11 Years of Service
18%
SILENTTRINITY
An asynchronous post-exploitation agent powered by Python, IronPython, C# and .NET's DLR
Requirements
How it works
Notes
.NET runtime support
The implant needs .NET 4.5 or greater due to the IronPython DLLs being compiled against .NET 4.0, also there is no ZipArchive .NET library prior to 4.5 which the implant relies upon to download the initial stage containing the IronPython DLLs and the main Python code.
Reading the source for the it seems like we can get around the first issue by directly generating IL code through IKVM (I still don't understand why this works). However this would require modifying the compiler to generate a completely new EXE stub (definitely feasible, just time consuming to find the proper IKVM API calls).
C2 Comms
Currently the implant only supports C2 over HTTP 1.1, .NET 4.5 seems to have a native WebSocket library which makes implementing a WS C2 channel more than possible.
HTTP/2 client support for .NET's HttpClient API is in the works, just not yet released.
The implant and server design are very much "future proof" which should make implementing these C2 Channels pretty trivial when the time comes.
COM Interop
We could possibly leaverage this to use IE's COM object to do C2 ala
Python Standard Library
We technically could load/use IronPython's stdlib instead of calling .NET APIs but this would require writing some "magic" dependency resolving code.
Possibly could modify to do this automagically.
Inject into unmanaged process
RPC
We might want to implement a fully fledged RPC that proxies objects between C# and Python. This could be interesting...
Development Environment
You can refer to the If you need some help setting up your environment.
Reporting issues
Reporting any issue will be appreciated, but please, feel free to use this .
This link is hidden for visitors. Please Log in or register now.
An asynchronous post-exploitation agent powered by Python, IronPython, C# and .NET's DLR
Requirements
- Server requires Python >= 3.7
- SILENTTRINITY C# implant requires .NET >= 4.5
How it works
This link is hidden for visitors. Please Log in or register now.
Notes
.NET runtime support
The implant needs .NET 4.5 or greater due to the IronPython DLLs being compiled against .NET 4.0, also there is no ZipArchive .NET library prior to 4.5 which the implant relies upon to download the initial stage containing the IronPython DLLs and the main Python code.
Reading the source for the it seems like we can get around the first issue by directly generating IL code through IKVM (I still don't understand why this works). However this would require modifying the compiler to generate a completely new EXE stub (definitely feasible, just time consuming to find the proper IKVM API calls).
C2 Comms
Currently the implant only supports C2 over HTTP 1.1, .NET 4.5 seems to have a native WebSocket library which makes implementing a WS C2 channel more than possible.
HTTP/2 client support for .NET's HttpClient API is in the works, just not yet released.
The implant and server design are very much "future proof" which should make implementing these C2 Channels pretty trivial when the time comes.
COM Interop
We could possibly leaverage this to use IE's COM object to do C2 ala
Python Standard Library
We technically could load/use IronPython's stdlib instead of calling .NET APIs but this would require writing some "magic" dependency resolving code.
Possibly could modify to do this automagically.
Inject into unmanaged process
RPC
We might want to implement a fully fledged RPC that proxies objects between C# and Python. This could be interesting...
Development Environment
You can refer to the If you need some help setting up your environment.
Reporting issues
Reporting any issue will be appreciated, but please, feel free to use this .
Source & Ref.