MythicAgents/Athena

reg plugin assumes KeyValue Kind is String

GeneralBison opened this issue · 3 comments

Going to look into implementing my own "fix" for this, but first wanted to ask if this was intentional or if I was missing something.

I'm trying to add a REG_DWORD registry key but the RegistryAdd function seems to only parse arguments as a String (resulting in the data kind of REG_SZ)

string RegistryAdd(string KeyName, string keyPath, string KeyValue, string RemoteAddr, out bool error)

Is there a reason why you don't use the RegistryValueKind overload?
The RegistryKey.SetValue method can infer a DWORD from an integer input, but Athena seems to pass the KeyValue as a string.

If this is functionality that would be of use, I'd be happy to make a pull request with my own (potentially janky) implementation.

Hey sorry, I missed this.

It's definitely an oversight and needs to be fixed. I'm all for you providing a fix for it, or I can do it myself. If you want to apply the fix, take a look at the rewrite branch as I'm currently doing a pretty big overhaul with Athena.

Just checked the rewrite branch and it looks like this has already been added to the reg plugin.

Yep! I was able to add it and confirmed it working