An embedded firmware command and control server.
Commander : Textual Application
Server : Flask Application
Client : Custom ESP-32 Firmware
Change BASE_URL if the C2 server is on a separate server. Then, simply run the following:
> python app.py
Recommendation is to run this with a public IP address for callbacks.
- Create a virtual environment (Windows)
python -m venv .venv
./.venv/Scripts/activate.ps1
- Install flask with dependencies
pip3 install flask
pip install -U Flask-SQLAlchemy
- Run the flask app
flask run --app server.py --host=0.0.0.0 -p 80
Firmware was designed for the LilyGo T-Dongle S3 which is just an ESP32-S3 board with direct UART communication. Once the board is connected, do the following.
-
Install the platformio extension on VSCode
-
Open the
emb-firmwaredirectory in VSCode -
Make a copy of
wifi_setup.h.sampleand name itwifi_setup.h -
Change based on the known information.
CALLBACK_IPis the only required variable.WIFI_SSIDandWIFI_PASSWORDare useful but as long as the target host is connected to WiFi, the USB will find it -
Upload firmware to the board with auto serial port setting
-
Plut in the USB to the target
- Stream keyboard input directly to usb
- In-memory executables
- Drop reverse shell (with AMSI bypass)
- Enable and execute RDP
HTTP traffic: https://randomnerdtutorials.com/esp32-http-get-post-arduino/
