This is repository to backup basic C2 malware.
It contains solution for Visual Studio Community 2022 (with C++ development module).
- Go to https://visualstudio.microsoft.com/cs/thank-you-downloading-visual-studio and download "Community" version of VisualStudio
- Install it
- After installation, select "Desktop development with C++" package and install it
- Open solution file
BasicC2.slnfrom this repository - Click on project with desired level:
BasicC2-STEPXand click on "Select as Startup project" - Click on "Local Windows Debugger" and it lives! :)
BasicC2-STEP1- intial state - basic functionality works, you need to fill in some functionality to get toBasicC2-STEP2BasicC2-STEP2- final state to get to fromBasicC2-STEP1BasicC2-STEP3- second initial state - you need to fill in some functionality to get toBasicC2-STEP4BasicC2-STEP4- final state to get to fromBasicC2-STEP3
- Implement
exec()function to be able to execute passed function argument in CMD.EXE and returns output. - In function
persistance()fill in command to create persistance of actual file using variablesexeFileLocationandserviceName. - Add support for command
!exit, which should kill the program once command recieved from server. - Hide console window of BasicC2.
- In function
utilShowCredentialsPrompt()update powershell script to display GUI capture prompt to legitimate user. - In function
utilScan()update functionality so that it can scan multiple ports. Syntax:!scan IP PORT1,PORT2,PORT3,.... - In function
utilKeyloggerInit()udpate function, so that attacker can specify time for which the keylogget will run.
- Since this implant only uses basic socket communication, basic ncat listener is enough.
- Ncat can be installed from (together with nmap): https://nmap.org/download
- Or your can use zip file in repository
- Command to start listener:
ncat.exe -nvlp 8080