Secondary Categories: 02-Infrastructure
Simple Redirector
You can use one of the following tools to create a simple redirector:
- IPtables
- Socat
socat TCP-LISTEN:80,fork TCP:192.168.1.1:80
iptables -A PREROUTING -t nat -p tcp --dport 80 -j DNAT βto 192.168.1.1:80HTTPS Redirector
In this example I will be setting up a redirector using Apache.
sudo apt install apache2
sudo a2enmod ssl rewrite proxy proxy_http
sudo systemctl restart apache2Now we need to setup the configuration for apache using symlinks to the βavailableβ directory.
cd /etc/apache2/sites-enabled
sudo rm 000-default.conf
sudo ln -s /etc/apache2/sites-available/default-ssl.conf .
sudo system restart apache2Once we restart Apache and navigate to https://<IP ADDRESS> the default Apache page should load with Apacheβs default self-signed certificate.
Now we need to generate a new key pair. This should be done on the team server.
openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out public.crt -keyout private.key
openssl req -new -key private.key -out acme.csrThen we can use certbot to sign the certificate.
certbot certonly -d example.com --apache --register-unsafely-without-email --agree-tos- The Public IP address of the machine used to make this request will be logged as making this request.
If certbot is used it will produce four seperate files in the following folder:
/etc/letsencrypt/archive/example.com
The two that we will need for the C2 infrastructure is the fullchain.pem and privkey.pem. For now lets copy these to:
/etc/ssl/certs//etc/ssl/private/
Then we need to edit the /etc/apache2/sites-available/default-ssl.conf for the following directives:
SSLCertificateFileSSLCertificateKeyFile
If you are trying to emulate this in you own home lab then you can just use the public.crt and private.key files instead and will need to add the following lines in the Apache default-ssl.conf file:
SSLProxyCheckPeerCN off
This will essentially tell Apache to ignore that the SSL certificate is self signed.
FINALLY⦠Restart Apache
sudo systemctl restart apache2Cobalt Strike
In order to use these certificates with Cobalt Strike you need to import it into the Java KeyStore.
First we need to combine the seperate public and private key into a single PKCS12 file. This should be done on the team server.
openssl pkcs12 -inkey private.key -in public.crt -export -out example.pkcs12We can then convert it to the Java KeyStore using keytool
keytool -importkeystore -srckeystore example.pkcs12 -srcstoretype pkcs12 -destkeystore example.storeThen in the Malleable C2 Profile you need to add the following:
https-certificate {
set keystore "acme.store";
set password "password";
}- The team server expects the keystore to be in the same directory as itself
Resources:
| Title | URL |
|---|---|
| place | holder |
Also Check Out:
- PLACEHOLDER