Relay Agent Bind TCP listener
The relay type of listener in this context functions uniquely, as it does not establish a listening socket or any receiving mechanism within the Command and Control (C2) system. Instead, it operates through an existing agent connection, utilizing a different approach for network communication and control. Here's how it works:
-
Configuration of the New Agent: Instead of creating a listening endpoint on C2, the relay listener configures a new agent to start listening for connections on a specified port. This port is defined during the setup of the relay listener.
-
Utilizing an Existing Agent: To initiate a connection with this newly configured agent, a command, such as "connect-tcp", is executed on another existing agent. This command includes the IP and port details of the newly created agent.
-
Establishing a New Connection: Upon execution of the "connect-tcp" command, a new connection is established. This connection is not direct; rather, it is routed through the agent where the "connect-tcp" command was executed.
-
Communication Through the Intermediate Agent: Any communication with the newly created agent is facilitated through the agent that executed the "connect-tcp" command. This method essentially leverages the existing agent as a relay point, allowing for indirect communication and control over the new agent.
This relay listener approach is particularly useful in complex network environments where direct communication between C2 and a new agent might be risky or impractical. By using an existing agent as a conduit, it adds an additional layer of obfuscation and flexibility in the operational structure.
Plugin ID: shelldot.listener.relay-agent-bind-tcp
Configuration
- port - On what port the agent will start waiting for TCP connection