AdaptixC2 GitHubExtension-Kit

Event Callback

The EventCallback function allows notifications about various events. At the moment, only the new agent registration event is implemented.

new_agent_message - register new agent events:

  • %type% - Agent type

  • %id% - Agent ID

  • %user% - Username

  • %computer% - Computer

  • %domain% - Domain name

  • %pid% - Process ID

  • %internalip% - Internal IPv4 address

  • %externalip% - External IPv4 address

  • %elevated% - true, if the agent has high context

new_cred_message - new credentials added:

  • %username% - Username

  • %password% - Password

  • %domain% - Realm

  • %type% - Type of secret

  • %storage% - Secrets vault

  • %host% - Computer

new_download_message - the file was downloaded and saved on the server:

  • %user% - Username

  • %computer% - Computer

  • %path% - Full filename

  • %size% - Filesize

Telegram

To send events to Telegram, in the EventCallback.Telegram configuration, you need to specify the bot token, as well as the chat ID to which the bot will send the message.

  "EventCallback": {
    "Telegram": {
      "token": "number:token",
      "chats_id": ["id1","id2",...]
    },
    "new_agent_message": "New agent: %type% (%id%)\n\n%user% @ %computer% (%internalip%)\nelevated: %elevated%\nfrom: %externalip%\ndomain: %domain%",
    "new_cred_message": "New secret [%type%]:\n\n%username% : %password% (%domain%)\n\nStorage: %storage%\nHost: %host%",
    "new_download_message":"File saved: %path% [%size%] from %computer% (%user%)"
  }

Create BOT

  1. Go to the official @BotFather bot in Telegram and create your own bot. The API token will be shown for the created bot.

  1. Go to the created bot, activate the chat and send it any test message.

  2. Make a request to the Telegram API, specifying your token. The response will contain your test message and chat ID (which you will need to specify in the config)

curl https://api.telegram.org/bot<TOKEN_HERE>/getUpdates | jq

If you want the bot to write to a group: add the bot to the group, assign the administrator role and write a test message to the group. Getting the chat ID is the same as for the user account.

WebHooks

To send events to any web server, such as ntfy.sh, Slack, or Teams, you must specify the URL, HTTP method, request headers, and format of the data being sent in the EventCallback.Webhooks configuration.

"EventCallback": {
    "Telegram": {
      "token": "",
      "chats_id": []
    },
    "Webhooks": [
      {
        "url": "https://ntfy.sh/60facff05503db8........c4cee8ea4",
        "method": "POST",
        "headers": {},
        "data": "%data%"
      }
    ],
    "new_agent_message": "New agent: %type% (%id%)\n\n%user% @ %computer% (%internalip%)\nelevated: %elevated%\nfrom: %externalip%\ndomain: %domain%",
    "new_cred_message": "New secret [%type%]:\n\n%username% : %password% (%domain%)\n\nStorage: %storage%\nHost: %host%",
    "new_download_message":"File saved: %path% [%size%] from %computer% (%user%)"
}
PreviousStartingNextUser Interface

Last updated