Tag: Kali Linux

Tutorial: Havok C2 on Kali Linux

This is a sneak peak preview of part of a chapter from my new book – “Mastering Command and Control: Exploring C2 Frameworks using Kali Linux

Tool GitHub: https://github.com/HavocFramework/Havoc
Tool Wiki: https://havocframework.com/docs/welcome

Havoc is a GUI driven multi-user Command and Control (C2) framework written in Golang, C and ASM. It is easy to use and has many great features making it a great option for Red Teams. It is also quickly becoming the “C2” of choice in online cyber-attacks, so it’s good for Blue Teams to be familiar with it too. 

Havoc C2 – Installing

Havoc in now included in the repositories of the newest version of Kali Linux. It can be installed by just entering the tool name.

Open a Kali Terminal and enter the following commands:

  • sudo apt update
  • sudo apt upgrade
  • havoc (this will prompt you to install it)
  • cd /usr/share/havoc

You need to run Havoc from the install directory as it uses a config file (havoc.yaotl) in its profile directory. There are a few settings you can change in the config file, including Host, Port, Users and Passwords. Though I will just use the default config for this chapter.

Havoc is made up of two parts, the Team Server and a Client. You need to have both running in separate terminal windows.

Havoc C2 – Start the Team Server

  • Enter, “havoc server –profile ./profiles/havoc.yaotl -v

“-v” starts Havoc in verbose mode. If you want debug information, you can also add, “–debug”

Havoc C2 – Start the Client

Now we need to start the client, or the user interface to Havoc.

  • Open a Second Terminal
  • Navigate to “/usr/share/havoc
  • Enter, “havoc client
  • Click “New Profile
  • Then click “Connect

You could also use a name and password from profile located at – profiles/havoc.yaotl

Havoc C2 – Create A Listener

First up, we need to create a Listener. A Listener looks or listens for incoming shells when a target runs a payload, and creates the connection. 

  • Click “View” from the top menu
  • Then, “Listeners
  • Then, at the bottom of the screen click, “Add

Add a name and select a Payload type. I just used HTTP. Lastly, set the Host IP address and Port

Click “Save”

Havoc will save and then start the listener.

You can see the status of the Havoc in the Event Viewer window.

Havoc C2 – Generating a Payload

Next, we need to make a payload or shellcode for the target to run.

  • Click, “Attack” from the top menu and then, “Payload

Havoc gives you several options. We will just take the defaults and chose a Windows Executable for the payload type. You should see your new listener listed. If not, select it from the drop-down box. Make any changes you want, I made none, then click “Generate”. Havoc will create our attack payload. It will take a few seconds for it to generate, it will then prompt you to save it.

Now, all you need to do is Copy and Run this file on a target Windows system.

And we have a live session!

This is just the begining, in the full chapter we delve deeper into controlling the remote session.

Read more on Havok and on 11 other C2s in my new book!

Mastering Command and Control” available on Amazon.com

“Mastering Command & Control” Author’s Book Review

My newest book, “Mastering Command & Control – Exploring C2 Frameworks with Kali Linux” is out!

In the ever-evolving landscape of cybersecurity, proficiency in Command and Control (C2) frameworks is not just advantageous – it’s essential. Introducing “Mastering Command & Control,” a comprehensive guide created for security students and professionals looking to increase their knowledge of C2 platforms.

Dive deep into the world of red teaming and penetration testing as you embark on a journey through the industry’s most potent C2 frameworks. From Sliver and Empire to the depths of the renowned Metasploit framework, and more, this book is your path to mastery!

C2’s Covered:

  • Villain
  • Havoc C2
  • Sliver
  • Empire & StarKiller
  • Covenant
  • Silent Tritiny
  • PoshC2
  • Metasploit
  • With an overview of Merlin, Mythic, Cobalt Strike and Caldera!

You’ll navigate the installation and utilization of each framework, learning quickly with hands on tutorials utilizing the Kali Linux platform. Gain invaluable insights into obtaining remote shells, executing commands on target systems, and exploring similar modules on each framework. With a focus on practicality, each chapter equips you with the skills and knowledge needed to navigate the complex terrain of command and control with confidence.

Whether you’re a novice seeking to lay a solid foundation or a seasoned practitioner aiming to broaden your expertise, “Mastering Command & Control” is your definitive companion.

