gwen001
commented
1 year ago Problem occured with the following fields:
imagenot found
Check the guidelines or use the template created for that purpose.
Closed piyush-security closed 1 year ago
gwen001
commented
1 year ago Problem occured with the following fields:
image not foundCheck the guidelines or use the template created for that purpose.
gwen001
commented
1 year ago Issue correctly handled, tool is waiting for human validation.
gwen001
commented
1 year ago Tool has been accepted by the team: https://offsec.tools/tool/nimbo-c2
Thank you for your contribution!
[link] https://github.com/itaymigdal/Nimbo-C2 [/link]
[tags] command-and-control, framework [/tags]
[short_descr] Nimbo-C2 is yet another (simple and lightweight) C2 framework [/short_descr]
[long_descr]
Nimbo-C2
Nimbo-C2 agent supports x64 Windows & Linux. It's written in Nim, with some usage of .NET on Windows (by dynamically loading the CLR to the process). Nim is powerful, but interacting with Windows is much easier and robust using Powershell, hence this combination is made. The Linux agent is slimer and capable only of basic commands, including ELF loading using the memfd technique.
All server components are written in Python:
HTTP listener that manages the agents.
Builder that generates the agent payloads.
Nimbo-C2 is the interactive C2 component that rule'em all!
Features
Build EXE, DLL, ELF payloads.
Encrypted implant configuration and strings using NimProtect.
Packing payloads using UPX and obfuscate the PE section names (UPX0, UPX1) to make detection and unpacking harder.
Encrypted HTTP communication (AES in CBC mode, key hardcoded in the agent and configurable by the config.jsonc).
Auto-completion in the C2 Console for convenient interaction.
In-memory Powershell commands execution.
File download and upload commands.
Built-in discovery commands.
Screenshot taking, clipboard stealing, audio recording.
Memory evasion techniques like NTDLL unhooking, ETW & AMSI patching.
LSASS and SAM hives dumping.
Shellcode injection.
Inline .NET assemblies execution.
Persistence capabilities.
UAC bypass methods.
ELF loading using memfd in 2 modes.
And more !
[/long_descr]
[image]
[/image]
[image]