├── README.md ├── sshd_config ├── HTTPsC2DoneRight.sh └── c2k.sh /README.md: -------------------------------------------------------------------------------- 1 | # C2Kv2 2 | Updated version of C2K 3 | More info comming soon... 4 | -------------------------------------------------------------------------------- /sshd_config: -------------------------------------------------------------------------------- 1 | Port 7654 2 | ListenAddress 0.0.0.0 3 | Protocol 2 4 | HostKey /etc/ssh/ssh_host_rsa_key 5 | HostKey /etc/ssh/ssh_host_dsa_key 6 | HostKey /etc/ssh/ssh_host_ecdsa_key 7 | HostKey /etc/ssh/ssh_host_ed25519_key 8 | #Privilege 9 | UsePrivilegeSeparation yes 10 | KeyRegenerationInterval 3600 11 | ServerKeyBits 1024 12 | SyslogFacility AUTH 13 | LogLevel INFO 14 | LoginGraceTime 8 15 | PermitRootLogin no 16 | StrictModes yes 17 | RSAAuthentication yes 18 | PubkeyAuthentication yes 19 | #AuthorizedKeysFile %h/.ssh/authorized_keys 20 | IgnoreRhosts yes 21 | RhostsRSAAuthentication no 22 | HostbasedAuthentication no 23 | #IgnoreUserKnownHosts yes 24 | PermitEmptyPasswords no 25 | ChallengeResponseAuthentication no 26 | PasswordAuthentication no 27 | X11Forwarding yes 28 | X11DisplayOffset 10 29 | PrintMotd no 30 | PrintLastLog yes 31 | TCPKeepAlive yes 32 | #UseLogin no 33 | #MaxStartups 10:30:60 34 | #Banner /etc/issue.net 35 | AcceptEnv LANG LC_* 36 | Subsystem sftp /usr/lib/openssh/sftp-server 37 | UsePAM yes 38 | AllowUsers YOUR_SSH_USERNAME 39 | -------------------------------------------------------------------------------- /HTTPsC2DoneRight.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Refs: 3 | # http://stackoverflow.com/questions/11617210/how-to-properly-import-a-selfsigned-certificate-into-java-keystore-that-is-avail 4 | # https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04 5 | # http://www.advancedpentest.com/help-malleable-c2 6 | # https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm 7 | 8 | # Global Variables 9 | runuser=$(whoami) 10 | tempdir=$(pwd) 11 | # Echo Title 12 | clear 13 | echo '==========================================================================' 14 | echo ' HTTPS C2 Done Right Setup Script | [Updated]: 2016' 15 | echo '==========================================================================' 16 | echo ' [Web]: Http://CyberSyndicates.com | [Twitter]: @KillSwitch-GUI' 17 | echo '==========================================================================' 18 | 19 | 20 | echo -n "Enter your DNS (A) record for domain [ENTER]: " 21 | read domain 22 | echo 23 | 24 | echo -n "Enter your common password to be used [ENTER]: " 25 | read password 26 | echo 27 | 28 | echo -n "Enter your CobaltStrike server location [ENTER]: " 29 | read cobaltStrike 30 | echo 31 | 32 | domainPkcs="$domain.p12" 33 | domainStore="$domain.store" 34 | cobaltStrikeProfilePath="$cobaltStrike/httpsProfile" 35 | 36 | 37 | # Environment Checks 38 | func_check_env(){ 39 | # Check Sudo Dependency going to need that! 40 | if [ $(id -u) -ne '0' ]; then 41 | echo 42 | echo ' [ERROR]: This Setup Script Requires root privileges!' 