Athena icon indicating copy to clipboard operation
Athena copied to clipboard
verified publisher icon MythicAgents

GitHub C2 profile malfunctioning on some situations

Open armysick opened this issue 11 months ago • 3 comments

Describe the bug

For the GitHub profile to work with Athena, it is mandatory that the repository is not empty, and that the default branch is named "main".

In https://github.com/MythicAgents/Athena/blob/a2bfe4784eca50e16a68ecc242474127f4cc8d52/Payload_Type/athena/athena/agent_code/Agent.Profiles.GitHub/GitHubProfile.cs#L101 will fail unless two conditions are met:

  • Repository is not empty
  • Branch main exists

Expected behavior Either handle this edge case scenario (see additional data below); Or describe these two conditions as a quick note on the setup documentation.

Additional data

Stack trace for "Git Repository is empty" Exception (empty repo):

   at Octokit.Connection.RunRequest(IRequest request, CancellationToken cancellationToken, Func`2 preprocessResponseBody) in /_/Octokit/Http/Connection.cs:line 798
   at Octokit.Connection.Run[T](IRequest request, CancellationToken cancellationToken, Func`2 preprocessResponseBody) in /_/Octokit/Http/Connection.cs:line 783
   at Octokit.ApiConnection.Get[T](Uri uri, IDictionary`2 parameters)
   at Agent.Profiles.GitHub.StartBeacon()

Stack trace for "Not Found" Exception (main branch does not exist):

   at Octokit.Connection.RunRequest(IRequest request, CancellationToken cancellationToken, Func`2 preprocessResponseBody) in /_/Octokit/Http/Connection.cs:line 798
   at Octokit.Connection.Run[T](IRequest request, CancellationToken cancellationToken, Func`2 preprocessResponseBody) in /_/Octokit/Http/Connection.cs:line 783
   at Octokit.ApiConnection.Get[T](Uri uri, IDictionary`2 parameters)
   at Agent.Profiles.GitHub.StartBeacon()

armysick avatar Jan 13 '25 16:01 armysick

Thanks for the report, and recommendations! @scottctaylor12 cc'ing the creator of that profile

checkymander avatar Jan 14 '25 14:01 checkymander

Thanks for the detailed writeup @armysick! These are great suggestions that I will add to the C2 Profile documentation immediately. Rather than hardcoding the main branch, I will make that a configurable parameter in the near future.

scottctaylor12 avatar Jan 14 '25 21:01 scottctaylor12

The GitHub C2 Documentation has been updated with your suggestions. Feel free to install the latest version of the GitHub C2 Profile to see the updated documentation, or check them out at: https://github.com/MythicC2Profiles/github/blob/main/documentation-c2/github/_index.md Thank you again for submitting this issue!

scottctaylor12 avatar Jan 14 '25 21:01 scottctaylor12