Havoc C2 Framework Part 1: Installation (2024)

Havoc Framework

After using Cobalt Strike in the Red Team Ops (RTO) course, I wanted to see what open-source Command and Control (C2) frameworks were available, so I could learn something new and continue to use a red team framework. A Google search led me to the Havoc Framework GitHub repository and upon initial glance, I thought Havoc resembled Cobalt Strike, so I decided to install it and play around with it in my virtual home lab. While it has similarities to Cobalt Strike (which is great if you are familiar with Cobalt Strike), I do not intend to make this a comparison article, rather a collection of my experience gained from installing it locally and using it within my local Active Directory (AD) lab environment.

Havoc Overview

According to the Havoc GitHub repository, “Havoc is a modern and malleable post-exploitation command and control framework” and was created by @C5pider. It’s latest documentation says it works well on Debian 10/11, Ubuntu 20.04/22.04, and Kali Linux and the installation documentation is superb and can be found on the Havoc Framework website. Havoc C2 consists of a Teamserver and Client that uses a profile that can be customized to emulate an adversary. The Havoc Teamserver runs that configured profile and interacts with “sessions” (think Cobalt Strike beacons) checking in from compromised hosts. The Havoc Client connects to the Teamserver and provides a User Interface (UI) that is like Cobalt Strike, and provides management of beacons, listeners, payloads, and so much more.

Installing Havoc

For this installation, I chose to use Ubuntu Server 22.04.3 LTS to run a Havoc Teamserver, and Kali Linux 2023.4 to run the Havoc Client, with Vmware Workstation 15 Pro. You can setup the team server and client on the same host if you would like, but I wanted to create it a little like how red team infrastructure should be, i.e., putting some distance between the client and target (down the road, I will add some redirectors to proxy traffic and add another Teamserver).

My Havoc C2 Infrastructure

Like I said earlier, the installation documentation on the Havoc website is phenomenal and is what I used to perform the installation and was able to easily follow along. Since I was using a new Ubuntu server, there were only a few things outside of the installation instructions that I needed to do, which are highlighted below.

Havoc Teamserver

After downloading the Ubuntu ISO file and Kali Vmware image, I created and configured the virtual machines and simply used Secure Shell (SSH) to remotely access the Ubuntu server from the Kali Linux machine. After that it was nothing more than running through the documented instructions on the Havoc Framework website.

SSH connection from Kali Linux box to Ubuntu Server and started Havoc C2 installation process

Installation process continued

The Ubuntu server did not have “Go Programming Language” installed, so before I could install the additional “Go” dependencies, I needed to install “Go Programming Language”.

Installed “Go” on Ubuntu Server and continued installation process

Installed “make” on Ubuntu Server and continued installation process

Since I was planning to run the Teamserver and Client on different hosts, I added the IP address of the Ubuntu server to the “Host” field and added different “Operators” that would be able to login to the Havoc Client.

Edits made to Teamserver profile havoc.yaotl

After saving the havoc.yaotl profile, I was able to start the Teamserver and with the verbose and debug flags set, was able to see that it appeared to start and was running properly.

Havoc Teamserver started and running on Ubuntu Server

Havoc Client

Since the Teamserver was up and running, it was now time to get the Havoc Client setup on the Kali Linux box. As a non-root user, working through the steps outlined in the Havoc Framework Installation documentation was going seemingly, but I seemed to run into issues installing the dependencies for “Kali and other Debian based Distros only” section. I then ran sudo apt update and tried that long install command again and it seemed to work. I then just decided to run through the installation process as the root user and had no issues going through any of the installation steps (I also did this as a non-root user in an included video at the end of this article).

Installation process for Havoc Client on Kali Linux box

Continued installation process for Havoc Client on Kali Linux box

After successful installation, I was able to start the Havoc Client which launched a pop-up window for creating a “New Profile” or using loading a preexisting profile. I clicked on “New Profile”, left the Name and Port, as their default settings, and updated the Host, User, and Password to what I configured earlier in the havoc.yaotl profile. I then clicked on “Connect” to launch the Havoc Client UI.

Started Havoc Client and created a new profile

When the Havoc Client launches, you should have a User Interface that looks like this one and if you have worked with Cobalt Strike before, you will likely have no problem navigating it, as the layout and functionality is similar.

Havoc Client User Interface

Conclusion

As you can see, the documented installation steps on the Havoc Framework website provide a relatively seamless process for getting the framework up and running. The next article will dive into the Havoc UI, to include creating listeners, payloads, establishing a session on a compromised host, post-exploitation, and everything else the UI has to offer. If you would like to watch this installation in real-time, I have uploaded an edited install of Havoc Framework to YouTube.