ArtemisC2Server

⚠️ Proof of Concept Project

ArtemisC2 is primarily a learning and research project. It is a proof of concept (PoC) designed to explore DNS-based C2 communication with a modular design in mind.

It is not a production-ready C2 framework. While it demonstrates core concepts, it lacks many features expected in mature tools, such as evasion (the agent has no obfuscation of strings and messages exchanged with the server), many features, and encryption of messages.

The project should be considered a modular and extensible base, intended for experimentation, study, and further development—not for real-world operational use.

ArtemisC2 is a Command and Control (C2) that targets Windows systems and that uses DNS as its communication channel with agents. The project is designed for red teaming, research, and educational purposes, providing an interactive web interface for managing agents, jobs, and results.

This project is the C2 server.

The implant code can be found in the ArtemisC2Client repo.

State of the project

The project is stale as I am busy, but it may occasionally see some commits to extend it.

Main features

• DNS-based C2 communication: agents communicate exclusively via DNS queries to evade restrictive firewall rules.
• Interactive Blazor web UI: built with Blazor (.NET 8), choice that I sincerely regretted, still having the frontend and the backend all in one place was nice.
• Agent management: all agents that completed the handshake with the server are displayed on the list, with their ip address, online status and time of first connection.
• Job dispatching: selecting an agent reveals the terminal, where commands may be inserted that dispatch jobs to the relative agent. Every agent has a customizable beacon interval after wich they fetch the next job to execute. The specific commands that are available will be addressed in the Usage section. All messages are exchanged encoded in base64url
• Large results handling: for results that do not fit in a single DNS TXT query response, a TCP like protocol over DNS is used to ensure that the results (like large texts received from the shell command or file downloads) are chunked and reliably received by the server
• Signals: the agents and the server regularly exchange messages called Signals automatically, right now only the Beacon Signal is implemented
• Live terminal: as results are received from the agents, the terminal displays them live.
• SQLite database: the server uses a simple SQLite database to persist agents, jobs, ecc.
• Extensible handler architecture: adding commands (that return files or text or nothing) is extremely easy thanks to the modular architecture.

Technologies used

• .NET 8
• Blazor Server
• Entity Framework Core (SQLite)
• MudBlazor (UI components)
• ARSoft.Tools.Net (DNS server library)
• C#

Getting started

Prerequisites:

• .NET 8 SDK

Build and run:

1. Clone the repository:
   git clone https://github.com/desertcod98/ArtemisC2Server.git
cd ArtemisC2Server

2. Restore dependencies:
   dotnet restore

3. Apply database migrations:
   dotnet ef database update

4. Run the server:
   dotnet run --project ArtemisC2Server

5. The web interface will automatically open on the default browser

Usage

As of now the project lacks many features, so the usage consists of just selecting one of the agent that successfully completed the handshake with the server and executing commands, which are:

• whoami
  Arguments: none
  Description: Returns the username and domain of the current user context running the agent.
  Returns: A string in the format DOMAIN\Username or just Username if not joined to a domain.

• shell
  Arguments:

  • command (string): The command to execute (e.g., ipconfig /all).
    Description: Executes the specified command in the Windows shell.
    Returns: The standard output and standard error of the executed command, as a string.

• download
  Arguments:

  • filepath (string): The absolute or relative path to the file to exfiltrate (e.g., C:\Users\user\Desktop\file.txt).
    Description: Reads the specified file and sends it to the server in chunks over DNS.
    Returns: The file content, chunked and base64-encoded, sent as multiple DNS responses. The server is responsible for reconstructing the file.

• setbeaconinterval
  Arguments:

  • interval (integer): The new beacon interval in seconds (e.g., 60).
    Description: Dynamically changes the interval at which the agent beacons to the server.
    Returns: A confirmation string indicating the new interval (e.g., Beacon interval set to 60 seconds).

Extending

• To add new commands, simply implement new handlers in the Results/Handlers folder and register them in Program.cs. As of now they can extend StringResultHandler if the result of the command is a simple string that fits in a single DNS query TXT response, or ChunkedResultHandler which uses the TCP-like protocol implemented to receive the result in chunks.
• To modify the UI, extend or customize Blazor components in the Components folder.

Contributing

Pull requests are very welcome, but the reviews / merge of them might take some time. I discourage changing the structure of the project as I will likely not merge those kinds of requests, but the ones pertaining to new Commands, Signals, return types, optimizations will all be considered.

Security notice

This project is for authorized research and educational use only. Running a C2 server may be illegal or against policy in many environments. Use responsibly.