search

C2

There are many different C2arrow-up-right frameworks. They can be hosted in the cloud for collaborative red teams

hashtag
Empire

Empire components:

  • Listeners are well... listeners. They listen for a connection and facilitate further exploitation

  • Stagers are essentially payloads generated by Empire to create a robust reverse shell in conjunction with a listener. They are the delivery mechanism for agents

  • Agents are the equivalent of a Metasploit "Session". They are connections to compromised targets, and allow an attacker to further interact with the system

  • Modules are used to in conjunction with agents to perform further exploitation. For example, they can work through an existing agent to dump the password hashes from the server

hashtag
Listeners

uselistener http
set Name CLIHTTP
set Host 10.10.14.8
set Port 8000
execute
listeners
circle-info

Stop a listener using kill CLIHTTP

GUI Alternative

hashtag
Stagers

Stagers are essentially Empire's payloads used to connect back to the C2 server and create an agent.

hashtag
Linux Machines

GUI Alternative

hashtag
Agents

Upload and run payload on target machine and check

hashtag
Hop Listeners

Hop listeners create files to be copied across to the compromised "jump" server and served from there. The files contain instructions to connect back to our C2 listener

GUI Alternative

hashtag
Hop Listener Stager

hashtag
Jump server (compromised webserver) setup

On Attacker machine

On jumpserver

Execute Payload on internal target

hashtag
Modules

PowerUp Invoke-AllChecks example

PreviousExfilNextAV Evasion

Last updated