107 lines
3.9 KiB
Markdown
107 lines
3.9 KiB
Markdown
---
|
|
title: "[bojemoi] feat(c2): multi-redirector infrastructure + split borodino images"
|
|
date: 2026-03-30T16:51:02+02:00
|
|
draft: false
|
|
tags: ["commit", "bojemoi", "main"]
|
|
categories: ["Git Activity"]
|
|
summary: "Commit 9eb4c92 par Betty dans bojemoi"
|
|
author: "Betty"
|
|
---
|
|
|
|
## Commit `9eb4c92`
|
|
|
|
| | |
|
|
|---|---|
|
|
| **Repository** | bojemoi |
|
|
| **Branch** | `main` |
|
|
| **Author** | Betty |
|
|
| **Hash** | `9eb4c9236b88b18f05b572b6459a3b331190a5ab` |
|
|
|
|
|
|
### Description
|
|
|
|
C2 redirector infrastructure:
|
|
- redirector/: nginx GeoIP2 container (debian:bookworm-slim) proxying to bojemoi.me:8443
|
|
- scripts/c2-vpn-init-pki.sh: EasyRSA PKI init (CA + server cert + lab-manager client)
|
|
- scripts/provision-redirector.sh: Fly.io redirector provisioning
|
|
- scripts/c2-manage.sh: start/stop/list/delete management script
|
|
- cloud-init/redirector-template.yaml: VPS cloud-init template
|
|
|
|
Architecture: Implants → Redirectors → bojemoi.me:8443 → VPN → 192.168.1.x:4444
|
|
|
|
Borodino image split:
|
|
- Dockerfile.borodino: lightweight Alpine (ak47 + bm12, ~150 MB, no MSF)
|
|
- Dockerfile.borodino-msf: full Ruby+MSF image (uzi + msf-teamserver, ~4 GB)
|
|
- start_msf_server.sh: msfrpcd teamserver on 0.0.0.0:55553 (shared by all uzi workers)
|
|
- start_uzi.sh: MSF_HOST support (local vs remote teamserver)
|
|
- thearm_uzi: _pick_redirector() reads C2_REDIRECTORS env, MSF_HOST configurable
|
|
|
|
Stack borodino:
|
|
- New msf-teamserver service (1 replica worker, borodino-msf image)
|
|
- uzi-service: MSF_HOST=msf-teamserver, C2_REDIRECTORS=37.16.12.4
|
|
- ak47/bm12: now use lightweight borodino image
|
|
|
|
Remove discovery service (breachforum scraper deprecated)
|
|
volumes/c2-vpn/.gitignore: exclude PKI keys/certs from git
|
|
|
|
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
|
|
### Files Changed
|
|
|
|
```
|
|
M borodino/Dockerfile.borodino
|
|
A borodino/Dockerfile.borodino-msf
|
|
A borodino/start_msf_server.sh
|
|
M borodino/start_uzi.sh
|
|
M borodino/thearm_uzi
|
|
A cloud-init/redirector-template.yaml
|
|
D discovery/Dockerfile
|
|
D discovery/breachforum_discovery_api.py
|
|
D discovery/breachforum_onion_discovery.py
|
|
D discovery/entrypoint.sh
|
|
A redirector/Dockerfile
|
|
A redirector/c2-proxy.conf
|
|
A redirector/nginx.conf
|
|
D scripts/Dockerfile.discovery
|
|
D scripts/breachforum_discovery_api.py
|
|
D scripts/breachforum_onion_discovery.py
|
|
A scripts/c2-manage.sh
|
|
A scripts/c2-vpn-init-pki.sh
|
|
D scripts/docker-compose.discovery.yml
|
|
A scripts/provision-redirector.sh
|
|
M stack/40-service-borodino.yml
|
|
D stack/66-service-discovery.yml
|
|
A volumes/c2-vpn/.gitignore
|
|
A volumes/c2-vpn/README.md
|
|
```
|
|
|
|
### Diff Summary
|
|
|
|
```
|
|
borodino/Dockerfile.borodino | 62 +---
|
|
borodino/Dockerfile.borodino-msf | 58 ++++
|
|
borodino/start_msf_server.sh | 51 +++
|
|
borodino/start_uzi.sh | 68 ++--
|
|
borodino/thearm_uzi | 84 ++++-
|
|
cloud-init/redirector-template.yaml | 317 ++++++++++++++++++
|
|
discovery/Dockerfile | 35 --
|
|
discovery/breachforum_discovery_api.py | 259 ---------------
|
|
discovery/breachforum_onion_discovery.py | 529 -------------------------------
|
|
discovery/entrypoint.sh | 33 --
|
|
redirector/Dockerfile | 33 ++
|
|
redirector/c2-proxy.conf | 39 +++
|
|
redirector/nginx.conf | 43 +++
|
|
scripts/Dockerfile.discovery | 34 --
|
|
scripts/breachforum_discovery_api.py | 259 ---------------
|
|
scripts/breachforum_onion_discovery.py | 421 ------------------------
|
|
scripts/c2-manage.sh | 415 ++++++++++++++++++++++++
|
|
scripts/c2-vpn-init-pki.sh | 255 +++++++++++++++
|
|
scripts/docker-compose.discovery.yml | 99 ------
|
|
scripts/provision-redirector.sh | 91 ++++++
|
|
stack/40-service-borodino.yml | 76 ++++-
|
|
stack/66-service-discovery.yml | 73 -----
|
|
volumes/c2-vpn/.gitignore | 6 +
|
|
volumes/c2-vpn/README.md | 46 +++
|
|
24 files changed, 1559 insertions(+), 1827 deletions(-)
|
|
```
|