asmoliak / specter Goto Github PK

Add the ability for the program to persist without elevation, you can utilize the Run registry key.

For admin we'll create a different method.

It's frustrating how many of the handles and stuff need to be manually freed. Find or develop RAII wrapping utils to keep our code safe from resource leaks and faciliate easier usage of exceptions.

We'll need to create the GUI that can serve some basic functionality.

In general there needs to be several parts:

• Active client list - a large table where all active clients can be seen. It'll show some basic information on the client: IP, ID, username, OS.
• Client window - a window that will eventually contain all of the actions we can do per-client. We'll need an information tab initially. The information will should be pulled from a file, as each client's information should always be available offline. new instances can overwrite it. There should be a separate tab for each information window.

The System Information Gathering component is often the first interaction a server has with a client in a Remote Access Tool. This part is crucial for assessing the capabilities and settings of the client system. Here's an in-depth look at what you might want to include:

Miscellaneous:
Environment Variables: Could be useful for understanding the system's setup.
Screen Resolution: For potential remote desktop functionality later.
Battery Information: If it's a laptop, battery status could be useful.

This is a lot, but you don't have to collect all of this information. Depending on your project's goals, you can decide which of these would be most relevant. When you implement this, make sure you're organizing the data in a way that's easy to transmit, store, and parse. Typically, you'd use a serialization format like JSON or XML for this purpose.

Create an installer for the server, and a proper cleanup mechanism when the server is uninstalled.

Find the ultimate project structure.
Attached is GPT's suggestion, worth modifying a bit. My main concern is the split between the /tests and the /src.

gpt_suggested_project_structure.txt

On uninstall, IP2LOCATION-LITE-DB1.BIN.ZIP isn't getting deleted.
This happened after updating the geolocation db, so idk if it's related.

Design and create keylogging functionality that you can enable for the bots

Develop means to upgrade the endpoints from afar!

Let's send uptime as seconds to the server as a number instead of formatting it at the endpoint, for efficiency.

Creating a remote command shell is a critical aspect of any RAT, with it you can do almost anything.

Software Information:
Installed Applications: A list of all installed applications along with their versions.
Start-up Programs: Programs that run at startup.
Installed Drivers: A list of all installed device drivers.
System Services: Status of various system services.

Create a deployer that installs Specter as a Service and runs it on startup with admin privileges

Research on how to check if your libs such as boost_exception-vc140-mt have LTCG enabled.

Once that's done, and you've confirmed that LTCG is indeed not enabled on the libs, find a way to enable them in a non-invasive way.

Gather the following fields, I'd like to see them in one window per endpoint.

Operating System: Version, build number, type (32-bit or 64-bit), and any service packs or updates installed.
Computer Name: The name assigned to the machine.
User Information: The name of the logged-in user

Create a persistent deployer that runs regardless of administrative settings

Firewall: Is it enabled or disabled? What are the settings?
Antivirus: Is antivirus software installed? What is its status?
System Updates: Are all security patches and system updates installed?

Processor (CPU): Type, speed, number of cores, architecture.
Memory (RAM): Total size, used and free space.
Hard Disk: Total size, used and free space, partition information.
Graphics Card: Type, VRAM.
Network Adapters: Active connections, speeds, types (Ethernet, Wi-Fi).
USB Devices: List of connected USB devices.
IP Address: Both local and public IP addresses.
MAC Address: For each network adapter.
Other Hardware: Such as webcams, microphones, etc.

Currently, the UUID we're using is the Serial Number of the C:\ volume:

GPT says it can be changed by software with admin rights. This means that an attacker can change the UUID to fuck with the server.
Consider using the technique outlined in this project: https://www.codeproject.com/Articles/319181/Searching-for-a-Reliable-Hardware-ID

Far more complicated, but more foolproof.

Create a mechanism to allow displaying the flags in the GUI ListView

Develop the Specter Builder GUI or command line.

Within it, we should be able to configure several fields, for now, just the following:

• Program name - Critical, determines the name of the binary we deploy.
• Server URL - The URL, can either be detected automatically based on the settings, or manually inputted
• Server PORT - Same as above.
• GUID - Should be different per binary, auto-generated.

In the future, we can add more functionality for further customization of the Specter builds, but we'll need the basic infrastructure built first.

Need to sign the server and keep it safe

Add protobuf or some other language neutral language for structuring and serializing messages.
We'll need it to have a stable contract for communicating with the server.