Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Obfuscation base64 with CMD #3105

Open
MarineLeM opened this issue Dec 10, 2024 · 1 comment
Open

Obfuscation base64 with CMD #3105

MarineLeM opened this issue Dec 10, 2024 · 1 comment
Labels
question

Comments

@MarineLeM
Copy link

The Base64 obfuscation works well with PowerShell and sh executors, but it does not seem to work with the cmd executor.

When I checked the code, I found that the functions responsible for obfuscating commands are implemented specifically for psh and sh, but not for cmd.
To further investigate, I analyzed the network traffic and observed the HTTP requests between Caldera and the agent. For PowerShell, the command was obfuscated

powershell -Enc ZQBjAGgAbwAgAGgAZQBsAGwAbwAgAHcAbwByAGwAZAA=

However, for cmd, the command was in plain text.

echo hello world

My questions are:

  • Does the Base64 obfuscation feature support the cmd executor?
  • If not, is it technically possible to implement Base64 obfuscation for cmd commands?
@github-actions GitHub Actions
Copy link

Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MarineLeM