About Havoc
Havoc is a modern, extensible post-exploitation command and control framework.
Havoc is already available on Debian 10/11, Ubuntu 20.04/22/04 and Kali
Completely tested on Linux operating system. We recommend that you use the latest version of Havoc to avoid encountering other problems. Otherwise, it is recommended to use the latest versions of Qt and Python
3.10.x to complete the code build.
Note: The current version of Havoc is still in early development, and as the framework continues to mature, there may be substantial changes to Havoc’s API and core structure.
Function introduction
Client
Havoc’s client has a cross-platform UI, developed using C++ and Qt, and the modern dark theme is based on Dracula.
Teamserver
Havoc’s Teamserver is developed based on Golang and includes the following functions:
1. Multi-user support;
2. Payload generation (exe/shellcode/dll);
3. HTTP/HTTPS listener;
4. Customize C2;
5. External C2;
Daemon process
Havoc’s client is developed based on C and ASM and includes the following functions:
1. Via Ekko or
FOLIAGE implements sleep confusion;2. x64 return address spoofing;
3. Nt* API indirect system call;
4. SMB support;
5. Token storage;
6. Various built-in post-infiltration commands;
Scalability
1. External C2;
2. Custom proxy support: Talon;
3. Python API;
4. Modularity;
Tool installation
Local installation
Dependent components:
sudo apt install -y git build-essential apt-utils cmake libfontconfig1 libglu1-mesa-dev libgtest-dev libspdlog-dev libboost-all-dev libncurses5-dev libgdbm-dev libssl-dev libreadline-dev libffi-dev libsqlite3- DEV Libbz2-DEV MESA-COMMON-DEV QTBASE5-DEV Qtchooser QMAKE QMAKE QTBASE5-DEV-Tools libqt5websockets5 Libqt5Wev QtDeCLELIVE5-Dev Golang-GO QTBASE5-DEV libqt5websockets5-dev libspdlog-dev python3-dev libboost-all-dev mingw- w64nasm
Ubuntu 20.04:
sudo apt install build-essential sudo add-apt-repository ppa:deadsnakes/ppa sudo apt update sudo apt install python3.10 python3.10-dev
Debian 10/11:
echo 'deb http://ftp.de.debian.org/debian bookworm main' >> /etc/apt/sources.list sudo apt update sudo apt install python3-dev python3.10-dev libpython3.10 libpython3.10-dev python3.10
macOS:
brew install --cask cmake brew install [email protected] qt@5 spdlog golang brew link --overwrite qt@5
Client build
Project clone:
git clone https://github.com/HavocFramework/Havoc.git
Build and run:
cd Havoc/Client make ./Havoc
Teamserver build
Install additional Go dependencies:
cd Havoc/Teamserver go mod download golang.org/x/sys go mod download github.com/ugorji/go
Build and run:
cd Teamserver #Install MUSL C Compiler ./Install.sh # Build Binary make ./teamserver -h # Run the teamserver sudo ./teamserver server --profile ./profiles/havoc.yaotl -v --debug
Tool usage
Client
cd Havoc/Client ./Havoc
Teamserver connection
License Agreement
The development and release of this project follows GPL
-3.0Open source license agreement.
Project address
Havoc: [ GitHub Portal]
Reference materials
https://www.patreon.com/5pider
https://github.com/sponsors/Cracked5pider
https://draculatheme.com/
https://github.com/Cracked5pider/Ekko
https://github.com/SecIdiot/FOLIAGE
https://discord.gg/z3PF3NRDE5
Ekko_](https://github.com/Cracked5pider/Ekko)
https://github.com/SecIdiot/FOLIAGE
https://discord.gg/z3PF3NRDE5
Next, I will divide a study plan for each student!
Study plan
So the question comes again, as a newbie, what should I learn first and what should I learn next?
Since you have asked so straightforwardly, I will tell you what you should start learning from scratch:
Phase 1: Junior Network Security Engineer
Next, I will arrange a one-month basic network security plan for you. After you finish the course, you can basically work in a network security-related job, such as penetration testing, Web penetration, security services, security analysis, etc. ;Among them, if you learn the class guarantee module well, you can also work as a class guarantee engineer.
Comprehensive salary range 6k~15k
1. Network security theoretical knowledge (2 days)
① Understand the relevant background and prospects of the industry and determine the development direction.
②Learn laws and regulations related to network security.
③The concept of network security operations.
④Introduction to MLPS, regulations, processes and specifications for MLPS. (Very important)
2. Penetration testing basics (1 week)
①Penetration testing process, classification and standards
②Information collection technology: active/passive information collection, Nmap tool, Google Hacking
③Vulnerability scanning, vulnerability exploitation, principles, utilization methods, tools (MSF), bypassing IDS and anti-virus reconnaissance
④Host attack and defense drills: MS17-010, MS08-067, MS10-046, MS12-20, etc.
3. Operating system basics (1 week)
①Common functions and commands of Windows system
②Common functions and commands of Kali Linux system
③Operating system security (system intrusion investigation/system reinforcement basis)
4. Computer network basics (1 week)
①Computer network basics, protocols and architecture
②Network communication principles, OSI model, data forwarding process
③Common protocol analysis (HTTP, TCP/IP, ARP, etc.)
④Network attack technology and network security defense technology
⑤Web vulnerability principles and defense: active/passive attacks, DDOS attacks, CVE vulnerability recurrence
5. Basic database operations (2 days)
①Database basics
②SQL language basics
③Database security reinforcement
6. Web penetration (1 week)
①Introduction to HTML, CSS and JavaScript
②OWASP Top10
③Web vulnerability scanning tool
④Web penetration tools: Nmap, BurpSuite, SQLMap, others (Chopper, Miss Scan, etc.)
So, it has taken about a month so far. You have successfully become a “script kiddie”. So do you still want to continue exploring?
Stage 2: Intermediate or senior network security engineer (depending on your ability)
Comprehensive salary range 15k~30k
7. Script programming learning (4 weeks)
in the field of cybersecurity. The ability to program is the essential difference between a “script kiddie” and a true network security engineer. In the actual penetration testing process, in the face of complex and changeable network environments, when commonly used tools cannot meet actual needs, it is often necessary to expand existing tools, or write tools and automated scripts that meet our requirements. At this time, Requires certain programming skills. In the CTF competition, where every second counts, if you want to effectively use homemade script tools to achieve various purposes, you need to have programming skills.
For students who are starting from scratch, I suggest you choose one of the scripting languages Python/PHP/Go/Java and learn to program common libraries.
Set up a development environment and choose an IDE. Wamp and XAMPP are recommended for PHP environments, and Sublime is highly recommended for IDEs;
Learn Python programming. The learning content includes: grammar, regularity, files, networks, multi-threading and other common libraries. We recommend “Python Core Programming”. There is no need to read it all.
Use Python to write exploits for vulnerabilities, and then write a simple web crawler
Learn basic PHP syntax and write a simple blog system
Be familiar with the MVC architecture and try to learn a PHP framework or Python framework (optional)
Understand Bootstrap layout or CSS.
Phase 3: Top Network Security Engineer
If you are interested in getting started with network security, you can click here if you need it Big benefits of network security: Getting started & advanced full set of 282G learning resource package to share for free!
Sharing learning materials
Of course, giving only plans but not learning materials is tantamount to being a hooligan. Here is a [282G] learning material package for network security engineers from entry to proficiency. You can click on the two below Get the QR code link.
