- Uploading Files
- How agent messages are formatted
- How to perform initial checkins and do encrypted key exchanges
- How to Get Tasking
- How to Post Responses
-
Name
- When creating payloads or issuing tasking, you will get a dictionary ofname
->user supplied value
for you to leverage. This is a unique key per C2 profile (ex:callback_host
) -
description
- This is what’s presented to the user for the parameter (ex:Callback host or redirector in URL format
) -
default_value
- If the user doesn’t supply a value, this is the default one that will be used -
verifier_regex
- This is a regex applied to the user input in the UI for a visual cue that the parameter is correct. An example would be^(http|https):\/\/[a-zA-Z0-9]+
for thecallback_host
to make sure that it starts with http:// or https:// and contains at least one letter/number. -
required
- Indicate if this is a required field or not. -
randomized
- This is a boolean indicating if the parameter should be randomized each time. This comes into play each time a payload is generated with this c2 profile included. This allows you to have a random value in the c2 profile that’s randomized for each payload (like a named pipe name). -
format_string
- Ifrandomized
istrue
, then this is the regex format string used to generate that random value. For example,[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}
will generate a UUID4 each time.