LOAD BALANCER (AWS EC2)
INSTALLATION & CONFIGURATION
#this is performed after creating the C2 Server
root@oco:~$ BROWSER > https://aws.amazon.com/ > EC2 > Instances > {instanceID} > Load Balancing > Load Balancers > Create Load Balancer > Application Load Balancer
Basic Configuration
Load Balancer name: {arbitraryName}
Scheme: Internet-facing
IP Address Type: IPv4
Network Mapping
VPC: {default}
* this is routing part
Mappings:
* this is the availability zones - any 'TWO' will do
Security Groups:
* this security group will be applied to the Load Balancer - keep a note of this value as it need to be applied to the security group of the C2 server
- sg-**************
#this section describes where the traffic from the ELB will be forwarded
#this is a 2-part configuration - once the ELB configuration is complete, the Mythic C2 Server must be configured to accept incoming traffic from this ELB! - this is accomplished through the "target group/security group"
Listeners & Routing
Protocol: HTTP
Port: 80
Default Action > Forward To > Create target Group
* the target group will be applied to the Mythic C2 Server
* you'll need to comeback to this section after creating the target group
- assign the newly created target group
Basic Configuration
Target Type: Instances
Target Group Name: {arbitraryName-C2TargetGroup}
Protocol: HTTP
Port: 80
VPC: {use previously configured security group}
Protocol Version: HTTP1
* this specifies where the traffic from ELB will be passed to
- ELB-to-C2-Server traffic can either be HTTP or HTTPS
* this determines where the traffic will be routed back to/from
- target-to-redirector traffic will be HTTPS
- ELB-to-C2-Server traffic can either be HTTP or HTTPS
Register targets > {instanceID} check box > Include as Pending Below > Create Target Group
Default Action > Forward to
* select the newly created target group
Load Balancer Tags: {default}
Amazon CloudFront + AWS Web Application Firewall (WAF): {default}
AWS Web Application Firewall (WAF): {default}
AWS Global Accelerator: {default}
Create Load Balancer!LOAD BALANCER & C2 SERVER LINKING
#this step is required as only the remote attacker host can access the C2 server
#must link the load balancer and the c2 server, so the redirector traffic can be forwarded by the load balancer to the c2 server
#this procedure modifies the security group of the c2 server to allow traffic from the ELB
root@oco:~$ BROWSER > https://aws.amazon.com/ > EC2 > Instances > {instanceID} > Security > Security Groups
Inbound Rules > Edit Inbound Rules > Add Rule
Type: Custom TCP
Protocol: TCP
Port Range: 80
Source: Custom
* paste the security group of the newly created ELB "sg-**************"
- the security group can be retrieved from "Load Balancing > Load Balancers > ELBName > Security"
Description: Allow traffic from ELB
Save Rules!
MythicC2Server > Event Feed
* once everything is linked, the C2 server (Mythic C2) will receive health checks information from the ELB
- this is happening because the ELB performs heartbeat checks on the C2 serverLast updated