Skip to content

Commit

Permalink
Merge branch 'dev'
Browse files Browse the repository at this point in the history
  • Loading branch information
@secu77
secu77 committed Jun 29, 2023
2 parents 6c24bec + 7cd7f2d commit 809d054
Show file tree
Hide file tree
Showing 5 changed files with 27 additions and 4 deletions.
23 changes: 23 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,28 @@
# Change Log

## [v1.2.0] - 2023-06-29

- New agents added
- PHP Agent using "create_function" as executor
- PHP Agent using "include/require" as executor
- NET Agent using "Assembly.Load" as executor
- NET Agent using "System.Reflection.Emit" as executor
- New compilers added to be used with different executors:
- "Csc": this compiler allows you to compile each module you want to use at runtime and send it to an agent with an in-memory NET Assemblies loader (such as a Reflective NET Loader).
- "Precompiled": this compiler allows you to use pre-compiled versions of .NET modules in .exe or .dll (NET Assemblies) form. You can use this compiler together with agent with an in-memory NET Assemblies loader.
- New utils:
- "Precompiler": utility that allows to precompile Kraken modules. These can be used in executors that use dynamic loading of binaries into memory.
- New NET Assemblies:
- New NET Assemblies focused on Privilege Escalation abusing DCOM services have been added: PrinterNotifyPotato and McpManagementPotato.
- A modified version of EfsPotato, an Elevation of Privilege exploit abusing MS-EFSR, has been added.
- New modules:
- "enum_antivirus": module to enumerate registered antivirus (via WMI) in Windows systems. Readapted from [Seatbelt command](https://github.com/GhostPack/Seatbelt/blob/master/Seatbelt/Commands/Windows/AntiVirusCommand.cs)
- By introducing new agents and compilers, small changes have been made in the Core and in the different submodules (envs, modules, etc).
- Multiple Bugs Fixed
- Multiple minor bugs affecting some net_assemblies have been fixed. Some net assemblies have been adapted so that all of them work correctly with the execute_assembly module.
- Fixed some minor bugs in PHP agents (st and c2). They now provide more insight into certain bugs.
- Fixed a minor bug in PHP execute module. This change prevents a warning from occurring when using utf8_encode() on Windows systems whose PHP version indicates that this function is deprecated.

## [v1.1.1] - 2023-03-24

- Multiple bugs fixed:
Expand Down
2 changes: 1 addition & 1 deletion README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ Although its main use is focused on offensive purposes (e.g. red teams, internal

## Version

1.1.1 - [CHANGELOG Version](CHANGELOG.md)
1.2.0 - [CHANGELOG Version](CHANGELOG.md)

