AZURE
Last updated
Last updated
#create the ec2/azure instance
root@oco:~$ BROWSER > https://portal.azure.com > Virtual Machines
Project Details
Subscription: {subscription}
Resource Group: {resourceGroup}
Instance Details
Virtual Machine Name: {c2Server}
Region: US
Availability Options: No Infrastructure Redundancy Required
Security Type: Standard
Image: Ubuntu Server 20.04 LTS - x64 Gen2
- use Kali Linux if available
VM Architecture: x64
Run w/ Azure Spot Discount: Disabled
Size: Standard D2as_v4 - 2 vcpus 8GiB memory ($$$)
Administrator Account
Authentication Type: SSH public Key
Username: {hackerName}
SSH Public Key Source: Generate new key pair
Key pair name: {arbitraryValue}
Inbound Port Rules
Public Inbound ports: None //this disabled public access to instance
Select Inbound Ports: N/A
Disks
Encryption at host: Disabled
OS Disk
OS Disk Type: Premium SSD (locally-redundant storage - LRS)
Delete w/ VM: Enabled
Key Management: Platform-managed key
Enable Ultra Fisk Compatibility: Disabled
Data Disks for {c2Server}: Create and attach a new disk
Name: {c2Server}_DataDisk_0
Source Type: None (Empty Disk)
Size: 16 GiB
Key management: Platform-managed key
Enable shared disk: No
Delete disk w/ VM: Enabled
Management
Network Interface
Virtual Network: {...LabVNet}
Subnet: default (.../24)
Public IP: {...}
NIC Network Security Group: Basic
Public Inbound Ports: None
Select Inbound Ports: N/A
Delete NIC when VM is deleted: Disabled
Enable Accelerated Networking: Enabled
Load Balancing
Place VM Behind Existing LB Solution: Disabled
* Create the VM after review#configure
root@oco:~$ ssh -i "{key}.pem" ubuntu@ec2...azure.com
* requires {key}.pem
* ensure this azure vm is only accessible to the operator and that the IP is whitelisted
#Upgrade the system repository & Upgrade the system to the newest version
root@aws:~$ sudo apt update
root@aws:~$ sudo apt upgrade
#install dependencies
root@aws:~$ sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
#Clone the Mythic C2 repository & install Mythic C2 via script
root@aws:~$ mkdir -p C2
root@aws:~$ cd C2
root@aws:~$ git clone https://github.com/its-a-feature/Mythic --depth 1
root@aws:~$ cd Mythic
root@aws:~$ sudo ./install_docker_ubuntu.sh
* this cmd will install docker and docker compose plugin if not already installed on Ubuntu
* use the specific shell script if on Kali or Debian distribution
- ./install_docker_kali.sh or ./install_docker_debian.sh
#build the Mythic CLI
root@oco:~$ cd Mythic/Mythic_CLI
root@oco:~$ sudo apt install build-essential
* this is required if you get an error msg stating "make cmd not found"
root@oco:~$ sudo make
root@oco:~$ cp mythic-cli ../
#install Mythic Agents Payload
#https://github.com/MythicAgents
root@aws:~$ sudo -E ./mythic-cli install github https://github.com/MythicAgents/Apollo.git
* Apollo is a Windows agent written in C# using the 4.0 .NET Framework designed to be used in SpecterOps training offerings
#Install the Mythic C2 Apollo agent and the http C2 Profile
#install Mythic C2 Profiles
#https://github.com/MythicC2Profiles
root@aws:~$ sudo ./mythic-cli install github https://github.com/MythicC2Profiles/http
#Start the C2 server
root@aws:~$ sudo ./mythic-cli start
#access the azure C2 server via local port forwarding
root@oco:~$ ssh -i {keyFile}.pem user@AWS_EC_IP -L 7443:127.0.0.1:7443
* the Mythic C2 Server is only accessible through https://127.0.0.1:7443 and by a specific attacker IP address
- this Mythic C2 server can only be accessed via local port forwarding and with the appropriate ssh key file
root@aws:~$ cd C2/Mythic
root@aws:~/Mythic$ cat .env
* MYTHIC_ADMIN_PASSWORD="..."
- this is the random password created for Mythic C2 Server
* MYTHIC_ADMIN_USER="..."
- this is the user credential
#Access Mythic C2 via the browser
root@oco:~$ BROWSER > https://127.0.0.1:7443
* the OCO VM accesses the azure C2 server through Local Port Forwarding