I wrote this guide as so many students were struggling with learning C2s. Also, many professionals in the field were looking for something to get them up to speed quick on C2 platforms. Thus, this book was born. I try to use similar commands, modules and techniques across each one. That way the reader can gain familiarity rapidly with each.  Using the step by step, learn by doing process that my readers have enjoyed for years.

C2 platforms are so critical and more so now with the huge explosion of Artificial Intelligence. Though the current C2’s aren’t dependent on AI, they soon will be. Make no doubt about it, C2s and AI ARE the future of security. The more you are familiar with them, know how to use them, the better prepared you will be for the future!

“Mastering Command and Control – Exploring C2 Frameworks with Kali Linux”, available now on Amazon.com!

Security Testing with Raspberry Pi – Training Class

My New Video Training Class Is LIVE!

Security Testing with Raspberry Pi – Weaponizing the Pi” is now on Udemy! I have been working on converting my books to video training classes and my first class is done!

Based on my, “Security Testing with Raspberry Pi, Second Edition” book, the video class covers many of the same topics and some new. The book has been very popular over the years and used for training by multiple branches of the military and the Special Forces.

My video training covers:

  • Installing Kali Linux on a Pi
  • Basic Network Scanning
  • webApp Security Scanning
  • Wireless Scanning and Attacks
  • Intelligent Ducky Script attacks with P4wnP1 ALOA
  • Using the Pi for Command and Control – Starkiller Empire and PoshC2
  • SDR with Dragon OS
  • Building a Custom attack Platform with PiOS or Ubuntu
  • Future uses of Pi, and much more!

Though a separate class, it goes along very well with the book and covers several of the same topics.

Looking to take your security skills to the next level? Check it out on Udemy!

NEW BOOK: “Password Cracking with Kali Linux”

My #1 New Release, “Password Cracking with Kali Linux” is out! The latest addition to my Security Testing with Kali Linux series is here!

Unlock the secrets of Windows password security with “Password Cracking with Kali Linux,” your ultimate guide to password cracking using Kali Linux. This book provides a comprehensive introduction to the fundamentals of Windows security, offering readers an in-depth exploration of tools, techniques, and strategies for password cracking.

From understanding the basics of Windows security to creating powerful wordlists for cracking tools, this book is a must-have for both novice and experienced cybersecurity enthusiasts. Learn the art of password cracking as you explore the tools, tactics, and techniques used by both security professionals and real-world attackers. This learn by doing book will help you gain hands-on experience in cracking Windows and Linux passwords using Kali Linux.

The latest in my, “Security Testing with Kali Linux” series, this book focuses solely on cracking password hashes, a critical skill for all Red Team members, Offensive Security Professionals, Pentesters, and Security Enthusiasts. It is a complete collection of all my writings on Password Cracking, taken from my books and articles, modified with additional new information and tools, and formed into a beginning to end book on password cracking.

Key Features:

  1. Fundamental Windows Security Insights: Gain a solid understanding of Windows security protocols, providing a foundation for effective ethical hacking.
  2. Tool and Technique Exploration: Dive into the world of ethical hacking tools and techniques, exploring Kali Linux’s powerful arsenal to crack Windows passwords.
  3. Wordlist Creation Mastery: Master the art of crafting custom wordlists, a crucial skill for optimizing password-cracking success.
  4. Linux Password Cracking: Extend your knowledge beyond Windows and explore the techniques used to crack Linux passwords, adding versatility to your ethical hacking toolkit.
  5. Defense Strategies: Equip yourself with the knowledge to defend against password attacks. Learn essential cybersecurity practices to secure Windows systems effectively.

Whether you’re a cybersecurity enthusiast, IT professional, or aspiring ethical hacker, “Password Cracking with Kali Linux” empowers you to navigate the complex world of password cracking responsibly and ethically. Take your skills to the next level and become a proficient defender against cyber threats with this comprehensive guide.

Check it out on Amazon.com!

Check out the other books in the series!

  1. Security Testing with Raspberry Pi, Second Edition Paperback
  2. Advanced Security Testing with Kali Linux Kindle Edition
  3. Basic Security Testing with Kali Linux, Fourth Edition