NimPlant v1.4 - Black Hat Edition #33

chvancooten · 2024-08-03T18:11:19Z

NimPlant is back for Black Hat season! This release adds a fully-featured Rust implant besides the "classic" Nim version. The Rust implant is written from scratch and is designed to be more conscious about memory management (e.g. configuration parsing), while supporting all the goodies that the Nim version does¹. The release also adds Docker for all your (cross-)compilation or server hosting needs - without the dependency issues!

New features

Added fully-featured, Rust-based implant 🦀🎉
Added Dockerfile to allow easy compilation and server portability without dependency issues
- Docker image is published to chvancooten/nimplant by CI/CD
- Added example docker-compose.yml that demonstrates how to use Nginx as reverse proxy

Enhancements

Replace manual argument parsing with argparse in nimplant.py helper script (939ed19)
Various enhancements to CI/CD pipeline

Bugfixes

Improve argument parsing and transmission (close Execute Assembly not parsing arguments correctly #21)
Fix bug with server exit logic when nimplants are late (74a581f)
Fix bug where jitter was set incorrectly (ee98e2d)

Other

Added strings_test.yar to allow opsec checks on disk and/or in-memory
Added VS Code devcontainer configuration
Update dependencies for GUI and Python components

¹ Sleep masking not yet supported for the Rust implant.

…ring

…te README

…into dev

…n Rust output

…dency

…ME, fix Python wrapper long lines

… Rust toolchain definition

… to iron out

Add self-deleting implant for Rust

…ffee struct instead

…ey issue

chvancooten added 30 commits March 9, 2024 22:58

Improve command parsing: transmit args json list instead of quoted st…

0b9f6d4

…ring

Fix bug with server exit logic when nimplants are late

74a581f

Initial commit of nimplant-rs, integrate rust compilation (WIP), upda…

b663c3a

…te README

Update README.md, add another TODO

7282801

Add cross-compilation with pre-built libsodium

2919551

Add Dockerfile + docs, add check for rust opsec profile

f2bb0c4

Update README.md

cc71eba

Update libsodium requirement

56cfaf2

Fix libsodium static linking for mingw

d8698e2

Restructure Rust modules and add DLL compilation option

aeccc52

Merge branch 'dev' of https://github.com/chvancooten/nimplant-private …

7d0aab8

…into dev

Replace rust --target-dir option with custom post-processing for clea…

c74d2f2

…n Rust output

Add Shellcode generation with sRDI (WIP)

11dafd9

Remove erroneously exported beacon API functions when compiling to DLL

94611e1

Move opsec check to avoid duplicate messages, replace libsodium depen…

224e018

…dency

Add default target for Rust, tweak GNU compiler defaults, update READ…

47afb1b

…ME, fix Python wrapper long lines

Replace manual argument parsing with argparse

939ed19

Fix more linting warnings, a.o. renaming main nimplant.py module

e18a5ae

Add devcontainer

349f181

Update devcontainer, fix bug with compilation command spacing, update…

d627086

… Rust toolchain definition

Update CI/CD (Untested)

901b203

Update CI/CD: Remove Windows build, fix python issue

34b7306

Rename NimPlant.py to nimplant.py

1921ca2

Update CI/CD to (temporarily) only compile rust exe

f535924

Update CI/CD to build container first and then paralellize

34ab480

Update CI/CD to fix paths between matrix builds

28544b5

Fix CI/CD paths again

786b70a

Update TODO's

f916202

Update CI/CD

85cc5af

Bump deprecated CI/CD actions

ea9a459

chvancooten added 29 commits June 16, 2024 19:41

(WIP) Initial framework of exe self-delete in Rust, still some errors…

a02c978

… to iron out

Add selfdelete for rust

845d8fa

Fix compilation warning in release mode, add TODO

19692ea

Merge pull request #32 from chvancooten/feat-self-delete-rs

d3a883d

Add self-deleting implant for Rust

Fix unused import error for non-selfdelete

f3d6deb

Fix critical bug with BOFF statics persisting, refactor to use the Co…

ed17f69

…ffee struct instead

Update wrong comments

e992cca

Update CI/CD to upload to Docker Hub, update README

34f8cf6

Update CI/CD name

4b17025

Fix CI/CD and remove username from secrets

deb290c

Fix CI/CD

005e7bb

Fix CI/CD, update README with link from

4741001

Fix CI/CD

8b501ff

Fix "unknown command" bug with command capitalization in rust

9783fe0

Bump version numbers to v1.4

62f3f44

Bump UI dependencies

7f10579

Rebuild frontend for v1.4

06aa7ee

Fix bug where Nimplant Jitter was set to sleep time on first check-in

ee98e2d

Refactor http module to support file identifier in get_request function

024dc0a

Update .dockerignore

0d4e819

Add docker-compose example with nginx, update README.md

ff59ff6

Update docker example to mount whole NimPlant folder to prevent .xork…

c8352c1

…ey issue

Add tty/stdin to docker example to fix console bug

3e9d755

Update docker-compose to sync host timezone, update README

42ee1ca

👁️👅👁️

4b8f9e6

Update strings_test.yar

d78a3f7

Bump UI requirements

cca7876

Recompile GUI

7eb5070

Bump Python & Rust dependencies

fd17dfb

chvancooten merged commit bffd0bc into main Aug 3, 2024
3 checks passed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

NimPlant v1.4 - Black Hat Edition #33

NimPlant v1.4 - Black Hat Edition #33

chvancooten commented Aug 3, 2024

NimPlant v1.4 - Black Hat Edition #33

NimPlant v1.4 - Black Hat Edition #33

Conversation

chvancooten commented Aug 3, 2024