KittyStager is a stage 0 C2 comprising an API, client, and malware. The API is responsible for delivering basic tasks and shellcode to be injected into memory by the malware. The client also connects to the API and allows for interaction with the malware by creating tasks. The goal of KittyStager is to deploy a simple stage 0 payload onto the target system and gather enough information to adapt the payload to the specific target. As the stage 0 payload is intended to be as stealthy as possible, it does not include any command execution capabilities.
This project is made for educational purpose only. I am not responsible for any damage caused by this project.
- A simple cli to interact with the implant
- API :
- A web server to host your kittens
- HTTPS
- Yours files in /upload are available on /upload
- Reconnaissance :
- Hostname, domain, pid, ip...
- AV or EDR solution with wmi
- Process list
- Encryption :
- Key exchange with Opaque
- Chacha20 encryption
- Malware capabilities :
- Create thread injection
- Bananaphone (Hell's gate variant)
- Halo's gate
- ETW patching
- Sleep with jitter
- Remove of the binary from disk
- Sandbox :
- Check ram
- Check a none existing website
- Payload :
- Raw shellcode
- Hex shellcode
- Build :
- Generate the kitten from the config file
- Compile the kitten with go & garble
- Sign the kitten with a copied certificate
- Generate description
Some settings can be changed in the config file
git clone https://github.com/Enelg52/KittyStager.git
cd KittyStager
Edit the config file :
- Check the ip/port
- HTTPS/HTTP
- Sleep time
How to generate certificate for https with openssl
$ openssl req -new -newkey rsa:2048 -nodes -keyout localhost.key -out localhost.csr
$ openssl x509 -req -days 365 -in localhost.csr -signkey localhost.key -out localhost.crt
Build the server :
cd server
go build
Build the client
cd client
go build
The server need to be running
cd kitten/basicKitten
env GOOS=windows GOARCH=amd64 go build -o basicKitten.exe
Then start the server, the client and run the kitten on the target.
start server
./server -h
Usage of server:
-p string
Path to the config file (default "config.yaml")
The client will connect to 127.0.0.1:1337. If your not on the server, you will need to use an ssh tunnel.
./client
You can customise the kitten code from the config file.
# Malware
# Injection methode : createThread, banana, halo
injection: createThread
# Output : dll, exe
execType: exe
# Obfuscation : true, false
obfuscation: false
Compilation and obfuscation part, is not implemented yet.
Compile exe :
cd output
env GOOS=windows GOARCH=amd64 go build -o kitten.exe
Compile dll :
You need to change the execType in config.yaml
cd output
env GOOS=windows GOARCH=amd64 CGO_ENABLED=1 CC="x86_64-w64-mingw32-gcc" go build -o basickitten.dll -buildmode=c-shared kitten.go
The projet is divided in 3 parts :
The crypto part, kitten, config, tasks struct are in internal.
Pull requests are welcome. Feel free to open an issue if you want to add other features.
Enelg#9993 on discord
- https://github.com/C-Sto/BananaPhone
- https://github.com/timwhitez/Doge-Gabh
- https://github.com/c-bata/go-prompt
- https://gist.github.com/leoloobeek/c726719d25d7e7953d4121bd93dd2ed3
- https://github.com/BishopFox/sliver/
- https://github.com/alinz/crypto.go/blob/main/chacha20.go
- https://github.com/frekui/opaque
- ... and many others