Introduction
In order to better understand what a C2 framework is at its most basic level, think of a Netcat listener (the C2 server) that is capable of handling many reverse shells calling back at once (C2 Agents). It’s a server but for reverse shells. Unlike Netcat, almost all C2 frameworks require a special payload generator. This is usually a feature that is built into the framework itself. For example, Metasploit is a C2 Framework that has its own payload generator, MSFVenom.
We covered the second part of Command & Control Servers. We explained how to setup Metasploit as a C2 server which includes configuring a redirector on Apache2 or any other webserver to forward the callbacks. This is a protective measure designed to hide C2 servers from being reported by blue teams. Using Metasploit as a C2 server depends on our knowledge about the protections configured on the target. Obfuscating the created payloads is an inevitable part of using Metasploit in real engagements as security solutions and firewalls can identify Metasploit and Meterpreter traffic easily. This was part of TryHackMe Intro to C2 Servers | Red Team Pathway
Challenge Answers
What is the beaconing option that introduces a random delay value to the sleep timer?
What is the term for the first portion of a Staged payload?
What is the name of the communication method that can potentially allow access to a restricted network segment that communicates via TCP ports 139 and 445?
Which listener should you choose if you’re accessing a restricted network segment?
Which listener should you choose if you are dealing with a Firewall that does protocol inspection?
What is the Administrator’s NTLM hash?
What flag can be found after gaining access to Ted’s user account?
What is Ted’s NTLM Hash?
What setting name that allows you to modify the Host header in a Meterpreter payload?