2 ‐ TeamServer

TeamServer

The TeamServer's goal is to handle primary listeners, sessions, and communication with the client. It also serves as the main entry point for the SOCKS proxy chain. At startup, the TeamServer loads libraries (.so) specially built for it:

These libraries represent capabilities that can be sent to a running beacon, ranging from ls and tree to assemblyExec and psExec. These modules are dynamically loaded and can indefinitely expand the capabilities of a running beacon.

Configuration

Some configurations can be set in the TeamServerConfig.json file, notably the network configuration that enables the use of droppers. The DomainName field is the first to be checked. If it is empty, the ExposedIp is used, and as a last resort, the IpInterface is taken.

    "DomainName": "C2TeamServer.com",
    "ExposedIp": "10.10.10.10",
    "IpInterface": "eth0",

Other notable configurations are the directories and lhe logging level inside the TeamServer:

    "LogLevel": "info",
    "TeamServerModulesDirectoryPath": "../TeamServerModules/",
    "LinuxModulesDirectoryPath": "../LinuxModules/",
    "WindowsModulesDirectoryPath": "../WindowsModules/",
    "LinuxBeaconsDirectoryPath": "../LinuxBeacons/",
    "WindowsBeaconsDirectoryPath": "../WindowsBeacons/",
    "ToolsDirectoryPath": "../Tools/",
    "ScriptsDirectoryPath": "../Scripts/",

And finally, the HTTP/HTTPS listener configuration, ensure that the beacon is configured with matching settings to enable a working communication.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

2 ‐ TeamServer

TeamServer

Configuration

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally