Getting Started with PoshC2 in a Linux Environment
About the Project
For the first time Arch Cloud Labs will be posting a video tutorial on how to get started with PoshC2 in a Linux environment. This video assumes some prior experience with Linux/offensive tooling frameworks, and provides just enough information to get you up and running with PoshC2. For those interested in what the exact configurations used in the video were, please checkout the snippets below.
Check out the video here.
PoshC2 Config
Below is the PoshC2 configuration used in the video.
# These options are loaded into the database on first run, changing them after
# that must be done through commands (such as set-defaultbeacon), or by
# creating a new project
# Server Config
BindIP: '127.0.0.1'
BindPort: 443
PoshInstallDirectory: "/opt/PoshC2/"
PoshProjectDirectory: "/opt/PoshC2_Project/"
# Database Config
DatabaseType: SQLite # or Postgres
PostgresConnectionString: "dbname='poshc3_project_x' port='5432' user='admin' host='192.168.111.111' password='XXXXXXX'" # Only used if Postgres in use
# Payload Comms
PayloadCommsHost: "https://www.dllcooljay.xyz"
PayloadCommsPort: 443
DomainFrontHeader: "" # example df.azureedge.net
Referrer: "" # optional
ServerHeader: "Apache"
# UserAgent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.122 Safari/537.36"
UserAgent: "Debian APT-HTTP/1.3 (1.6.6)"
DefaultSleep: "5s"
Jitter: 0.20
KillDate: "06/07/2020" # dd/MM/yyyy
UrlConfig: "urls" # Beacon URLs will be taken from resources/urls.txt if value is 'urls'. If value is 'wordlists' beacon URLs will be randomly generated on server creation from resources/wordlist.txt
# Payload Options
DefaultMigrationProcess: "C:\\Windows\\system32\\netsh.exe" # Used in the PoshXX_migrate.exe payloads
# Notifications Options
Sounds: "No"
NotificationsProjectName: "PoshC2"
EnableNotifications: "No"
# Pushover - https://pushover.net/
Pushover_APIToken: ""
Pushover_APIUser: ""
# SOCKS Proxying Options
SocksHost: "http://127.0.0.1:49031"