C2

There are many different C2 frameworks. They can be hosted in the cloud for collaborative red teams

Empire

Empire components:

  • Listeners are well... listeners. They listen for a connection and facilitate further exploitation

  • Stagers are essentially payloads generated by Empire to create a robust reverse shell in conjunction with a listener. They are the delivery mechanism for agents

  • Agents are the equivalent of a Metasploit "Session". They are connections to compromised targets, and allow an attacker to further interact with the system

  • Modules are used to in conjunction with agents to perform further exploitation. For example, they can work through an existing agent to dump the password hashes from the server

Listeners

uselistener http
set Name CLIHTTP
set Host 10.10.14.8
set Port 8000
execute
listeners

Stop a listener using kill CLIHTTP

GUI Alternative

Stagers

Stagers are essentially Empire's payloads used to connect back to the C2 server and create an agent.

Linux Machines

GUI Alternative

Agents

Upload and run payload on target machine and check

Hop Listeners

Hop listeners create files to be copied across to the compromised "jump" server and served from there. The files contain instructions to connect back to our C2 listener

GUI Alternative

Hop Listener Stager

Jump server (compromised webserver) setup

On Attacker machine

On jumpserver

Execute Payload on internal target

Modules

PowerUp Invoke-AllChecks example

PreviousExfilNextAV Evasion

Last updated

Was this helpful?