Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add pluggable C2 transport mechanism to metasploit #16937

Open
adfoster-r7 opened this issue Aug 24, 2022 · 0 comments
Open

Add pluggable C2 transport mechanism to metasploit #16937

adfoster-r7 opened this issue Aug 24, 2022 · 0 comments
Labels
breaking change Features that are great, but will cause breaking changes and should be deployed on a large release. suggestion-feature New feature suggestions

Comments

@adfoster-r7
Copy link
Contributor

Placeholder ticket, nothing actionable here - with no plans to implement it currently. Just creating a dedicated Github issue for this for tracking purposes

Related to the Github discussion: #14490

A lot of post exploit frameworks have a pluggable mechanism for C2 transport evasion.

Meterpreter Transport and Scalability Overhaul
The Meterpreter Protocol “TLV” is enhanced to support modern features such as logging, unidirectional messages, obfuscation, sequence number reassembly and more. This feature will enable Meterpreter sessions to be more robust, faster, and evade detection with greater ease than before.

Additionally, Meterpreter payload listeners, rather than being integrated straight into msfconsole, will run as an independent process that communicates with msfconsole (1 or more users) over RPC similar to the msfdb_ws (Metasploit Database Web Service). The external listener then replaces the ‘metasploit-aggregator’ project by not requiring an intermediate proxy to park or share sessions, these are done directly by having the listeners independent of console users.

Listener capabilities be embeddable directly into Meterpreter payloads, allowing local listeners and remote listeners internal to other networks could be implemented the same way, enabling greater scalability and facilitating pivoting across more complex networks, allowing better post-exploitation possibilities in modern network environments.

Integration with external C2 frameworks
If listeners are externalized, then there is an API layer both for interactive interaction with remote sessions, and a way for the Post-exploitation API to communicate with the external sessions. That should mean that if an external C2 framework supports at minimum shell interaction, a bulk of the Post-exploitation API should be applicable against external C2 frameworks as well. Metasploit would then be able to integrate both with other open-source C2 frameworks, as well as private ones.

https://docs.metasploit.com/docs/development/propsals/msf6-feature-proposals.html#payloads-and-post-exploitation
@adfoster-r7 adfoster-r7 added suggestion-feature New feature suggestions breaking change Features that are great, but will cause breaking changes and should be deployed on a large release. labels Aug 24, 2022
@rapid7 rapid7 locked and limited conversation to collaborators Aug 24, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
breaking change Features that are great, but will cause breaking changes and should be deployed on a large release. suggestion-feature New feature suggestions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adfoster-r7