
Red Commander
Creates two Cobalt Strike C2 servers (DNS and HTTPS), with redirectors, and RedELK in Amazon AWS. Minimal setup required! Companion Blog here
Features
- Build out multiple engagements with this platform! Tracking via Engagement ID
- Custom Cobalt Strike Package Support
- Custom MalleableC2 Support per C2
- C2Concealer Support (Test 👏 Your 👏 Profiles!)
- Modified cs2modrewrite.py from Threat Express
- Joomla Support for Web Redirectors. (The web redirectors can have their own website!)
- Launch as many Web Redirectors as you want! Add as needed by rerunning the playbook with more domains added.
- Custom EDR Evasion support via Web Redirectors (thanks to @curi0usJack)
All files have to be named EXACTLY as shown above in the folders shown. The exception is naming the folder for the web redirect domains.
- Add your own cobaltstrike.zip file if you like. Don’t include your MalleableC2 profile in that ZIP, though.
- If you don’t include a Keystore, one will be created for you using the LetsEncrypt certificate generated for the C2 domain.
- If you don’t include a MalleableC2 profile, one will be generated for you. This happens at every run, so it’s likely a good idea to copy the generated keystore/profile to the above directories after the first run, or just build your own.
- To dump the MySQL database of your Joomla site, use mysqldump Example: mysqldump -u root -p -d cs_joomla >> dump.sql Then, execute cd /var/www/html; zip -r joomla.zip * to get your Joomla to install zipped properly. Don’t worry, the play will add the correct configuration settings (by default, mysql password, user and session type modifiers)
- You can add a custom Cobalt Strike MalleableC2 and/or Keystore per C2 to files/custom/DNS and files/custom/HTTPS respectively.
- Add RedELK.zip to files/.
Download & Use
Copyright (C) 2020 Alex Williams, OSCP, GXPN. Twitter: @offsec_ginger