outflanknl/external_c2: POC for Cobalt Strike external C2
2019-06-23 21:03:57 Author: github.com(查看原文) 阅读量:189 收藏

Join GitHub today

GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.

Sign up

POC for Cobalt Strike external C2

Synopsis

Cobalt Strike contains a new / experimental feature called external_c2. This bypasses the mallable profiles and allows the developper to craft it's own channels. This code is a POC, that in the end appeared to be the solution to a real life problem.

Code content

  • c2file.c: a C implementation of the client (the process in talking to beacon)
  • c2file_dll.c, c2file_dll.h, c2file.py: A python implementation of the client (using a dll, the process in talking to beacon) allowing for quick development of complex channels
  • python_c2ex.py: The server talking to the external_c2 plugin of teamserver.
  • externalc2_start.cna: the script needed to start the external_c2 on teamserver.

Blog

Read our blog for more info: https://outflank.nl/blog/2017/09/17/blogpost-cobalt-strike-over-external-c2-beacon-home-in-the-most-obscure-ways/

Installation

i686-w64-mingw32-gcc -shared c2file_dll.c -o c2file.dll

Contributors

Thanks to @armitagehacker for providing info on external_c2 functionality including C sample code that was essentially to make this work. Thanks to Marc Smeets (@mramsmeets), author of the blog and the one to implement this POC in a real assignment. Code written by Mark Bergman (@xychix) but heavily relying on @armitagehacker initial C example.

License

BSD license


文章来源: https://github.com/outflanknl/external_c2
如有侵权请联系:admin#unsafe.sh