Skip to content

Reverse TCP Listener for Built Agents

This listener creates a TCP connection channel between the agent (client) and the C2 server. The agent connects to the C2 listener by using one or more specified hosts and port. All data is transmitted immediately without sleep or bandwidth limits.

Plugin ID: shelldot.listener.agent-reverse-tcp

Configuration Reference

Parameter Type Required Default Description
hosts string[] Yes - Array of IP addresses or hostnames the agent will use to connect to C2.
port int Yes - TCP port on which the C2 server listens for connections.
handshakeBytes string No "" Base64-encoded random bytes used for the initial handshake between the C2 and the agent.
startTime string No - Optional UTC start time if the listener should delay its start (e.g. 2025-04-10T11:02:09Z).

Configuration Scenarios

Scenario 1 - Basic TCP Reverse Connection

The minimal configuration for an agent connecting back over TCP to a single C2 host.

1
2
3
4
5
{
  "port": 5555,
  "hosts": ["192.168.32.135"],
  "handshakeBytes": ""
}

Scenario 2 - Multi-Host with Delayed Start

The agent connects to one of multiple hosts and the listener activates at a scheduled time.

1
2
3
4
5
6
7
8
9
{
  "port": 5555,
  "hosts": [
    "192.168.32.135",
    "10.0.0.50"
  ],
  "handshakeBytes": "QUFBQQ==",
  "startTime": "2025-04-10T11:02:09Z"
}

Example (POST Request)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
POST /api/v1/listeners HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "plugin": "shelldot.listener.agent-reverse-tcp",
  "name": "my-tcp-reverse-listener",
  "configuration": {
    "hosts": [
      "192.168.32.135"
    ],
    "port": 5555,
    "handshakeBytes": "QUFBQQ==",
    "startTime": "2023-04-10T11:02:09Z"
  }
}