Categories: Kali Linux

SILENTTRINITY – A Post-Exploitation Agent Powered By Python, IronPython, C#/.NET

SILENTTRINITY is a post-exploitation agent powered by Python, IronPython, C#/.NET.

SILENTTRINITY Requirements

  • Server requires Python >= 3.7
  • SILENTTRINITY C# implant requires .NET >= 4.5

Also ReadAutoRDPwn – The Shadow Attack Framework

Notes

.NET runtime support

The implant needs .NET 4.5 or greater due to the IronPython DLLs being compiled against .NET 4.0, also there is no ZipArchive .NET library prior to 4.5 which the implant relies upon to download the initial stage containing the IronPython DLLs and the main Python code.

Reading the source for the IronPython Compiler it seems like we can get around the first issue by directly generating IL code through IKVM (I still don’t understand why this works). However this would require modifying the compiler to generate a completely new EXE stub (definitely feasible, just time consuming to find the proper IKVM API calls).

C2 Comms

Currently the implant only supports C2 over HTTP 1.1, .NET 4.5 seems to have a native WebSocket library which makes implementing a WS C2 channel more than possible.

HTTP/2 client support for .NET’s HttpClient API is in the works, just not yet released.

The implant and server design are very much “future proof” which should make implementing these C2 Channels pretty trivial when the time comes.

Python Standard Library

We technically could load/use IronPython’s stdlib instead of calling .NET APIs but this would require writing some “magic” dependency resolving code.

R K

Recent Posts

Playwright-MCP : A Powerful Tool For Browser Automation

Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…

2 months ago

JBDev : A Tool For Jailbreak And TrollStore Development

JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…

2 months ago

Kereva LLM Code Scanner : A Revolutionary Tool For Python Applications Using LLMs

The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…

2 months ago

Nuclei-Templates-Labs : A Hands-On Security Testing Playground

Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…

2 months ago

SSH-Stealer : The Stealthy Threat Of Advanced Credential Theft

SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…

2 months ago

ollvm-unflattener : A Tool For Reversing Control Flow Flattening In OLLVM

Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…

2 months ago