MCPcopy Index your code
hub / github.com/boku7/Loki

github.com/boku7/Loki @v2.4.0

Chat with this repo
repository ↗ · DeepWiki ↗ · release v2.4.0 ↗ · + Follow
320 symbols 650 edges 27 files 15 documented · 5%
What it actually does AI analysis from the code graph — generated when you open this
loading…
README

🧙‍♂️ Loki Command & Control

Loki is a stage-1 command and control (C2) framework written in Node.js, built to script-jack vulnerable Electron apps MITRE ATT&CK T1218.015. Developed for red team operations, Loki enables evasion of security software and bypasses application controls by exploiting trusted, signed Electron apps.

Script-jacking hijacks the execution flow of an Electron app by modifying JavaScript files loaded in at runtime with arbitrary Node.js code. This technique can be leveraged to: - Backdoor Electron app - Hollow Electron app - Chain execution to another process

While several tools already address leveraging script-jacking to chain execution to another process, Loki is the first to enable backdooring and hollowing of signed Electron apps without invalidating their code signing signature.

For more details on how Loki works, checkout this blog post:
- Bypassing Windows Defender Application Control with Loki C2

🚀 Contributors

Name Contributions
Bobby Cooke Creator & Maintainer
Dylan Tran Creator
Ellis Springe Alpha Tester
Shawn Jones Assembly Execution Code
Trusted Sec COFFLoader Code
Simon Exley Video Creator
Clinton Elves Video Creator
John Hammond Video Creator

Videos

Check out this video by John Hammond on backdooring Cursor AI with Loki C2! 🎩
- In the video he walks through discovering a new vulnerable Electron application, backdooring it with Loki C2, getting setup with the client GUI, and we even came up with two ways to keep the app running persistently in the background 🪄 -- Cursor runs normally from the end users perspective! 🥷

I Backdoored Cursor AI

Check out this video by Simon Exley & Clinton Elves on getting up and running with Loki C2! 🧙‍♂️

Bypassing Windows Defender Application Control with Loki C2

Features & Details

  • Azure Storage Blob C2 channel
  • SAS Token to protect C2 storage account
  • AES encrypted C2 messages
  • Proxy-aware agent
  • Uses Chromium renderer child processes for agent, shellcode execution, and assembly fork-n-run style execution -- inherits proxy-aware capabilities of Chromium.
  • Teamserver-less
  • Unlike traditional C2's where agents send messages to a Teamserver, there is no Teamserver
  • The GUI client & agents both checkin to the same data-store
  • Hidden exection -- runs in the background

Commands

All agent commands are written in native Node.JS and do not require additional dependencies or library load events. With the exception of the scexec and assembly commands which do a library load on keytar.node and assembly.node - All commands accept paths using /, \ in paths will not work.

Command Description
help Display help. Usage: help or help scan
pwd Print working directory
ls File and directory listing
cat Display contents of a file
env Display process environment variables
spawn Spawn a child process
drives List drives
mv Move a file to a new destination
sleep Sleep for seconds with jitter
cp Copy a source file to a destination
exit-all Exits the agent, agent won't callback anymore
load Load a node PE file from disk into the process
scexec Execute shellcode
assembly Execute a .NET assembly and get command output
upload Upload a file from your local operator box to the remote agent box
download Download a file from remote agent box to local operator box
scan Perform TCP network scan across CIDR range with selected ports
dns DNS lookup. Leverages systems DNS configuration
set Set the Node load paths for assembly node and scexec nodes
bof Execute a COFF file and return output

Set - Loading Nodes from Application Control Exclusion Paths

  • If there are application control rules preventing library loads for the node files you can use the set command to change the load paths for assembly.node and scexec.node.
  • By using ls, cat, cp and mv you may be able to enumerate the application control rules to discover a writable directory that is an exclusion.
  • With this you can put the node files in the exclusion directory and use the set command to change their load path to the exclusion directory to bypass the application control.
  • For more details on this attack vector see the CRTO2 course by Daniel Duggan (@_RastaMouse)
[04-04-2025 8:50AM MST] advsim$ help set
Set the Node load paths for assembly node and scexec nodes
    set scexec_path C:/Users/user/AppData/ExcludedApp/scexec.node
    set assembly_path C:/Users/user/AppData/ExcludedApp/assembly.node
[04-04-2025 8:51AM MST] advsim$ set scexec_path C:/Users/user/AppData/ExcludedApp/scexec.node
SCEXEC Node Load Path Set to : C:/Users/user/AppData/ExcludedApp/scexec.node

