Micro Backdoor: Small and convenient C2 tool for Windows targets

by do son · May 6, 2021

Micro Backdoor for Windows

Micro Backdoor is a C2 tool for Windows targets with an easily customizable code base and small footprint. It consists of the server, client, and dropper. It wasn’t designed as a replacement for your favorite post-exploitation tools but rather as a really minimalistic thing with all of the basic features in less than 5000 lines of code.

Micro Backdoor client supports 32-bit and 64-bit versions of Windows XP, Vista, 7, 8, 8.1, 10, Server 2003, Server 2003 R2, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Server 2016, and Server 2019 of any editions, languages and service packs.

Key features of the Micro Backdoor:

Client dropper is written in Microsoft JScript which makes it extremely convenient for obfuscation: once AV starts to detect the dropper you easily can modify its code or apply existing JScript obfuscation tools.
Client can detect SOCKS 4, SOCKS 5 or HTTP proxy server configuration in the system settings and connect to the server over this proxy.
In order to communicate with the server Micro Backdoor, client is using the end-to-end encrypted protocol with RSA authentication and random session key.
Client dropper is not creating any executable files on the disk: its body is stored inside Windows registry values which reduces backdoor footprint and makes it more stealth.
Backdoor server is written in Python and can be used on any operating system. It provides a clean and simple web interface which allows to interact with connected clients in convenient way. Redis database is used to store clients state.
Backdoor server keeps track of all events for clients and servers in the log files.
For each connected client, Micro Backdoor provides a semi-interactive command shell running in the web browser.
Micro Backdoor has a convenient file manager which allows to browse the client file system, download, and upload the files.
Backdoor server is also providing Python API and a command-line interface to perform any actions with connected clients which is useful for automation and scripting.