Ninja C2 is an Open source C2 server created by Purple Team to do stealthy computer and Active directoty enumeration without being detected by SIEM and AVs , Ninja still in beta version and when the stable version released it will contains many more stealthy techinques and anti-forensic to create a real challenge for blue team to make sure all the defenses configured correctly and they can detect sophisticated attacks.
Ninja use python to server the payload and control the agents . the agents are based on C# and powershell which can bypass leading AVs . Ninja comunicate with the agents in secure channel encrpyted with AES-256 and the key is not hard coded but randomly generated on the campaign start , every agent connect to the C2 get the key and if the C2 restarted a new key will be used by all old agents and the new. Ninja also randomize the callback URLs for every campaign to bypass static detection.
Ninja key features
Ninja is packed with a number of features that allows you to gain an insight into your upcoming engagement before you actually need to deploy your full aresenal or tools and techniques, such as:
Requirement
please note that compling C# depends on the System.Management.Automation.dll
assembly with SHA1 hash c669667bb4d7870bc8bb65365d30071eb7fb86fe.
Some Ninja Commands require below modules ( already exist in modules ) which you need to get updates from their repo :
Invoke-Kerberoast : <https://raw.githubusercontent.com/xan7r/kerberoast/master/autokerberoast.ps1>
Invoke-Mimikatz : <https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1>
Sharphound : <https://github.com/BloodHoundAD/BloodHound/blob/master/Ingestors/SharpHound.ps1>
PowerView : <https://github.com/PowerShellEmpire/PowerTools/blob/master/PowerView/powerview.ps1>
Installation
First of all make sure to download the latest version of Ninja using the following command :
git clone https://github.com/ahmedkhlief/Ninja/
You need to setup Ninja by running install.sh script :
chmod +x ./install.sh
sudo ./install.sh
After that you need to initialize the campagin :
python start_campaign.py
Now you can start the Ninja server :
python Ninja.py
You will by greeted with the following once you run it :
88 88
"" ""
88888 8888
8b,dPPYba, 88 8b,dPPYba, 88 ,adPPYYba, 88 88 88
88P' `"8a 88 88P' `"8a 88 "" `Y8 88 88
88 88 88 88 88 88 ,adPPPPP88 88 88
88 88 88 88 88 88 88, ,88 88 88
88 88 88 88 88 88 `"8bbdP"Y8 88 88
,88 88888 888888
888P"
V1.0.1 BETA !
Ninja C2 | Stealthy Pwn like a Ninja
+------------------------------------------------------------+
Command Description
------- ----------- ** exit Exit the console , or kill the agent
list List all agents
help Help menu
show Show Command and Controler variables
use Interact with AGENT
back Back to the main
payload Show Payloads
load load modules
kill_all kill all agents
delete delete agent from the list
delete_all delete all agents in the list
set-beacon set the beacon interval live for agent
download download file from the vicitm
downloads list downloaded files
upload upload files to the victim
modules list all the Available modules in Modules directory
encode64 encode any command to base64 encoded UTF-8 command ( can be decoded in powershell)
screenshot take screenshot form the victim
DA Run defense Analysis Module
kerb do kerberoast attack and dump service accounts hashes
dcsync_admins do dcsync attack agains domain admins group
dcsync_list do dcsync attack agains custom user list
get_groups get all the groups user is member of
get_users get all the users member in group
bloodhound run bloodhound to collect all the information about the AD
+------------------------------------------------------------+
**
Usage
Please check this article about Ninja and how to use it : <https://shells.systems/introducing-ninja-c2-the-c2-built-for-stealth-red-team-operations/>.
Todo
DA
Upload file
github.com/ahmedkhlief/Ninja
github.com/ahmedkhlief/Ninja/blob/master/screenshots/da.png
github.com/ahmedkhlief/Ninja/blob/master/screenshots/download.png
github.com/ahmedkhlief/Ninja/blob/master/screenshots/groups.png
github.com/ahmedkhlief/Ninja/blob/master/screenshots/list.png
github.com/ahmedkhlief/Ninja/blob/master/screenshots/main.png
github.com/ahmedkhlief/Ninja/blob/master/screenshots/payload.png
github.com/ahmedkhlief/Ninja/blob/master/screenshots/pc.png
github.com/BloodHoundAD/BloodHound/blob/master/Ingestors/SharpHound.ps1
github.com/PowerShellEmpire/PowerTools/blob/master/PowerView/powerview.ps1
github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Invoke-Mimikatz.ps1
raw.githubusercontent.com/xan7r/kerberoast/master/autokerberoast.ps1