UPDATE: SILENTTRINITY v0.3.0

2019-08-08T05:07:26
ID PENTESTIT:22C267364598D1660FB35C9475D821F9
Type pentestit
Reporter Black
Modified 2019-08-08T05:07:26

Description

PenTestIT RSS Feed

Just yesterday, I wrote about this open source post-exploitation C2 framework and a new release is already available. The post was titled - List of Open Source C2 Post-Exploitation Frameworks. We now have SILENTTRINITY v0.3.0 amongst us, which was in the works for a long time! The framework now supports multi-user collaboration and has a client/server architecture. Basically, it is a complete re-write of the old version.

SILENTTRINITY v0.3.0

What is SILENTTRINITY?

> SILENTTRINITY is a modern, asynchronous, multiplayer & multiserver C2/post-exploitation framework powered by Python 3 and .NETs DLR. It implements the Bring Your Own Interpreter approach that allows you to dynamically access .NET API from a scripting language of your choosing, without using Powershell! This is done by embedding an entire interpreter inside of a C# binary!

SILENTTRINITY v0.3.0 Change log:

  • Dynamic Evaluation/Compilation Using .NET Scripting Languages - The SILENTTRINITY implant Naga, is somewhat unique as it uses embedded third-party .NET scripting languages (e.g. Boolang) to dynamically compile/evaluate tasks, this removes the need to compile tasks server side, allows for real-time editing of modules, provides greater flexibilty and stealth over traditional C# based payloads and makes everything much more light-weight.
  • ECDHE Encrypted C2 Communication - SILENTTRINITY uses Ephemeral Elliptic Curve Diffie-Hellman Key Exchange to encrypt all C2 traffic between the Teamserver and its implant.

A new C# stager implant - Naga was introduced which helps you compile, and run Boo lang code. I did not know about Boo until recently. In short, Boo is a language for .Net which appeals to a variety of users due to it's clean syntax and powerful extensibility features. It is statically compiled, running at the same speed as C# and assemblies produced by one .Net language can be used by another, so fully interoperable!

Teamserver modules were also fixed. Modules such as excelshellinject - which executes arbitrary shell code using Excel COM objects, execute-assembly - which executes a .NET assembly in memory and a new modules such as internalmonologue - which executes the Internal Monologue attack were also added!

Download SILENTTRINITY:

Check out the SILENTTRINITY v0.3.0 from its GitHub page now!

The post UPDATE: SILENTTRINITY v0.3.0 appeared first on PenTestIT.