Spawning containers

Whichever cloud provider we chose and whatever Linux distribution they host, as long as there is Docker support, we can spawn the fully configured C2 backends using a couple of command lines.

The Metasploit and SilentTrinity containers can run on the same host, but the Nginx container must run on a separate host. If the IP or domain gets flagged, respawn a new host and run a docker run command. Twenty seconds later, we have a new domain with a new IP routing to the same backends.

The following will run our Metasploit container:

root@tardis:~/# docker run -dit \
-p 9990-9999:9990-9999 \
-v $HOME/.msf4:/root/.msf4 \
-v /tmp/msf:/tmp/data phocean/msf

And this will run the SILENTTRINITY container:

root@tardis:~/# docker run -d \
-v /opt/st:/root/st/data \
-p5000-5050:5000-5050 \

Launching the fully functioning Nginx server that redirects traffic to the C2 endpoints (The DNS record of www.<customdomain>.com should already point to the server’s public IP for this to work.:

root@enterprise:~/# docker run -d \
-p80:80 -p443:443 \
-e DOMAIN="" \
-e C2IP="" \
-v /opt/letsencrypt:/etc/letsencrypt \