Flaboodle Client - Educational C2 Simulation Agent

C# Agent for Flaboodle Educational Cybersecurity Simulation Platform

📋 Overview

Flaboodle Client is the agent component of the Flaboodle educational cybersecurity simulation platform. Built with C# .NET 6.0, it provides a safe, controlled simulation of command-and-control (C2) agent behavior for cybersecurity education.

The agent demonstrates real-world RAT (Remote Access Trojan) tactics including registration, telemetry reporting, command polling, and secure execution - all within a protected educational environment with built-in safety measures.

🎯 Key Features

Core Functionality

• Auto-Registration: Automatic agent registration with server on startup
• Telemetry Reporting: System information and activity monitoring
• Command Polling: Continuous server polling for new commands (5-second intervals)
• Safe Execution: Command execution with 30-second timeout protection
• Background Service: Persistent operation with graceful shutdown handling
• Comprehensive Logging: Detailed activity logging for educational analysis

Technical Features

• Cross-Platform: Primary Linux support with Windows compatibility
• HTTP Communication: RESTful API communication with JSON payloads
• Async Operations: Non-blocking I/O for responsive operation
• Error Recovery: Robust error handling and automatic reconnection
• Service Management: Bash scripts for start/stop/status/logs operations
• Timeout Protection: 30-second command execution limits to prevent system hangs

Educational Features

• Transparent Operation: All activities logged and visible for learning
• Safe Execution: Commands run with user privileges, no system damage possible
• Simulation Focus: Demonstrates C2 concepts without malicious capabilities
• Analysis Ready: Comprehensive logs for incident response training

🏗️ Architecture

┌─────────────────┐    HTTP/JSON    ┌─────────────────┐
│   Flaboodle     │◄────────────────►│  Agent Service  │
│   Server        │   Commands       │                 │
│                 │   Results        │ • C# .NET 6.0   │
└─────────────────┘                  │ • Async Ops     │
                                     │ • Service Loop   │
                                     │ • Command Exec   │
                                     └─────────────────┘
                                              │
                                              │ Shell Execution
                                              ▼
┌─────────────────┐                  ┌─────────────────┐
│   System Shell  │◄────────────────►│  Timeout        │
│   Commands      │   Output         │  Protection     │
│                 │                  │  (30 seconds)   │
└─────────────────┘                  └─────────────────┘

📦 Installation & Setup

Prerequisites

• .NET SDK: Version 6.0 or higher
• Operating System: Linux (primary), Windows (compatible)
• Server: Running Flaboodle Server instance
• Permissions: User-level execution privileges

Quick Installation

# Clone the repository
git clone https://github.com/Ela-El-maker/Flaboodle-Client.git
cd Flaboodle-Client

# Build the project
dotnet build --configuration Release

# Make service script executable
chmod +x agent-service.sh

Service Installation

Linux Service Setup

# Copy service script to system location (optional)
sudo cp agent-service.sh /usr/local/bin/flaboodle-agent

# Create log directory
sudo mkdir -p /var/log/flaboodle
sudo chown $USER /var/log/flaboodle

# Start the service
./agent-service.sh start

Windows Service Setup (Alternative)

# Build for Windows
dotnet publish --configuration Release --runtime win-x64 --self-contained

# Run as background process
Start-Process -FilePath ".\bin\Release\net6.0\win-x64\publish\True.exe" -WindowStyle Hidden

🚀 Usage

Starting the Agent

Service Mode (Recommended)

# Start as background service
./agent-service.sh start

# Check status
./agent-service.sh status

# View logs
./agent-service.sh logs

# Stop service
./agent-service.sh stop

Direct Execution (Development)

# Run directly
dotnet run --project True.csproj

# Or with published binary
./bin/Release/net6.0/linux-x64/publish/True

Service Management

The agent-service.sh script provides full service management:

# Start the agent service
./agent-service.sh start

# Check if service is running
./agent-service.sh status

# View service logs
./agent-service.sh logs

# Restart the service
./agent-service.sh restart

# Stop the service
./agent-service.sh stop

Agent Behavior

1. Registration: Agent registers with server on startup
2. Telemetry: Sends initial system information
3. Polling Loop: Checks for commands every 5 seconds
4. Execution: Runs commands with 30-second timeout
5. Reporting: Sends results back to server
6. Logging: Records all activities to log files

