Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[addtool] Nimbo-C2 #1188

Closed
piyush-security opened this issue May 13, 2023 · 3 comments
Closed

[addtool] Nimbo-C2 #1188

piyush-security opened this issue May 13, 2023 · 3 comments
Labels
accepted enhancement New feature or request

Comments

@piyush-security
Copy link

[link]
https://github.com/itaymigdal/Nimbo-C2
[/link]

[tags]
command-and-control, framework
[/tags]

[short_descr]
Nimbo-C2 is yet another (simple and lightweight) C2 framework
[/short_descr]

[long_descr]

Nimbo-C2

Nimbo-C2 agent supports x64 Windows & Linux. It's written in Nim, with some usage of .NET on Windows (by dynamically loading the CLR to the process). Nim is powerful, but interacting with Windows is much easier and robust using Powershell, hence this combination is made. The Linux agent is slimer and capable only of basic commands, including ELF loading using the memfd technique.

All server components are written in Python:

  • HTTP listener that manages the agents.
  • Builder that generates the agent payloads.
  • Nimbo-C2 is the interactive C2 component that rule'em all!

Features

  • Build EXE, DLL, ELF payloads.
  • Encrypted implant configuration and strings using NimProtect.
  • Packing payloads using UPX and obfuscate the PE section names (UPX0, UPX1) to make detection and unpacking harder.
  • Encrypted HTTP communication (AES in CBC mode, key hardcoded in the agent and configurable by the config.jsonc).
  • Auto-completion in the C2 Console for convenient interaction.
  • In-memory Powershell commands execution.
  • File download and upload commands.
  • Built-in discovery commands.
  • Screenshot taking, clipboard stealing, audio recording.
  • Memory evasion techniques like NTDLL unhooking, ETW & AMSI patching.
  • LSASS and SAM hives dumping.
  • Shellcode injection.
  • Inline .NET assemblies execution.
  • Persistence capabilities.
  • UAC bypass methods.
  • ELF loading using memfd in 2 modes.
  • And more !

[/long_descr]

[image]
image

[/image]

[image]

image
[/image]
@gwen001
Copy link
Owner

gwen001 commented May 13, 2023

Problem occured with the following fields:

  • image not found

Check the guidelines or use the template created for that purpose.

@gwen001 gwen001 added question Further information is requested and removed question Further information is requested labels May 13, 2023
@gwen001
Copy link
Owner

gwen001 commented May 13, 2023

Issue correctly handled, tool is waiting for human validation.

@gwen001 gwen001 added the enhancement New feature or request label May 13, 2023
@gwen001
Copy link
Owner

gwen001 commented May 14, 2023

Tool has been accepted by the team: https://offsec.tools/tool/nimbo-c2

Thank you for your contribution!

@gwen001 gwen001 closed this as completed May 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gwen001 @piyush-security