# Sparse 0.5 Sparse 0.5 is a stopgap solution until the C2 framework itself is more mature. It has several improvements over the proof of concept version, to include: - The client is no longer bound to the server, the configuration can be shared - A richer CLI with Sparse specific commands such as #upload, #download, and #edit - A Windows version using winpcap, with both standalone binary and service versions # Obtaining Sparse 0.5 is immediately ready to build from source if using the [Nix package manager](https://nixos.org/download) [with flakes enabled](https://nixos.wiki/wiki/Flakes) by running `nix build .#sparse-05-client`. ## FreeBSD support Building normally will only produce a client that can generate beacons for Linux and Windows, lacking proper FreeBSD support. To build the client with FreeBSD support, create a FreeBSD build environment by running `vagrant up` and compiling a FreeBSD sparse binary by running `sparse-build` or `sparse-build --release`. With the FreeBSD binary built, copy it from `target/x86_64-unknown-freebsd` to `sparse-05/sparse-05-freebsd-server`, and rebuild using Nix Currently, there are no prebuilt binaries. However, sparse can easily be built if the [Nix package manager](https://nixos.org/download) is installed. Just clone this repository and run `nix build .#sparse-05-client` and the client will be placed in `result/bin`. # Use Using sparse centers around the client. The client can generate new servers as well as the configuration file necessary to connect to the server, connect to a server for a shell, and verify the connection against a server. ## Generating a new server Sparse supports 4 different targets: - Linux - Windows - Windows service - FreeBSD The basics center around `sparse-05-client generate [-p ] [-t ]`. This generates both a server and the configuration file necessary to connect to the server. If the port is not specified, it defaults to 54248. ### Linux To install the Linux service, there are a few options: - Run as root - Run with CAP_NET_RAW and CAP_SETUID as a non-root user - Run in a Docker container running as root on Linux with kernel version 5.13 or greater and the `--privileged` and `--pid=host` flags ### Windows The Windows version requires an installation of winpcap 4.1, which can be downloaded from [their website](https://www.winpcap.org/install/default.htm). As of Jan 25 2023, Windows Defender is suspicious of exe builds of the sparse server but only tries to submit samples and does not declare it malicious. ### Windows service The Windows service has the same requirements, but can be installed with `sc create DisplayName= binPath= `. As of Jan 25 2023, Windows Defender marks the Windows service binary as malicious ### FreeBSD Create a service to run the resulting binary as root ## Connect After installing and running the server, it is possible to connect using the generated `scon` file and `sparse-05-client` with `sparse-05-client connect .scon :`. This brings up a shell that can run commands. However, there are special commands that are injected: - `#help`: shows sparse specific help - `#sysinfo`: prints information about the system being connected to - `#upload [local] [remote]`: uploads a file from the local path to the remote path - `#download [remote] [local]`: downloads a file from the remote path to the local path - `#edit [remote]`: downloads a file remotely and opens it in `$EDITOR`, and uploads the final version ## Connection test To verify that an installed service is still alive and working, run `sparse-05-client connect-test .scon :`