Reverse TCP Listener for Built Agents
This listener creates a direct TCP connection channel between an agent (client) and the C2 (server). Unlike HTTP listeners, it transmits data immediately without delays or bandwidth restrictions, prioritizing speed over stealth.
Plugin ID: shelldot.listener.agent-reverse-tcp
Configuration
The table below documents all available configuration parameters:
| Attribute | Description |
|---|---|
| hosts | Array of IP addresses or hostnames the agent will use to connect to C2. |
| port | TCP port on which the listener accepts connections. |
| handshakeBytes | Random bytes used for initial handshake between C2 and agent. |
| startTime | (Optional) UTC start time if the listener should not start immediately. |
Operation Details
| Feature | Behavior |
|---|---|
| Connection | Agent initiates TCP connection to C2 |
| Data Flow | Immediate transmission without delays |
| Bandwidth | No artificial limits or throttling |
| Traffic Pattern | Continuous, real-time communication |
| Best Use Case | Scenarios prioritizing speed over stealth |
Note: Due to the lack of traffic shaping, this connection type may be more detectable by network monitoring systems.