Agent Features

For more information on Agent features click here

Client Features

For more information on Client features click here

🧙‍♂️ Deploy Illusions

First you need to identify a vulnerable Electron application which does not do ASAR security integrity checks such as Microsoft Teams. Newer applications may have integrity checks preventing backdooring. Older versions of the target app are more likely to be vulnerable.

Vulnerable App Name EXE Name Version Discovery Credit
Microsoft Teams Teams.exe 1.7.00.13456 Andrew Kisliakov & mr.d0x
Cursor cursor.exe 0.48.7.0 John Hammond
VS Code code.exe chompie1337 & knavesec
Github Desktop GithubDesktop.exe 3.4.6.0 d_tranman & 0xBoku
Postman Postman.exe clod81
Obsidian Obsidian.exe clod81
Joplin Joplin.exe 0xAnom4ly
Discord Discord.exe clod81
Windsurf Windsurf.exe nero22k
Figma Figma.exe WaterBucket
RingCentral RingCentral.exe 4y45u45c4
阿里云盘 aDrive 6.8.6 Adnnlnistrator
azuredatastudio azuredatastudio.exe 1.51.1 Adnnlnistrator
atom atom.exe 1.60.0 Adnnlnistrator
Bruno Bruno.exe 2.1.0 Tyler Schultz
KeeWeb KeeWeb.exe j0hnZ3RA
Wordpress Wordpress.com.exe j0hnZ3RA
Arduino IDE Arduino IDE.exe j0hnZ3RA
QRLWallet QRLWallet.exe 1.8.1 OnlySmrtSumX & tideboss
DevHub DevHub.exe 0.102.0 ab4y98
Asana Asana.exe 2.3.0 syro
Insomnia insomnia-11.0.2.exe 11.0.2 syro
Ferdium Ferdium.exe 7.0.1 pir4cy
Franz Franz.exe 5.11.0 pir4cy
TIDAL TIDAL.exe pir4cy
FACEIT FACEIT.exe 2.1.10 icheernoom
Unity Unity Hub.exe Sawyer
Docker Desktop Docker Desktop.exe 4.41.2 robinx0
Git Kraken gitkraken.exe 11.1.1 robinx0
Hyper hyper.exe 3.4.1 nahidha5an
LM Studio lmstudio.exe 0.3.14 nahidha5an
1Password 1Password.exe
Signal Signal.exe
Slack slack.exe
Notion

Core symbols most depended-on inside this repo

debug
called by 153
agent/main.js
xGetProcAddr
called by 24
dev/execute_assembly/node_assembly_execute.cpp
printToConsole
called by 22
client/agent.js
func_Web_Request
called by 14
agent/main.js
xGetProcAddr
called by 10
dev/loader/node_loader.cpp
makeRequest
called by 9
client/azure.js
func_Base64_Encode
called by 9
agent/main.js
starts_with
called by 8
dev/COFFLoader/COFFLoader.cpp

Shape

Function 230
Method 53
Class 37

Languages

TypeScript79%
C++13%
C8%

Modules by API surface

agent/main.js92 symbols
client/agent.js28 symbols
client/azure.js26 symbols
dev/COFFLoader/beacon_compatibility.c25 symbols
client/kernel.js25 symbols
client/task-queue.js19 symbols
client/explorer.js17 symbols
dev/execute_assembly/node_assembly_execute.cpp14 symbols
dev/COFFLoader/runBOF.js11 symbols
dev/COFFLoader/COFFLoader.cpp10 symbols
agent/renderer.js10 symbols
client/dashboard.js9 symbols

For agents

$ claude mcp add Loki \
  -- python -m otcore.mcp_server <graph>

⬇ download graph artifact