Skip to content

Changelog

pikachu edited this page May 30, 2022 · 1 revision

Changelog for OffensiveNotion

Working (dev 1.3.0)

v1.2.0 - "Damascus"

  • Build artifacts now contain debug versions for all OS.
  • sysinfo module acts as a one-stop shop for enumerating the host (early working prototype)
  • Execution guardrail checks for hostname, username, and (on Windows only) domain name.
  • config command can change agent configs on the fly.
  • Agent check-ins now have an emoji icon on the page: 💲 for low priv, #️⃣ for high priv.
  • Litcrypt string encryption.

v1.1.0 - "Steel"

  • Added macOS agent.
  • Added selfdestruct command.
  • Added inject self for shellcode injection. Uses a CreateThread pattern to inject shellcode into the running agent process and execute it as a thread.
  • Refactored main.py where it is now executed by Docker from the physical host.
  • Numerous changes to main.py's logic.
  • Refactored container build to be much faster.
  • Added requirements.txt to repo.
  • README and Wiki changes to reflect changed/new capabilities.

v1.0.0 - "Iron Age"

MUST

Done

Documentation

  • Quickstart
  • Install
  • Agent interaction
    • Commands
    • Linux commands
    • Windows commands

Misc

  • YARA Rules

Setup

  • Python Setup Script for config options
  • Dynamic Docker container spin up/tear down for agent generation
  • Parse args for Docker build options

Agent

  • Commands:
    • shell
    • cd
    • download
    • ps
    • pwd
    • save
    • shutdown
    • sleep [#] to adjust callback

SHOULD

Done

Agent

  • Jitter interval for callback time

  • Commands:

    • getprivs
    • sleep [#][%] to adjust callback and jitter
    • portscan
  • Linux elevate sudo

  • Windows elevate fodhelper

  • Linux persist bashrc

  • Linux persist cron

  • Linux persist service

  • Windows inject

  • Windows persist startup

  • Windows persist registry

  • Persist:

    • Windows persist schtasks
    • (Bonus) wmic

COULD

Done
  • Compiles with Notion icon
  • Mirror the notion.ico file 😈 (slightly red tint to logo)
  • "Web delivery" via Flask and one-liner for remote download/exec (https://www.offensive-security.com/metasploit-unleashed/web-delivery/)
  • Agent checks in by POSTing hostname and username to page title with asterisk if in an admin context (getprivs at checkin)
  • Agent can spawn in kiosk mode Notion.so page at startup
For Next Release
  • Linux persist rc.local
  • Linux inject (more of a shellcode runner than injection)
  • Windows runas (SCshell)
  • Windows inject-assembly (⚠️ large lift ⚠️)
  • (Bonus) Windows persist comhijack
  • (Bonus) Windows persist xll