Skip to content

Reverse TCP listener for built agents

The simple TCP connection channel is a straightforward, unobstructed communication link between an agent (functioning as a client) and the Command and Control (C2) system (acting as a server). Here's a more detailed explanation:

  1. TCP Connection Establishment:

  2. The agent initiates a TCP connection to the C2 system. In this setup, the C2 is configured to listen on a specific TCP port, ready to accept incoming connections from the agent.

  3. Direct Server-Client Communication Model:

  4. This model follows the traditional server-client communication structure, where the C2 server listens for and manages incoming connections from client agents.

  5. Unrestricted Data Transmission:

  6. Once the connection is established, all traffic between the agent and C2 is transmitted as generated. This implies that the data flow is continuous and in real-time, without any imposed delays or interruptions.

  7. No Sleeps or Bandwidth Limits:

  8. The key characteristic of this channel is the absence of any artificial sleeps (delays) or bandwidth limits. The data is sent and received as soon as it's available, ensuring immediate and uninterrupted communication.

  9. Operational Implications:

  10. This approach is typically favored for scenarios that require quick and consistent data exchange. However, it's worth noting that the lack of sleeps or bandwidth throttling can make the traffic more detectable to network monitoring systems, as it might stand out from normal, variably-paced internet traffic.

This TCP connection channel is ideal for operations where speed and immediacy are prioritized over stealth or bandwidth conservation. It offers a straightforward, efficient means of communication between an agent and C2, suitable for various operational needs.

Plugin ID: shelldot.listener.agent-reverse-tcp

Configuration

  • hosts - String array of the IP-s and hostnames the agent will use to connect C2
  • port - On what port the TCP listener is listening for connection
  • handshakeBytes - Bytes used for initial handshake between C2 and agent. Should be random
  • startTime - If listener should not start right away then this value defines starting time (for example "2023-04-10T11:02:09Z")