C2 Server

We will set up a second machine that will act as our Command and Control server.

It will receive shell connections from victim computers, allowing us to remotely interact with victim machines to search for files or bounce to other machines.

We will set it up with som eprotections that mean packets coming in will be proxied through and an encrypted tunnel to our C2 server, where our C2 framework listener is located.

Our C2 framework will be Empire (Follow installation instructions in Tunneling/C2 (Command and Control)/Empire)

So we boot up a new VPS server that will act as our C2 server, log in to it, then download and install the C2 teamserver.

Also it's woth installing the screen command, which allows you to resume the teamserver session after termination the SSH connection. (https://www.howtoforge.com/linux_screen/)

- VPS

List of cloud providers that support cryptocurrencies: https://acceptbitcoin.cash/

To lock down network access to the C2 server through UFW (Uncomplicated Firewall) to make C2 server reachable only through SSH, either from the redirector or from one of our VPN or Tor exit nodes:

apt install -y ufw

ufw default deny incoming

ufw default allow outgoing

ufw allow from any to any port 22

ufw enable

Then, create a Redirector and allow traffic from it.

- Amazon EC2 Instance

If we want to run the C2 in an AWS EC2 instance instead of a VPS:

  • Fire up AWS

  • EC2 > Instances > Application and OS Images > Browser more AMIs > Ubuntu > Take one like Ubuntu Server 20.04 LTS (HVM), SSD Volume Type 64-bot (x86)

  • Instance type > t2.large

  • Create key pair login

  • Allow SSH traffic only from your IP/Ips and allow or not HTTP/s Traffic

  • 64 GB

  • Now to connect: Instances > Select instance > Connect to instance > coppy ssh command

Then, create a Redirector and allow traffic from it: EC2 > Security Groups > {security group name} > Edit inbound rules > Add rule > Custom TCP > Port 80 > Select IP Address range of the redirector. ! If we are using an ELB as redirector we must just type the security group of the ELB instead of an IP.

- Azure Instance VM

If we want to run the C2 in an Azure VM instance instead of a VPS, configure a VM in Microsoft Azure similar to the EC2 described previouslly.

Then, create a Redirector and allow traffic from it: Home > {VM name} > Networking > Add inbound security rule> Source service tag: Select IP Address range of the redirector. ! If we are using an ELB as redirector we must just select AzureFrontDoor.Backend > Service HTTP/s

- Localhost teamserver

If we dont want to expose the teamserver to the internet, to connect to it locally, just expose SSH port and remain teamserver port internal, then, do SSH Local Port Forwarding.

ssh -L {teamserver port}:127.0.0.1:{teamserver port} -i {ssh key file} user@serverIP

Then, from the client, connect to the C2 pointing to localhost.

Last updated