Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Deimos C2 - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#c2#ir#osint#deimosc2
Description

Deimos C2 - Detect

What is Deimos C2 - Detect?

The Deimos C2 - Detect module is designed to detect misconfigurations, vulnerabilities, or software fingerprints related to the DeimosC2 post-exploitation Command & Control (C2) tool. This module targets machines that have been compromised and leverages multiple communication methods to control them. It has been tested on Windows, Darwin, and Linux operating systems. The severity of the findings is informative.

Author: pussycat0x

Impact

The impact of the findings from the Deimos C2 - Detect module can vary depending on the specific misconfigurations, vulnerabilities, or software fingerprints detected. It is important to address and remediate these issues to prevent further compromise and potential unauthorized control of compromised machines.

How does the module work?

The Deimos C2 - Detect module works by sending HTTP requests to the target machine and matching the responses against predefined conditions. One example of an HTTP request sent by this module is a GET request to the "/login" path. The module then checks if the response body contains the "" string and if the response status is 200. Both conditions need to be met for a match to occur.

The matching conditions for this module are:

- Response body must contain the "<title>Deimos C2</title>" string - Response status must be 200

If both conditions are met, the module will report a vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/login
Matching conditions
word: <title>Deimos C2</title>and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability