/IC2

A penetration testing framework for deploying a Client & Implants that communicate using RTC in a P2P network without the need of a C2.

Primary LanguageJavaScript

IC2 - P2P RTC Penetration Testing Framework

Introduction

  • This penetration testing framework was developed to help launch an attack, both anonymously and efficiently, without the need of deploying a permanent C2.
  • This framework provides the ability to create a unique payload that communicates to the client directly through RTC.
  • When the client is out-of-reach, the P2P Network allows the Implant to communicate with others to self-update and share un-transferred useful data.
  • The client is a website that runs on localhost, once connected to it, it will start communicating with implants.
  • Since the communication protocol is RTC, the Client can be deployed on any public network without the need to port forward, making it ideal to run the Client on public networks.

Functionality

  • Once executed, the payload will attempt to create persistence on the machine and setup a working directory, it then will then attempt to initiate the connection to the client.

  • The Implants life cycle is described below: lifecycle

  • The implant includes the following functionality:

    • System Info
    • Command shell
    • Steal credentials
    • Steal data
    • Drop .exe (base64 strings)
    • Display video
    • Popup message
  • The Client/C2 includes the following functionality:

    • Friendly GUI
    • Individual implant control panel
    • Host scripts in base64 string

User Interface

Current

current

Upcoming

upcoming

Sources

Presentation

  • You can find the presentation here

Demo video

  • Demo Malware.mp4

Diagrams

first second

Collaboration

  • Alvaro : Worked mostly on implant
  • Aidan : Worked mostly on C2/client