Skip to content

Reverse TCP listener for built agents

Simple TCP connection channel created between agent (as client) and C2(as server - listens on configured TCP port). All traffic is sent as it is generated without sleeps or bandwidth limits.

Plugin ID: shelldot.listener.agent-reverse-tcp

Configuration

  • hosts - String array of the IP-s and hostnames the agent will use to connect C2
  • port - On what port the TCP listener is listening for connection
  • handshakeBytes - Bytes used for initial handshake between C2 and agent. Should be random
  • startTime - If listener should not start right away then this value defines starting time (for example "2023-04-10T11:02:09Z")

Example(POST content)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
POST /api/v1/listeners HTTP/1.1
Authorization: Bearer {JWT_TOKEN}
Content-Type: application/json

{
  "plugin": "shelldot.listener.agent-reverse-tcp",
  "name": "my-tcp-reverse-listener",
  "configuration": {
    "hosts": [
      "192.168.32.135"
    ],
    "port": 5555,
    "handshakeBytes": "QUFBQQ==",
    "startTime": "2023-04-10T11:02:09Z"
  }
}