Skip to content

entropy-z/Kharon-Agent

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

19 Commits
agent_kharon
agent_kharon
 
 
listener_kharon_http
listener_kharon_http
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Kharon v0.1

Kharon is a fully PIC agent that operates without a reflective loader and includes evasion features such as sleep obfuscation, heap obfuscation during sleep, stack spoofing with indirect syscalls, BOF API proxy for spoofed/indirect BOF API executions, and AMSI/ETW bypass.

Modules

Kharon is compatible with the Extension-Kit and supports its own modules, available in the PostEx-Arsenal.
Modules can be loaded into the client using the kh_modules.axs script.

Setup

  1. Copy agent_kharon and listener_kharon_http into: AdaptixC2/AdaptixServer/extenders

  2. Inside of AdaptixServer folder run:

    go work use extenders/agent_kharon
go work use extenders/listener_kharon_http
go work sync

  3. Change directory to AdaptixC2 and run: make extenders

  4. Copy the src_beacon and src_loader from the AdaptixServer/extenders/agent_kharon to the dist/extenders/agent_kharon

  5. Set
    dist/extenders/agent_kharon/config.json dist/extenders/listener_kharon_http/config.json in profile.json

Example (profile.json):

"extenders": [
  "extenders/beacon_listener_http/config.json",
  "extenders/beacon_listener_smb/config.json",
  "extenders/beacon_listener_tcp/config.json",
  "extenders/beacon_agent/config.json",
  "extenders/gopher_listener_tcp/config.json",
  "extenders/gopher_agent/config.json",
  "extenders/agent_kharon/config.json",
  "extenders/listener_kharon_http/config.json"
]

Supported BOF API Proxy

Click to expand
  • VirtualAlloc
  • VirtualAllocEx
  • WriteProcessMemory
  • ReadProcessMemory
  • LoadLibraryA
  • VirtualProtect
  • VirtualProtectEx
  • NtSetContextThread
  • SetThreadContext
  • NtGetContextThread
  • GetThreadContext
  • CLRCreateInstance
  • CoInitialize
  • CoInitializeEx

Supported Beacon API

Click to expand
  • BeaconDataParse
  • BeaconDataInt
  • BeaconDataExtract
  • BeaconDataShort
  • BeaconDataLength
  • BeaconOutput
  • BeaconPrintf
  • BeaconAddValue
  • BeaconGetValue
  • BeaconRemoveValue
  • BeaconVirtualAlloc
  • BeaconVirtualProtect
  • BeaconVirtualAllocEx
  • BeaconVirtualProtectEx
  • BeaconIsAdmin
  • BeaconUseToken
  • BeaconRevertToken
  • BeaconOpenProcess
  • BeaconOpenThread
  • BeaconFormatAlloc
  • BeaconFormatAppend
  • BeaconFormatFree
  • BeaconFormatInt
  • BeaconFormatPrintf
  • BeaconFormatReset
  • BeaconFormatToString
  • BeaconWriteAPC
  • BeaconDripAlloc
  • BeaconGetSpawnTo

About

Agent for AdaptixC2 with focus in evasion, capability and malleable.

Resources

Readme

License

View license
Activity

Stars

115 stars

Watchers

5 watching

Forks

25 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages