v0.3 -> v0.4
Last updated
Last updated
New:
Added control over WorkingTime and KillDate parameters for agents. Added new agent marks "Disconnect" and "No worktime".
Added screenshot storage.
Unix support added to ProcessBrowser and FilesBrowser.
SessionsGraph now displays the agent type and process PID instead of the process name.
New form of agent generation. The mechanisms for registering listeners and agents have been completely changed.
The listeners table has been reworked.
Added formatting to the downloads, processes and files tables.
Fix:
Fixed message in agent console. Previously there were extra characters . when there was no domain.
Fixed display of sleep time
Fixed incorrect escaping of quotes when entering an agent console command.
Added a new synchronous gopher agent that supports Linux and MacOS systems.
A TCP/mTLS listener has been added to the agent.
This agent currently has limited functionality.
New:
Added TCP internal communication channel
Added WorkingTime and KillDate functions
The listener creation form and agent profile have been changed. Now each Callback Server has its own port.
Added BOF API: BeaconAddValue, BeaconGetValue, BeaconRemoveValue.
Fix:
Fixed the function of determining the file modification date.
New BOFs:
Injection-BOF: inject-cfg
Added "vspacer", "hspacer", "time_input", "date_input" elements to WidgetBuilder.
For extensions, the functions $RAND(len, charmap), $HASH(algorithm, len, data), $MAP(map, key) are implemented.
Completely new mechanism for connecting extenders. Now all information about the extender is contained in a single JSON configuration file. All common structures are now loaded from the package. Server operation has become much faster. More variability in developing agents for different listeners and operating systems.
The DLL agent supports launching via rundll32 (by ).
Creds-BOF: askcreds (by ), autologon, credman (by )
AD-BOF: ldapsearch (by )
Elevation-BOF: uac_regshellcmd, uac_sspi (by )
Execution-BOF: execute-assembly (by )
SAL-BOF: privcheck (by )
