PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework. PowerShell was chosen as the base language as it provides all of the functionality and rich features required without needing to introduce multiple languages to the framework.
Requires only Powershell v2 on the client.
PoshC2 can be installed on almost any operating system post Windows XP, for example Windows 7, Windows 8, Windows 10, Server 2008, 2012, 2016.
PyshC2 can be installed on most linux based systems that are capable of running Python. We have testing on a variation of Kali and Ubuntu based systems.
Personally, we would recommend Either Ubuntu or Windows 10 which come with Powershell v5 by default. If you are using Windows Defender or any other host Anti-Virus it is recommended that you add an exclusion on the folder or location of the PoshC2 install and its sub directories where you will use PoshC2. To install PoshC2, we have generated a simple one liner that can be called from either Powershell or Command prompt.
To install PyshC2 on Ubuntu from a Terminal run the following:
curl -sSL https://raw.githubusercontent.com/nettitude/PyshC2/master/Install.sh | bash
To install PoshC2 from Command prompt run the following:
powershell -exec bypass -c "IEX (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/nettitude/PoshC2/master/C2-Installer.ps1')"
To install PoshC2 from Powershell run the following command:
IEX (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/nettitude/PoshC2/master/C2-Installer.ps1')
Keep In Touch¶
Find us on Twitter - @Nettitude_Labs
Find us on Slack - poshc2.slack.com (Send email to labs below to be added to slack channel )
Find us on Email - firstname.lastname@example.org