Skip to content

V0.2.01-Alpha
Compare
Choose a tag to compare
@DragoQCC DragoQCC released this 06 Jul 14:15
· 53 commits to master since this release
v0.2.01-Alpha
e4d9b7c

This is a large update for the full patch notes and screenshots. Check out the change log here. https://docs.hardhat-c2.net/changelog/alpha-0.2-update-july-6-2023

• Implant
o Implants are now dynamic
 commands and modules are selected at compile time, and new ones can be loaded into the implant during execution
o Sleep Encryption & BOF execution are now optional modules
o Added RunAs & GetSystem commands
o Added BOF execution & in-memory PE execution commands
o Added commands to load new commands & modules
o Added command to view currently loaded commands
o Added a token store and token store command
o Decreased number of API calls made during shellcode execution and sleep encryption
o Download command updated to properly chunk data
 Currently set at 500 KB per sleep cycle, a 2000 KB file with a 5-second sleep cycle will take ~20 seconds to download.
o All commands have been updated to work with the new dynamic loading system
o When the sleep encryption module is loaded postEx sleep encryption will activate automatically
o Remove all P/Invoke signatures (except the new ones for BOF & RPC) now using all D/Invoke
 The remaining P/Invoke code will be replaced soon
o Whoami command now properly prints group names
o Updated default SpawnTo from calc.exe to notepad.exe
o Added ping command
o Added “/noDecoy” flag to InlineDLL to increase stability but skips module overloading
o Updated command logic to stream back data as it is received per sleep cycle
o Created DyanmicEngineerLoading DLL, which is packed during compile time

• Team Server
o Command read status is now tracked in the DB
o Account roles to active connections is now tracked in the DB
o Implant Tasking can now carry additional serialized objects between the client and team server at the time of tasking
o Alongside the client file preview feature, the code handling file downloads has been cleaned up and improved
o Code to handle BOF packing added
o Added code to handle sending dynamic commands and modules to implants
o Added new shellcode functions to help with "execute assembly"
o Improved JSON serialization & deserialization
o Added new objects to database tracking as required

• Client
o Commands that change user context (ex. Getsystem) now cause the UI to update, showing impersonation happened and updates the icons and notes as needed
o Added table column for notes on implants
 Notes can be added via the “options” dropdown on the implants page
o Added a new tab to the Implants page to see previously compiled implants
 This includes configured settings, included commands & modules, saved location, and download option
o Added icon to implant table and implant interact tab to show the number of tasks that the operator has not opened the panel/read the response for yet
o The unread tasks have markers to denote which ones they are
o Added client-side UI element to allow viewing of some file types inside the C2
 PDF, ZIP, and IMAGES formats
o Added command aliases, input on the interact tab can now contain “$hh_AliasName” and so long as the name is correct, it will be replaced with its assigned value
 This allows short-handing commands and command arguments
 Aliases can be nested, so an alias may contain another alias so long as it is a valid entry in the alias table
o Opsec enforcement has been activated
 commands at a high level produce a prompt asking for a second confirmation
 blocked opsec level prevents tasking
 team lead approval setting sends a notification to the team lead to approve or deny tasking
o Commands that create new implants (ex. Inject) will cause a dialog window to select the implant build options same as a normal creation
o Tasks now have a copy button in the header of the expansion panel to easily copy command text (ex. whoami)
o General UI improvements to support new features, cleanup layout, and improve use on different-sized screens
o Added multiple methods of command entry on the interact page,
 options can be changed via the settings
 When not using the autocomplete, a search bar has been added to still easily find commands
o Command history using the arrow keys has been updated and fixed
o Implants can be added to the interact page now via a “+” icon at the top of the interaction page
o Replaced xtabs with mudtabs on the interact page for easier closing and tracking
o Improved JSON serialization & deserialization
o Commands that send files to implants now have a “/local” flag that will read file content off of the client machine vs. the team server
o JWTs are now checked for expiration and make the user log in again if expired
o Updated implant creation to be a multi-step UI to present all the configuration options better
o File browser UI can now be browsed by entering a file path in the top bar, similar to the Windows file browser

Assets 2
Loading