# Sparse 0.5 Sparse 0.5 is a stopgap solution until the C2 framework itself is more mature. It has several improvements over the proof of concept version, to include: - The client is no longer bound to the server, the configuration can be shared - A richer CLI with Sparse specific commands such as #upload, #download, and #edit - A Windows version using winpcap, with both standalone binary and service versions # Obtaining Currently, there are no prebuilt binaries. However, sparse can easily be built if the [Nix package manager](https://nixos.org/download) is installed. Just clone this repository and run `nix build .#sparse-05-client` and the client will be placed in `result/bin`. # Use Using sparse centers around the client. The client can generate new servers as well as the configuration file necessary to connect to the server, connect to a server for a shell, and verify the connection against a server. ## Generating a new server Sparse supports 3 different targets: - Linux - Windows - Windows service The basics center around `sparse-05-client generate [-p ] [-t ]`. This generates both a server and the configuration file necessary to connect to the server. The keys and port ensure that the connection is unique, which has the added property that multiple versions of `sparse-05` can be running on a target system with the same port. If the port is not specified, it defaults to 54248. ### Linux To install the Linux service, there are a few options: - Run as root - Run with CAP_NET_RAW and CAP_SETUID as a non-root user - Run in a Docker container running as root on Linux with kernel version 5.13 or greater and the `--privileged` and `--pid=host` flags ### Windows The Windows version requires an installation of winpcap 4.1, which can be downloaded from [their website](https://www.winpcap.org/install/default.htm). As of Jan 25 2023, Windows Defender is suspicious of exe builds of the sparse server but only tries to submit samples and does not declare it malicious. ### Windows service The Windows service has the same requirements, but can be installed with `sc create DisplayName= binPath= `. As of Jan 25 2023, Windows Defender marks the Windows service binary as malicious ## Connect After installing and running the server, it is possible to connect using the generated `scon` file and `sparse-05-client` with `sparse-05-client connect .scon :`. This brings up a shell that can run commands. However, there are special commands that are injected: - `#help`: shows sparse specific help - `#sysinfo`: prints information about the system being connected to - `#upload [local] [remote]`: uploads a file from the local path to the remote path