DISCLAIMER: This tool is for educational, competition, and training purposes only. I am in no way responsible for any abuse of this tool
This is a golang C2 + Implant that communicates via Protocol Buffers (aka. protobuf
s).
Note: this tool is still somewhat in development
This C2 server is designed to communicate with Pwnboard for competition use. To tell Br4vo6ix where Pwnboard is being hosted, you must pass the url in the PWN_URL
environment variable.
# I place this line in a .source file and just source it for ease-of-use, but
# this just needs to be set in the terminal that runs the C2
export PWN_URL=http(s)://<url for pwnboard>/generic
The frontend needs to know where the GraphQL endpoint is located at, so you must create a .env
file in the frontend
folder with the following value:
# frontend/.env
REACT_APP_GRAPHQL_URL=http://<Br4vo6x host fqdn/ip>:8080/query
To compile the frontend (written in ReactJS), you can simply move into the frontend
directory and run npm run build
$ cd frontend
$ npm run build
Typically the frontend is hosted via Nginx. This is the base template to use:
server {
listen <PORT> default_server;
listen [::]:<PORT> default_server;
root <PATH TO BR4VO6IX>/ui/build;
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
try_files $uri /index.html;
}
location /api {
proxy_pass http://localhost:<GRAPHQL PORT (default is 8080)>/api;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
}
First, you will need an .env
file to configure the compiled implants. This goes in the root directory.
# .env
REDTEAM_IPS=<IPS OF ALL PROXY SERVERS (COMMA SEPARATED; NO SPACES)>
PORTS=<IPS OF ALL PROXY PORTS (COMMA SEPARATED; NO SPACES)>
C2_IP=<IP OF C2 SERVER (BASE64 ENCODED)>
PROXY_IP=<IP OF C2 SERVER>
XOR_KEY=<SHARED XOR KEY (ANY STRING)>
WINDOWS_SRV_NAME=<NAME OF WINDOWS SERVICE>
WINDOWS_SRV_DESC=<DESCRIPTION OF WINDOWS SERVICE>
WINDOWS_OUT_FILE=<WINDOWS EXECUTABLE OUTPUT PATH>
LINUX_SRV_NAME=<NAME OF LINUX SERVICE>
LINUX_SRV_DESC=<DESCRIPTION OF LINUX SERVICE>
LINUX_OUT_FILE=<LINUX ELF BINARY OUTPUT PATH>
MAC_SRV_NAME=<NAME OF MACOS LAUNCHCTL SERVICE>
MAC_SRV_DESC=<DESCRIPTION OF MACOS LAUNCHCTL SERVICE>
MACOS_OUT_FILE=<MACOS MACH-O BINARY OUTPUT PATH>
Then, to compile the implant you should be able to run make all
The C2 is designed to sit behind as many proxy servers as you want. We utilize socat
for our proxy servers, so please install the socat
package on all proxy server boxes.
The make all
command will generate proxy scripts in the out/scripts
directory. The scripts will be labeled <IP ADDR>-proxy.sh
and <IP ADDR>-unproxy.sh
. The IP Addresses match to each proxy server and should be run on the proxy servers in order to automatically configure socat
.
In order to regenerate the protobufs, you're going to need protoc
.
# Install the go extensions
go install google.golang.org/protobuf/cmd/protoc-gen-go@latest
# Install protoc
PB_REL="https://github.com/protocolbuffers/protobuf/releases"
curl -LO $PB_REL/download/v3.15.8/protoc-3.15.8-linux-x86_64.zip
unzip protoc-3.15.8-linux-x86_64.zip -d $HOME/.local
Then add this line to your shell's rc file:
export PATH="$PATH:$HOME/.local/bin"
In order to generate the protobuf go code, run the following:
protoc --proto_path=proto --go_out=. implant.proto