NGINX (AWS EC2/AZURE)
Last updated
Last updated
#create the ec2/azure instance
#create a DNS A record pointing nginx ec2 instance ip to {subdomain}.{domain}.{tld}
#this is required prior to proceding
#connect to the ec2 virtual machine
root@oco:~$ sudo -i {key}.pem [email protected]
#NGINX installation
root@NGVM: sudo apt update
root@NGVM: sudo apt install certbot python-certbot-nginx nginx
root@NGVM: sudo nano /etc/resolv.conf
#this is mapped to the nginx ip
nuclear.cyberwarfare.live 20.66.87.234
- this is the mapping of nginx vm ip to fqdn
- this is a local DNS entry and not a public entry
#SSL Configuration (FOR OPSEC)
root@NGVM: sudo certbot --nginx --register-unsafely-without-email --agree-tos
Enter your domain: nuclear.cyberwarfare.live
Redirect HTTP traffic to HTTPS: 2 (Redirect)
* email is not required
* certificate keys will be stored in the following directories
- /etc/letsencrypt/live/{nginx payloadServer domain}/fullchain.pem
- /etc/letsencrypt/live/{nginx payloadServer domain}/privkey.pem#download and activate a simple HTTP server to serve payloads
root@NGVM: go version
root@NGVM: sudo apt update && sudo apt upgrade -y
root@NGVM: sudo apt install golang -y
#set up the environment variables
root@NGVM: echo "export PATH=\$PATH:/usr/local/go/bin" >> ~/.bashrc
root@NGVM: source ~/.bashrc
root@NGVM: curl -O https://github.com/projectdiscovery/simplehttpserver/releases/download/v0.0.6/simplehttpserver_0.0.6_linux_amd64.zip
* https://github.com/projectdiscovery/simplehttpserver
#this payload server is only accessible from a specific host
#nginx is setup to serve the payload from a special directory called /{cwl}
root@NGVM: simplehttpserver -listen ':5555' -http1#example trigger
root@NGVM: BROWSER > {nuclear.cyberwarfare.live}
* this should work and anyone visiting will see the nginx page
root@NGVM: BROWSER > {nuclear.cyberwarfare.live/arbitraryPage}
* this will show a 404 NOT FOUND error as nothing is configured
#ensure that the payload server's hidden directory "cwl" can't be easily brute forced by anyone to include by the blue team - use a long string page name, so it can't be cracked by gobuster/dirbuster easily
root@NGVM: BROWSER > {nuclear.cyberwarfare.live/cwl}
* this hidden page will be accessible