its-a-feature
commented
3 years ago The raw shellcode options that are generated by Apollo and atlas leverage https://github.com/TheWover/donut to convert the .NET code to PIC shellcode. At that point you have a few options:
- generate the raw shellcode and then use a script like https://gist.github.com/mgeeky/43d7b5c5ee2338ff8580f0a2c2d30555 to convert that binary file to a c array for inclusion in other projects
- modify the agent you're interested in to automatically return what you're interested in. As an example for Apollo: https://github.com/MythicAgents/Apollo/blob/master/Payload_Type/apollo/mythic/agent_functions/builder.py#L26 <--- modify this line to add your additional option, such as "c-array". https://github.com/MythicAgents/Apollo/blob/master/Payload_Type/apollo/mythic/agent_functions/builder.py#L131 <--- modify this to be "shellcode" or your new addition like "c-array" so that you'll fall through to the donut section for your choice as well. https://github.com/MythicAgents/Apollo/blob/master/Payload_Type/apollo/mythic/agent_functions/builder.py#L156 <--- check if your option is shellcode (if so, return this like normal), if your option is "c-array" then continue on to what you want to do (return a c array based on that binary file) and just make sure your final string is in
resp.payload.
With that second option you'll be able to automatically keep generating your c-arrays without having to run scripts locally.
I have been using mythic for doing some amazing Red Team engagements. For MAC envs, Mythic is my go to. KUDOS to you people! However, when I generated payload for windows, I got blocked by defender and EDR solutions. Then I had to write my own shell code and .NET wrapper to evade both of them. I wanted to check if I can use the raw shell code generated by mythic in my wrapper to make a connect back to C2. Right now it's meagre reverse shell on Metasploit. I just need a way to convert raw shell code to C format shell code which I can use in my payload generation.