nvm

When creating HTTPs listener, it requires a uri but can't enter it due to it being grayed out in the process of creation

When installing the Havoc client according to the documentation,
using Ubuntu 22.04,
the following error is encountered:

[  4%] Building CXX object CMakeFiles/Havoc.dir/Havoc_autogen/mocs_compilation.cpp.o
In file included from /Build/Build/Havoc_autogen/BEIJ4H4JXG/../../../Include/UserInterface/Widgets/SessionGraph.hpp:4,
                 from /Build/Build/Havoc_autogen/BEIJ4H4JXG/moc_SessionGraph.cpp:10,
                 from /Build/Build/Havoc_autogen/mocs_compilation.cpp:2:
/Build/Include/global.hpp:43:10: fatal error: Python.h: No such file or directory
   43 | #include <Python.h>
      |          ^~~~~~~~~~
compilation terminated.
gmake[2]: *** [CMakeFiles/Havoc.dir/build.make:112: CMakeFiles/Havoc.dir/Havoc_autogen/mocs_compilation.cpp.o] Error 1
gmake[1]: *** [CMakeFiles/Makefile2:84: CMakeFiles/Havoc.dir/all] Error 2
gmake: *** [Makefile:91: all] Error 2

The following python-related packages have been installed:

python3-all-dev 
libpython3.9-dev
python3
python3-dev

Expected behaviour is that the installed Python.h from libpython3.9-dev is found during the search.

Detecting OS Issues

• Detects host system as Windows 10 when running a demon on Windows 11.
• Checkin command shows x86 instead of x64 and can't determine OS correctly

Injection Issues

When running the command: shellcode inject x64 /home/kali/Github/donut/payload.bin the following is observed

• When trying to inject into task manager on Windows 11 it gives an error "Error Access denied" but demon is running with same privileges as task manager so not sure what the issue is and both are x64 bit processes,
• When trying to inject into notepad it looks like it's been successful but it never connects back
• It does work fine for most other processes though

dir unicode for multiple language support.

also the max zoom out is not enough, especially with longer beacon chains. Maybe increase the maximum zoom out.

• Trying to remove a dead demon doesn't seem to work. It just stays there.
• Would it be possible when exiting a demon via the GUI to give an option for thread or process as per cli?
• When exiting a demon it doesn't automatically mark it as dead. Not sure if this is by design or an issue
• When exiting a demon, sometimes the timer keeps going up even though the process has been terminated. To the user via GUI this looks like the demon is still active and when you mark it as dead it comes back to life as the timer keeps increasing

the 2 blank fields are dead and cant be edited.

Running help dotnet list-versions returns some incorrect information:

• The command shows that it accepts args
• The command behavior is marked as fork & run

Location:

dotnet inject is still a placeholder command it seems. Doesnt task beacon or anything

Since you create a process as suspended, shouldn't there be a resume somewhere?

Freshly installed Ubuntu 20.04LTS has outdated cmake (3.16.3, needs 3.19) which does not update via apt.

this fixes it, add it to documentation
https://askubuntu.com/questions/829310/how-to-upgrade-cmake-in-ubuntu

Change .havoc dir to normal directory to be easily found for engagements to grab the screenshots etc...

Running the command net users works as expected
Running command net localgroup kills the demon

SMB/HTTP DLL not getting (or even loaded after checking the modules) executed after being injected on process attach via process hacker

Requirements on kali.

Teamserver reqs:
go mod download golang.org/x/sys
go mod download github.com/ugorji/go

client reqs:
qtbase5-dev
libqt5websockets5-dev
libspdlog-dev
python3-dev
libboost-all-dev

multiple callback hosts/redirectors

On a smb demon, did dir C:\Windows and the proc list
and the parent disconnected
Parent was http ekko, smb was foliage

If token make is sent without \ in the username, the Teamserver will crash.

Fix: Ensure the array values exist after the string split before accessing them.

Issue Location:

Reproduction

Command sent: token make user pass

Crash:

panic: runtime error: index out of range [1] with length 1

goroutine 9 [running]:
github.com/Cracked5pider/Havoc/teamserver/pkg/demons.TaskPrepare({0xc0002c4c80?, 0xc00042ad88?}, 0x28, {0xae6c20?, 0xc0007ee810})
        /home/kali/Desktop/Havoc/Teamserver/pkg/demons/demons.go:1177 +0x62ec
github.com/Cracked5pider/Havoc/teamserver/pkg/teamserver.(*Teamserver).DispatchEvent(0xc000336900, {{0x7, {0xc0002c4c98, 0x6}, {0xc0007e8cd8, 0x13}, {0x0, 0x0}}, {0x3, 0xc0007ee810}})
        /home/kali/Desktop/Havoc/Teamserver/pkg/teamserver/dispatch.go:89 +0x361d
github.com/Cracked5pider/Havoc/teamserver/pkg/teamserver.(*Teamserver).handleRequest(0xc000336900, {0xc000029936, 0x6})
        /home/kali/Desktop/Havoc/Teamserver/pkg/teamserver/teamserver.go:299 +0x1425
created by github.com/Cracked5pider/Havoc/teamserver/pkg/teamserver.(*Teamserver).Start.func2
        /home/kali/Desktop/Havoc/Teamserver/pkg/teamserver/teamserver.go:91 +0x1f7

close the window before a payload finishes generating and try doing it again and it wont do anything until the first one compiles. maybe print a box saying compilation already in progress or something

A small note to myself to rewrite the buggy net module, adding more error checks to make it as stable as possible.

last callback needs a date, or can be done like CS where it shows time since last callback in hours days etc. milliseconds may not be necessary to display

• When running the command proc kill it doen't terminate the process.
• proc getpid not returning anything

crashes on domain joined hosts

maybe have the bof write output to a pipe and the agent can read it on wake. and dont encrypt the bof memory ofc.
Austin suggestion for the implementation:

write a position indendent bof loader, inject it with the BOF, go to sleep. IF the COFF needs to write output, design the BeaconPrintf() API to write to a pipe to read it from the agent.

When opening the File Manager UI the Demon will populate the File Manager Directory Tree with the current directory of the demon's executable path.

When typing a new path in the File Manager path box and pressing ENTER, the new results are shown under a new "root" folder instead of being "merged" with the existing results. In this case I requested the path C:\ and the results were returned under a blank root folder, resulting in duplicated folder icons (two Users folders).

from #20

1. Problems with ACCESS DENIED despite having privs
2. No callback after successful injection in some cases

Stability Issues

I observed that when connecting to a TeamServer, and promptly deleting the connection dialog from another Havoc process on the same host would result in a generic SEGFAULT. I'll dig into this further and see where I can help, I have a feeling its some UAF issue that may have arose.

Useability

Differentiate between dialogs of 'Headers' and 'URI''s. Currently, the behavior is to display the following:

When selecting either 'Headers' or 'URI's to insert into the listener dialog. Nothing major, maybe a documentation or useability improvement in the future.

I'll ensure I document any further issues I uncover, and see if I can help out with existing issues.

Auto-complete on path args

for example dll spawn /home/t (tab tab) to autocomplete

Remote pivot smb does not work

From #20

HTTP -<>-SMB -<>- SMB
^ this smb beacon doesnt work

it registers but never calls for taskings

Utilizing remove button after an implant dies does not remove from console

After running ./Build.sh successfully

Linux 5.10.16.3-microsoft-standard-WSL2
Distributor ID: Ubuntu
Description:    Ubuntu 20.04.5 LTS
Release:        20.04
Codename:       focal

x64 exe demon

cat like command to read files

shellcode spawn commands crashes the GUI
OS: POP OS (Ubuntu distro based)

BOFs in general seem broken. Here's a simple test BOF.

#include <windows.h>
#include <stdio.h>
#include <tlhelp32.h>
#include "../../beacon.h"
DECLSPEC_IMPORT DWORD WINAPI KERNEL32$ExitProcess(UINT);

void go(char * args, int length) {
   KERNEL32$ExitProcess(0);
}

this is a simple ExitProcess BOF, and the output is

12-09-2022 02:32:43 [codex] Demon » inline-execute /root/Desktop/cobaltstrike/BOFs/exitprocess/exitprocess.x64.o
[*] [C1BF8A65] Tasked demon to execute an object file: /root/Desktop/cobaltstrike/BOFs/exitprocess/exitprocess.x64.o
[+] Send Task to Agent [1087 bytes]
[!] Symbol not found: $unwind$go
[!] Failed to execute object file [1]

(the process did not exit)

Ignore Building folders, profiles and more (maybe go related stuff can also be ignored?).

Running command config implant.verbose terminates the GUI with a segmentation fault error

Chekin command

proc list

also do not forget to remove the <-- you are here message

New issue, codex opening weird issues that can happen only on different dimension.