update loading of nidhogg commands

Payload_Type/athena/athena/agent_code/Tests/Agent.Tests.Defender/PluginLoader.cs

@@ -11,17 +11,22 @@ internal class PluginLoader
     {
         public static string GetPluginPath(string pluginName)
         {
-            var debug_path = Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "Debug", "net7.0", $"{pluginName}.dll");
-            var release_path = Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "Release", "net7.0", $"{pluginName}.dll");
-
-            if (Path.Exists(release_path))
+            List<string> potentialDllPaths = new List<string>()
             {
-                return release_path;
-            }
+                Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "Debug", "net7.0", $"{pluginName}.dll"),
+                Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "Release", "net7.0", $"{pluginName}.dll"),
+                Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "LocalDebugDiscord", "net7.0", $"{pluginName}.dll"),
+                Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "LocalDebugHttp", "net7.0", $"{pluginName}.dll"),
+                Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "LocalDebugWebsocket", "net7.0", $"{pluginName}.dll"),
+            };
+
 
-            if (Path.Exists(debug_path))
+            foreach (string path in potentialDllPaths)
             {
-                return debug_path;
+                if (File.Exists(path))
+                {
+                    return path;
+                }
             }
 
             return string.Empty;

Payload_Type/athena/athena/mythic/agent_functions/athena_utils/plugin_utilities.py

@@ -8,4 +8,32 @@ def get_ds_commands():
     return ["ds-query", "ds-connect"]
 
 def get_unloadable_commands():
-    return get_ds_commands() + get_coff_commands() + get_inject_shellcode_commands()   
+    return get_ds_commands() + get_coff_commands() + get_inject_shellcode_commands()
+
+def get_nidhogg_commands():
+    return ["nidhogg-disableetwti", 
+            "nidhogg-dumpcreds", 
+            "nidhogg-elevateprocess",
+            "nidhogg-enableetwti", 
+            "nidhogg-hidedriver", 
+            "nidhogg-hideport", 
+            "nidhogg-hideprocess", 
+            "nidhogg-hideregistrykey",
+            "nidhogg-hideregistryvalue",
+            "nidhogg-hidethread", 
+            "nidhogg-injectdll", 
+            "nidhogg-protectfile", 
+            "nidhogg-protectprocess",
+            "nidhogg-protectregistrykey", 
+            "nidhogg-protectregistryvalue",
+            "nidhogg-protectthread", 
+            "nidhogg-unhidedriver", 
+            "nidhogg-unhideport", 
+            "nidhogg-unhideregistrykey", 
+            "nidhogg-unhideregistryvalue", 
+            "nidhogg-unhidethread", 
+            "nidhogg-unprotectfile", 
+            "nidhogg-unprotectprocess", 
+            "nidhogg-unprotectregistrykey", 
+            "nidhogg-unprotectregistryvalue", 
+            "nidhogg-unprotectthread"]

Payload_Type/athena/athena/mythic/agent_functions/builder.py

@@ -398,6 +398,10 @@ async def build(self) -> BuildResponse:
                 if cmd in unloadable_commands:
                     continue
 
+                if cmd == "nidhogg":
+                    for nidhoggCommand in plugin_utilities.get_nidhogg_commands():
+                        self.commands.add_command(nidhoggCommand)
+
                 if cmd == "ds":
                     if self.selected_os.lower() == "redhat":
                         continue

Payload_Type/athena/athena/mythic/agent_functions/load.py

@@ -87,6 +87,7 @@ async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllDa
         bof_commands = plugin_utilities.get_coff_commands()
         shellcode_commands = plugin_utilities.get_inject_shellcode_commands()
         ds_commands = plugin_utilities.get_ds_commands()
+        nidhogg_commands = plugin_utilities.get_nidhogg_commands()
 
         if command in bof_commands:
             await message_utilities.send_agent_message("Please load coff to enable this command", taskData.Task)
@@ -97,11 +98,15 @@ async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllDa
         elif command in ds_commands:
             await message_utilities.send_agent_message("Please load ds to enable this command", taskData.Task)
             raise Exception("Please load ds to enable this command")
+        elif command in nidhogg_commands:
+            await message_utilities.send_agent_message("Please load nidhogg to enable this command", taskData.Task)
+            raise Exception("Please load nidhogg to enable this command")         
 
         command_checks = {
-            "bof": plugin_utilities.get_coff_commands,
+            "coff": plugin_utilities.get_coff_commands,
             "inject-shellcode": plugin_utilities.get_inject_shellcode_commands,
             "ds": plugin_utilities.get_ds_commands,
+            "nidhogg" : plugin_utilities.get_nidhogg_commands,
         }
 
         #Check if command is loadable via another command
@@ -122,6 +127,7 @@ async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllDa
             "coff": bof_commands,
             "ds": ds_commands,
             "inject-shellcode": shellcode_commands,
+            "nidhogg": nidhogg_commands,
         }
 
         # Check if command requires 3rd party libraries