Mothership_c2

Description:#

Mothership C2 is my command and control server for managing and interacting with shell connections.

Features:#

Some features of Mothership include

• Encryption for sending commands and their outputs
• Shells being managed and interacted with HTTP

What is a C2?#

A C2 server is a Command and Control server, it helps with controlling and commanding shell connections. C2 servers are used by APTs (advanced persistent threats) and by red teams

That’s how they work simplified. There’s much more that they can do like handle multiple connections at once or support encryption.

How Does Mothership Work?#

Mothership supports encryption unlike some other C2s and uses a unique form of authentication to prevent invalid agents from connecting. A diagram of how the authentication works.

1. First the client creates a new agent ID
2. Agent is ran on the target with the API URL and the hashed agent ID
3. Agent ID is checked in the database
4. Key Exchange is performed to allow encryption

Key Exchange#

For the key exchange to work the agent generates its own set of keys and sends its public key for the API to encrypt commands and receives the server’s public key, so it can send encrypted outputs for commands. Keys generated by agents are stored in memory as an extra layer of security. Once an agent disconnects it’s keys no longer are valid and same with its ID because it would already exist in the database.

Why Is Golang Mentioned In The Tags?#

Golang is mentioned because it is what the client code is written in. Originally it was in python but Python’s “cmd” module is too slow, and so I switched it over to Go for performance. It also doesn’t make my laptop sound like it’s ready to go into space.