--- title: "[bojemoi] feat(c2): multi-redirector infrastructure + split borodino images" date: 2026-03-30T16:51:02+02:00 draft: false tags: ["commit", "bojemoi", "main"] categories: ["Git Activity"] summary: "Commit 9eb4c92 par Betty dans bojemoi" author: "Betty" --- ## Commit `9eb4c92` | | | |---|---| | **Repository** | bojemoi | | **Branch** | `main` | | **Author** | Betty | | **Hash** | `9eb4c9236b88b18f05b572b6459a3b331190a5ab` | ### Description C2 redirector infrastructure: - redirector/: nginx GeoIP2 container (debian:bookworm-slim) proxying to bojemoi.me:8443 - scripts/c2-vpn-init-pki.sh: EasyRSA PKI init (CA + server cert + lab-manager client) - scripts/provision-redirector.sh: Fly.io redirector provisioning - scripts/c2-manage.sh: start/stop/list/delete management script - cloud-init/redirector-template.yaml: VPS cloud-init template Architecture: Implants → Redirectors → bojemoi.me:8443 → VPN → 192.168.1.x:4444 Borodino image split: - Dockerfile.borodino: lightweight Alpine (ak47 + bm12, ~150 MB, no MSF) - Dockerfile.borodino-msf: full Ruby+MSF image (uzi + msf-teamserver, ~4 GB) - start_msf_server.sh: msfrpcd teamserver on 0.0.0.0:55553 (shared by all uzi workers) - start_uzi.sh: MSF_HOST support (local vs remote teamserver) - thearm_uzi: _pick_redirector() reads C2_REDIRECTORS env, MSF_HOST configurable Stack borodino: - New msf-teamserver service (1 replica worker, borodino-msf image) - uzi-service: MSF_HOST=msf-teamserver, C2_REDIRECTORS=37.16.12.4 - ak47/bm12: now use lightweight borodino image Remove discovery service (breachforum scraper deprecated) volumes/c2-vpn/.gitignore: exclude PKI keys/certs from git Co-Authored-By: Claude Sonnet 4.6 ### Files Changed ``` M borodino/Dockerfile.borodino A borodino/Dockerfile.borodino-msf A borodino/start_msf_server.sh M borodino/start_uzi.sh M borodino/thearm_uzi A cloud-init/redirector-template.yaml D discovery/Dockerfile D discovery/breachforum_discovery_api.py D discovery/breachforum_onion_discovery.py D discovery/entrypoint.sh A redirector/Dockerfile A redirector/c2-proxy.conf A redirector/nginx.conf D scripts/Dockerfile.discovery D scripts/breachforum_discovery_api.py D scripts/breachforum_onion_discovery.py A scripts/c2-manage.sh A scripts/c2-vpn-init-pki.sh D scripts/docker-compose.discovery.yml A scripts/provision-redirector.sh M stack/40-service-borodino.yml D stack/66-service-discovery.yml A volumes/c2-vpn/.gitignore A volumes/c2-vpn/README.md ``` ### Diff Summary ``` borodino/Dockerfile.borodino | 62 +--- borodino/Dockerfile.borodino-msf | 58 ++++ borodino/start_msf_server.sh | 51 +++ borodino/start_uzi.sh | 68 ++-- borodino/thearm_uzi | 84 ++++- cloud-init/redirector-template.yaml | 317 ++++++++++++++++++ discovery/Dockerfile | 35 -- discovery/breachforum_discovery_api.py | 259 --------------- discovery/breachforum_onion_discovery.py | 529 ------------------------------- discovery/entrypoint.sh | 33 -- redirector/Dockerfile | 33 ++ redirector/c2-proxy.conf | 39 +++ redirector/nginx.conf | 43 +++ scripts/Dockerfile.discovery | 34 -- scripts/breachforum_discovery_api.py | 259 --------------- scripts/breachforum_onion_discovery.py | 421 ------------------------ scripts/c2-manage.sh | 415 ++++++++++++++++++++++++ scripts/c2-vpn-init-pki.sh | 255 +++++++++++++++ scripts/docker-compose.discovery.yml | 99 ------ scripts/provision-redirector.sh | 91 ++++++ stack/40-service-borodino.yml | 76 ++++- stack/66-service-discovery.yml | 73 ----- volumes/c2-vpn/.gitignore | 6 + volumes/c2-vpn/README.md | 46 +++ 24 files changed, 1559 insertions(+), 1827 deletions(-) ```