⚙️ Configuration

Server Connection

The agent connects to the server at http://localhost:8000 by default. To change:

// In Program.cs
private const string ServerUrl = "http://your-server:8000";

Timing Configuration

// Command polling interval (milliseconds)
private const int PollingInterval = 5000; // 5 seconds

// Command execution timeout (milliseconds)
private const int CommandTimeout = 30000; // 30 seconds

Logging Configuration

Logs are written to agent.log in the application directory:

2026-01-24 10:00:00 [INFO] Agent starting up...
2026-01-24 10:00:01 [INFO] Registered with server: agent-12345
2026-01-24 10:00:05 [INFO] Polling for commands...
2026-01-24 10:00:35 [INFO] Command executed: whoami

🔌 Communication Protocol

Agent Registration

Request:

{
  "type": "agent.register",
  "request_id": "req-12345",
  "agent": {
    "name": "agent-001",
    "hostname": "target-host",
    "os": "Linux",
    "agent_version": "1.0.0"
  },
  "network": {
    "ip": "192.168.1.100"
  },
  "sent_at": "2026-01-24T10:00:00Z"
}

Response:

{
  "type": "agent.registered",
  "request_id": "req-12345",
  "agent_id": "agt-12345",
  "server_time": "2026-01-24T10:00:01Z"
}

Command Polling

Request:

{
  "type": "command.poll",
  "request_id": "req-12346",
  "agent_id": "agt-12345",
  "last_seen_command_id": "cmd-999",
  "sent_at": "2026-01-24T10:00:05Z"
}

Response:

{
  "type": "command.issue",
  "request_id": "req-12346",
  "command": {
    "command_id": "cmd-1000",
    "agent_id": "agt-12345",
    "issued_at": "2026-01-24T10:00:00Z",
    "payload": {
      "kind": "exec",
      "args": "whoami"
    },
    "status": "delivered"
  }
}

Result Reporting

Request:

{
  "command_id": "cmd-1000",
  "executed_at": "2026-01-24T10:00:30Z",
  "result": {
    "status": "ok",
    "exit_code": 0,
    "stdout": "ela\n",
    "stderr": ""
  }
}

🛡️ Safety & Security

Built-in Protections

• Timeout Limits: All commands terminate after 30 seconds maximum
• User Privileges: Commands execute with current user permissions only
• No System Modification: Agent cannot alter system configuration
• Transparent Logging: All activities are logged and visible
• Safe Commands: Only allows shell command execution, no file system damage

Security Considerations

• Educational Context: Designed for learning, not production use
• HTTP Communication: Unencrypted for traffic analysis education
• No Authentication: Agents trust server (controlled environment)
• Process Isolation: Commands run in separate processes
• Resource Limits: Timeout prevents resource exhaustion

Safe Usage Guidelines

1. Isolated Environment: Run on dedicated test systems
2. User Permissions: Execute with standard user privileges
3. Network Monitoring: Use in monitored network environments
4. Command Review: All commands are logged and reviewable
5. Regular Cleanup: Clear logs and reset agent state between sessions

🎓 Educational Integration

Learning Objectives

C2 Communication Analysis

• Protocol Analysis: Study HTTP-based C2 communication patterns
• Beaconing Behavior: Understand agent polling and check-in mechanisms
• Data Exfiltration: Learn about result reporting and data flows

Incident Response Training

• Agent Detection: Identify suspicious process behavior
• Command Analysis: Review executed commands and their purposes
• Network Forensics: Analyze agent-server communication patterns

Secure Coding Practices

• Input Validation: Command injection prevention techniques
• Timeout Handling: Proper resource management and cleanup
• Error Handling: Robust exception handling and recovery

Classroom Scenarios

1. Basic Agent Deployment: Students deploy and monitor agent behavior
2. Traffic Analysis: Capture and analyze agent-server communications
3. Command Injection: Test command execution and result handling
4. Timeout Analysis: Study timeout behavior and resource management
5. Log Analysis: Perform forensic analysis of agent activities

