Skip to content

Relay Agent Reverse TCP Listener

This relay listener uses an existing agent to accept reversed connections. The selected (relay) agent, identified by its GUID, waits for an incoming connection on a specified port. When a new agent is executed, it will attempt to connect to this relay agent using one of its provided hosts. If successful, communication will be routed through the relay agent.

Plugin ID: shelldot.listener.relay-agent-reverse-tcp

Configuration

The table below details the required configuration parameters:

Attribute Description
relayAgentGuid The GUID of the existing agent that will listen for connections.
hosts An array of hostnames or IP addresses for the relay agent.
port The TCP port on which the relay agent will listen for incoming connections.
handshakeBytes Random bytes used for the initial handshake between the agents.
startTime (Optional) The start time for the listener if it should not start immediately (ISO format).

Example (POST Request)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
POST /api/v1/listeners HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "plugin": "shelldot.listener.relay-agent-reverse-tcp",
  "name": "my-relay-tcp-reverse-listener",
  "configuration": {
    "relayAgentGuid": "de1b8bbe-3ba3-4d46-bb92-c2011515cea9",
    "hosts": [
      "192.168.32.135"
    ],
    "port": 5555,
    "handshakeBytes": "QUFBQQ==",
    "startTime": "2023-04-10T11:02:09Z"
  }
}