Relay Agent Reverse TCP Listener
This relay listener uses an existing agent to accept reversed connections. Instead of opening ports on the C2 system, a selected agent is configured to listen for connections. New agents connect to this relay agent, which then forwards all communication through the established channel.
Plugin ID: shelldot.listener.relay-agent-reverse-tcp
Configuration
The table below documents all available configuration parameters:
| Attribute | Description |
|---|---|
| relayAgentGuid | GUID of the existing agent that will be configured to listen for connections. |
| hosts | Array of hostnames or IP addresses where the relay agent can be reached. |
| port | TCP port on which the relay agent will listen for connections. |
| handshakeBytes | Random bytes used for the initial handshake between agents. |
| startTime | (Optional) UTC start time if the listener should not start immediately. |
Operation Flow
| Stage | Action |
|---|---|
| Setup | Existing agent is configured to listen on specified port |
| Connection | New agent connects to relay agent using provided hosts |
| Communication | All traffic is routed through the relay agent |
| Security | Adds layer of indirection between new agent and C2 |