Cyber security

NimPlant C2 : A Position Independent Code (PIC) Beacon

NimPlant C2 is a minimal Proof-of-Concept (PoC) beacon written in C, designed to operate as truly Position Independent Code (PIC) without relying on reflective loaders.

Developed by Tijme Gommers, this project showcases a beacon that is significantly smaller in size compared to traditional NimPlant beacons with reflective loaders, weighing in at approximately 30KB versus 800KB.

Key Features

  • Position Independent Code (PIC): The beacon is compiled directly to PIC, allowing it to execute without fixed addresses. This is achieved by manually resolving imports and storing required data on the stack.
  • AES Encryption: Data passed via JSON is encrypted using AES, enhancing security.
  • Command Support: Currently supports several implant commands, including cat, cd, cp, ls, pwd, and whoami. Future development aims to add support for additional commands like mv, shell, and others.
  • Metadata Retrieval: Capable of retrieving metadata and sending it back to the NimPlant server.
  1. Clone the Repository: Start by cloning the NimPlant C2 repository.
  2. Install Dependencies: Ensure you have MinGW installed.
  3. Modify Settings: Adjust implant settings in the main function located in ./src/main.c as needed.
  4. Compile: Use the make command to compile the code.
  5. Usage: Load the generated shellcode.bin using a shellcode loader of your choice. An example loader is the Kong Loader, set to be released at BlackHat Asia in April 2025.

This project is currently in its early stages and is not production-ready.

Future enhancements include adding support for all implant configuration options, implementing jitter for sleep, and improving opsec measures such as string obfuscation.

Additionally, the project aims to achieve low coupling and high cohesion in its design.

NimPlant C2 is released under the GNU General Public License, version 2.0. Contributions and feature requests can be submitted via the issue tracker.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Install Anaconda on Ubuntu 18.04: Python Data Science Setup Guide

Anaconda is the most widely used Python distribution for data science and machine learning. It bundles…

4 hours ago

Install WordPress on Ubuntu 18.04 with Nginx and PHP 7.2

WordPress is the most popular open-source CMS in the world, powering over 40% of all websites…

4 hours ago

Install Magento 2 on Ubuntu 18.04 with Composer and Nginx

Magento is an enterprise-class, open-source e-commerce platform written in PHP. It is built for merchants who…

5 hours ago

Install WildFly on Ubuntu 18.04: Java App Server Setup Guide

Install WildFly on Ubuntu 18.04: Java App Server Setup GuideWildFly (formerly JBoss) is an open-source,…

5 hours ago

Install OpenCart on Ubuntu 18.04 with Nginx and PHP 7.2

OpenCart is a free, open-source PHP e-commerce platform used by hundreds of thousands of merchants worldwide.…

5 hours ago

Install Drupal on Ubuntu 18.04 with Composer, Nginx, and PHP

Drupal is one of the most widely used open-source CMS platforms in the world. Written in…

1 day ago