-
Interpreter related plug-ins
- Support calling script interpreters such as bash / python / ruby / perl / php in the host , Execute the incoming script. The plug-in will redirect the interpreter I/O, input and output directly from the memory, and no files will be executed on the ground. It also integrates python-import
which is similar to powershell-import
operation
- python c:\getsysteminfo.py
- python import base64;print base64.b64encode('whoami'); print 'a'*40
- python-import c:\test.py
-
Password dump module
- cc2_mimipenguin uses the open source project MimiPenguin2.0
-
Authentication backdoor modules
- cc2_auth, cc2_ssh sudo / su / passwd and other authentication backdoors, ssh is connected and the credentials to connect to other hosts will be recorded.
-
Information collection modules
- cc2_safari_dump, cc2_chrome_dump, cc2_iMessage_dump, cc2_keychain_dump access records of common browsers, as well as iMessage chat content and authentication credentials saved in the keychain will be obtained
-
Traffic proxy module
- cc2_frp supports fast TCP/KCP (UDP) reverse socks5 encrypted traffic proxy (server can deploy Github native FRP)
-
Keylogger module
- cc2_keylogger records the keyboard input of MacOS users
-
Privilege promotion module
- cc2_prompt_spoof induces deception to obtain MacOS user account password
-
Task management module块
- cc2_job manages the modules running in memory.