43 | echo ' Please run this setup script again with sudo or run as login as root.' 44 | echo 45 | exit 1 46 | fi 47 | } 48 | 49 | func_check_tools(){ 50 | # Check Sudo Dependency going to need that! 51 | if [ $(which keytool) ]; then 52 | echo '[Sweet] java keytool is installed' 53 | else 54 | echo 55 | echo ' [ERROR]: keytool does not seem to be installed' 56 | echo 57 | exit 1 58 | fi 59 | if [ $(which openssl) ]; then 60 | echo '[Sweet] openssl keytool is installed' 61 | else 62 | echo 63 | echo ' [ERROR]: openssl does not seem to be installed' 64 | echo 65 | exit 1 66 | fi 67 | if [ $(which git) ]; then 68 | echo '[Sweet] git keytool is installed' 69 | else 70 | echo 71 | echo ' [ERROR]: git does not seem to be installed' 72 | echo 73 | exit 1 74 | fi 75 | } 76 | 77 | func_apache_check(){ 78 | # Check Sudo Dependency going to need that! 79 | 80 | # if [ sudo lsof -nPi | grep ":80 (LISTEN)" ]; then 81 | # echo 82 | # echo ' [ERROR]: This Setup Script Requires that port!' 83 | # echo ' 80 not be in use.' 84 | # echo 85 | # exit 1 86 | if [ $(which java) ]; then 87 | echo '[Sweet] java is already installed' 88 | echo 89 | else 90 | apt-get update 91 | apt-get install default-jre -y 92 | echo '[Success] java is now installed' 93 | echo 94 | fi 95 | if [ $(which apache2) ]; then 96 | echo '[Sweet] Apache2 is already installed' 97 | service apache2 start 98 | echo 99 | else 100 | apt-get update 101 | apt-get install apache2 -y 102 | echo '[Success] Apache2 is now installed' 103 | echo 104 | service apache2 restart 105 | service apache2 start 106 | fi 107 | if [ $(lsof -nPi | grep -i apache | grep -c ":80 (LISTEN)") -ge 1 ]; then 108 | echo '[Success] Apache2 is up and running!' 109 | else 110 | echo 111 | echo ' [ERROR]: Apache2 does not seem to be running on' 112 | echo ' port 80? Try manual start?' 113 | echo 114 | exit 1 115 | fi 116 | if [ $(which ufw) ]; then 117 | echo 'Looks like UFW is installed, opening ports 80 and 443' 118 | ufw allow 80/tcp 119 | ufw allow 443/tcp 120 | echo 121 | fi 122 | } 123 | 124 | func_install_letsencrypt(){ 125 | echo '[Starting] cloning into letsencrypt!' 126 | git clone https://github.com/certbot/certbot /opt/letsencrypt 127 | echo '[Success] letsencrypt is built!' 128 | cd /opt/letsencrypt 129 | echo '[Starting] to build letsencrypt cert!' 130 | ./letsencrypt-auto --apache -d $domain -n --register-unsafely-without-email --agree-tos 131 | if [ -e /etc/letsencrypt/live/$domain/fullchain.pem ]; then 132 | echo '[Success] letsencrypt certs are built!' 133 | else 134 | echo "[ERROR] letsencrypt certs failed to build. Check that DNS A record is properly configured for this domain" 135 | exit 1 136 | fi 137 | } 138 | 139 | func_build_pkcs(){ 140 | cd /etc/letsencrypt/live/$domain 141 | echo '[Starting] Building PKCS12 .p12 cert.' 142 | openssl pkcs12 -export -in fullchain.pem -inkey privkey.pem -out $domainPkcs -name $domain -passout pass:$password 143 | echo '[Success] Built $domainPkcs PKCS12 cert.' 144 | echo '[Starting] Building Java keystore via keytool.' 145 | keytool -importkeystore -deststorepass $password -destkeypass $password -destkeystore $domainStore -srckeystore $domainPkcs -srcstoretype PKCS12 -srcstorepass $password -alias $domain 146 | echo '[Success] Java keystore $domainStore built.' 147 | mkdir $cobaltStrikeProfilePath 148 | cp $domainStore $cobaltStrikeProfilePath 149 | echo '[Success] Moved Java keystore to CS profile Folder.' 150 | } 151 | 152 | func_build_c2(){ 153 | cd $cobaltStrikeProfilePath 154 | echo '[Starting] Cloning into amazon.profile for testing.' 155 | wget https://raw.githubusercontent.com/rsmudge/Malleable-C2-Profiles/master/normal/amazon.profile --no-check-certificate -O amazon.profile 156 | echo '[Success] amazon.profile clonned.' 157 | echo '[Starting] Adding java keystore / password to amazon.profile.' 158 | echo " " >> amazon.profile 159 | echo 'https-certificate {' >> amazon.profile 160 | echo set keystore \"$domainStore\"\; >> amazon.profile 161 | echo set password \"$password\"\; >> amazon.profile 162 | echo '}' >> amazon.profile 163 | echo '[Success] amazon.profile updated with HTTPs settings.' 