HTTPSC2DoneRight (and Working)

By Red Siege | February 17, 2022

tl;dr If you want an updated and working copy of httpsc2doneright, grab it here

 

If you’re a Cobalt Strike user, it’s almost certain that at some point you’ve used Alex Rymdeko-Harvey‘s httpsc2doneright script. In a nutshell, it automates the process of requesting a Let’s Encrypt certificate and converts it into a format usable by Cobalt Strike for your HTTPS comms. However, it no longer works.

The script relied on calling letsencrypt-auto, which might not be supported depending on the Linux distro you are using.

 

 

Thankfully, this is easily updated by directly calling certbot after installing it from apt. Outside of asking for you to provide the domain you want a certificate for, a password for the java keystore, and the path to Cobalt Strike (where the profile and keystore will be saved), the updated script is still automated and will finish with a sample Amazon profile configured to use the java keystore for HTTPS comms. All that’s left for you to do is copy that block of code into your actual malleable profile (perhaps one that is generated by C2Concealer) and then you’re set for HTTPS with a legitimate certificate.

A few smaller things have been updated, such as if a dependency isn’t met, the script will auto-download it and continue with obtaining the SSL cert and generating the keystore.

Now, would you use a HTTPS certificate from Let’s Encrypt for your C2 comms? Maybe not on a red team, but possibly if you have something in between you and the targeted system such as a CDN, or an Azure Function, which only requires a valid certificate and will not present your Let’s Encrypt cert to the endpoint. That’s going to be scenario dependent, and a call for you to make. Regardless, this script helps to automate some steps and save you some time.

Adventures in Shellcode Obfuscation! Part 1: Overview

By Red Siege | June 17, 2024

by Mike Saunders, Principal Security Consultant This blog is the first in a series of articles on methods for obfuscating shellcode. I’ll be focusing on how to obfuscate shellcode to […]

Learn More
Adventures in Shellcode Obfuscation! Part 1: Overview

Essential Steps for Management to Maximize the Value of a Penetration Test Report

By Red Siege | June 3, 2024

by Tim Medin, CEO Penetration testing is a critical component of a well-rounded cybersecurity strategy. Penetration testing identifies vulnerabilities before malicious actors can exploit them. However, the true value of […]

Learn More
Essential Steps for Management to Maximize the Value of a Penetration Test Report

Fun With JWT X5u

By Red Siege | May 30, 2024

by Senior Security Consultant Douglas Berdeaux On a recent web application penetration test engagement, I came across a JSON Web Token (JWT) that contained an x5u header parameter. I almost […]

Learn More
Fun With JWT X5u

Find Out What’s Next

Stay in the loop with our upcoming events.