HardHatC2

HardHat C2

A cross-platform, collaborative, Command & Control framework written in C#, designed for red teaming and ease of use.

Overview

HardHat is a multiplayer c# .NET-based command and control framework. Designed to aid in red team engagements and penetration testing. HardHat aims to improve the quality of life factors during engagements by providing an easy-to-use but still robust C2 framework. It contains three primary components, an ASP.NET teamserver, a blazor .NET client, and c# based implants.

Alpha Release

⚠️⚠️ NOTE: HardHat is in Alpha release; it will have bugs, missing features, and unexpected things will happen. Thank you for trying it, and please report back any issues or missing features so they can be addressed.

Features

HardHat contains many needed features for C2 operations.

Teamserver & Client

  • Per-operator accounts with account tiers to allow customized access control and features, including view-only guest modes, team-lead opsec approval(WIP), and admin accounts for general operation management.

  • Managers (Listeners)

  • Dynamic Payload Generation (Exe, Dll, shellcode, PowerShell command)

  • Creation & editing of C2 profiles on the fly in the client

  • Customization of payload generation

    • sleep time/jitter

    • kill date

    • working hours

    • type (Exe, Dll, Shellcode, ps command)

    • Included commands(WIP)

    • option to run confuser

  • File upload & Downloads

  • Graph View

  • File Browser GUI

  • Event Log

  • JSON logging for events & tasks

  • Loot tracking (Creds, downloads)

  • IOC tracing

  • Pivot proxies (SOCKS 4a, Port forwards)

  • Cred store

  • Autocomplete command history

  • Detailed help command

  • Interactive bash terminal command if the client is on linux or powershell on windows, this allows automatic parsing and logging of terminal commands like proxychains

  • Persistent database storage of teamserver items (User accounts, Managers, Engineers, Events, tasks, creds, downloads, uploads, etc. )

  • Recon Entity Tracking (track info about users/devices, random metadata as needed)

  • Shared files for some commands (see teamserver page for details)

  • tab-based interact window for command issuing

  • table-based output option for some commands like ls, ps, etc.

  • Auto parsing of output from seatbelt to create "recon entities" and fill entries to reference back to later easily

  • Dark and Light 🤮 theme

Engineers

  • c# .net framework implant for windows devices, currently only CLR/.NET 4 support

  • atm only one implant, but looking to add others

  • It can be generated as EXE, DLL, shellcode, or PowerShell stager

  • Rc4 encryption of payload memory & heap when sleeping (Exe / DLL only)

  • AES encryption of all network communication

  • ConfuserEx integration for obfuscation

  • HTTP, HTTPS, TCP, SMB communication

    • TCP & SMB can work P2P in a bind or reverse setups

  • Unique per implant key generated at compile time

  • multiple callback URI's depending on the C2 profile

  • P/Invoke & D/Invoke integration for windows API calls

  • SOCKS 4a support

  • Reverse Port Forward & Port Forwards

  • All commands run as async cancellable jobs

    • Option to run commands sync if desired

  • Inline assembly execution & inline shellcode execution

  • DLL Injection

  • Execute assembly & Mimikatz integration

    • Mimikatz is not built into the implant but is pushed when specific commands are issued

  • Various localhost & network enumeration tools

  • Token manipulation commands

    • Steal Token Mask

  • Lateral Movement Commands

    • Jump (psexec, wmi, wmi-ps, winrm, dcom)

    • Remote Execution (WIP)

  • AMSI & ETW Patching

  • Unmanaged Powershell

    • Script Store (can load multiple scripts at once if needed)

  • Spawn & Inject

    • Spawn-to is configurable

  • run, shell & execute

Architecture Screenshot

Last updated