- How agent messages are formatted
- How to perform initial checkins and do encrypted key exchanges
- How to Get Tasking
- How to Post Responses
- Uploading Files
-
Name- When creating payloads or issuing tasking, you will get a dictionary ofname->user supplied valuefor you to leverage. This is a unique key per C2 profile (ex:callback_host) -
description- This is what’s presented to the user for the parameter (ex:Callback host or redirector in URL format) -
default_value- If the user doesn’t supply a value, this is the default one that will be used -
verifier_regex- This is a regex applied to the user input in the UI for a visual cue that the parameter is correct. An example would be^(http|https):\/\/[a-zA-Z0-9]+for thecallback_hostto make sure that it starts with http:// or https:// and contains at least one letter/number. -
required- Indicate if this is a required field or not. -
randomized- This is a boolean indicating if the parameter should be randomized each time. This comes into play each time a payload is generated with this c2 profile included. This allows you to have a random value in the c2 profile that’s randomized for each payload (like a named pipe name). -
format_string- Ifrandomizedistrue, then this is the regex format string used to generate that random value. For example,[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}will generate a UUID4 each time.