Cyber security

NimPlant C2 : A Position Independent Code (PIC) Beacon

NimPlant C2 is a minimal Proof-of-Concept (PoC) beacon written in C, designed to operate as truly Position Independent Code (PIC) without relying on reflective loaders.

Developed by Tijme Gommers, this project showcases a beacon that is significantly smaller in size compared to traditional NimPlant beacons with reflective loaders, weighing in at approximately 30KB versus 800KB.

Key Features

  • Position Independent Code (PIC): The beacon is compiled directly to PIC, allowing it to execute without fixed addresses. This is achieved by manually resolving imports and storing required data on the stack.
  • AES Encryption: Data passed via JSON is encrypted using AES, enhancing security.
  • Command Support: Currently supports several implant commands, including cat, cd, cp, ls, pwd, and whoami. Future development aims to add support for additional commands like mv, shell, and others.
  • Metadata Retrieval: Capable of retrieving metadata and sending it back to the NimPlant server.
  1. Clone the Repository: Start by cloning the NimPlant C2 repository.
  2. Install Dependencies: Ensure you have MinGW installed.
  3. Modify Settings: Adjust implant settings in the main function located in ./src/main.c as needed.
  4. Compile: Use the make command to compile the code.
  5. Usage: Load the generated shellcode.bin using a shellcode loader of your choice. An example loader is the Kong Loader, set to be released at BlackHat Asia in April 2025.

This project is currently in its early stages and is not production-ready.

Future enhancements include adding support for all implant configuration options, implementing jitter for sleep, and improving opsec measures such as string obfuscation.

Additionally, the project aims to achieve low coupling and high cohesion in its design.

NimPlant C2 is released under the GNU General Public License, version 2.0. Contributions and feature requests can be submitted via the issue tracker.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Upgrade to Ubuntu 20.04 LTS: Prepare, Update, and Confirm

Ubuntu 20.04 LTS (code name Focal Fossa) was released on April 23, 2020. It is a…

3 hours ago

Install Google Chrome on Ubuntu 20.04: Download and Setup Guide

Google Chrome is the most widely used web browser in the world. It is fast, secure,…

3 hours ago

Install Java on Ubuntu 20.04: OpenJDK 11, JDK 8, and JAVA_HOME

Java is one of the most widely used programming languages in the world. It runs on…

4 hours ago

Install Ubuntu on Raspberry Pi: Flash, Configure, and Boot

Raspberry Pi is the most popular single-board computer ever made. It is small, affordable, and surprisingly…

4 hours ago

Install pip on Ubuntu 20.04: Python 3, Python 2, and Usage Guide

pip is Python's package manager. It lets you search, download, and install packages from the Python Package…

4 hours ago

Install MySQL on Ubuntu 20.04: Setup, Security, and Root Access

MySQL is the most popular open-source relational database management system. It is fast, reliable, and a…

1 day ago