本文由简悦 SimpRead 转码，原文地址 mp.weixin.qq.com

C3 是由 MWR InfoSecurity 维护的开源软件，其项目地址为：https://github.com/mwrlabs/C3 其一开始由 William Knowles 和 Dave Hartley 在 BlueHat v18 上提出，并在现在成功被大家所使用。

在理解 C3 之前，希望大家可以看一下它的术语，这边就不做翻译了，每个人有每个人的理解，见仁见智

Relays – An executable to be launched on a compromised host. Relays communicate through Interfaces either between one another or back to the gateway.
Gateway – A special relay that controls one C3 network. A C3 network cannot operate without an operational gateway. The gateway is the bridge back to the attacker’s infrastructure from Relays. The Gateway is also responsible for communicating back to a third-party C2 server (such as Cobalt Strike’s Teamserver).
Channels - An agreed scheme for relays to pass data between each other. For example Slack’s API.
Gateway Return Channel (GRC) - The configured channel that a relay will use to send data back to the gateway. Note that the GRC may be a route through another relay.
Interfaces – A high level name given to anything that facilitates the sending and receiving of data within a C3 network.
Routes – An intended path of communication across relays back to the gateway.
Peripheral – A third-party implant of a command and control framework. Peripherals talk to their native controllers via a ‘Controller’. For example, Cobalt Strike’s SMB beacon.
Connector – An integration with a third-party command and control framework. For instance the ‘External C2’ interface exposed by Cobalt Strike’s Teamserver through the externalc2_start command.

颜色的意义：

我们下载 C3 并安装好依赖之后，打开其默认的地址

http://localhost:52935/

填写好相应的字段之后，将会提示并下载，内容为一个 exe 文件和一个 json 文件：

运行后 C3 显示下面的页面：

然后可以选择命令执行：

填写相关选项便可执行命令：

执行后产生 Channels，双击可查看相关信息

现在 Cs 上面新建一个 cna 文件：

externalc2_start（“ <teamserver-ip>”，2222）;

然后加载该文件，并在 C3 上面链接

链接后出现云的图标：

关于 C3 的更多操作这里就不演示了，有兴趣的可以自己探索一下。

▼

更多精彩推荐，请关注我们

▼

Provide feedback

Saved searches