搭建Havoc C2

Havoc是一个现代的、可塑性强的后渗透C2框架,go版本的cs

设置环境

apt update -y && apt upgrade -y
# ①.仅适用于基于 Debian 的发行版
sudo apt install -y git build-essential apt-utils cmake libfontconfig1 libglu1-mesa-dev libgtest-dev libspdlog-dev libboost-all-dev libncurses5-dev libgdbm-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev libbz2-dev mesa-common-dev qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libqt5websockets5 libqt5websockets5-dev qtdeclarative5-dev golang-go qtbase5-dev libqt5websockets5-dev libspdlog-dev python3-dev libboost-all-dev mingw-w64 nasm
# ②.Ubuntu 20.04 / 22.04
sudo apt install build-essential
sudo add-apt-repository ppa:deadsnakes/ppa
sudo apt update
sudo apt install python3.10 python3.10-dev

下载havoc

git clone https://github.com/HavocFramework/Havoc.git

搭建服务端

cd Havoc/Teamserver
bash Install.sh
make
vim profiles/havoc.yaotl
./teamserver server --profile profiles/havoc.yaotl -v

默认账号密码为5pider/password1234

搭建客户端

cd Havoc/Client
make
./Havoc

客户端会弹出如下窗口,填写一下相关信息连接即可

接着就成功进入Havoc的界面

点击View - Listeners设置侦听器,然后在最底下找到Add点击添加

接着点击Attack - Payload选择Windows Shellcode,点击Generate将shellcode保存

设置 Harriet Payload 框架

Harriet可以将加密 shellcode 和函数调用,使用 SigThief 使用伪造的 Microsoft 证书对二进制文件进行签名

安装Harriet

git clone https://github.com/assume-breach/Home-Grown-Red-Team.git
cd Home-Grown-Red-Team/Harriet
bash setup.sh
bash Harriet.sh

这里我们选用Fully-Automated AES Encryption,将之前保存的demon.bin路径输入进行编译

接着设置web服务

最终测试一下免杀效果,成功上线