Get Process Elevated, Architecture, and Domain data for registration
An00bRektn opened this issue · 0 comments
An00bRektn commented
Part of the registration spec on Havoc is to provide the following information:
# Register info:
# - AgentID : int [needed]
# - Hostname : str [needed]
# - Username : str [needed]
# - Domain : str [optional]
# - InternalIP : str [needed]
# - Process Path : str [needed]
# - Process Name : str [needed]
# - Process ID : int [needed]
# - Process Parent ID : int [optional]
# - Process Arch : str [needed]
# - Process Elevated : int [needed]
# - OS Build : str [needed]
# - OS Version : str [needed]
# - OS Arch : str [optional]
# - Sleep : int [optional]While developing, I forgot to implement checks for the following:
- Process Elevated
- Process Arch
- Domain
We might need to create some additional enumeration functions for the domain check, and I have yet to look into the process elevated/arch stuff.