Payload execution

Different means of transport can be used to deliver the payload over to the target system (MS Word, PDF, EXE, DLL, and so on.) and once the payload is executed on the target server (in this case, the Koadic stager already has the command, which will be executed on the system):

The stager hooks up the zombie. Koadic C2 will be notified when the zombie is connected. Some system information (such as the IP address, hostname, and Windows OS version) is also shared between the zombie and the stager:

To check up on the zombie, you can execute the following command:

Zombies 

This will show the allotted ID by C2 to the zombie, the IP address of the zombie, the status, and the last seen (just like WhatsApp and FB Messenger)

To get more information regarding a zombie, you can execute Zombies <ID>, where ID is the identification number allotted by C2 to the zombie. In this case, it's 1:

zombies 1 

As you can see, the information regarding the zombie with ID 1 is displayed. In the displayed information, there's one thing that we need to focus on; that is, the Elevated status.

Currently, the Elevated status says No, which means it's not running with SYSTEM privileges but we can achieve system level privs by executing an implant.