Empire HTTP(S) C2 redirector setup script.
Sleight can be used in 3 ways:
- Run Sleight and feed it an Empire communication profile.
- Input your Empire C2's IP address and listening port.
- Say no to the HTTPS prompt.
- Input a site to redirect all invalid requests to.
- Start an Empire HTTP listener with the 'Host' property set to the domain of your redirector.
- Run Sleight and feed it an Empire communication profile.
- Input your Empire C2's IP address and listening port.
- Say yes to the HTTPS prompt.
- Input a site to redirect all invalid requests to.
- Input the domain assigned to your redirector (for generation of a Let's Encrypt certificate).
- Agree to the certbot prompts.
- Start an Empire HTTPS listener with the 'Host' property set to the domain of your redirector.
- Certificate generation will only work once your redirector's domain has propagated successfully.
- You'll need DNS entries for both DOMAIN.com and www.DOMAIN.com for your redirector's domain.
- You can use the default HTTPS certificates Empire comes with (located in the '/empire/data/' directory) for the 'CertPath' property when starting a HTTPS listener on your C2 server.
- https://bluescreenofjeff.com/2018-04-12-https-payload-and-c2-redirectors/
- https://posts.specterops.io/automating-apache-mod-rewrite-and-cobalt-strike-malleable-c2-profiles-d45266ca642
If you only want to use Sleight to convert an Empire communication profile into mod_rewrite rules and not setup your redirector, simply feed it a communication profile and say no to the "proceed with setup" prompt.
If you want to use Sleight non interactively, command line arguments can be found in the default output. Any value not defined at launch will be prompted for during execution.
$ sudo python sleight.py -c profiles/default.txt
$ sudo python sleight.py --modeHTTPS=y --myDomain=3xample.com --ip=My.C2.IP.Address --redirectDomain=example.com -c profiles/default.txt --proceed=n --port=80