title: 红队基础设施搭建-RedCloud
tags: Redteam
categories:

0x01 引子

在红队行动中,为了匿名和便携性,经常会重复性的建设基础设施,如C2、钓鱼、代理平台等等,这样会浪费大量的精力和时间,如何去快速部署迁移这些基础设施呢?最近看到一个挺不错的项目,非常适合红队快速部署设施。

0x02 简介

RedCloud是一款强大的工具箱,使用Docker快速部署红队设施,能够在几分钟内快速部署如Kali、Metasploit、Gofish等基础设施,并且通过Web界面管理容器。

RedCloud-Github传送门
RedCloud文件架构:

  • RedCloud.py:使用Docker和Portainer启动/停止Web界面和应用模板
  • Portainer:Portainer Web界面
  • traefik:Traefik反向代理容器到Web界面,api和文件容器
  • templates :http.server提供基础设施的python3 容器
  • cert_gen:生成SSL证书的omgwtfssl容器。

红队基础设施搭建-RedCloud - 图1
相关URL:

  • https:/your-server-ip / portainer : RedCloud web界面
  • https:// your-server-ip / files:Redcloud redcloud_files文件卷。默认密码:admin/Redcloud
  • https// your-server-ip / api:Traefik反向代理运行状况监视页面。显示有关路由,后端,返回码的实时统计信息。

    0x03 环境信息

    Centos 7
    1核1G(穷🐶买不起服务器)
    此配置仅为测试,实战还是需要较高配置来搭建RedCloud。

    0x04安装部署

  1. 下载拉取RedCloud存储库

    1. git clone https://github.com/khast3x/Redcloud.git

  2. 启动 redcloud.py

红队基础设施搭建-RedCloud - 图2
相关选项如下:

  • 在本地机器部署RedCloud
  • 通过SSH远程部署RedCloud
  • 远程部署Docker RedCloud
  • 停止本地应用或者docker机器
  • 停止远程部署
  • 列出所有可用的模板

所有模板

  1. [>] Metasploit - Nightly : Official bare Metasploit Alpine build. Includes beta features from dev branch.
  2. [>] Metasploit - Stable + Postgresql : Debian Metasploit build with Postgres and additional helper scripts
  3. [>] Empire : Pure Python & PowerShell post-exploitation
  4. [>] Sn1per : Automated pentest framework for offensive security experts
  5. [>] Metasploithelper : MetasploitHelper is meant to assist penetration testers in network penetration tests. Comes with everything installed
  6. [>] Pentest-tools : Ubuntu build with: searchsploit, sqlmap, nmap, nikto, dnsutils, sn1per, knock, sqliv, pasko, uniscan, wpscan, ncrack, wfuzz, sublist3r, massdns
  7. [>] Kali - Bare : Official Kali container. Install desired metapackages
  8. [>] Kali - Full : Non-Official Kali container with kali-linux-full metapackage installed, built every night
  9. [>] Tor Socks Proxy : The smallest (15 MB) docker image with Tor and Privoxy on Alpine Linux
  10. [>] Multi Tor Socks Proxy : A multi TOR (x10) + privoxy socks proxy instances load-balancer 
  11. [>] GoPhish : Open-Source Phishing Toolkit
  12. [>] gscript : Framework to rapidly implement custom droppers for all three major operating systems
  13. [>] Spiderfoot : SpiderFoot automates OSINT to find out everything possible about your target.
  14. [>] ZAP Proxy WebSwing : Official in-browser version of ZAP.
  15. [>] Ubuntu Web VNC : Docker container images with VNC and http NoVNC
  16. [>] Kali Web noVNC + LXDE : Kali Docker container with minimal LXDE
  17. [>] Lockdoor Framework : Lockdoor Framework : A Penetration Testing framework with Cyber Security Resources
  18. [>] DVWA : Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable
  19. [>] JuiceShop : OWASP Juice Shop is an intentionally insecure web application written entirely in JavaScript which encompasses the entire range of OWASP Top Ten and other severe security flaws.
  20. [>] Vulnerable Wordpress : Vulnerable WordPress Installation
  21. [>] Vulnerable Shellshock : Vulnerable Shellshock Installation - CVE-2014-6271
  22. [>] Vulnerable SambaCry : Vulnerable Samba Installation - CVE-2017-7494
  23. [>] OWASP Mutillidae II : Docker container for OWASP Mutillidae II Web Pen-Test Practice Application
  24. [>] Network Utilities : A lightweight docker container with a set of networking tools<br>Use /bin/sh
  25. [>] SoftEtherVPN : A simple SoftEther VPN server
  26. [>] Cowrie Honeypot : SSH Honeypot that logs authentication attempts and interactions
  27. [>] Endlessh tarpit : SSH tarpit that slowly sends an endless banner
  28. [>] Beagle : Incident response and digital forensics tool which transforms data sources and logs into graphs. Supported data sources include FireEye HX Triages, Windows EVTX files, SysMon logs and Raw Windows memory images.
  29. [>] Nginx : High performance web server
  30. [>] Httpd : Open-source HTTP server
  31. [>] Caddy : HTTP/2 web server with automatic HTTPS
  32. [>] MySQL : The most popular open-source database
  33. [>] PostgreSQL : The most advanced open-source database
  34. [>] Elasticsearch : Open-source search and analytics engine
  35. [>] Gitlab CE : Open-source end-to-end software development platform
  36. [>] Minio : A distributed object storage server built for cloud applications and devops
  37. [>] Solr : Open-source enterprise search platform
  38. [>] Joomla : Another free and open-source CMS
  39. [>] Drupal : Open-source content management framework
  40. [>] Odoo : Open-source business apps
  41. [>] Urbackup : Open-source network backup
  42. [>] Portainer Agent : Manage all the resources in your Swarm cluster
  43. [>] Wordpress : Wordpress setup with a MySQL database

0x05 安装成功

红队基础设施搭建-RedCloud - 图3
后续只需要选择自己所需要的红队设施部署就行,启动对应的容器即可。后续还有新功能请自行摸索……鸽了咕咕咕咕