Quick guide on how to configure a C2 server with Digital Ocean, Cloudflare and Havoc

It is important to understand that there is no evasion technique and best practice of OPSEC in this tutorial. This is just a “how to setup a basic C2 server”

What is a C2 server

A C2 server, also known as a Command and Control server, is a type of server used by attackers to control and communicate with compromised computers.

The C2 server serves as the central point of command and control for the attacker, allowing them to send instructions to the compromised machines on what actions to perform. The C2 server can also receive data and information from the machines, such as logs, keystrokes, or screenshots, to be used for further attacks.

C2 servers are often used in advanced persistent threat (APT) attacks, where the attacker wants to maintain long-term access to a compromised network or system. To avoid detection, the C2 server may use various techniques to disguise its location.

What this tutorial contains

• How to create a droplet on digital ocean
• How to setup a DNS record on cloudflare that points to your server’s IP address
• How to install Havoc teamclient and teamserver

The setup presented in this tutorial was made from Kali and a Debian x64 server. The commands and configuration presented in this tutorial may not work in different situations.

Prerequisite

• Valid cloudflare account
• Valid digital ocean account
• A domain

Creation of the droplet

1. Go on digital ocean, and go to the droplet tab on the left
2. Click on create a droplet
3. Choose a location
4. Choose the OS, I suggest to use Debian 11 x64
5. For the CPU option you can choose Regular and take the droplet a 12$/mo with 2gb of ram, it should be more than enough
6. For the authentication method, I suggest you to choose the SSH key since it’s more secure than a password.
7. After filling in the last information like the hostname and the project, you can click on create a droplet

Set up a DNS record on your Cloudflare account that points to your server’s IP address

1. On the left panel, click on the Domain Registration tab and then on Manage Domains
2. Click on manage on the chosen domain
3. Click on Update DNS configuration
4. Click on Add record
5. Leave type has A, if you want www add www to the Name or write @ to use your domain as root. To finish add the IPv4 address of your server.
6. Click on save
7. To test if the DNS configuration work, you can start a python server on your server with this command:

   python3 -m http.server 80
   

8. navigate to your url and if you see the folder tree of your server it means that the configuration has worked. Close the python server

Preparation of your local machine and your server

• To prepare your local machine, you must install the configuration and install the following packages. To do this, do the following commands

  sudo apt install -y git build-essential apt-utils cmake libfontconfig1 libglu1-mesa-dev libgtest-dev libspdlog-dev libboost-all-dev libncurses5-dev libgdbm-dev libssl-dev libreadline-dev libffi-dev libsqlite3-dev libbz2-dev mesa-common-dev qtbase5-dev qtchooser qt5-qmake qtbase5-dev-tools libqt5websockets5 libqt5websockets5-dev qtdeclarative5-dev golang-go qtbase5-dev libqt5websockets5-dev libspdlog-dev python3-dev libboost-all-dev mingw-w64 nasm
  

  echo 'deb http://ftp.de.debian.org/debian bookworm main' >> /etc/apt/sources.list
  

  sudo apt update
  

  sudo apt install python3-dev python3.10-dev libpython3.10 libpython3.10-dev python3.10
  

Install Havoc teamclient

1. git clone havoc on your local machine with this command

   git clone https://github.com/HavocFramework/Havoc.git
   

2. In the “Havoc/Client” folder, do the command make to compile and build the final executable

   cd Havoc/Client
   

   make 
   

Install Havoc Teamserver

1. git clone havoc on your server with this command

   git clone https://github.com/HavocFramework/Havoc.git
   

2. Install the additional Go dependencies:

   cd Havoc/Teamserver
   

   go mod download golang.org/x/sys 
   

   go mod download github.com/ugorji/go
   

3. Build the Team Server

   cd Teamserver
   

   ./Install.sh
   

   make
   

4. You can see how to use Teamserver with this command:

   ./teamserver -h
   

Setup your profile

1. On your server, setup your profile in this file “./profiles/havoc.yaotl”

   sudo nano /Havoc/Teamserver/profiles/havoc.yaotl
   

2. Set up your domain, your user and password

Your are now ready to start

1. On your Teamserver in the Teamserver folder, make this command:

   sudo ./teamserver server --profile ./profiles/havoc.yaotl -v --debug
   

2. On your team machine in the Client folder, make this command:

   ./Havoc 
   

3. A window will then open and ask you to enter the informations of your profile.

Havoc Quick Ride

Listener

1. You can create a listener by going to the View –> Listeners tab at the top left
2. Then at the bottom, you can click on add. You can then choose the type of lister, add hosts, etc.

Payload

1. You can create a listener by going to the Attack –> Payload tab at the top left
2. You can then make the necessary configuration for your paylaod

   Sessions/Agents

3. You can see your Sessions in the sessions view tab
4. You can visualize them in Graph or in table

Important links

• Havoc
• Cloudflare
• Digital Ocean