Uncategorized

Command & Control Server

Learn what it is and how to make one using Havoc.



Command and control servers are remote systems that establish a connection with compromised machines, often referred to as "bots" or "zombies." These servers enable an attacker to control and manage a network of compromised systems, forming a botnet.

C&C servers provide a centralized command interface, allowing attackers to issue commands, upload and download files, update malware, and exfiltrate data from the compromised systems. They can also receive feedback, system information, and data from the infected machines.

Setting Up a C&C Server with Havoc

Havoc is a versatile, open-source C&C framework that supports multiple platforms and provides a range of features for building and managing botnets. In this section, we will guide you through the process of setting up a basic C&C server using Havoc.

Prerequisites

  • A Linux system with root or sudo privileges.
  • A domain name or IP address for your C&C server.
  • Port forwarding configured on your router (if you want to access your C&C server from the Internet).

Installing Havoc

  1. Clone the Havoc repository from GitHub:

    git clone https://github.com/hackerschoice/havoc.git
  2. Change into the Havoc directory:

    cd havoc
  3. Install the dependencies:

    Ubuntu 20.04 / 22.04

    sudo apt-get update
    sudo apt-get install -y python3 python3-pip python3-dev libffi-dev libssl-dev

    Debian 10/11

    echo 'deb http://ftp.de.debian.org/debian bookworm main' >> /etc/apt/sources.list
    sudo apt update
    sudo apt install python3-dev python3.10-dev libpython3.10 libpython3.10-dev python3.10

    Kali and other Debian based Distros

    sudo apt install -y build-essential apt-utils cmake libfontconfig1 libglu1-mesa-dev libgtest-dev libspdlog-dev
    libboost-all-dev libncurses5-dev libgdbm-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev libbz2-dev
    mesa-common-dev qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libqt5websockets5 libqt5websockets5-dev
    qtdeclarative5-dev golang-go qtbase5-dev libqt5websockets5-dev python3-dev libboost-all-dev mingw-w64 nasm

    Arch-based Distros

    sudo pacman -S git gcc base-devel cmake make fontconfig glu gtest spdlog boost boost-libs ncurses
    gdbm openssl readline libffi sqlite bzip2 mesa qt5-base qt5-websockets python3 nasm mingw-w64-gcc go

    MacOS

    brew install --cask cmake
    brew install python@3.10 qt@5 spdlog golang
    brew link --overwrite qt@5

Building the Teamserver

Install Go dependencies:

cd teamserver
go mod download golang.org/x/sys
go mod download github.com/ugorji/go
cd ..

Build & Run:

make ts-build
./havoc server --profile ./profiles/havoc.yaotl -v --debug

Building the client

make client-build
 
# Run the client
./havoc client

After we did all of this, we can see the Havoc logo pop-up on our screen.

$ ./havoc
              _______           _______  _______
    │\     /│(  ___  )\     /│(  ___  )(  ____ \
 )   ( ││ (   ) ││ )   ( ││ (   ) ││ (    \/
 (___) ││ (___) ││ │   │ ││ │   │ ││ │
  ___  ││  ___( (   ) ) ││
 (   ) ││ (   ) │ \ \_/ / │ │   │ ││ │
 )   ( ││ )   (   \   / (___) ││ (____/\
    │/     \││/     \│   \_/   (_______)(_______/
 
  	 pwn and elevate until it's done
 
Havoc Framework [Version: 0.4.1] [CodeName: The Fool]
 
Usage:
  havoc [flags]
  havoc [command]
 
Available Commands:
  client      client command
  help        Help about any command
  server      server command
 
Flags:
  -h, --help   help for havoc
 
Use "havoc [command] --help" for more information about a command.

Sending Commands and Receiving Data

Havoc provides a range of commands that you can send to the connected bots. These commands allow you to interact with the compromised systems, exfiltrate data, and perform various actions.

  1. To send a commands to clients, use the ./havoc client command and a pop-up will open. For example:
    ./havoc client

Conclusion

In this tutorial, we discussed the concept of command and control servers and their importance in cybersecurity. We also provided a step-by-step guide on how to set up a basic C&C server using the Havoc framework. Remember to use these techniques responsibly and only with authorized targets. C&C servers play a crucial role in understanding attacker tactics and improving an organization's security posture.