C3简单操作

C3是由MWR InfoSecurity维护的开源软件，其项目地址为：https://github.com/mwrlabs/C3 其一开始由William Knowles和Dave Hartley在BlueHat v18上提出，并在现在成功被大家所使用。

在理解C3之前，希望大家可以看一下它的术语，这边就不做翻译了，每个人有每个人的理解，见仁见智

• Relays – An executable to be launched on a compromised host. Relays communicate through Interfaces either between one another or back to the gateway.
• Gateway – A special relay that controls one C3 network. A C3 network cannot operate without an operational gateway. The gateway is the bridge back to the attacker’s infrastructure from Relays. The Gateway is also responsible for communicating back to a third-party C2 server (such as Cobalt Strike’s Teamserver).
• Channels - An agreed scheme for relays to pass data between each other. For example Slack’s API.
• Gateway Return Channel (GRC) - The configured channel that a relay will use to send data back to the gateway. Note that the GRC may be a route through another relay.
• Interfaces – A high level name given to anything that facilitates the sending and receiving of data within a C3 network.
• Routes – An intended path of communication across relays back to the gateway.
• Peripheral – A third-party implant of a command and control framework. Peripherals talk to their native controllers via a ‘Controller’. For example, Cobalt Strike’s SMB beacon.
• Connector – An integration with a third-party command and control framework. For instance the ‘External C2’ interface exposed by Cobalt Strike’s Teamserver through the externalc2_start command.

颜色的意义：

• Green - Active.
• Gray - Inactive for 5 minutes,
• Yellow - Unknown state after Gateway reboot.
• Red - Error.

我们下载C3并安装好依赖之后，打开其默认的地址

http://localhost:52935/

填写好相应的字段之后，将会提示并下载，内容为一个exe文件和一个json文件：

运行后C3显示下面的页面：

然后可以选择命令执行：

填写相关选项便可执行命令：

执行后产生Channels，双击可查看相关信息

现在Cs上面新建一个cna文件：

externalc2_start（“ <teamserver-ip>”，2222）;

然后加载该文件，并在C3上面链接

链接后出现云的图标：

关于C3的更多操作这里就不演示了，有兴趣的可以自己探索一下。