search

bolt-lightningQuickstart

This quickstart guide will walk through the fastest way of giving CrystalC2 a go. It assumes you will run the CrystalC2 server, client, and UDC2 forwarder on the same Linux machine; and that you'll run the shellcode on a separate Windows VM.

hashtag
UDC2

  1. Clone the HTTP UDC2 example from GitHub:

git clone https://github.com/crystal-c2/http-udc2-example.git

  1. Open http-udc2-example/http-module/src/udc2.c and replace "localhost" with the IP address running the UDC2 forwarder.

  2. Build the UDC2 library:

cd http-udc2-example/http-module/
make clean; make all
circle-info

This will produce http-udc2.x64.zip, which is the UDC2 library that will get merged into the Beacon.

  1. Run the HTTP forwarder.

cd ../http-forwarder/
sudo dotnet run
circle-info

This will listen on 0.0.0.0:80 and forward all HTTP POST requests to 127.0.0.1:1337.

hashtag
CrystalC2 server

  1. Download the latest release from https://github.com/crystal-c2/crystal-server/releasesarrow-up-right.

  2. Extract the tarball.

tar xf crystal-server.tar.gz

  1. Use the run script to start the server.

hashtag
CrystalC2 client

  1. Download the latest release from https://github.com/crystal-c2/crystal-client/releasesarrow-up-right.

  2. Extract the tarball.

  1. Use the crystal-client script to run the client.

  1. Login with any username and the password changeme.

hashtag
New Listener

  1. Click New Listener.

    1. Name: http

    2. Port: 1337

    3. UDC2: http-udc2.x64.zip

hashtag
Payload

  1. Click Shortcuts on the main window and select Payload.

  2. Select the http listener from the dropdown.

  3. Click Build Payload.

  4. Save beacon.x64.bin and inject it into a process.

PreviousWelcomeNextIntroduction

Last updated