A successful hack involves five stages:

1. Reconnaisance

2. Scanning

3. Gaining Access

4. Maintaining Access/Persistence

5. Exfiltration

Koadic as a tool can be used in any of the last two stages, an added advantage to the user.

It is a Windows post-exploitation rootkit which can be likened to Meterpreter from the Metasploit framework or Powershell Empire.

Utilizing Windows Script Host (formerly Windows Scripting Host), Koadic provides scripting capabilities similar to batch files but with additional features. It can be used in several Windows environments including Windows 10 owing to this feature.

For evasion of antimalware and antivirus software, Koadic runs in memory therefore significantly reducing generated noise. It secures communications over SSL and TLS by encrypting the communications.

1. Installation

To install Koadic simply run the following command on your terminal to clone the Koadic github repository:

git clone https://github.com/zerosum0x0/koadic.git

Navigate to the directory where the repository was cloned and run Koadic with:

./koadic

The currently available main commands in Koadic are listed below with their functions.

Command Description edit: shell out to an editor for the current module

listeners: shows info about stagers

sounds: turn sounds off/on: sound(0|1)

help: displays help info for a command

kill: kill a job or all jobs

exit: exits the program

cmdshell: command shell to interact with a zombie

verbose: turn verbosity off/on: verbose (0|1)

creds: shows collected credentials

unset: unsets a variable for the current module

api: turn off/on the rest api

taco: taco time

load: reloads all modules

use: switch to a different module

info: shows the current module options

jobs: shows info about jobs

pyexec: evals some python

domain: shows collected domain information

set: sets a variable for the current module

run: runs the current module

zombies: lists hooked targets

To view these commands use the help command on your terminal as illustrated below.