164 | } 165 | # Menu Case Statement 166 | case $1 in 167 | *) 168 | func_check_env 169 | func_check_tools 170 | func_apache_check 171 | func_install_letsencrypt 172 | func_build_pkcs 173 | func_build_c2 174 | ;; 175 | esac 176 | -------------------------------------------------------------------------------- /c2k.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | reset 3 | 4 | # ------------------------------------------------------------------------------------- 5 | # -[Variables Section]- 6 | BUILDDIR=$(pwd) 7 | DOHOME="https://api.digitalocean.com/v2/droplets" 8 | DOTOKEN="YOUR_API_KEY" 9 | MALLEABLEDIR=$BUILDDIR/cobaltstrike/malleable_profiles 10 | GHMALLEABLE="https://github.com/rsmudge/Malleable-C2-Profiles.git" 11 | GHMODREWRITE="https://github.com/n0pe-sled/Apache2-Mod-Rewrite-Setup.git" 12 | MODRWDIR=$BUILDDIR/mod_rewrite_setup 13 | LWCONFIG=/usr/share/logwatch/default.conf/logwatch.conf 14 | NEWUSER="YOUR_SSH_USERNAME" 15 | # ------------------------------------------------------------------------------------- 16 | # -[Privilege Check Section]- 17 | if [ $(id -u) -ne '0' ]; then 18 | echo 19 | echo ' [ERROR]: This Setup Script Requires root privileges!' 20 | echo ' Please run this setup script again with sudo or run as login as root.' 21 | echo 22 | exit 1 23 | fi 24 | # ------------------------------------------------------------------------------------- 25 | # -[Functions Section]- 26 | func_getDependencies(){ 27 | apt-get update 28 | apt-get install python python-pip git build-essential 29 | } 30 | 31 | func_createUser(){ 32 | adduser $NEWUSER 33 | usermod -aG sudo $NEWUSER 34 | } 35 | 36 | func_setupSSH(){ 37 | mkdir -p /home/$NEWUSER/.ssh 38 | cp sshd_config /etc/ssh/sshd_config 39 | cp /root/.ssh/authorized_keys /home/$NEWUSER/.ssh/authorized_keys 40 | chown -R $NEWUSER:$NEWUSER /home/$NEWUSER 41 | chmod 700 /home/$NEWUSER/.ssh 42 | chmod 644 /home/$NEWUSER/.ssh/authorized_keys 43 | service ssh restart 44 | } 45 | 46 | func_createDroplets(){ 47 | # apt-get install snap 48 | # snap install doctl 49 | curl -X POST $DOHOME \ 50 | -d'{"name":"dn-cs1","region":"tor1","size":"4gb","image":"ubuntu-16-04-x64","ssh_keys":["YOUR_SSH_FINGERPRINT"]}' \ 51 | -H "Content-type: application/json" \ 52 | -H "Authorization: Bearer $DOTOKEN" \ 53 | | python -m json.tool 54 | } 55 | 56 | func_getCSDependencies(){ 57 | apt-add-repository ppa:webupd8team/java 58 | apt-get update 59 | apt-get install oracle-java8-installer 60 | update-java-alternatives -s java-8-oracle 61 | } 62 | 63 | func_installCobaltStrike(){ 64 | tar xvf cobaltstrike-trial.tgz 65 | cd cobaltstrike 66 | ./update 67 | cd $BUILDDIR 68 | } 69 | 70 | func_getMalleable(){ 71 | git clone $GHMALLEABLE $MALLEABLEDIR 72 | } 73 | 74 | func_addHTTPSSupport(){ 75 | chmod +x HTTPsC2DoneRight.sh 76 | ./HTTPsC2DoneRight.sh 77 | } 78 | 79 | func_createFirewall(){ 80 | iptables -F 81 | iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT 82 | iptables -A INPUT -p tcp --dport 7654 -j ACCEPT 83 | iptables -A INPUT -p tcp --dport 50050 -j ACCEPT 84 | iptables -A INPUT -p tcp --dport 80 -j ACCEPT 85 | iptables -A INPUT -p tcp --dport 443 -j ACCEPT 86 | iptables -I INPUT 1 -i lo -j ACCEPT 87 | iptables -P INPUT DROP 88 | iptables -P FORWARD DROP 89 | } 90 | 91 | func_createHTTPRedirector(){ 92 | git clone $GHMODREWRITE $MODRWDIR 93 | git clone $GHMALLEABLE $BUILDDIR/malleable_profiles 94 | cd $MODRWDIR 95 | python apache_redirector_setup.py --ir --block_url="http://blockdomain.com" --block_mode="redirect" --allow_url="http://yourc2.com" --allow_mode="proxy" 96 | } 97 | 98 | func_installDefensiveTools(){ 99 | apt-get update 100 | pip install lterm 101 | mkdir lterm_logs 102 | python /usr/local/bin/lterm.py -b -i -l $BUILDDIR/lterm_logs/ 103 | apt-get install sendmail logwatch 104 | sed -i -e 's/MailTo = root/MailTo = your@email.com/' $LWCONFIG 105 | sed -i -e 's/Range = yesterday/Range = today/' $LWCONFIG 106 | sed -i -e 's/Detail = Low/Detail = Med/' $LWCONFIG 107 | (crontab -l 2>/dev/null; echo "0 * * * * /usr/sbin/logwatch --detail Med --mailto your@email.com --service all --range today") | crontab - 108 | apt-get install iptables-persistent 109 | } 110 | 111 | func_quitScript(){ 112 | exit 0 113 | } 114 | # ------------------------------------------------------------------------------------- 115 | # -[ Banner Section]- 116 | echo " -[C2K]- " 117 | echo " Command and Control Kit v2.0 " 118 | echo " " 119 | echo "[*] - Author: Lee Kagan " 120 | echo "[*] - Twitter: @InvokeThreatGuy " 121 | echo "[*] - Link: https://github.com/invokethreatguy/C2K" 122 | echo "[*] - Blog: invokethreat.actor " 123 | echo "[*] - License: BSD 3-clause " 124 | echo "" 125 | sleep 1 126 | # ------------------------------------------------------------------------------------- 127 | # -[Main Menu Section]- 128 | while true 129 | do 130 | echo "- Main Menu -" 131 | echo "-------------" 132 | echo "" 133 | echo "======================================================================" 134 | echo "[*] REMEMBER TO EDIT SETTINGS FOR YOU REQUIREMENTS BEFORE RUNNING! [*]" 135 | echo "======================================================================" 136 | echo "Enter 1 to create new droplet(s)" 137 | echo "Enter 2 to build a Cobalt Strike team server on current system" 138 | echo "Enter 3 to add HTTPS support to team server on current system" 139 | echo "Enter 4 to build Apache redirector on current system" 140 | echo "Enter 5 to install logging and defensive tools" 141 | echo "Enter 99 to exit script" 142 | echo "Please enter your selection: " 143 | read answer 144 | case "$answer" in 145 | # ------------------------------------------------------------------------------------- 146 | # -[User Selection Section]- 147 | 1) clear 148 | echo "[*] - Creating droplet(s)..." 149 | func_createDroplets 150 | echo "[*] - COMPLETE!" 151 | ;; 152 | 153 | 2) clear 154 | echo "[*] - Installing Cobalt Strike..." 155 | func_getDependencies 156 | func_createUser 157 | func_setupSSH 158 | func_getCSDependencies 159 | func_installCobaltStrike 160 | func_getMalleable 161 | func_createFirewall 162 | echo "[*] - COMPLETE!" 163 | ;; 164 | 165 | 3) clear 166 | echo "[*] - Adding HTTPS support to Cobalt Strike Team Server..." 167 | func_addHTTPSSupport 168 | echo "[*] - COMPLETE!" 169 | ;; 170 | 171 | 4) clear 172 | echo "[*] - Building Apache Mod_Rewrite redirector..." 173 | func_getDependencies 174 | func_createUser 175 | func_setupSSH 176 | func_createHTTPRedirector 177 | echo "[*] - COMPLETE!" 178 | ;; 179 | 180 | 5) clear 181 | echo "[*] - Installing lterm and Logwatch" 182 | func_installDefensiveTools 183 | echo "[*] - COMPLETE!" 184 | ;; 185 | 186 | 99) clear 187 | echo "[*] - Exiting script..." 188 | func_quitScript 189 | echo "" 190 | ;; 191 | esac 192 | done 193 | # ------------------------------------------------------------------------------------- 194 | --------------------------------------------------------------------------------