Skip to content
Chris Ross edited this page Sep 2, 2017 · 2 revisions

Remote Recon Build and Usage Guide

Remote Recon is a C# post-exploitation agent that utilizes WMI and the registry as a C2 channel. Remote Recon maintains a few common post-ex capabilities such as keylogging, screenshot, token impersonation, and PowerShell execution via runspaces. The agent is compiled into a class library, and then converted to a JScript payload using @tiraniddo's DotNetToJScript tool. To gain execution on a remote target, a WMI event subscription is created with the JScript payload as an ActiveScriptEventConsumer. The event fires when a RegistryValueChangeEvent occurs for one of the values within the Remote Recon base registry path. Alternative methods for execution exist with Powershell, JScript/VBScript execution w/ cscript.exe, and COM scriptlets.

Building Remote Recon

  1. Home
  2. Dependencies
  3. Build Process

Using Remote Recon

  1. Installation and Execution
  2. Capabilities
Clone this wiki locally
You can’t perform that action at this time.