Poshc2 - C2 Server In Addition To Implants


PoshC2 is a proxy aware C2 framework that utilises Powershell and/or equivalent (System.Management.Automation.dll) to assistance penetration testers amongst ruby teaming, post-exploitation together with lateral movement. Powershell was chosen equally the base of operations implant linguistic communication equally it provides all of the functionality together with rich features without needing to innovate multiple tertiary political party libraries to the framework.
In add-on to the Powershell implant, PoshC2 too has a basic dropper written purely inwards Python that tin survive used for command together with command over Unix based systems such equally Mac OS or Ubuntu.
The server-side element is written inwards Python for cross-platform portability together with speed, a Powershell server element nonetheless exists together with tin survive installed using the 'Windows Install' equally shown below but volition non survive maintained amongst hereafter updates together with releases.

Linux Install Python3
Automatic install for Python3 using ringlet & bash
curl -sSL https://raw.githubusercontent.com/nettitude/PoshC2_Python/master/Install.sh | bash
Manual install Python3
wget https://raw.githubusercontent.com/nettitude/PoshC2_Python/master/Install.sh chmod +x ./Install.sh ./Install.sh

Linux Install Python2 - stable but unmaintained
Automatic install for Python2 using ringlet & bash
curl -sSL https://raw.githubusercontent.com/nettitude/PoshC2_Python/python2/Install.sh | bash
Manual install Python2
wget https://raw.githubusercontent.com/nettitude/PoshC2_Python/python2/Install.sh chmod +x ./Install.sh ./Install.sh

Windows Install
Install Git together with Python (and ensure Python is inwards the PATH), together with thus run:
powershell -exec bypass -c "IEX (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/nettitude/PoshC2_Python/master/Install.ps1')"

Using older versions
You tin usage an older version of PoshC2 past times referencing the appropriate tag. You tin listing the tags for the repository past times issuing:
git tag --list
or viewing them online.
Then you lot tin usage the install one-liner but supersede the branch get upward amongst the tag:
curl -sSL https://raw.githubusercontent.com/nettitude/PoshC2_Python//Install.sh | bash
For example:
curl -sSL https://raw.githubusercontent.com/nettitude/PoshC2_Python/v4.8/Install.sh | bash

Offline
If you lot conduct hold a local clone of PoshC2 you lot tin modify the version that is inwards usage past times but checking out the version you lot desire to use:
git reset --hard 
For example:
git reset --hard v4.8
However authorities notation that this volition overwrite whatsoever local changes to files, such equally Config.py together with you lot may conduct hold to re-run the install script for that version or re-setup the surroundings appropriately.

Running PoshC2
  1. Edit the config file past times running posh-config to opened upward it inwards $EDITOR. If this variable is non develop together with thus it defaults to vim, or you lot tin usage --nano to opened upward it inwards nano.
  2. Run the server using posh-server or python3 -u C2Server.py | tee -a /var/log/poshc2_server.log
  3. Others tin stance the log using posh-log or tail -n 5000 -f /var/log/poshc2_server.log
  4. Interact amongst the implants using the handler, run past times using posh or python3 ImplantHandler.py

Installing equally a service
Installing equally a service provides multiple benefits such equally existence able to log to service logs, viewing amongst journalctl together with automatically starting on reboot.
  1. Add the file inwards systemd (this is automatically done via the install script)
cp poshc2.service /lib/systemd/system/poshc2.service
  1. Start the service
posh-service
  1. View the log:
posh-log
  1. Or alternatively us journalctl (but authorities notation this tin survive charge per unit of measurement limited)
journalctl -n 20000 -u poshc2.service -f --output cat
Note that re-running posh-service volition restart the posh-service. Running posh-service volition automatically outset to display the log, but Ctrl-C volition non halt the service alone quit the log inwards this instance posh-log tin survive used to re-view the log at whatsoever point. posh-stop-service tin survive used to halt the service.

Issues / FAQs
If you lot are experiencing whatsoever issues during the installation or usage of PoshC2 delight depository fiscal establishment check the known issues below together with the opened upward issues tracking page inside GitHub. If this page doesn't conduct hold what you're looking for delight opened upward a novel lawsuit together with nosotros volition sweat to resolve the lawsuit asap.
If you lot are looking for tips together with tricks on PoshC2 usage together with optimisation, you lot are welcome to bring together the slack channel below.

License / Terms of Use
This software should alone survive used for authorised testing action together with non for malicious use.
By downloading this software you lot are accepting the damage of usage together with the licensing agreement.

Documentation
We keep PoshC2 documentation over at https://poshc2.readthedocs.io/en/latest/
Find us on #Slack - poshc2.slack.com (to asking an invite shipping an electronic mail to labs@nettitude.com)

Known issues

Error encrypting value: object type
If you lot give-up the ghost this fault after installing PoshC2 it is due to dependency clashes inwards the pip packages on the system.
Try creating a virtualenv inwards python together with re-install the requirements thus that the exact versions specified are inwards usage for PoshC2. Make certain you lot deactivate when you've finished inwards this virtualenv.
For example:
pip install virtualenv virtualenv /opt/PoshC2_Python/ source /opt/PoshC2_Python/bin/activate pip install -r requirements.txt python C2Server.py
Note anytime you lot run PoshC2 you lot conduct hold to reactivate the virtual surroundings together with run it inwards that.
The usage of a virtual surroundings is abstracted if you lot usage the posh- scripts on *nix.