Back to Blog
Building a P2P Hybrid-Decentralized C2 Framework: The Journey
Project7/17/20253 min readPratik Singh

Building a P2P Hybrid-Decentralized C2 Framework: The Journey

This blog is the story of how I created a Peer-to-Peer Hybrid-Decentralized C2 Framework from scratch as a high schooler

Konnichiwa (hello) 😳, I'm Pratik Singh, a high schooler from India, and i am CRAZY about cybersec and programming.
This blog is the story of how I created a Peer-to-Peer Hybrid-Decentralized C2 Framework (sounds so cool right?), from scratch

konnichiwa
"Konnichiwa truck-san"

ε…ˆη”Ÿγ€C2 は何ですか (Teacher, what is C2?)

(I am JLPT N5 certified πŸ˜‰)

Alright lemme give a short intro to C2:

  • A Command & Control (C2) Framework is used to remotely send commands to (and control) multiple systems (called implants usually).
  • Usually, the implants connect to a central server, receive commands, and send back results.
  • But not in this project. The C2 server is hybrid-decentralized, implants are connected peer-to-peer, and designed to sync commands and data across a mesh of implants, but with a coordinator central server too. SO DAMN COOL 😳

Why?

Because come on, if central server dies, everyone dies (in normal C2 frameworks), so we need this

And another reason for making this project is because i can πŸ™‚β€β†•οΈ

The Series

Instead of dropping a gazzillion page research paper that no one is gonna read, I split this project journey into 3 separate parts each covering a phase of the project.

Part 1: The Foundation

Full Blog coming soon β†’

  • Writing implants in C, communicating via raw HTTP (no security yet)
  • Python based C2 server with /heartbeat, /peers, /send-command, /report endpoints (AND MORE)
  • Implementing Peers Gossiping, Command Execution, result reporting
  • Handling race conditions, avoiding infinite flood loops 😭
  • Basically, building the core of the framework
  • Includes diagrams, flowcharts, real display of everything

Part 2: Encryption & Security

Coming soon

Part 3: Dashboard

Coming soon

a lil sneak peak

a screenshot of me testing it
"me playing around with project"

In the 4 corners there are 4 Implants running in docker containers, the 2nd from top is the C2 server managing all the requests, and at last below the C2 server is control temrinal to send requests (cuz no dashboard, yet)

For detailed explanation, read the full blogs, you would understand how everything works :)

Stack & Tools Used

  • Languages: C for implants, Python for C2, and JavaScript for Dashboard
  • DB: SQLite for C2 side
  • Libs: cJSON, libcurl, Flask
  • Editor: Neovim (cuz I hate myself)

What I Learned

From Part 1:

  • Designing peer‑to‑peer gossiping system and avoiding broadcast storms, is one hell of a task
  • Manual memory management in C (free() should be a built-in not in a library TwT) πŸ˜΅β€πŸ’«
  • Handling Race conditions (they haunt me)
  • I love decentralized systems

Final Thoughts

This whole project is my first cybersecurity project and so far, I am having fun (except when i have to write secure C code 😭) It went from an idea i got while πŸ’©ing to something that taught me decentralized networks, and low-level code management on my 1024x768 monitor πŸ’€

Links

Thanks for reading this. Now go read the first part and all the upcoming parts, clone the repo, mess around, do anything you love :)

– Pratik Singh
the dude who made a C2 framework instead of revising Accountancy (i got exam tomorrow 😭)

Tags:
#Command-and-Control#C2#Red teaming#development#decentralisation
← More ArticlesGet in Touch β†’
    Building a P2P Hybrid-Decentralized C2 Framework: The Journey | Pratik Singh