Infrastructure frontend
The attack infrastructure frontend interacts with the target and must be unique to each operation or target, and replaced every few days.
To “dockerize” the Nginx server that routes calls to either Metasploit or SilentTrinity according to the URL’s path, use Staticfloat’s Nginx setup with SSL certificates generated by Let’s Encrypt with some adaptations.
Dockerfile to set up an Nginx server with a Let’s Encrypt certificate in ~/nginx/Dockerfile.
# The base image with scripts to configure Nginx and Let's Encrypt
FROM staticfloat/nginx-certbot
# Copy a template Nginx configuration
COPY *.conf /etc/nginx/conf.d/
# Copy phony HTML web pages
COPY --chown=www-data:www-data html/* /var/www/html/
# Small script that replaces __DOMAIN__ with the ENV domain value, same for IP
COPY init.sh /scripts/
ENV DOMAIN="www.customdomain.com"
ENV C2IP="192.168.1.29"
ENV CERTBOT_EMAIL="barzh@protonmail.com"
CMD ["/bin/bash", "/scripts/init.sh"]