## Documentation

Expand Down
2 changes: 1 addition & 1 deletion agents
Submodule agents updated 8 files
+8 −5 README.md
+1 −1 TODO
+2 −2 c2/php/agent_eval.php
+453 −0 standard/aspx/agent_emitmsil.cs
+2 −2 standard/php/agent_createfunction.php
+2 −2 standard/php/agent_eval.php
+2 −2 standard/php/agent_include.php
+2 −2 standard/php/agent_require.php
2 changes: 1 addition & 1 deletion modules
Submodule modules updated 65 files
+1 −1 cat/cat.cs2.cs
+1 −1 cat/cat.cs3.5.cs
+9 −0 cat/cat.cs4.cs
+1 −1 cd/cd.cs2.cs
+9 −0 cd/cd.cs4.cs
+1 −1 cp/cp.cs2.cs
+9 −0 cp/cp.cs4.cs
+1 −1 download/download.cs2.cs
+9 −0 download/download.cs4.cs
+1 −1 driveinfo/driveinfo.cs2.cs
+9 −0 driveinfo/driveinfo.cs4.cs
+1 −1 dump_iis_secrets/dump_iis_secrets.cs2.cs
+9 −0 dump_iis_secrets/dump_iis_secrets.cs4.cs
+1 −1 dup_token/dup_token.cs2.cs
+9 −0 dup_token/dup_token.cs4.cs
+1 −0 enum_antivirus/enum_antivirus.cs2.cs
+1 −0 enum_antivirus/enum_antivirus.cs3.5.cs
+181 −0 enum_antivirus/enum_antivirus.cs4.cs
+1 −1 execute/execute.cs2.cs
+9 −0 execute/execute.cs4.cs
+1 −1 execute/execute.php8.php
+1 −1 execute_assembly/execute_assembly.cs2.cs
+9 −0 execute_assembly/execute_assembly.cs4.cs
+1 −1 execute_with_token/execute_with_token.cs2.cs
+9 −0 execute_with_token/execute_with_token.cs4.cs
+1 −1 hotfixes/hotfixes.cs2.cs
+9 −0 hotfixes/hotfixes.cs4.cs
+1 −1 id/id.cs2.cs
+9 −0 id/id.cs4.cs
+1 −1 impersonate/impersonate.cs2.cs
+9 −0 impersonate/impersonate.cs4.cs
+1 −1 list_tokens/list_tokens.cs2.cs
+9 −0 list_tokens/list_tokens.cs4.cs
+1 −1 ls/ls.cs2.cs
+9 −0 ls/ls.cs4.cs
+1 −1 mkdir/mkdir.cs2.cs
+9 −0 mkdir/mkdir.cs4.cs
+24 −3 modules.py
+1 −1 mv/mv.cs2.cs
+9 −0 mv/mv.cs4.cs
+1 −1 netstat/netstat.cs2.cs
+9 −0 netstat/netstat.cs4.cs
+1 −1 powerpick/powerpick.cs2.cs
+9 −0 powerpick/powerpick.cs4.cs
+9 −0 ps/ps.cs4.cs
+1 −1 reg_dump_trans/reg_dump_trans.cs2.cs
+9 −0 reg_dump_trans/reg_dump_trans.cs4.cs
+1 −1 rm/rm.cs2.cs
+9 −0 rm/rm.cs4.cs
+1 −1 sc/sc.cs2.cs
+9 −0 sc/sc.cs4.cs
+1 −1 set_token/set_token.cs2.cs
+9 −0 set_token/set_token.cs4.cs
+1 −1 show_integrity/show_integrity.cs2.cs
+9 −0 show_integrity/show_integrity.cs4.cs
+1 −1 sysinfo/sysinfo.cs2.cs
+9 −0 sysinfo/sysinfo.cs4.cs
+1 −1 tcpconnect/tcpconnect.cs2.cs
+9 −0 tcpconnect/tcpconnect.cs4.cs
+1 −1 touch/touch.cs2.cs
+9 −0 touch/touch.cs4.cs
+1 −1 upload/upload.cs2.cs
+9 −0 upload/upload.cs4.cs
+1 −1 whoami/whoami.cs2.cs
+9 −0 whoami/whoami.cs4.cs
2 changes: 1 addition & 1 deletion net_assemblies
Submodule net_assemblies updated 13 files
+ bin/BadPotato-mod/BadPotato_net20_x64.exe
+ bin/BadPotato-mod/BadPotato_net35_x64.exe
+ bin/BadPotato-mod/BadPotato_net45_x64.exe
+ bin/BadPotato-mod/BadPotato_net46_x64.exe
+ bin/BadPotato-mod/BadPotato_net47_x64.exe
+ bin/BadPotato-mod/BadPotato_net48_x64.exe
+4 −4 bin/BadPotato-mod/README.md
+ bin/BadPotato-mod/badpotato_net40_x64.exe
+ bin/Dummy/dummy_net20_x64.exe
+ bin/Dummy/dummy_net40_x64.exe
+9 −7 bin/README.md
+ sources/BadPotato-mod.zip
+ sources/Dummy.zip

0 comments on commit 809d054

Please sign in to comment.