Prismatica Core C2 Components

Diagon is the default C2 toolset of Prismatica Project. The primary implant for Diagon is Gryffindor a JavaScript-based implant that leverages Windows Scripting Host (WSH) for execution. Gryffindor also has the capability to load and execute arbitrary .NET assemblies through the DotNetToJScript project.

Base Gryffindor Commands

Gryffindor includes custom WSH, COM, and .NET post-exploitation capabilities however the implant also supports the ability to InvokeAssembly for futher post exploitation capability. Gryffindor includes two core .NET assembly frameworks actualized through DotNetToJScript:

Mimikatz

SharpSploit

===========================
Gryffindor Commands:
===========================
help - Show this information
cat - Show file contents
type - Show file contents
cd - Change directory
ls - Show directory contents
dir - Show directory contents
die - Exit session
kill - Exit session
set - Modify payload settings
 - interval <ms>
 - sleep <ms>
 - jitter <percent>
show - Display payload information
 - settings <ms>
upload - Upload a file to the target system
download - Download a remote file from the target system
spawn - Instantiate a new session on the target system
   - Example Usage: spawn <target-ip> <user> <password>
WMIExecute - Instantiate a new session on the target system
   - Example Usage: WMIExecute <target-ip> <cmd> <user> <password>
hashdump - Use Mimikatz to dump SAM hashes
InvokeAssembly - Run an payload from within a loaded .NET assembly (Defaults:SharpSploit)
   - Example Usage: InvokeAssembly -Entry SharpSploit.Execution.Shell -Module ShellExecute -Args ('calc.exe','','','')
LoadAssembly - Load an arbitrary .NET assembly payload
type -
Other commands sent to Gryffindor are executed in the Windows cmd.exe shell.
===========================

Starting a Listener

Before establishing remote access to a target system it is important to instantiate a listener for the implant to connect into. Click on the headphones icon to access the listeners panel. Next, click start listener to instantiate a basic http listener in Oculus.

As seen above Diagon provides a direct staging command; however, standalone .js payloads can be generated as seen below.

Generating a Payload

Click on the factory icon to open the backdoor factory modal window. Generated payloads will appear in the current user’s home/.prismatica directory on both Windows and Linux operating systems.

C2 Architecture

Learn more about C2 architecture and concepts

Prismatica API

Project Prismatica is built around the concept of Emergence. Explore the Emergence API!

UI and Implants

Everything you wanted to know about Gryffindor and Diagon

Installing Prismatica

The Prismatica project is dedicated to having your cake and eating it too.