Skip to content

Relay Agent Reverse TCP listener

Relay type of listener, so it will not create any listening socket or other receiver in C2 but works via some already existing agent connection. The listener will define an agent and port on what the selected agent will start listening for connection. If you now create new agent for that listener and execute it, then it will try to connect the selected agent. If this succeeds, it will create an new connection and the communication with the created agent will work through the agent selected in configuration.

Plugin ID: shelldot.listener.relay-agent-reverse-tcp

Configuration

  • relayAgentGuid - GUID of the existing agent that will start listening for connections
  • hosts - Hostnames/IPs of the agent defined by relayAgentGuid
  • port - On what port the TCP listener is listening for connection
  • handshakeBytes - Bytes used for initial handshake between agents. Should be random
  • startTime - If listener should not start right away then this value defines starting time (for example "2023-04-10T11:02:09Z")

Example(POST content)

POST /api/v1/listeners HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "plugin": "shelldot.listener.relay-agent-bind-tcp",
  "name": "my-relay-tcp-reverse-listener",
  "configuration": {
    "relayAgentGuid": "de1b8bbe-3ba3-4d46-bb92-c2011515cea9",
    "hosts": [
      "192.168.32.135"
    ],
    "port": 5555,
    "handshakeBytes": "QUFBQQ==",
    "startTime": "2023-04-10T11:02:09Z"
  }
}