Open in app

Sign in

Write

Sign in

Installing and Operating – Havoc C2 ( Command and Control Framework).

Aman_Utkhedkar
6 min readNov 11, 2022

--

Havoc is a modern and malleable post-exploitation command and control framework, created by @C5pider.

If you are not familiar with what is C2 or CnC servers. Do not panic… it’s normal. Once you start working in the cybersecurity industry as I am for last 2 Years you’ll realise not everyone knows everything. Even the person who you think having most certifications or having a higher post. Cybersecurity is all about skill and knowledge. In this domain, 18 years old hack companies which is secured by someone who have 8–10 years of experience in cybersecurity. So you can’t really say anything.

Sorry for drama above now let me teach you what is C2 or CnC servers are...

C2 ( Command and control ) are the programs which generally used by attackers after they get the initial access in the Systems or servers. Attackers use C2 programs for post exploitation process, like pivoting to other internal networks and machines and maintaining access as well as for exfiltrating data or deployment of ransomwares.

There are multiple C2 available such as Covenant C2, the infamous CobaltStrike, Metasploit. If you want to test the C2 by yourself here is the collection of awesome C2 all in one place.

https://github.com/tcostam/awesome-command-control

List of features offered by Havoc C2

Team server -

  • Multiplayer
  • Payload generation (exe/shellcode/dll)
  • HTTP/HTTPS listeners
  • Customizable C2 profiles
  • External C2

Demon -

  • Sleep Obfuscation via Ekko or FOLIAGE
  • x64 return address spoofing
  • Indirect Syscalls for Nt* APIs
  • SMB support
  • Token vault
  • Variety of built-in post-exploitation commands

Lets get started with the installation process-

To be honest installation is very simple and on point you just follow. The steps given in the guide. You can find the installation guide here.

We are using Kali Linux 2022, I have downloaded the pre build image as I don’t want to do more hard work on installing the Virtual machine.

Start by installing the required dependencies. Don’t worry about the commands you will find it all in the installation guide.

All you need to do is install dependencies. It will take some time to install. To be honest. I found the process very simple.

After installing all the dependencies, clone the Havoc C2 from github. Using Git clone command. You might have to use ‘sudo’ if you are not using root terminal.

We have to build client and teamserver now. Go inside the folder ‘Havoc/Teamserver’

Run the command ‘./Install.sh’.

This will take some time. As this process is really important and this will help us to build the team server. Please note you might have to use ‘sudo’ or make sure you are using ‘root terminal’.

Lets make client server, navigate to the directory ‘Havoc/client’

This will also take some time so sit back and relax. Once this process is completed you will see this. Now you can run the Team server from here but please note before moving forward you need to set the profile. Now what is profile? Its just few basic details you need to set in program like your Host IP, your username and the default password is ‘password1234’.

Use an editor to edit the profile script. I’m using gedit here. Set the detail as per your need.

After this save the file and run the command , to spawn the client server so that we can connect to our Team server which we started few mins back.

You will a window popup like this.

Fill in the details, for me I just filled the details for the 1st time and after that it took the details by itself.

Make sure you type your HOST IP and USER and PASSWORD right. If not you will see the logs in your Team server terminal something like – ‘unable to authenticate the user’.

Interface is pretty clean and awesome, on the above you can see 4 Options- Home, View, Attack, Scripts and Help. On the right hand side you will see the event viewer tap where you will see the all the activity done by you or your teammates.

Before creating payload we have to create listener so that we can hear a call back from our payload when it reaches back to us. You can name the listener and add the host.

When you go to Attack menu you will see the payload option, once you click on it you will have a popup window where you can set the details to generate the payload. To be honest I don’t know few options such as ‘sleep technique’ but yeah lets shoot out shot.

After the generation of payload, Havoc will ask you the path where you need to save your payload.

Thank you so much guys if you are reading till here. In the next blog we will see the different features of Havoc C2 and how we can leverage it for post exploitation and also some Antivirus Evasion and maybe data exfiltration.

Here are some quotes which I recently came across on twitter ( my twitter Account ). Just to keep you guys motivated.

See you guys in my next blog till then peace out ✌🏻☮️❤️.

Cybersecurity
Programming
Software Engineering
Technology
Innovation

--

--

Aman_Utkhedkar
Aman_Utkhedkar

Written by Aman_Utkhedkar

108 Followers
47 Following

Cybersecurity Enthusiast | Sitcom binge watcher | Space and Science Fiction enthusiast | Football | Marvel

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams