SupportedOS.Windows
|
||||
]
|
||||
semver = "2.4.12"
|
||||
description = "Ares Windows payload type for Mythic."
|
||||
wrapper = False
|
||||
wrapped_payloads = ["scarecrow_wrapper", "service_wrapper"]
|
||||
c2_profiles = ["http", "httpx", "smb", "tcp", "websocket", "azure_blob"]
|
||||
note = """
|
||||
A fully featured .NET 4.0 compatible training agent. Version: {}.
|
||||
NOTE: P2P Not compatible with v2.2 agents!
|
||||
NOTE: v2.3.2+ has a different bof loader than 2.3.1 and are incompatible since their arguments are different
|
||||
Ares Windows payload type for Mythic. Version: {}.
|
||||
Supports WinExe, shellcode, source, and service builds.
|
||||
NOTE: P2P is not compatible with v2.2 agents.
|
||||
NOTE: v2.3.2+ uses a different BOF loader than v2.3.1 and they are not compatible.
|
||||
""".format(semver)
|
||||
supports_dynamic_loading = True
|
||||
shellcode_format_options = ["Binary", "Base64", "C", "Ruby", "Python", "Powershell", "C#", "Hex"]
|
||||
@@ -607,9 +609,9 @@ NOTE: v2.3.2+ has a different bof loader than 2.3.1 and are incompatible since t
|
||||
|
||||
# Build command with conditional embedding
|
||||
if self.get_parameter('debug'):
|
||||
command = f"dotnet build Ares.sln -c {compileType} -p:Platform=\"Any CPU\" -p:EmbedDefaultConfig={str(embed_default_config).lower()} -o {agent_build_path.name}/{buildPath}/ --verbosity quiet"
|
||||
command = f"dotnet build Ares/Ares.csproj -c {compileType} -p:Platform=\"Any CPU\" -p:EmbedDefaultConfig={str(embed_default_config).lower()} -o {agent_build_path.name}/{buildPath}/ --verbosity quiet"
|
||||
else:
|
||||
command = f"dotnet build Ares.sln -c {compileType} -p:DebugType=None -p:DebugSymbols=false -p:DefineConstants=\"\" -p:Platform=\"Any CPU\" -p:EmbedDefaultConfig={str(embed_default_config).lower()} -o {agent_build_path.name}/{buildPath}/ --verbosity quiet"
|
||||
command = f"dotnet build Ares/Ares.csproj -c {compileType} -p:DebugType=None -p:DebugSymbols=false -p:DefineConstants=\"\" -p:Platform=\"Any CPU\" -p:EmbedDefaultConfig={str(embed_default_config).lower()} -o {agent_build_path.name}/{buildPath}/ --verbosity quiet"
|
||||
await SendMythicRPCPayloadUpdatebuildStep(MythicRPCPayloadUpdateBuildStepMessage(
|
||||
PayloadUUID=self.uuid,
|
||||
StepName="Gathering Files",
|
||||
@@ -763,9 +765,9 @@ NOTE: v2.3.2+ has a different bof loader than 2.3.1 and are incompatible since t
|
||||
)
|
||||
shutil.move(shellcode_path, working_path)
|
||||
if self.get_parameter('debug'):
|
||||
command = f"dotnet build Ares.sln -c {compileType} -p:OutputType=WinExe -p:Platform=\"Any CPU\""
|
||||
command = f"dotnet build WindowsService1/WindowsService1.csproj -c {compileType} -p:OutputType=WinExe -p:Platform=\"Any CPU\""
|
||||
else:
|
||||
command = f"dotnet build Ares.sln -c {compileType} -p:DebugType=None -p:DebugSymbols=false -p:DefineConstants=\"\" -p:OutputType=WinExe -p:Platform=\"Any CPU\""
|
||||
command = f"dotnet build WindowsService1/WindowsService1.csproj -c {compileType} -p:DebugType=None -p:DebugSymbols=false -p:DefineConstants=\"\" -p:OutputType=WinExe -p:Platform=\"Any CPU\""
|
||||
proc = await asyncio.create_subprocess_shell(
|
||||
command,
|
||||
stdout=asyncio.subprocess.PIPE,
|
||||
@@ -1011,4 +1013,3 @@ def adjust_file_name(filename, shellcode_format, output_type, adjust_filename):
|
||||
return original_filename + ".txt"
|
||||
else:
|
||||
return filename
|
||||
|
||||
|
||||
@@ -4,5 +4,5 @@
|
||||
"exclude_documentation_payload": false,
|
||||
"exclude_documentation_c2": false,
|
||||
"exclude_agent_icons": false,
|
||||
"remote_images": {"ares" :"ghcr.io/aryma-f4/ares-mythic:multiarch-fixed-v2"}
|
||||
"remote_images": {"ares" :"ghcr.io/aryma-f4/ares-mythic:multiarch-fixed-v3"}
|
||||
}
|
||||
Reference in New Issue
Block a user