Voodoo CE Quickstart
This article is written regarding Voodoo, a cross-platform, post-exploitation tool. More information regarding Voodoo can be found at https://voodooops.com.
Initial Setup
The Community Edition (CE) of the Voodoo cross-platform post-exploitation framework is provided for free and easily installed as a Docker container.
You’ll need to make sure that your server supports Docker. If not, Docker can usually be installed through typical package management utilities (apt or yum). Otherwise, take a look at the Docker installation pages on the Docker site.
Ensure that any firewalls, security groups, etc that are in place allow access to the port you want the Voodoo LP (Listening Post) to listen on (typically, port 443).
If you’re running the Voodoo LP on the internet, you’ll need to obtain the IP address. This can sometimes be tricky if you’re working from a cloud-based server but the following command should help:
Of course, if you’re using a domain name to access the server, you’ll simply have to be aware of what that name is.
Install the Voodoo CE Docker container by running the following command:
It will ask you to provide a username and password. These credentials will be used to access the Voodoo LP and may be subject to password guessing attacks if the server is running publicly. Make sure to choose a strong password!
Now that the container is running, browse to the IP or domain name of the server to access the Voodoo web console. Use the credentials you created previously to login. The web console will ask you to set up multi-factor authentication and provide a QR code. This step can be skipped but it does provide additional protection.
Creating a Stager
When you’re ready to get a Voodoo agent on a target machine, you’ll need to configure and execute a stager.
Select the “Stagers” tab from the Voodoo web console:
Click the “+” box on the far right:
You may name your stager. This name does not affect the code of the stager or agent at all and is just used for your reference.
There are two styles of communication:
- HTTPS Call-back — once executed, the agent will initiate connections to the Voodoo LP over a specified port to check for tasking
- TLS Call-in — once executed, the agent will listen on a specified port for the Voodoo LP to connect into it and provide tasking.
HTTPS Call-back is the default option as opening a port in target space can be an indicator of compromise and NATing will often prevent a connection in altogether.
Provide either your public IP address or domain name in the Domain box and set the Port number to the same number your Voodoo web console is listening on (typically port 443). Finally, set the number of seconds between each callback executed by the agent.
For the CE version of Voodoo, only Linux agents are available. If you need to be able to execute agents on Mac or Windows targets, please contact us to get the Pro version.
Voodoo agents are able to impersonate other processes in the process list. The Host Process and Command Arguments options are used to specify how the agent will appear in the target’s process list and have no bearing on the execution of the agent.
Now that the stager is configured, click the Update button to generate the stager code. You’ll need to identify which version of Python is available in your target environment. Voodoo CE agents support Python 2.6 or Python 2.7. Select which version suits your environment and run the provided code within a shell on your target.
If your environment does not support Python2.6 or 2.7, you may download an ELF binary using the Download Executable button.
If the execution of the stager was successful and the target is able to reach the correct port on your Voodoo LP, you will see an Agent appear on the left side of the Voodoo web console. By default, Voodoo will name new agents with a short randomly generated string but you can rename them.
Interacting with the Agent
Voodoo provides a variety of built-in commands to make most of the common operations easier. You may execute the “help” command to view a list of all the Voodoo features available to you.
We will discuss these commands in-depth in later posts.
