Athena
Athena copied to clipboard
MythicAgents
RHEL/CentOS Support
Describe the bug Process exits with an error when run on CentOS
Process terminated. Couldn't find a valid ICU package installed on the system. Please install libicu using your package manager and try again. Alternatively you can set the configuration flag System.Globalization.Invariant to true if you want to run with no globalization support. Please see https://aka.ms/dotnet-missing-libicu for more information.
at System.Environment.FailFast(System.String)
at System.Globalization.GlobalizationMode+Settings..cctor()
at System.Globalization.CultureData.CreateCultureWithInvariantData()
at System.Globalization.CultureData.get_Invariant()
at System.Globalization.CultureInfo..cctor()
at System.Globalization.CultureInfo.get_CurrentCulture()
at System.Globalization.DateTimeFormatInfo.get_CurrentInfo()
at System.DateTime.TryParse(System.String, System.DateTime ByRef)
at Athena.MythicConfig..ctor()
at Athena.MythicClient..ctor()
at Athena.Program+<AsyncMain>d__1.MoveNext()
at System.Runtime.CompilerServices.AsyncMethodBuilderCore.Start[[Athena.Program+<AsyncMain>d__1, Athena, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<AsyncMain>d__1 ByRef)
at System.Runtime.CompilerServices.AsyncTaskMethodBuilder.Start[[Athena.Program+<AsyncMain>d__1, Athena, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]](<AsyncMain>d__1 ByRef)
at Athena.Program.AsyncMain()
at Athena.Program.Main(System.String[])
Aborted
To Reproduce 1.) Generate an Athena Agent for Linux 2.) Set your rid to linux-x64 or rhel.8-x64 3.) Execute Athena on the host
Desktop (please complete the following information):
CentOS Version: 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
Branch main/dev
Agent Config
{
"payload_type": "athena",
"c2_profiles": [
{
"c2_profile": "http",
"c2_profile_parameters": {
"callback_port": "443",
"killdate": "2023-10-18",
"encrypted_exchange_check": "T",
"callback_jitter": "23",
"headers": [
{
"name": "User-Agent",
"key": "User-Agent",
"value": "",
"custom": false
},
{
"name": "*",
"key": "",
"value": "",
"custom": true
}
],
"AESPSK": "aes256_hmac",
"callback_host": ""
"get_uri": "api\/index",
"post_uri": "api\/data",
"query_path_name": "q",
"proxy_host": "",
"proxy_port": "",
"proxy_user": "",
"proxy_pass": "",
"callback_interval": "10"
}
}
],
"commands": [
"socks",
"jobkill",
"load-assembly",
"jobs",
"load-module",
"reset-assembly-context",
"unload",
"sleep",
"exit",
"upload",
"execute-assembly",
"load",
"unlink",
"stop-assembly",
"download"
],
"selected_os": "Linux",
"tag": "Created by anubis at 10\/19\/2022 18:24:58 UTC",
"wrapper": false,
"build_parameters": [
{
"name": "self-contained",
"value": "True"
},
{
"name": "trimmed",
"value": "False"
},
{
"name": "compressed",
"value": "True"
},
{
"name": "ready-to-run",
"value": "False"
},
{
"name": "single-file",
"value": "True"
},
{
"name": "rid",
"value": "linux-x64"
},
{
"name": "forwarder-type",
"value": "smb"
},
{
"name": "configuration",
"value": "Release"
},
{
"name": "native-aot",
"value": "False"
},
{
"name": "output-type",
"value": "exe"
}
],
"filename": "athena_linux_x64"
}
Additional context
Current dev Athena streamlines the rid process, but removes the RHEL rid, which I'll need to find a way to re-add.
Current workaround:
- Set the proper environmental variable before executing payload
export DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=1
Still need to look into proper RHEL support for everything else
added RHEL support in dev branch, should be included with next release