Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Python script to create HTTPS redirectors that pointing to your C2
#!/usr/bin/python
import requests
import json
import time
import paramiko
from Crypto.PublicKey import RSA
from os import chmod
public_key_name = "test1.key"
private_key_name = "private.key"
do_token = ""
key_id = ""
infrastructure = {
# Define your redirectors, choose a name and assign it a domain to be created
"Redirectors": {
# The first element of the list should be always the domain name of the redirector
"CS-HTTPRedirector1": ["myc2redirector3.live"],
# If there is no domain name associated with the instance, leave it blank.
"CS-HTTPRedirector2": ["myc2redirector4.live"]
},
# Define the Main C2 name abd Domin
"C2": ["MainTeamServer", "myteamserver2.live"]
}
# create ssh key
def create_ssh_key():
global key_id
# generate ssh keys
print("[+] Generating SSH keys ..")
try:
key = RSA.generate(2048)
content_file = open(private_key_name, 'wb')
chmod(private_key_name, 0o600)
content_file.write(key.exportKey('PEM'))
pubkey = key.publickey()
content_file = open(public_key_name, 'wb')
content_file.write(pubkey.exportKey('OpenSSH'))
public_key = pubkey.exportKey('OpenSSH')
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer %s" % do_token
}
data = {
"name": "Automation SSH Key",
"public_key": public_key
}
request = requests.post("https://api.digitalocean.com/v2/account/keys", headers=headers, json=data)
response = json.loads(request.text)
key_id = response["ssh_key"]["id"]
print("[+] Key ID is : %s" % key_id)
print("[+] SSH keys generated successfully!")
return True
except:
print("[+] Error while generating keys")
return False
# Create instance
def deploy_instance(instance_name):
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer %s" % do_token
}
# Droplet information
data = {
"names": [
instance_name
],
# Your instances region
"region": "nyc3",
"size": "s-1vcpu-1gb",
"image": "ubuntu-16-04-x64",
"ssh_keys": [
key_id
],
"backups": False,
"ipv6": False,
"user_data": None,
"private_networking": None,
"volumes": None,
"tags": [
"RedTeaming"
]
}
request = requests.post("https://api.digitalocean.com/v2/droplets", headers=headers, json=data)
response = request.text
if "created_at" in response:
print("[+] Droplet %s created successfully!" % instance_name)
json_response = json.loads(response)
# print(json_response)
droplet_id = json_response["droplets"][0]["id"]
print("[+] Droplet %s id is : %s" % (instance_name, droplet_id))
print("[+] Getting droplet IP address ..")
time.sleep(20)
get_ip_request = requests.get("https://api.digitalocean.com/v2/droplets/%s" % droplet_id, headers=headers)
json_response = json.loads(get_ip_request.text)
ips = json_response["droplet"]["networks"]["v4"]
for ip in ips:
if ip["type"] == "public":
droplet_ip = ip["ip_address"]
print("[+] Droplet %s got public IP %s assigned" % (instance_name, droplet_ip))
if instance_name in infrastructure["C2"]:
infrastructure["C2"].append(droplet_id)
infrastructure["C2"].append(droplet_ip)
else:
for redirector in infrastructure["Redirectors"]:
if instance_name == redirector:
infrastructure["Redirectors"][instance_name].append(droplet_id)
infrastructure["Redirectors"][instance_name].append(droplet_ip)
def link_domain_to_instance(domain, ip, name):
headers = {
"Content-Type": "application/json",
"Authorization": "Bearer %s" % do_token
}
data = {
"name": domain,
"ip_address": ip
}
request = requests.post("https://api.digitalocean.com/v2/domains", headers=headers, json=data)
if domain in request.text:
print("[+] Domain %s has been linked to the instance %s" % (domain, name))
def setup_redirector(ip, name, domain):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
ssh.connect(ip, username='root', key_filename=private_key_name)
setup_certficate = "apt update; apt install certbot -y; apt install apache2 -y;apt-get install python-certbot-apache -y ; certbot --register-unsafely-without-email -m certficate@security.com -d {0} --agree-tos --non-interactive --apache;sudo a2enmod proxy_http".format(domain)
stdin, stdout, stderr = ssh.exec_command(setup_certficate)
results = stdout.readlines()
c2domain_name = infrastructure["C2"][1]
edit_configuration_file = 'sed -i "30iSSLEngine On" /etc/apache2/sites-enabled/000-default-le-ssl.conf'
stdin, stdout, stderr = ssh.exec_command(edit_configuration_file)
results = stdout.readlines()
edit_configuration_file = 'sed -i "31iSSLProxyEngine On" /etc/apache2/sites-enabled/000-default-le-ssl.conf'
stdin, stdout, stderr = ssh.exec_command(edit_configuration_file)
results = stdout.readlines()
edit_configuration_file = 'sed -i "32iProxyPass / https://{0}/" /etc/apache2/sites-enabled/000-default-le-ssl.conf'.format(c2domain_name)
stdin, stdout, stderr = ssh.exec_command(edit_configuration_file)
results = stdout.readlines()
edit_configuration_file = 'sed -i "33iProxyPassReverse / https://{0}/" /etc/apache2/sites-enabled/000-default-le-ssl.conf'.format(c2domain_name)
stdin, stdout, stderr = ssh.exec_command(edit_configuration_file)
results = stdout.readlines()
edit_configuration_file = 'service apache2 restart'.format(c2domain_name)
stdin, stdout, stderr = ssh.exec_command(edit_configuration_file)
results = stdout.readlines()
print("[+] Apache and certficate installed on %s" % name)
print("[+] The redirector %s is up and running!" % name)
except:
print("[-] Unable to setup the redirector")
if create_ssh_key():
print("[+] Create droplets ..")
# link and setup Redirectors
for instance in infrastructure["Redirectors"]:
if infrastructure["Redirectors"][instance][0] != "":
deploy_instance(instance)
domain = infrastructure["Redirectors"][instance][0]
ip = infrastructure["Redirectors"][instance][2]
print("[+] Link domain %s to instance %s .." % (domain, instance))
link_domain_to_instance(domain, ip, instance)
# wait some time so we can have the certbot verification done later on.
time.sleep(60)
print("[+] Setting up redirector %s .." % instance)
setup_redirector(ip, instance, domain)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment