Skip to content

Relay Agent Bind SMB Listener

The relay-type listener does not create a listening socket or any other receiving mechanism on the C2 system. Instead, it operates through an already existing agent connection. In this case, the listener sets up an SMB pipe on which the newly created agent will start listening for connections. This mechanism offers an indirect method of communication via the SMB protocol, utilizing a named pipe rather than a network port. Communication with the new agent is routed through another existing agent, adding a layer of indirection and obfuscation.

Plugin ID: shelldot.listener.relay-agent-bind-smb

Configuration

  • pipename - The SMB pipe name that will be used for the listener.

Example(POST content)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
POST /api/v1/listeners HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "plugin": "shelldot.listener.relay-agent-bind-smb",
  "name": "my-relay-smb-bind-listener",
  "configuration": {
    "pipename": "my-pipe"
  }
}