this is a CDN service by Azure. it provides seamless connectivity with Azure VMs & other exposed endpoints. the endpoints will be in a secured legitimate domain *.azurefd.net. additionally, security policies (WAF) can be applied on the endpoints
#this step is done after creating the C2 Server
Azure > Front Door & CDN profiles > Create Front Door & CDN profiles > Azure Front Door w/ Quick Create > Continue to create a Front Door
Project Details
Subscription: {subscription}
Resource Group: {Create New}
Resource Group Location: default
Name: {cdnService}
Tier: Standard
Endpoint Settings: //this is how the client will be connecting back to
Endpoint Name: {service}
- Endpoint hostname: {service}.azurefd.net
- this is auto generated from "endpoint name"
Origin Type: Public IP Address
Origin Host name: {point this to Mythic C2}
- the hostname of the Mythic C2 or its IP address
Caching: Optional
WAF policy: Optional
Create!
* after deployment is done there should be three services
- enpoint
- this is the cdn redirector
- origin group
- this is where the traffic will be going - should be Mythic C2
- Routes
- defines the connection between the endpoint redirector and the Mythic C2 Server
#configure how the redirector CDN will be passing traffic to Mythic C2 Server
Azure > Front Door and CDN Profiles > {intanceID} > Overview > Properties > Endpoints > Endpoints ID
Front Door Manager > Routes > Default-Route
Update Route
Name: default
Endpoint: {cdn endpoint}
Enable Route: Enabled
Domains
Domains: {}.azurefd.net
Patterns to match: /path
Accepted Protocols: HTTP and HTTPS
Redirect: Redirect all traffic to use HTTPS
Origin Group //this is where the traffic will be going to
Origin Group: {points to Mythic C2}
- default-origin-group
Origin Path: N/A
Forwarding Protocol: HTTP only
- this defines how the "Azure FD & CDN" will be talking back to the Mythic C2 Server
- via HTTP only!
- the azure front door (redirector) is the one accessible to the targets
- the Mythic C2 server is only accessible to the red team & is behind the azure front door cdn
#reconfigure Mythic C2 security group to allow HTTP port 80 traffic from the FD & CDN
Azure > Virtual Machine > Mythic C2 VM > Settings > Networking
Inbound Port Rules > Add Inbound Port Rule
Source: Service Tag
Source Service Tag: AzureFrontDoor Backend
Source Port Ranges: *
Destination: Any
Service: HTTP
Destination port Ranges: 80
Protocol: TCP
Action: Allow
Priority: 330
Name: AllowFDHTTPInbound-to-Mythic
#verify accessibility
root@oco:~$ BROWSER > {service}.azurefd.net
* the redirector will only have a blank black screen
