Command & Control Server
Learn what it is and how to make one using Havoc.
Command and control servers are remote systems that establish a connection with compromised machines, often referred to as "bots" or "zombies." These servers enable an attacker to control and manage a network of compromised systems, forming a botnet.
C&C servers provide a centralized command interface, allowing attackers to issue commands, upload and download files, update malware, and exfiltrate data from the compromised systems. They can also receive feedback, system information, and data from the infected machines.
Setting Up a C&C Server with Havoc
Havoc is a versatile, open-source C&C framework that supports multiple platforms and provides a range of features for building and managing botnets. In this section, we will guide you through the process of setting up a basic C&C server using Havoc.
Prerequisites
- A Linux system with root or sudo privileges.
- A domain name or IP address for your C&C server.
- Port forwarding configured on your router (if you want to access your C&C server from the Internet).
Installing Havoc
-
Clone the Havoc repository from GitHub:
git clone https://github.com/hackerschoice/havoc.git -
Change into the Havoc directory:
cd havoc -
Install the dependencies:
Ubuntu 20.04 / 22.04
sudo apt-get update sudo apt-get install -y python3 python3-pip python3-dev libffi-dev libssl-devDebian 10/11
echo 'deb http://ftp.de.debian.org/debian bookworm main' >> /etc/apt/sources.list sudo apt update sudo apt install python3-dev python3.10-dev libpython3.10 libpython3.10-dev python3.10Kali and other Debian based Distros
sudo apt install -y build-essential apt-utils cmake libfontconfig1 libglu1-mesa-dev libgtest-dev libspdlog-dev libboost-all-dev libncurses5-dev libgdbm-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev libbz2-dev mesa-common-dev qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libqt5websockets5 libqt5websockets5-dev qtdeclarative5-dev golang-go qtbase5-dev libqt5websockets5-dev python3-dev libboost-all-dev mingw-w64 nasmArch-based Distros
sudo pacman -S git gcc base-devel cmake make fontconfig glu gtest spdlog boost boost-libs ncurses gdbm openssl readline libffi sqlite bzip2 mesa qt5-base qt5-websockets python3 nasm mingw-w64-gcc goMacOS
brew install --cask cmake brew install python@3.10 qt@5 spdlog golang brew link --overwrite qt@5
Building the Teamserver
Install Go dependencies:
cd teamserver
go mod download golang.org/x/sys
go mod download github.com/ugorji/go
cd ..Build & Run:
make ts-build
./havoc server --profile ./profiles/havoc.yaotl -v --debugBuilding the client
make client-build
# Run the client
./havoc clientAfter we did all of this, we can see the Havoc logo pop-up on our screen.
$ ./havoc
_______ _______ _______
│\ /│( ___ )│\ /│( ___ )( ____ \
│ ) ( ││ ( ) ││ ) ( ││ ( ) ││ ( \/
│ (___) ││ (___) ││ │ │ ││ │ │ ││ │
│ ___ ││ ___ │( ( ) )│ │ │ ││ │
│ ( ) ││ ( ) │ \ \_/ / │ │ │ ││ │
│ ) ( ││ ) ( │ \ / │ (___) ││ (____/\
│/ \││/ \│ \_/ (_______)(_______/
pwn and elevate until it's done
Havoc Framework [Version: 0.4.1] [CodeName: The Fool]
Usage:
havoc [flags]
havoc [command]
Available Commands:
client client command
help Help about any command
server server command
Flags:
-h, --help help for havoc
Use "havoc [command] --help" for more information about a command.Sending Commands and Receiving Data
Havoc provides a range of commands that you can send to the connected bots. These commands allow you to interact with the compromised systems, exfiltrate data, and perform various actions.
- To send a commands to clients, use the
./havoc clientcommand and a pop-up will open. For example:./havoc client
Conclusion
In this tutorial, we discussed the concept of command and control servers and their importance in cybersecurity. We also provided a step-by-step guide on how to set up a basic C&C server using the Havoc framework. Remember to use these techniques responsibly and only with authorized targets. C&C servers play a crucial role in understanding attacker tactics and improving an organization's security posture.