Termux ID: Post-Exploitation Tool -->

    Social Items

Home / Post-Exploitation Tool
DBC2 (DropboxC2) is a modular post-exploitation tool, composed of an agent running on the victim's machine, a controler, running on any machine, powershell modules, and Dropbox servers as a means of communication.
This project was initially inspired by the fantastic Empire framework, but also as an objective to learn Python.

Check out this introduction and demo of basic functionnalities (v0.0.1) :

New features in version 0.2.x :

Architecture


Features
DBC2 main features:
  • Various stager (Powershell one liner, batch file, MS-Office macro, javascript, DotNetToJScript, msbuild file, SCT file, ducky, more to come...)
  • Single CLI commands (one at a time, no environment persistency)
  • Pseudo-interactive shell (environment persistency) - based on an idea from 0xDEADBEEF00 [at] gmail.com
  • Send file to the agent
  • Retrieve file from the agent
  • Launch processes on the agent
  • Keylogger
  • Clipboard logger (clipboard recording/spying)
  • Screenshot capture
  • Run and interact with PowerShell modules (Endless capabilities: PowerSploit, Inveigh, Nishang, Empire modules, Powercat, etc.)
  • Send key strokes to any process
  • Set persistency through scheduled task and single instance through Mutex
  • Can run within (w|c)script.exe thanks to the DotNetToJScript stager (javascript2)
  • Can be injected into any process thanks to the nativeWrapper and its corresponding position independant shellcode !

Dependencies & requirements
DBC2 requires a Dropbox application ("App folder" only is sufficient) to be created within your Dropbox account and an access token generated for this application, in order to be able to perform API calls. Look at the intoduction video on how to do this if you're unsure.
On the controller side, DBC2 requires:
  • Python 2.7 (not tested with Python 3)
  • The following libraries, that can be installed using pip install -r requirements.txt:
    • requests>=2.11
    • tabulate
    • pyscrypt
    • pycrypto
DBC2 controller has been successfully tested and used on Linux Kali and Mac OSX.
On the agent side, DBC2 requires:
  • .Net framework >= 4.5 (tested sucessfully on Windows 7 and Windows 10)

Security Aspects
DBC2 controller asks for a master password when it starts. This password is then derived into a 128 bits master key by the use of the PBKDF function from the pyscrypt library. The master key is then base64 encoded and can (optionnally) be saved in the config file.
DBC2 performs end-to-end encryption of data using the master key with AES-128/CBC mode. Data exchanged between the agent and the controller flows through the Dropbox servers so while the transfer itself is encrypted, thanks to HTTPS, data has to be end-to-end encrypted to protect the data while at rest on the Dropbox servers.
DBC2 also performs obfuscation of the stages and the modules by the use of XOR encryption, which is dumb encryption but is enough to simply obfuscate some well known and publically available piece of codes. The key used to perform XOR encryption is a SHA256 hash of the master key.

Installation & Configuration
Installation is pretty straight forward:
  • Git clone this repository: git clone https://github.com/Arno0x/DBC2 dbc2
  • cd into the DBC2 folder: cd dbc2
  • Install requirements using pip install -r requirements.txt
  • Give the execution rights to the main script: chmod +x dropboxC2.py
To start the controller, simply type ./dropboxC2.py.
Configuration is done through the config.py file:
  • You can optionnally specify your Dropbox API access token and base64 encoded master key. If you do so, the controller won't ask you for these when it starts.
DBC2 is also available as a Docker container so it's: Check DBC2 on Docker hub. Or simply do: docker pull arno0x0x/dbc2

Compiling your own agent stage
You can very easily compile your own executables of the agent stage, from the source code provided. You don't need Visual Studio installed.
  • Copy the agent/source folder on a Windows machine with the .Net framework installed
  • CD into the source directory
  • Use the .Net command line C# compiler:
    • To get the standard agent executable: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /out:dbc2_agent.exe *.cs
    • To get the debug version: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe /define:DEBUG /out:dbc2_agent_debug.exe *.cs

Author
Arno0x0x - You can contact me on my twitter page (@Arno0x0x).


DBC2 (DropboxC2) - A Modular Post-Exploitation Tool, Composed Of An Agent Running On The Victim'S Machine


This is the initial release for FruityC2 (alpha version). Can be installed on any linux system, but the installation scripts are made for Debian based systems. There are a lot of functionalities that will be include in future releases, and probably a lot of code will be changed, but this version is enough to show FruityC2.

FruityC2 is a post-exploitation (and open source) framework based on the deployment of agents on compromised machines. Agents are managed from a web interface under the control of an operator.

It works as a command-and-control model and is language and system agnostic. New agents are being developed to expand the capabilities and options for FruityC2.

A web client is used to interact with the FruityC2 API in a client/server mode. The client is a single web page divided into 5 sections: Interact, Listener, Payload, Delivery, Config. These options provide full control and access to the functions included in FruityC2 to create, deliver and interact with a functioning C2 capability.

During the development of the initial alpha version, I divided the efforts between the client and the server, but mainly on the client.
The next steps are to improve the Stager and Agent, add more functionalities and commands, and I will start developing new stagers and agents for other OS systems.
Note: The current Stager and Agent can be only executed on Windows (powershell), but this will be extended in future releases to other systems and file types.

Install

Method 1: Standard installer (Server)
script: install.sh
Note: you need to download the master.zip file or to clone the repository (FruityC2).

Method 2: Standalone installer (Server and Client)
script: install-standalone.sh
  • You need Debian (or based) installed (or a Live CD version) to use this script.
  • Download installer-standalone.sh from https://github.com/xtr4nge/FruityC2/
  • run install-standalone.sh (It will downlaod and install all the dependencies, FruityC2 and FruityC2-Client)
  • Done.

FruityC2 Server
Edit the file config/settings.conf and add the IP (from where FruityC2-Client will be used) in section:
[souce][[control]
allow = '127.0.0.1', '10.0.0.1', 'fruityc2-client-ip'

Then run
./FruityC2.py
Note: To use FruityC2 you need FruityC2-Client. You don't need a webserver to use FruityC2-Client, just open index.html.

FruityC2-Client Wiki
https://github.com/xtr4nge/FruityC2-Client/wiki

Extra Scripts

download-modules-extra.sh
This script can be used to download extra modules from the projects: Empire, PowerSploit, PowerShell-AD-Recon and Nishang

reset.sh
This script can be used to backup the data, logs and config files to then reset the server data.


FruityC2 - Post-Exploitation Tool to Manage Compromised Machines from a Web Interface

Subscribe to: Posts (Atom)