-
Notifications
You must be signed in to change notification settings - Fork 124
Changelog
HuskyHacks edited this page Mar 12, 2022
·
13 revisions
Changelog for OffensiveNotion
Released!
Done
- Quickstart
- Install
- Agent interaction
- Commands
- Linux commands
- Windows commands
- YARA Rules
- Python Setup Script for config options
- Dynamic Docker container spin up/tear down for agent generation
- Parse args for Docker build options
- Commands:
-
shell
-
cd
-
download
-
ps
-
pwd
-
save
-
shutdown
-
sleep [#]
to adjust callback
-
Done
-
Jitter interval for callback time
-
Commands:
-
getprivs
-
sleep [#][%]
to adjust callback and jitter -
portscan
-
-
Linux
elevate sudo
-
Windows
elevate fodhelper
-
Linux
persist bashrc
-
Linux
persist cron
-
Linux
persist service
-
Windows
inject
-
Windows
persist startup
-
Windows
persist registry
-
Persist:
- Windows
persist schtasks
- (Bonus)
wmic
- Windows
Done
- Compiles with Notion icon
- Mirror the notion.ico file 😈 (slightly red tint to logo)
- "Web delivery" via Flask and one-liner for remote download/exec (https://www.offensive-security.com/metasploit-unleashed/web-delivery/)
- Agent checks in by POSTing hostname and username to page title with asterisk if in an admin context (getprivs at checkin)
- Agent can spawn in kiosk mode Notion.so page at startup
For Next Release
- Linux
persist rc.local
- Linux
inject
(more of a shellcode runner than injection) - Windows
runas
(SCshell) - Windows
inject-assembly
(⚠️ large lift⚠️ ) - (Bonus) Windows
persist comhijack
- (Bonus) Windows
persist xll