-
![[IP] C3: Citrus Command & Control – screenshot 1](//d112y698adiu2z.cloudfront.net/photos/production/software_photos/001/891/526/datas/gallery.jpg)
C3 Interface! Click a machine from the menu on the right to see info about it and issue commands to it.
-
![[IP] C3: Citrus Command & Control – screenshot 2](//d112y698adiu2z.cloudfront.net/photos/production/software_photos/001/891/514/datas/gallery.jpg)
Queued commands to be run on a machine with a configurable amount of time between subsequent commands.
-
![[IP] C3: Citrus Command & Control – screenshot 3](//d112y698adiu2z.cloudfront.net/photos/production/software_photos/001/891/483/datas/gallery.jpg)
Twilio API Integration for when new machines register with the server,
-
![[IP] C3: Citrus Command & Control – screenshot 4](//d112y698adiu2z.cloudfront.net/photos/production/software_photos/001/891/515/datas/gallery.jpg)
Command Output History for a machine.
-
![[IP] C3: Citrus Command & Control – screenshot 5](//d112y698adiu2z.cloudfront.net/photos/production/software_photos/001/891/528/datas/gallery.jpg)
Adding our public key to a user on a machine can we SSH in
![[IP] C3: Citrus Command & Control – screenshot 1](https://d112y698adiu2z.cloudfront.net/photos/production/software_photos/001/891/526/datas/original.png)
![[IP] C3: Citrus Command & Control – screenshot 2](https://d112y698adiu2z.cloudfront.net/photos/production/software_photos/001/891/514/datas/original.png)
![[IP] C3: Citrus Command & Control – screenshot 3](https://d112y698adiu2z.cloudfront.net/photos/production/software_photos/001/891/483/datas/original.png)
![[IP] C3: Citrus Command & Control – screenshot 4](https://d112y698adiu2z.cloudfront.net/photos/production/software_photos/001/891/515/datas/original.png)
![[IP] C3: Citrus Command & Control – screenshot 5](https://d112y698adiu2z.cloudfront.net/photos/production/software_photos/001/891/528/datas/original.png)
Inspiration
A Command and Control, C2, server is a application for controlling machines.
In this world of ongoing cyber attacks, why do we not have better dashboards to control multiple machines? We set out to create a C2, Command & Control, server that is able to act as both a defender and attacker dashboard.
What it does
C3 is a method for controlling multiple machines at once. We set out to create a dashboard that requires agents, the machines, to poll the server and run commands from a queue. These outputs are then placed into a history which can be retrieved at any time by the admin. As with all cybersecurity products, this has the potential to act however the admin desires.
How we built it
Backend:
- Flask API: Used by client machines to communicate with the C2 server.
- Google Cloud's Firebase's Firestore Storage as our database.
- Rust Websocket API: Used to interface between the flask API, firebase, and the front end.
- Twilio's API is utilized to send text notifications to the administrator of the server when an agent is run on a new machine.
- Google Cloud Compute VM is used to host the Flask and Rust APIs.
Frontend:
- Typescript, Material UI, React Utilizing best functional practices and a modern web framework, we were able to create a fullstack application that is able to effectively control machines.
Clients (Programs used to communicate between hosts and the server):
- Two clients written in C++. One is for Windows-based operating systems and the other is for unix-based operating systems. These executables are written to leave a small footprint on the system, communicating with the C2 server on a configurable amount of time.
Challenges we ran into
- Websockets gave us more trouble than we anticipated. Originally we intended have our Flask backend communicate with the frontend using socket.io but the Flask Socket.io library is frustrating and not fun to use. Therefore, we did the logical thing and developed a second API using Rust.
Accomplishments that we're proud of
- Using Google Firebase, this was a first for us and was really cool to see how it works!
What we learned
- It might be advantageous to prototype with new technologies in preparation so we spend less time troubleshooting and more time developing during.
- React state variable updates are asynchronous and take time to propagate.
What's next for C3: Citrus Command & Control
- Adding MacOS support
- Adding FreeBSD support
- Ability to run commands on multiple hosts at once rather than one at a time.
- Backup storage method for exfiltrating documents, or backing up crucial data.
Log in or sign up for Devpost to join the conversation.