This series of posts is designed to guide you through setting up your own Command and Control (C2) server, specifically using the Havoc C2 Framework. Before diving into the technical aspects, let's first establish what a C2 server is in the context of Cyber Operations.
A Command and Control (C2) server is an integral element of advanced cyber-attacks, providing a mechanism for attackers to maintain communication with compromised devices post-infection.
The architecture of C2 can be implemented in multiple ways, including but not limited to:
Deploying a Remote Access Trojan (RAT) to establish a backdoor on the victim device, thereby allowing remote control.
Employing a dedicated Command and Control server, managed by the attacker, to relay commands to compromised devices.
Utilizing a botnet, a network of compromised devices, to execute coordinated malicious activities ranging from Distributed Denial of Service (DDoS) attacks to malware dissemination.
The significance of a C2 server in cyber operations cannot be overstated. It offers attackers the capability to exfiltrate data, conduct targeted attacks, and inflict a range of damages to the victim's network.
Defensive countermeasures against C2 activities are multifaceted and include:
Implementing firewalls and Intrusion Detection/Prevention Systems (IDS/IPS) to filter and block malicious traffic.
Leveraging antivirus solutions to identify and eliminate malware components.
Regularly updating software with the latest security patches to fend off known vulnerabilities.
Conducting cybersecurity awareness training for staff to adhere to best practices.
Though these defenses may not offer absolute protection against C2 threats, they substantially elevate the organization's security posture, making it increasingly challenging for attackers to establish a successful Command and Control infrastructure, but that's a discussion for another time.
Having made the case introductions, let's get down to business and install our first own Command and Control server and for this, we need to open a terminal in our Kali Linux distribution:
Step 1. git clone https://github.com/HavocFramework/Havoc.git
and if all goes well, you should see the following:
now if you do an ls command you will be able to see the directories that appear in the image below, then execute cd Havoc:
Step 2. You are now inside of Havoc directory and there you will execute the following:
sudo apt install -y git build-essential apt-utils cmake libfontconfig1 libglu1-mesa-dev libgtest-dev libspdlog-dev libboost-all-dev libncurses5-dev libgdbm-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev libbz2-dev mesa-common-dev qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libqt5websockets5 libqt5websockets5-dev qtdeclarative5-dev golang-go qtbase5-dev libqt5websockets5-dev python3-dev libboost-all-dev mingw-w64 nasm
By doing this, you will be installing a variety of packages necessary for the proper functioning of our Command and Control server and if all goes well, you should see the following:
then you need to get into the teamserver directory by doing cd teamserver and if you do an ls you should see what appears in the image below:
Step 3. Now you have to execute the following:
go mod download golang.org/x/sys
go mod download github.com/ugorji/go If everything goes well, you should see something similar to what appears in the figure below, after which you will need to exit that directory by executing cd ..
Step 4. Now from Havoc Root directory, we will build the server side by executing:
make ts-build
If everything goes well, you should see something similar to what appears in the figure below:
Now we'll need to run the teamserver, but first, I recommend that you split your terminal screen into two with a vertical view this is to facilitate simultaneous monitoring and operation, especially useful when working with Command and Control servers like we are doing here.
Execute the following:
./havoc
after that, you should see something like this:
Step 5. Now we have the split view so on the left screen we have the teamserver running and on the right screen let's build the client side by executing the following:
cd Havoc
make client-build
after this, we will run the client like we did with the server:
./havoc client
after this process, you should see this screen:
Now to fill that prompt you have to follow the next step:
Step 6. Open up a new terminal and execute the following commands
1. cd Havoc
2. ls
3. cd data
4. ls
5. mousepad havoc.yaotl
and what you will see is the actual C2 profile and you need the Data that you have inside that file to fill the final prompt we got in Step 5 and what you will actually use is the following:
Port: 40056
User: Neo
Password: password1234
Those are the default credentials:
Now you can close the mousepad and then go to your terminal and get the IP of your virtual machine by using the command ifconfig
Now use all the information you have to fill in the prompt like the one you see in the picture below, you can choose the name you want I choose Demon.
Now hit the Connect button and you will be good to go, the final screen you will get is the one below and if you are watching this is because you are now in control of your own C2 Server.
Next time we will teach you how to Operate and control the victim machine with your C2.
Smouk out!
If you liked what you saw, you might be interested in our Hacking Infrastructure course, or perhaps you'd like to consider becoming part of our community by becoming a Subscriber PRO.