WolfPack
WolfPack combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on a large scale. This tool enables security professionals to efficiently scale out the creation and management of Apache redirectors, which mimic authentic websites. These redirectors act as a bridge, seamlessly redirecting incoming traffic to a controlled C2 infrastructure. WolfPack simplifies the process of setting up and configuring these deceptive elements, making it an invaluable asset for security testing and red teaming exercises.
Installation:
Download the repository:
git clone https://github.com/RoseSecurity-Research/WolfPack.gitEnsure that you have downloaded Packer and Terraform before continuing! This can be simply done using the following methods:
Packer & Terraform Download Methods (MacOS):
1.) Install Homebrew by entering this command into your terminal application: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)". Then install both packer and terraform via brew:
$ brew tap hashicorp/tap && brew update
$ brew cask install packer
$ brew cask install terraformDeployment:
To deploy WolfPack, ensure that you have an active AWS profile with credentials within your current terminal session before continuing with the following commands:
$ vim playbooks/apache_install.yamlLocate the following lines and replace them with the User-Agent and IP address of your C2 server:
- name: Add .htaccess
copy:
dest: /var/www/.htaccess
content: |
# .htaccess Start
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(GET|POST) [NC]
RewriteCond %{REQUEST_URI} ^/api/v1/2023/(.*)$
# Change the following to the User-Agent for callbacks
RewriteCond %{HTTP_USER_AGENT} "Mozilla/5.0 \(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 \(KHTML, like Gecko\) Chrome/113.0.0.0 Safari/537.36"
# Change the following to your C2 IP Address
RewriteRule ^.*$ "https://10.8.0.2%{REQUEST_URI}" [P,L]Deploy the AMI:
$ cd images/redirector
$ packer init
$ packer build .This will deploy a custom redirector AMI within your AWS account EC2 services.
[!NOTE] This code is undergoing development, so if you encounter any errors or have any enhancement requests, feel free to create an issue on this repository
╭──────────────────────────────────────────────────────────────╮
│ . │
│@# - │
│@@@@@ Terraform Files: 4 │
│@@@@@@@@. Documentation: 1 │
│@@@@@@@@@@ + # Providers: 1 │
│@@@@@@@@@@ @@@@ @@@@ Module Calls: 2 │
│@@@@@@@@@@ @@@@@@@. .@@@@@@@ Resources: 0 │
│ @@@@@@@@@ @@@@@@@@@@ @@@@@@@@@@ Data Sources: 0 │
│ +@@@@@ @@@@@@@@@@ @@@@@@@@@@ Variables: 9 │
│ .@@ @@@@@@@@@@ @@@@@@@@@@ Sensitive Variables: 0 │
│ @@@@@@@@@@ @@@@@@@@@@ Outputs: 2 │
│ @+ -@@@@@@ @@@@@@= Sensitive Outputs: 0 │
│ @@@@@ .@@@ @@@. │
│ @@@@@@@@. │
│ @@@@@@@@@@ │
│ @@@@@@@@@@ │
│ @@@@@@@@@@ │
│ .@@@@@@@@ │
│ @@@@@ │
│ %@ │
│ │
╰──────────────────────────────────────────────────────────────╯Future Development:
References:
Last updated