Cyber security

NimPlant C2 : A Position Independent Code (PIC) Beacon

NimPlant C2 is a minimal Proof-of-Concept (PoC) beacon written in C, designed to operate as truly Position Independent Code (PIC) without relying on reflective loaders.

Developed by Tijme Gommers, this project showcases a beacon that is significantly smaller in size compared to traditional NimPlant beacons with reflective loaders, weighing in at approximately 30KB versus 800KB.

Key Features

  • Position Independent Code (PIC): The beacon is compiled directly to PIC, allowing it to execute without fixed addresses. This is achieved by manually resolving imports and storing required data on the stack.
  • AES Encryption: Data passed via JSON is encrypted using AES, enhancing security.
  • Command Support: Currently supports several implant commands, including cat, cd, cp, ls, pwd, and whoami. Future development aims to add support for additional commands like mv, shell, and others.
  • Metadata Retrieval: Capable of retrieving metadata and sending it back to the NimPlant server.
  1. Clone the Repository: Start by cloning the NimPlant C2 repository.
  2. Install Dependencies: Ensure you have MinGW installed.
  3. Modify Settings: Adjust implant settings in the main function located in ./src/main.c as needed.
  4. Compile: Use the make command to compile the code.
  5. Usage: Load the generated shellcode.bin using a shellcode loader of your choice. An example loader is the Kong Loader, set to be released at BlackHat Asia in April 2025.

This project is currently in its early stages and is not production-ready.

Future enhancements include adding support for all implant configuration options, implementing jitter for sleep, and improving opsec measures such as string obfuscation.

Additionally, the project aims to achieve low coupling and high cohesion in its design.

NimPlant C2 is released under the GNU General Public License, version 2.0. Contributions and feature requests can be submitted via the issue tracker.

Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Enable SSH on Ubuntu 18.04: Install, Connect, and Manage

SSH (Secure Shell) is a cryptographic network protocol that creates a secure, encrypted connection between your…

4 hours ago

Install Node.js and npm on Ubuntu 18.04: Three Methods Compared

Node.js is an open-source, cross-platform JavaScript runtime that lets you run JavaScript on the server side,…

4 hours ago

Set DNS Nameservers on Ubuntu 18.04: Desktop and Server Guide

DNS (Domain Name System) is what translates domain names into IP addresses. When you type a…

4 hours ago

Install Docker on Ubuntu 18.04: Setup, Images, and Containers

Docker is a containerization platform that lets you package applications and their dependencies into lightweight, portable…

4 hours ago

Install Yarn on Ubuntu 18.04: APT Setup and Essential Commands

Yarn is a fast, reliable JavaScript package manager that works alongside npm. It was built to fix…

4 hours ago

Install Webmin on Ubuntu 18.04: Web Control Panel Setup Guide

Webmin is an open-source, browser-based control panel for Linux server administration. Instead of managing your server…

1 day ago