Micro Backdoor is C2 tool for Windows targets with easy customizable code base and small footprint. Micro Backdoor consists from server, client and dropper. It wasn’t designed as replacement for your favorite post-exploitation tools but rather as really minimalistic thing with all of the basic features in less than 5000 lines of code, client DLL size is less than 20Kb without compression.
Key features of the Micro Backdoor:
- Client dropper is written in Microsoft JScript which makes it extremely convenient for obfuscation: once AV starts to detect the dropper you easily can modify its code or apply existing JScript obfuscation tools.
- Client can detect SOCKS 4, SOCKS 5 or HTTP proxy server configuration in the system settings and connect to the server over this proxy.
- In order to communicate with the server Micro Backdoor client is using end-to-end encrypted protocol with RSA authentication and random session key.
- Client dropper is not creating any executable files on the disk: its body is stored inside Windows registry values which reduces backdoor footprint and makes it more stealth.
- Backdoor server is written in Python and can be used on any operating system. It provides clean and simple web interface which allows to interact with connected clients in convenient way. Redis database is used to store clients state.
- Backdoor server keeps track of all events for clients and server in the log files.
- For each connected client Micro Backdoor provides semi-interactive command shell running in the web browser.
- Micro Backdoor has convenient file manager which allows to browse client file system, download and upload the files.
- Full Unicode and native languages support by both client and server.
- Backdoor server is also providing Python API and command line interface to perform any actions with connected clients which is useful for automation and scripting.
Disclaimer:- This project was created for educational purposes and should not be used in environments without legal authorization.