Post

QUIC Command & Control

Posted
QuicC2Py Preview
QuicC2Py Preview
By Kevin Wilck
2 min read

Hey Everyone!😀 I’m pumped to show off QuicC2Py, a neat project I’ve been tinkering with on GitHub. It’s a proof-of-concept Command-and-Control (C2) system that’s all about learning and experimenting with network security. Want to dive into the nitty-gritty with us? Join our Discord server to chat about this project and share ideas! Here’s the lowdown on what QuicC2Py is and what it can do.

What’s QuicC2Py?

QuicC2Py is a Python-based, modular C2 system built using the asyncio framework over UDP. It’s designed for educational purposes and authorized security testing, letting you explore how C2 systems work in a controlled environment. It uses AES encryption for secure communication and has a flexible client-server setup, perfect for digging into penetration testing, protocol development, or network security concepts.

What It Does

QuicC2Py packs some cool features for learning and testing:

  • UDP Communication: Runs fast, low-latency exchanges over UDP on port 4433 (configurable).
  • AES Encryption: Secures messages with 256-bit AES-CBC (hardcoded for demo purposes).
  • Interactive Commands: Lets the server send commands like whoami (get username), dir (Windows directory listing), ls (Linux placeholder), info (system details), upload/download (basic file transfers), help (command list), or exit (clean shutdown).
  • Modular Setup: Organized into modules for config, crypto, commands, and protocol, making it easy to tweak.
  • Logging: Saves actions to logs/udp_c2.log for tracking what’s happening.
  • Cross-Platform: Works on Windows and Linux (macOS may need tweaks).

Getting Started

Ready to check it out? Here’s how:

  • Run It Yourself: Want to play with the code? Visit the GitHub repo for full setup details. Quick steps:
    1. Clone the Repo: 
      1
2

      git clone https://github.com/KW-Soft/QuicC2Py.git
cd QuicC2Py
    2. Install Dependencies: You’ll need Python 3.8+ and one key package: 
      1

      pip install cryptography

      (Optional: pip install pytest for running tests.)

    3. Check Config: Verify config.json for host, port (default 4433), and encryption settings.
    4. Start the Server: 
      1

      python src/server.py

      Then run the client:

      1

      python src/client.py

      Use commands like whoami or dir from the server console.

See docs/usage.md in the repo for more details on interacting with clients.

Wrapping It Up

QuicC2Py is my take on a fun, educational C2 system for learning about network security in a safe, controlled way. Important: This is for authorized testing only—never use it without permission! If you dig it, drop a star and let me know what you think!

Stay safe,
Kevin

security
Cybersecurity Command-and-Control Python Network Security
This post is licensed under CC BY 4.0 by the author.