Sleight: Empire HTTP(S) C2 redirector setup script
Sleight
Empire HTTP(S) C2 redirector setup script.
Download
git clone https://github.com/V1V1/Sleight.git
Usage:
Sleight can be used in 3 ways:
1) Setup HTTP Redirector:
- Run Sleight and feed it an Empire communication profile.
- Input your Empire C2’s IP address and listening port.
- Say no to the HTTPS prompt.
- Input a site to redirect all invalid requests to.
- Start an Empire HTTP listener with the ‘Host’ property set to the domain of your redirector.
HTTP Redirectors reference:
2) Setup HTTPS Redirector:
- Run Sleight and feed it an Empire communication profile.
- Input your Empire C2’s IP address and listening port.
- Say yes to the HTTPS prompt.
- Input a site to redirect all invalid requests to.
- Input the domain assigned to your redirector (for generation of a Let’s Encrypt certificate).
- Agree to the certbot prompts.
- Start an Empire HTTPS listener with the ‘Host’ property set to the domain of your redirector.
HTTPS Redirector Setup Notes:
- Certificate generation will only work once your redirector’s domain has propagated successfully.
- You’ll need DNS entries for both DOMAIN.com and www.DOMAIN.com for your redirector’s domain.
- You can use the default HTTPS certificates Empire comes with (located in the ‘/empire/data/’ directory) for the ‘CertPath’ property when starting an HTTPS listener on your C2 server.
HTTPS Redirectors reference:
- https://bluescreenofjeff.com/2018-04-12-https-payload-and-c2-redirectors/
- https://posts.specterops.io/automating-apache-mod-rewrite-and-cobalt-strike-malleable-c2-profiles-d45266ca642
3) Rules only (no setup):
If you only want to use Sleight to convert an Empire communication profile into mod_rewrite rules and not setup your redirector, simply feed it a communication profile and say no to the “proceed with setup” prompt.
Example:
$ sudo python sleight.py -c profiles/default.txt
Copyright (c) 2017, Gabriel
All rights reserved.
Source: https://github.com/V1V1/