Codebase list poshc2 / 9a7751e9-cbed-4c4f-b73d-6bc5b15e399f/main poshc2-ansible-main.yml

Tree @9a7751e9-cbed-4c4f-b73d-6bc5b15e399f/main (Download .tar.gz)

poshc2-ansible-main.yml @9a7751e9-cbed-4c4f-b73d-6bc5b15e399f/main

# Ansible 'main.yml' for PoshC2 Install
# @BaffledJimmy @ Nettitude Red Team
# Automates the install of a PoshC2 server, customises killdate, comms URLs / domain fronts, then downloads the payloads to your local box.

- name: Install PoshC2 and configure for unattended first use
  become: true 
  hosts: localhost

  - name: "ProjectName"
    prompt: "Enter your ProjectName"
    private: no
  - name: "C2URL"
    prompt: "Which C2 URL will be used for initial payload generation? (include https:// for each URL in the array - eg:,"
    private: no
  - name: "DomFront"
    prompt: "Do you have valid domain fronts to add too (no https:// required)?, comma separated. If using fronting, ensure the same number of URLs and Host headers are used."
    private: no
  - name: KillDate
    prompt: "Enter KillDate YYYY-MM-DD"
    private: no
  - name: Check if PoshC2 files are present.
      path: /opt/PoshC2/
    register: poshc2_present

  - name: Clone PoshC2 if needed.
    become: true
      repo: ''
      dest: /opt/PoshC2/
      version: master
    when: poshc2_present.stat.exists == false
  - name: Run PoshC2 install script
    become: true
    command: ./ -b master -p /opt/PoshC2
      chdir: /opt/PoshC2
    when: poshc2_present.stat.exists == false

  - name: Create PoshC2 Project
    become: true
    command: '/opt/PoshC2/resources/scripts/posh-project -n {{ ProjectName }}'
  - name: Update the config.yml with the C2 URL, then used by Posh for payload creation.
      path: /var/poshc2/{{ ProjectName }}/config.yml
      regexp: 'PayloadCommsHost: ""'
      line: 'PayloadCommsHost: "{{ C2URL }}"'
      backup: yes

  - name: Update the config.yml with the KillDate, then used by Posh for payload creation.
      path: /var/poshc2/{{ ProjectName }}/config.yml
      regexp: 'KillDate: "2020-10-01"'
      line: 'KillDate: "{{ KillDate }}"'
      backup: yes
  - name: Update the config.yml with the DomFront, then used by Posh for payload creation.
      path: /var/poshc2/{{ ProjectName }}/config.yml
      regexp: 'DomainFrontHeader: ""'
      line: 'DomainFrontHeader: "{{ DomFront }}"'
      backup: yes

  - name: Start posh-service using a tweaked version of /PoshC2/resources/scripts/posh-service to work with Ansible.
    become: true
    shell: '/opt/PoshC2/resources/scripts/posh-service-ansible'

  - name: Pausing for 20 seconds to allow for payload creation.
      seconds: 20

  - name: Zipping the Payloads directory for convenience - no rsync here!
      path: /var/poshc2/{{ ProjectName }}/payloads/
      dest: /tmp/{{ ProjectName }}
      format: zip

  - name: Downloading the Payloads zip to your local box.
      src: /tmp/{{ ProjectName }}
      dest: /tmp/{{ ProjectName }}
      flat: true

  - name: Downloading the rewrite rules for {{ ProjectName }}.
      src: /var/poshc2/{{ ProjectName }}/rewrite-rules.txt
      dest: /tmp/{{ ProjectName }}_Rewrite.txt
      flat: yes