Coder Social home page Coder Social logo

vvx7 / nicodemus Goto Github PK

View Code? Open in Web Editor NEW
32.0 2.0 6.0 49 KB

A cross-platform Nim implant for Prelude Operator

License: GNU General Public License v3.0

Nim 90.29% Shell 9.71%
nim pneuma adversary-emulation red-team implant operator redteam rat ost

nicodemus's Introduction

Nicodemus

Nicodemus is a cross-platform Nim implant for the Prelude Operator adversary emulation platform.

It's a port of Pneuma and intended as a reference implementation for those thinking about writing their own Operator agent in Nim. Where possible, Nicodemus' code closely resembles that of Pneuma.

Getting started

Use build.sh to compile Nicodemus for the host OS and Windows build target.

Run the compiled agent to connect on the default TCP address. For help use the -h command switch.

Linux

  1. Install Nim.
  2. Install dependencies with Nimble.
    • cd nicodemus/ && nimble install
  3. Install MinGW-w64 toolchain.
    • Ubuntu: apt install mingw-w64
  4. Compile agent for build targets.
    • ./build.sh

MacOS

  1. Install Nim.
  2. Install dependencies with Nimble.
    • cd nicodemus/ && nimble install
  3. Install MinGW-w64 toolchain.
    • OSX: brew install mingw-w64
  4. Compile agent for build targets.
    • ./build.sh

Cross-compiling

Nim cross-compiling is documented here.

Check out this Docker image for easy cross-compiling. You'll need to install any nimble packages required by this project first.

You can use the docker-build.sh script to automatically cross-compile amd64 versions for Mac, Linux, and Windows through the docker using this:

docker run --rm -v `pwd`:/usr/local/src \
  chrishellerappsian/docker-nim-cross:latest ./build-docker.sh

Use without Operator

Nicodemus is a port of Pneuma so it's meant to be used with Prelude Operator. If you want to use a different C2 you'll need to structure messages so that Nicodemus understands. See Pneuma beacon documentation for more detail.

C2 Instruction

{
  ID: "067e99fb-f88f-49a8-aadc-b5cadf3438d4",
  ttp: "0b726950-11fc-4b15-a7d3-0d6e9cfdbeab",
  tactic: "discovery",
  Executor: "sh",
  Request: "whoami",
  Payload: "https://s3.amazonaws.com/operator.payloads/demo.exe",
}

Agent Beacon

{
  "Name": "test",
  "Location": "/tmp/me.go"
  "Platform": "darwin",
  "Executors": ["sh"],
  "Range": "red",
  "Pwd": "/tmp",
  "Links": []
}

Links

{
  "ID": "123",
  "Executor": "sh",
  "Payload: "",
  "Request": "whoami",
  "Response: "",
  "Status: 0,
  "Pid": 0
}

Channel selection

Nicodemus currently supports TCP, UDP and HTTP.

TCP

./main --contact=tcp --address=127.0.0.1 --port=2323

UDP

./main --contact=udp --address=127.0.0.1 --port=4545

HTTP

./main --contact=http --address=http://127.0.0.1 --port=3391

Coming soon

nicodemus's People

Contributors

khyberspache avatar vvx7 avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar

Forkers

gavz superuser5 defencelogic yougar0 opensesamedoors

nicodemus's Issues

Add compile step

I'm new to Nim and it took me a hot minute to realize I needed the compile step before running the agent start command. I'd toss this into the README to help other newbies like myself.

Executors using macOS instead of darwin

I could be missing a reference after a quick glance at the executors file - but it looks like its using "macos" instead of "darwin' as the platform name. As a result, I'm getting "no executors found" for Mac TTPs.

Make compatible for Operator ingestion

This agent is a GREAT first agent we'd (Prelude) be interested in making available by default within Operator via the AgentLibrary plugin.

If you'd be willing, we just need to you make 2 changes to this code to make it work:

  1. Add a build.sh file at the project root, with the command which will compile the agent into an executable (check Pneuma for an example, for each supported OS).

@khyberspache this is all that needs to be done from the agent-side, correct?

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.