Kali Linux

Tetanus : Mythic C2 Agent Targeting Linux And Windows Hosts Written In Rust

Tetanus is a Windows and Linux C2 agent written in rust.

Installation

To install Tetanus, you will need Mythic set up on a machine.

In the Mythic root directory, use mythic-cli to install the agent.

sudo ./mythic-cli install github https://github.com/MythicAgents/tetanus
sudo ./mythic-cli payload start tetanus

Tetanus supports the http C2 profile:

sudo ./mythic-cli install github https://github.com/MythicC2Profiles/http
sudo ./mythic-cli c2 start http

Features

  • Background job management
  • Built-in ssh client
    • Connect to a machine and download/upload files between that machine and Mythic
    • Get directory listings from machines using sftp
    • Spawn agents on machines using ssh
    • ssh-agent hijacking
  • Streaming portscan
  • Stand up TCP redirectors

Future Additions

  • v0.2.0
    • Socks proxying
    • Windows token manipulation
    • More browser script integration
    • DNS C2 profile
    • p2p capabilities
    • In memory shellcode execution execute-shellcode

General Commands

CommandSyntaxDescription
catcat [file]Output the contents of a file.
cdcd [new directory]Change directory.
cpcp [source] [destination]Copy a file from [source] to [destination].
downloaddownload [path]Download a file from the target system (supports relative paths).
exitexitExit the agent.
getenvgetenvGet the current environment variables.
getprivsgetprivsGet the privileges of the agent session.
jobkilljobkill [job id]Shutdown a running background job.
jobsjobsList currently running background jobs.
lsls [directory]List files or directories (supports relative paths).
mkdirmkdir [directory]Make a new directory.
mvmv [source] [destination]Move a file from [source] to [destination] (supports relative paths).
portscanportscan [popup]Scan a list of IPs for open ports.
pspsGet a list of currently running processes.
pwdpwdPrint working directory.
redirectredirect [<bindhost>:<bindport>:<connecthost>:<connectport>]Setup a TCP redirector on the remote system.
rmrm [path]Remove a file or directory (supports relative paths).
setenvsetenv [name] [value]Set environment variable [name] to [value].
shellshell [command]Run a shell command with bash -c on Linux or cmd.exe /c on Windows in a new thread.
sleepsleep [interval][units] [jitter]Set the sleep interval and jitter (supports unit suffixing).
sshssh [popup]Use ssh to execute commands, download/upload files or grab directory listings.
ssh-agentssh-agent [-c <socket>] [-d] [-l]Connect to running ssh agent sockets on the host or list identities.
ssh-spawnssh-spawn [popup]Spawn a Mythic agent on a remote host using ssh.
unsetenvunsetenv [var]Unset an environment variable.
uploadupload [popup]Upload a file to the host machine.

Windows-specific Commands

CommandSyntaxDescription
powershellpowershell [command]Run a command using powershell.exe /c in a new thread.
Download
R K

Leave a Comment
Share
Published by
R K
Tags: C2linuxMythicTetanusWindows Hosts
2 years ago

Recent Posts

Shadow-rs : Harnessing Rust’s Power For Kernel-Level Security Research

shadow-rs is a Windows kernel rootkit written in Rust, demonstrating advanced techniques for kernel manipulation…

1 week ago

ExecutePeFromPngViaLNK – Advanced Execution Of Embedded PE Files via PNG And LNK

Extract and execute a PE embedded within a PNG file using an LNK file. The…

2 weeks ago

Red Team Certification – A Comprehensive Guide To Advancing In Cybersecurity Operations

Embark on the journey of becoming a certified Red Team professional with our definitive guide.…

3 weeks ago

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within…

3 weeks ago

Rust BOFs – Unlocking New Potentials In Cobalt Strike

This took me like 4 days (+2 days for an update), but I got it…

3 weeks ago

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

MaLDAPtive is a framework for LDAP SearchFilter parsing, obfuscation, deobfuscation and detection. Its foundation is…

3 weeks ago