diff --git a/Payload_Type/athena/athena/agent_code/Tests/Agent.Tests.Defender/PluginLoader.cs b/Payload_Type/athena/athena/agent_code/Tests/Agent.Tests.Defender/PluginLoader.cs index 80b890c0..ed834747 100644 --- a/Payload_Type/athena/athena/agent_code/Tests/Agent.Tests.Defender/PluginLoader.cs +++ b/Payload_Type/athena/athena/agent_code/Tests/Agent.Tests.Defender/PluginLoader.cs @@ -11,17 +11,22 @@ internal class PluginLoader { public static string GetPluginPath(string pluginName) { - var debug_path = Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "Debug", "net7.0", $"{pluginName}.dll"); - var release_path = Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "Release", "net7.0", $"{pluginName}.dll"); - - if (Path.Exists(release_path)) + List potentialDllPaths = new List() { - return release_path; - } + Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "Debug", "net7.0", $"{pluginName}.dll"), + Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "Release", "net7.0", $"{pluginName}.dll"), + Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "LocalDebugDiscord", "net7.0", $"{pluginName}.dll"), + Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "LocalDebugHttp", "net7.0", $"{pluginName}.dll"), + Path.Combine(Directory.GetCurrentDirectory(), "..", "..", "..", "..", "..", pluginName, "bin", "LocalDebugWebsocket", "net7.0", $"{pluginName}.dll"), + }; + - if (Path.Exists(debug_path)) + foreach (string path in potentialDllPaths) { - return debug_path; + if (File.Exists(path)) + { + return path; + } } return string.Empty; diff --git a/Payload_Type/athena/athena/mythic/agent_functions/athena_utils/plugin_utilities.py b/Payload_Type/athena/athena/mythic/agent_functions/athena_utils/plugin_utilities.py index c9cd9a89..b76fe962 100644 --- a/Payload_Type/athena/athena/mythic/agent_functions/athena_utils/plugin_utilities.py +++ b/Payload_Type/athena/athena/mythic/agent_functions/athena_utils/plugin_utilities.py @@ -8,4 +8,32 @@ def get_ds_commands(): return ["ds-query", "ds-connect"] def get_unloadable_commands(): - return get_ds_commands() + get_coff_commands() + get_inject_shellcode_commands() \ No newline at end of file + return get_ds_commands() + get_coff_commands() + get_inject_shellcode_commands() + +def get_nidhogg_commands(): + return ["nidhogg-disableetwti", + "nidhogg-dumpcreds", + "nidhogg-elevateprocess", + "nidhogg-enableetwti", + "nidhogg-hidedriver", + "nidhogg-hideport", + "nidhogg-hideprocess", + "nidhogg-hideregistrykey", + "nidhogg-hideregistryvalue", + "nidhogg-hidethread", + "nidhogg-injectdll", + "nidhogg-protectfile", + "nidhogg-protectprocess", + "nidhogg-protectregistrykey", + "nidhogg-protectregistryvalue", + "nidhogg-protectthread", + "nidhogg-unhidedriver", + "nidhogg-unhideport", + "nidhogg-unhideregistrykey", + "nidhogg-unhideregistryvalue", + "nidhogg-unhidethread", + "nidhogg-unprotectfile", + "nidhogg-unprotectprocess", + "nidhogg-unprotectregistrykey", + "nidhogg-unprotectregistryvalue", + "nidhogg-unprotectthread"] \ No newline at end of file diff --git a/Payload_Type/athena/athena/mythic/agent_functions/builder.py b/Payload_Type/athena/athena/mythic/agent_functions/builder.py index acacd0f6..72a9380b 100644 --- a/Payload_Type/athena/athena/mythic/agent_functions/builder.py +++ b/Payload_Type/athena/athena/mythic/agent_functions/builder.py @@ -398,6 +398,10 @@ async def build(self) -> BuildResponse: if cmd in unloadable_commands: continue + if cmd == "nidhogg": + for nidhoggCommand in plugin_utilities.get_nidhogg_commands(): + self.commands.add_command(nidhoggCommand) + if cmd == "ds": if self.selected_os.lower() == "redhat": continue diff --git a/Payload_Type/athena/athena/mythic/agent_functions/load.py b/Payload_Type/athena/athena/mythic/agent_functions/load.py index eb516c11..f6da2a5a 100644 --- a/Payload_Type/athena/athena/mythic/agent_functions/load.py +++ b/Payload_Type/athena/athena/mythic/agent_functions/load.py @@ -87,6 +87,7 @@ async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllDa bof_commands = plugin_utilities.get_coff_commands() shellcode_commands = plugin_utilities.get_inject_shellcode_commands() ds_commands = plugin_utilities.get_ds_commands() + nidhogg_commands = plugin_utilities.get_nidhogg_commands() if command in bof_commands: await message_utilities.send_agent_message("Please load coff to enable this command", taskData.Task) @@ -97,11 +98,15 @@ async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllDa elif command in ds_commands: await message_utilities.send_agent_message("Please load ds to enable this command", taskData.Task) raise Exception("Please load ds to enable this command") + elif command in nidhogg_commands: + await message_utilities.send_agent_message("Please load nidhogg to enable this command", taskData.Task) + raise Exception("Please load nidhogg to enable this command") command_checks = { - "bof": plugin_utilities.get_coff_commands, + "coff": plugin_utilities.get_coff_commands, "inject-shellcode": plugin_utilities.get_inject_shellcode_commands, "ds": plugin_utilities.get_ds_commands, + "nidhogg" : plugin_utilities.get_nidhogg_commands, } #Check if command is loadable via another command @@ -122,6 +127,7 @@ async def create_go_tasking(self, taskData: MythicCommandBase.PTTaskMessageAllDa "coff": bof_commands, "ds": ds_commands, "inject-shellcode": shellcode_commands, + "nidhogg": nidhogg_commands, } # Check if command requires 3rd party libraries