🔧 Troubleshooting

Service Won't Start

# Check .NET installation
dotnet --version

# Verify build
dotnet build

# Check permissions
ls -la agent-service.sh
chmod +x agent-service.sh

# Check for running processes
ps aux | grep True

Connection Issues

# Test server connectivity
curl http://localhost:8000/api/dashboard.php

# Check agent logs
./agent-service.sh logs

# Verify server is running
netstat -tlnp | grep :8000

Command Execution Problems

# Test command manually
whoami

# Check timeout settings
# Verify command syntax
echo "test command" | timeout 30 bash

# Review agent logs for errors
tail -f agent.log

Performance Issues

# Monitor agent process
ps aux | grep True

# Check CPU/memory usage
top -p $(pgrep True)

# Review polling frequency
# Consider increasing polling interval if needed

📊 Monitoring & Logging

Log Files

• Agent Logs: agent.log - All agent activities and errors
• Service Logs: Service management script logs
• Server Logs: Server-side logs of agent communications

Log Format

[timestamp] [level] [component] message

Example logs:

2026-01-24 10:00:00 [INFO] Agent Agent starting registration process
2026-01-24 10:00:01 [INFO] Communication Server response received
2026-01-24 10:00:05 [INFO] CommandDispatcher Polling for new commands
2026-01-24 10:00:35 [INFO] CommandExecutor Command completed successfully
2026-01-24 10:00:35 [ERROR] CommandExecutor Command timed out after 30 seconds

Health Monitoring

# Check service status
./agent-service.sh status

# Monitor log activity
tail -f agent.log

# Test agent responsiveness
curl -X POST -H "Content-Type: application/json" \
  -d '{"type":"test"}' \
  http://localhost:8000/api/dashboard.php

💻 Development

Code Structure

flaboodle-client/
├── True.csproj              # Project file
├── Program.cs               # Main service entry point
├── Core/                    # Core functionality
│   ├── CommandDispatcher.cs # Command polling logic
│   ├── Communicator.cs      # HTTP communication
│   ├── ConfigManager.cs     # Configuration handling
│   └── Logger.cs            # Logging system
├── Features/                # Feature modules (Windows)
├── Helper/                  # Utility classes
├── agent-service.sh         # Service management script
├── bin/                     # Build outputs
└── obj/                     # Build intermediates

Building from Source

# Clean build
dotnet clean
dotnet restore

# Build for current platform
dotnet build --configuration Release

# Cross-platform build
dotnet publish --configuration Release --runtime linux-x64 --self-contained
dotnet publish --configuration Release --runtime win-x64 --self-contained

Adding New Features

1. Create Feature Class: Add to Features/ directory
2. Implement Interface: Follow existing patterns
3. Update Core Logic: Integrate with main service loop
4. Add Logging: Include comprehensive logging
5. Test Thoroughly: Ensure safety and reliability

Testing

# Unit tests (if implemented)
dotnet test

# Integration testing
./agent-service.sh start
# Use dashboard to send test commands
./agent-service.sh logs

# Load testing
# Multiple agents connecting simultaneously

🤝 Contributing

Development Workflow

1. Fork Repository: Create your own fork
2. Feature Branch: git checkout -b feature/new-capability
3. Code Changes: Implement new functionality with safety measures
4. Documentation: Update README and code comments
5. Testing: Thoroughly test all changes
6. Pull Request: Submit with detailed description

Code Standards

• C# Standards: Follow .NET coding conventions
• Async/Await: Use async patterns for I/O operations
• Error Handling: Comprehensive exception handling
• Logging: Detailed logging for all operations
• Security: Input validation and safe execution
• Documentation: XML documentation comments

Areas for Enhancement

• Protocol Security: Add encryption and authentication
• Advanced Features: More sophisticated simulation capabilities
• Performance: Optimize polling and communication
• Monitoring: Enhanced metrics and health checks
• Cross-Platform: Full Windows feature parity on Linux

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

Educational Use Only: This software is designed for cybersecurity education. Any malicious use is strictly prohibited.

🙏 Acknowledgments

• Developer: Ela-El-maker
• Community: Open-source security education community
• Inspiration: Need for safe, comprehensive C2 simulation tools

---

Flaboodle Client - Demonstrating C2 Concepts Safely