Command and control (C2)
With a foot into the door, maintain persistence within the target environment, communicate with infected or compromised devices inside the network, and potentially exfiltrate sensitive data.
C2 frameworks are post-exploitation frameworks that allow red teamers to collaborate and control compromised machines. C2 is considered one of the most important tools for red teamers during offensive cyber operations. C2 frameworks provide fast and straightforward approaches to:
Generate various malicious payloads
Enumerate the compromised machine/networks
Perform privilege escalation and pivoting
This page looks at Cobalt Strike, PowerShell Empire, Metasploit. Most of these frameworks aim to support a convenient environment to share and communicate between red team operations once the initial access is gained to a system.
Cobalt Strike is a commercial framework that focuses on Adversary Simulations and Red Team Operations. It is a combination of remote access tools, post-exploitation capabilities, and a reporting system. It provides an agent with advanced techniques to establish covert communications and perform various operations, including key-logging, files upload and download, VPN deployment, privilege escalation techniques, mimikatz, port scanning, and the most advanced lateral movements. Even without much knowledge one can do (making it dangerous), and it is extremely expensive.
PowerShell Empire is an open-source framework that helps red team operators and pen testers collaborate across multiple servers using keys and shared passwords. It is an exploitation framework based on PowerShell and Python agents. PowerShell Empire focuses on client-side and post-exploitation of Windows and Active Directory environment. Starkiller is a GUI for Powershell Empire.
Installation on a Kali VM
Make a snapshot of the VM, so you can roll back in case something goes wrong.
sudo su apt update && apt -y full-upgrade
Make another snapshot, and install powershell empire and starkiller:
sudo apt install -y powershell-empire starkiller
empireadmin:password123. Change asap.
Start the server:
sudo powershell-empire server
Start the client:
sudo powershell-empire client
Start de GUI (if you wish, we do without):
Metasploit is a widely used exploitation framework that offers various techniques and tools to perform hacking easily. It is an open-source framework and is considered one of the primary tools for pentesting and red team operations. Metasploit is one of the tools we use a lot.