AWS EC2

Cloud Computing Services - Amazon Web Services (AWS)Amazon Web Services, Inc.

Amazon Elastic Compute Cloud (EC2) is a web service that allows users to create and run virtual machines (instances) in the Amazon Web Services (AWS) cloud

#Create a Virtual Machine & Install an OS onto the VM
#VM creation and configuration
root@oco:~$ BROWSER > https://aws.amazon.com/ > My Account > AWS Management Console
 > All Services > Compute > EC2 > Instances > Instances > Launch Instances
 Name & Tags:
  Name: {MythicC2Server}
 Application & OS Images:
  Browse More AMIs: Ubuntu Server LTS (HVM), SSD Volume Type
 Instance Type: t2.medium/t2.large
 Key Pair (login): Create New Key Pair
 Network Settings: {default}
  Network: vpc-0d50648fce11e930b
  Subnet: no preference (Default subnet in any availability zone)
  Auto-assign public IP: enabled
  FW (security groups): Create security group
  Allow SSH traffic from: My IP - {xxx.xxx.xxx.xxx/32}
  * Anywhere 0.0.0.0/0 shouldn't be used as the C2 should only be accessible by the Red Team operators
  * the "Allow HTTPS traffic from the internet" option can be enabled based on requirements
     - e.g., beacon call backs that need to use it
  * the "My IP - {xxx.xxx.xxx.xxx/32 is tied to the individual's remote public IP}
     - this specific aws instance can be accessed ONLY by a specific IP through local port forwarding
 Configure Storage: 1x 30GiB gp2 Root volume (Not Encrypted)
  * free tier's max is 30GiB
 Number of Instances: 1
 Launch Instance
 
root@oco:~$ BROWSER > https://aws.amazon.com/ > View All Instances > {instanceID}
 * verify that the instance is running
    - Instance state: running

#configure
root@oco:~$ BROWSER > https://aws.amazon.com/ > View All Instances > {instanceID} > Connect
 * acquire the ssh client connection settings
root@oco:~$ ssh -i "{awsKey}.pem" [email protected]
 * requires {key}.pem
 * ensure this aws vm is only accessible to the operator and that the IP is whitelisted
 * if you receive an SSH permission error, refer to...
   2.System Administration > Windows > Open SSH > Private Key permissions

#Upgrade the system repository & Upgrade the system to the newest version
root@aws:~$ sudo apt update
root@aws:~$ sudo apt upgrade

#install dependencies
root@aws:~$ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

#Clone the Mythic C2 repository & install Mythic C2 via script
root@aws:~$ mkdir -p C2
root@aws:~$ cd C2
root@aws:~$ git clone https://github.com/its-a-feature/Mythic --depth 1
root@aws:~$ cd Mythic
root@aws:~$ sudo ./install_docker_ubuntu.sh
 * this cmd will install docker and docker compose plugin if not already installed on Ubuntu
 * use the specific shell script if on Kali or Debian distribution
    - ./install_docker_kali.sh or ./install_docker_debian.sh

#build the Mythic CLI
root@oco:~$ cd Mythic/Mythic_CLI
root@oco:~$ sudo apt install build-essential
 * this is required if you get an error msg stating "make cmd not found"
root@oco:~$ sudo make
root@oco:~$ cp mythic-cli ../

#install Mythic Agents Payload
#https://github.com/MythicAgents
root@aws:~$ sudo -E ./mythic-cli install github https://github.com/MythicAgents/Apollo.git
 * Apollo is a Windows agent written in C# using the 4.0 .NET Framework designed to be used in SpecterOps training offerings

#Install the Mythic C2 Apollo agent and the http C2 Profile
#install Mythic C2 Profiles
#https://github.com/MythicC2Profiles
root@aws:~$ sudo ./mythic-cli install github https://github.com/MythicC2Profiles/http

#Start the C2 server
root@aws:~$ sudo ./mythic-cli start

#access the AWS C2 server via local port forwarding
root@oco:~$ ssh -i {keyFile}.pem user@AWS_EC_IP -L 7443:127.0.0.1:7443
 * the Mythic C2 Server is only accessible through https://127.0.0.1:7443 and by a specific attacker IP address
    - this Mythic C2 server can only be accessed via local port forwarding and with the appropriate ssh key file

root@aws:~$ cd C2/Mythic 
root@aws:~/Mythic$ cat .env
 * MYTHIC_ADMIN_PASSWORD="..."
    - this is the random password created for Mythic C2 Server
 * MYTHIC_ADMIN_USER="..."
    - this is the user credential

#Access Mythic C2 via the browser
root@oco:~$ BROWSER > https://127.0.0.1:7443
 * the OCO VM accesses the AWS C2 server through Local Port Forwarding

PreviousON-PREMISE NextAZURE

Last updated 11 months ago