|
4 | 4 | </p> |
5 | 5 |
|
6 | 6 | # Maliketh |
7 | | -Maliketh is a multi-user, customizable C2 framework. The goal of Maliketh is to provide a flexible, easy to use C2 framework that can be customized to fit the needs of the operator. |
| 7 | +Maliketh is a multi-user, customizable C2 framework. The goal of Maliketh is to provide a flexible, easy to use C2 framework that can be customized to fit the needs of the operator. The poster used in the initial presentation is located [here](./data/Maliketh%20C2%20Poster.png). |
8 | 8 |
|
9 | 9 | ## Server features |
10 | 10 | * Multi-user (operators) |
11 | 11 | * Easily configurable (via YAML files) |
12 | 12 | * Easily deployable (via Docker) |
13 | 13 |
|
14 | 14 | ## Implant features |
| 15 | +The implant is written in C++ and targeted for Windows. The main feature of the implant is its ability to change its behavior based on the configuration file it receives from the server. This allows the operator to customize the implant to fit their needs. The implant also has the following features (see [here](./design/opcodes.md) for more info): |
| 16 | +* File upload/download |
| 17 | +* Command execution |
| 18 | +* Shellcode injection |
| 19 | +* Update configuration |
| 20 | +* Send system information |
| 21 | +* Self-destruct |
| 22 | +* Sleep |
| 23 | +* Basic Anti-debugging |
| 24 | +* *Very* Basic Anti-VM |
| 25 | +* Sleep skipping detection |
15 | 26 |
|
16 | 27 |
|
| 28 | +## Server deployment |
| 29 | +To start the server, 90% of your work can be done by running the following command in the `server/` directory: |
| 30 | + |
| 31 | +```bash |
| 32 | +docker-compose --env-file .env up -d |
| 33 | +``` |
| 34 | + |
| 35 | +Note: You will need to create a `.env` file in the `server/` directory. See `.env.example` for an example. |
| 36 | + |
| 37 | +The only thing left to do is bootstrap the database and create the admin user. To do this, run the following command: |
| 38 | + |
| 39 | +```bash |
| 40 | +./bootstrap_db.sh |
| 41 | +``` |
| 42 | + |
| 43 | +The output of this script will be a JSON configuration for the admin user. You can use this with the maliketh [client](./client/) to connect to the server. |
| 44 | + |
| 45 | +## Ideal server setup |
| 46 | +An ideal setup would involve 2 servers. 1 running nginx which the implants connect back to, and 1 running the actual server. This would allow you to use a domain name for the implants to connect to, and also allow you to use SSL. The nginx server would be configured to proxy all traffic to the server. The nginx server would also be configured to use SSL. The server would be configured to only accept connections from the nginx server. This would allow you to use SSL, but not have to worry about the overhead of SSL on the server. |
| 47 | + |
| 48 | +On the server side, Wireguard should be installed and configured. The server should be configured to only accept connections from the Wireguard interface. Wireguard keys should be generated for each operator. The server should be configured to only accept connections from the Wireguard interface. |
| 49 | + |
| 50 | +<p align="center"> |
| 51 | + <img src="./data/Maliketh%20Network%20Diagram.png" alt="Ideal setup" width="500"/> |
| 52 | +</p> |
| 53 | + |
17 | 54 | ## Future work |
18 | 55 | - [ ] Implement Golang client |
| 56 | +- [ ] Per-operator builder in-server |
19 | 57 | - [ ] Stealer/basic looter |
20 | 58 | - [ ] Keylogger |
21 | 59 | - [ ] Route RabbitMQ traffic through Admin listener instead of directly connecting |
|
0 commit comments