xct's notes
Search…
C2 Setup

General

Register custom domain and setup lets encrypt to get a valid certificate. Then use a reverse proxy to forward traffic to the c2 which is only reachable on localhost (or a remote server).

Apache reverse proxy

1
SSLProtocol TLSv1.2
2
ProxyPreserveHost on
3
ProxyRequests off
4
SSLEngine on
5
SSLProxyEngine on
6
SSLProxyVerify none
7
SSLProxyCheckPeerCN off
8
SSLProxyCheckPeerName off
9
SSLProxyCheckPeerExpire off
10
11
ProxyPass /test/example.txt https://172.31.37.1:5000/test/example.txt
12
ProxyPassReverse /test/example.txt https://172.31.37.1:5000/test/example.txt
Copied!
The idea is to proxy only certain endpoints to the C2 server (change the default profile and make an entry for each route).

Phishing Setup

  1. 1.
    Register Account with njal.la and buy a similar sounding domain anonymously
  2. 2.
    Register Account with mailgun and subscribe to enable custom domains, then register your fresh domain there and make the required dns entries
  3. 3.
    Setup GoPhish Server on a EC2 instance, use mailgun smtp credentials to send mails
Then setup a good landing page, link the page in your email and have the page contain a download link for a document, exe etc., depending on your pretext.
Finally test your mail vs. a private address and if everything works out send it to the targets. Make sure the pretext contains calls to action and a sense of urgency (e.g. install this software to keep working remotely, fill this document to receive something etc.)
Last modified 9mo ago