Koadic
Koadic is a Windows post-exploitation rootkit that uses Windows Script Host (JScript/VBScript) for operations. It provides COM Command & Control similar to Meterpreter and Powershell Empire, supporting Windows from NT4 to Windows 10.
Description
Koadic, or COM Command & Control, is designed for Windows post-exploitation scenarios. It functions as a rootkit, enabling attackers to maintain control and execute commands on compromised Windows systems. Unlike traditional tools, it leverages Windows Script Host (JScript/VBScript) for most operations, ensuring broad compatibility from Windows 2000 with no service packs up to Windows 10.
Use cases include penetration testing where persistent access is needed without relying on external binaries. It allows serving payloads entirely in memory from stage 0 onwards and supports cryptographically secure communications over SSL and TLS, depending on the victim's OS capabilities.
The tool's core compatibility makes it suitable for legacy and modern Windows environments, providing a lightweight alternative to heavier frameworks.
How It Works
Koadic operates primarily through Windows Script Host (JScript/VBScript), executing operations without requiring additional software installations. It supports in-memory payload delivery from initial stage to advanced persistence. Communications can use SSL and TLS for encryption, leveraging the victim's enabled protocols. The framework mimics penetration testing tools like Meterpreter by providing a command-and-control interface via COM objects.
Installation
sudo apt install koadicFlags
Examples
koadic -hkoadic --helpkoadic --autorun autorun.txtkoadic -okoadic --restore session.jsonkoadic