Skip to content
xtr4nge edited this page Dec 3, 2017 · 4 revisions

FruityC2 Web Client

This is a web client to interact with the FruityC2 API. The client is a single page divided in 5 sections: Interact, Listener, Payload, Delivery, Config. With this client, it is possible to control mainly all the options and functionalities included in FruityC2. There is a section to display the alerts related with the number of targets/agents, chat messages and web logs.



Main Menu

The main menu is divided in 5 sections:

View: Switches between the “List View” and the “Nodes View” (not fully implemented) to interact with the targets/agents.
Data: These 4 options will display the captured Credentials, Downloaded Files, Keystrokes (will be implemented soon) and Screenshots taken from targets/agents.
Code Generator: Opens the Code Generator window.
Connection: Allows changing the connections details (not fully implemented).
Logout: Closes the current session (not fully implemented).

Alerts

These options shows the alerts for the number of targets/agents, chat messages and web logs.

Targets/Agents

OS: Operation System type and version.
External: External IP (will be implemented soon).
Internal: Internal IP
User: Current username
Computer: Computer name
Last: Seconds/Minutes passed after the last beacon was received from the target/agent.

Interact

From this section you can interact with the target/agent selected. There are different commands that can be executed and these can be listed clicking on the “question mark” icon. After executing a command, the results will be displayed on the log window (below the command input). For the moment, it is only possible to execute commands on the selected target/agent. After switching the target/agent the log of it will be loaded on the log window.



Listener

From this section you can create, remove and modify listeners that will be used by the agents. To create a new listener click on the + icon on “+ Listeners”.



Status: Option to enable/disable the listener
Port: Port being used by the listener
Name: Listener name
SSL: Shows if SSL is set for this listener
Host: IP being used by the listener

Payload


Payloads (Code): These are not physical files. The code for this block can be created using the Code Generator from the main menu (gears icon). To create a new item use the + icon from “+ Payloads (Code)”
Payloads (File): These are physical files that can be uploaded using the + icon from “+ Payloads (File)”

Delivery

From this section you can create, remove and modify the paths to deliver payloads (code or files). To create a new web delivery path, click on the + icon on “+ Web Delivery”. The Payloads (Code) can be delivered as Download or as Text choosing from String/Download on Type.



Name: Descriptive name for the web delivery path.
Path: Path to get the payload/file. The path needs to start with “/”
Type: The type allows delivering a payload/file as a file (Download) or Text (String)
File Name: This is the name of the file that will be downloaded if type is “Download”.
Payload ID: This is the ID of the payload that will be delivered.

Config

This section will be implemented soon.

Commands

These are some of the commands that can be executed to interact with the targets/agents. More commands will be implemented soon. You can access this list clicking on the “question mark (?)” icon on the commands menu.



Modules

Apart from the standard commands that can be executed to interact with the targets/agents, it is possible to load modules. The list of modules can be extended adding the scripts into the “modules” folder in FruityC2. It is possible to use the scripts (modules) from Empire, PowerSploit, PowerShell-AD-Recon, Nishang, etc. You can access this list clicking the “Site Map” icon on the commands menu.



Demo Commands

There is a small list of demo commands that can be used to test FruityC2 and the client. This list can be accessed clicking on the “Play” icon on the commands menu. To execute the command, you just need to click on the command from the list.



Credentials

The captured credentials can be displayed from the “Data Section” on the main menu (Credentials). To obtain credentials/hashes from the target/agent, it is required to get elevated privileges first. Then you can use the commands “hashdump” and/or “mimikatz”.

Downloads

The downloaded files (from target/agent) can be displayed from the “Data Section” on the main menu (Downloads).

Keylogger

This functionality will be implemented soon.

Screenshots

The screenshots taken from the target/agent system can be displayed from the “Data Section” on the main menu (Screenshots).

Web Alerts

The web alerts informs the events occurring on the listeners, allowed or denied sources, interaction with default pages, unauthorized access attempts and more. This information is very useful to identify if we are having problems with the targets/agents or to identify if the blue-team is trying to obtain some information. For all requests that are not allowed, the response from the server will be “Page Not Found” (404), of course the default error page can be changed.



Team Chat

There is an inbuilt chat that can be accessed clicking the chat icon from the alerts section. The conversation on the chat is shared between all team members.



Code Generator

The code generator returns the Stager in different formats. For the moment, we can get powershell, powershell-command, HTA, VBA and SCT.



Connection and Login




Profiles

The profiles are used to redefine indicators and values between the target/agent and the server. The profiles on FruityC2 are based on the Malleable C2 profiles (https://github.com/rsmudge/Malleable-C2-Profiles) from Cobalt Strike. The profiles for FruityC2 are in JSON format, but the structure is the same as for Cobalt Strike so it is easy to convert one to another. Profiles are not fully implemented yet. The values being used at the moment are sleeptime, jitter, useragent, uri and server headers.



Clone this wiki locally