Welcome to another quick article! I will be showing you how to use TrevorC2 command and control server. Instead of writing a big tutorial I uploaded a gif of it in action.

TrevorC2 is a client/server model for masking command and control through a normally browsable website. Detection becomes much harder as time intervals are different and does not use POST requests for data exfil.

Use the following commands to install your packages to make everything work properly. I used a Ubuntu 16.04 with 512 or 1 gig ram VPS, either one works.

apt-get -y update
apt-get -y upgrade
apt-get -y install python-setuptools python-dev build-essential
apt-get -y install python-pip
pip install --upgrade pip
apt-get -y install git
git clone https://github.com/trustedsec/trevorc2.git
cd trevorc2/
pip install -r requirements.txt
pip install urllib3
pip install requests

Of course throw this in a bash (.sh) file and run it.

As you can see this C2 can be useful in many ways. I have not run the .py client script through a antivirus to see if it is malicious, but is it is not caught, this could be a good way in evade a IPS or IDS. You could also do something like have the client download a meterpreter shell from the server through easy python http server.

https://github.com/trustedsec/trevorc2

https://www.csoonline.com/article/3227910/security/hackers-create-memorial-for-a-cockroach-named-trevor.html

Enjoy!