Command and control servers are remote systems that establish a connection with compromised machines, often referred to as "bots" or "zombies." These servers enable an attacker to control and manage a network of compromised systems, forming a botnet.

C&C servers provide a centralized command interface, allowing attackers to issue commands, upload and download files, update malware, and exfiltrate data from the compromised systems. They can also receive feedback, system information, and data from the infected machines.

Setting Up a C&C Server with Havoc

Havoc is a versatile, open-source C&C framework that supports multiple platforms and provides a range of features for building and managing botnets. In this section, we will guide you through the process of setting up a basic C&C server using Havoc.

Prerequisites

• A Linux system with root or sudo privileges.
• A domain name or IP address for your C&C server.
• Port forwarding configured on your router (if you want to access your C&C server from the Internet).

Installing Havoc

1. Clone the Havoc repository from GitHub:

   git clone https://github.com/hackerschoice/havoc.git

   Copy

2. Change into the Havoc directory:

   cd havoc

   Copy

3. Install the dependencies:

   Ubuntu 20.04 / 22.04

   sudo apt-get update
   sudo apt-get install -y python3 python3-pip python3-dev libffi-dev libssl-dev

   Copy

   Debian 10/11

   echo 'deb http://ftp.de.debian.org/debian bookworm main' >> /etc/apt/sources.list
   sudo apt update
   sudo apt install python3-dev python3.10-dev libpython3.10 libpython3.10-dev python3.10

   Copy

   Kali and other Debian based Distros

   sudo apt install -y build-essential apt-utils cmake libfontconfig1 libglu1-mesa-dev libgtest-dev libspdlog-dev
   libboost-all-dev libncurses5-dev libgdbm-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev libbz2-dev
   mesa-common-dev qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libqt5websockets5 libqt5websockets5-dev
   qtdeclarative5-dev golang-go qtbase5-dev libqt5websockets5-dev python3-dev libboost-all-dev mingw-w64 nasm

   Copy

   Arch-based Distros

   sudo pacman -S git gcc base-devel cmake make fontconfig glu gtest spdlog boost boost-libs ncurses
   gdbm openssl readline libffi sqlite bzip2 mesa qt5-base qt5-websockets python3 nasm mingw-w64-gcc go

   Copy

   MacOS

   brew install --cask cmake
   brew install python@3.10 qt@5 spdlog golang
   brew link --overwrite qt@5

   Copy

Building the Teamserver

Install Go dependencies:

cd teamserver
go mod download golang.org/x/sys
go mod download github.com/ugorji/go
cd ..

Build & Run:

make ts-build
./havoc server --profile ./profiles/havoc.yaotl -v --debug

Building the client

make client-build
 
# Run the client
./havoc client

After we did all of this, we can see the Havoc logo pop-up on our screen.

$ ./havoc
              _______           _______  _______
    │\     /│(  ___  )│\     /│(  ___  )(  ____ \
    │ )   ( ││ (   ) ││ )   ( ││ (   ) ││ (    \/
    │ (___) ││ (___) ││ │   │ ││ │   │ ││ │
    │  ___  ││  ___  │( (   ) )│ │   │ ││ │
    │ (   ) ││ (   ) │ \ \_/ / │ │   │ ││ │
    │ )   ( ││ )   ( │  \   /  │ (___) ││ (____/\
    │/     \││/     \│   \_/   (_______)(_______/
 
  	 pwn and elevate until it's done
 
Havoc Framework [Version: 0.4.1] [CodeName: The Fool]
 
Usage:
  havoc [flags]
  havoc [command]
 
Available Commands:
  client      client command
  help        Help about any command
  server      server command
 
Flags:
  -h, --help   help for havoc
 
Use "havoc [command] --help" for more information about a command.

Sending Commands and Receiving Data

Havoc provides a range of commands that you can send to the connected bots. These commands allow you to interact with the compromised systems, exfiltrate data, and perform various actions.

1. To send a commands to clients, use the ./havoc client command and a pop-up will open. For example:

   ./havoc client

   Copy

Conclusion

In this tutorial, we discussed the concept of command and control servers and their importance in cybersecurity. We also provided a step-by-step guide on how to set up a basic C&C server using the Havoc framework. Remember to use these techniques responsibly and only with authorized targets. C&C servers play a crucial role in understanding attacker tactics and improving an organization's security posture.