Deploying Mythic C2 with Lodestar Forge

This video guide will walk you through the basics of Lodestar Forge and provide you with a step-by-step guide to deploying Mythic C2 to AWS using Lodestar Forge.

Introduction

I recently released a new version of Lodestar Forge, adding default configuration templates for Mythic C2. Therefore, I thought I'd take this opportunity to showcase the potential of Forge with a quick demo.

If you're not familiar with Forge already, it's a platform which allows you to create and configure infrastructure specifically for Red Team engagements, whilst this series will cover some of the basics; a full overview can be found in the documentation.

Prerequisites

For this demo, I have created an example project called "Acme Corp Red Team"; we will be using this throughout this tutorial. I will be using a default installation of Forge where I have configured some of the settings which we will run through now.

If we head to the "Infrastructure" tab, you can see I've added a Tailscale tag lodestar-forge. This tag is also defined within my Tailscale ACLs and it allows any infrastructure created by Forge to communicate with each other. More information on this can be found here.

Infrastructure settings within Lodestar Forge.

Next in the "Integrations" section, you can see that I have added AWS, DigitalOcean, and Tailscale keys. Tailscale is required, however, only one cloud provider is needed to create infrastrucutre. In this tutorial we will be using AWS.

Integrations settings within Lodestar Forge.

So that Ansible can connect to our infrastructure, I have also added a new SSH key to forge. This can be done within the "SSH Keys" tab. Whilst importing your own keys is currently unsupported (due to Forge requiring both public and private keys), you can create a new one using the "Create Key" button.

SSH Key settings within Lodestar Forge.

Whilst there are several other customisation options within Forge, such as the ability to define custom files and templates, these will not be covered in this tutorial. The templates used for this installation are all included by default within Forge.

Creating Deployments

Now that our Forge instance is configured, we can go ahead and create a new deployment. This can be done by selecting our project, "ACME Corp Red Team", and then selecting the "Create Deployment" button from within the "Deployments" tab.

I will complete this form, selecting the AWS provider I created, alongside the Tailscale Key, and the SSH key. We can also select a region for the deployment to be deployed, such as US East (N. Virginia).

Creating a deployment using Forge.

Selecting the "Create" button will proceed to add our deployment to the platform. If we select the deployment within the table, we can view further details, including the status of the deployment, the infrastructure that has been created, and any errors that may have occurred.

Deployment Preparation

Since we have just created our deployment, there is obviously no infrastructure assigned. However, before we can add our own infrastructure, we must prepare the deployment. The preparation stage will perform the following actions:

Create a deployment directory on the server.
Create any necessary files used by Terraform.
Initialise Terraform.
Deploy the underlying infrastructure.

Whilst the resources created vary depending on the cloud provider this generally includes things such as the SSH keys, VPCs, Subnets, and so on.

We can go ahead and prepare our deployment by selecting the "Prepare" button. This process will likely take a couple of minutes, depending on the cloud provider used.

Whilst our infrastructure is preparing, I want to take a moment to highlight the deployment log feature. If you select the deployment log button within the "Deployment Status" card, you can view live deployment logs. This is really useful as it allows you to see the progress of your deployment, and any errors which may occur, in real-time.

Deployment log whilst preparing infrastructure.

After waiting a few minutes, we can see that the infrastructure has been prepared and has moved to the ready-to-deploy stage.

Custom Infrastructure

At this stage, we can now add our own infrastructure. To do this, I am going to select the "Add" button within the "Infrastructure" card. Here we will be prompted to give our infrastructure a name and select a template to use. I will select the default "C2 Server" template.

Note:

This template is a basic C2 server and does not include Mythic C2. We will install specific tools/applications at the configuration stage.

Next we are prompted to add any variables which the template requires, in this case we need an image AMI, subnet and VPC. I will use the AMI ami-084568db4383264d4 which is Ubuntu (note this is region specific), the private subnet, and main vpc.

Adding custom infrastructure to Forge.

After following the above process, we can now see that our custom infrastructure has been added and is in the pending state. At this stage, you can go ahead and add any additional infrastructure you require, for simplicity, I will go ahead and only deploy this single peice of infrastrucutre. Deploying infrastrucrure can be done by selecting the "Deploy" button within the "Deployment Status" card.

After a few minutes, we can see that our infrastructure has been deployed and is in the active state.

Configuring Infrastructure

Now that we have infrastructure in place, we can proceed to configure it. To do so, simply select the infrastructure from the table, and then click "Edit" within the configurations section.

Click "Add configuration template" to apply a new template, then select the default "Mythic C2 Install" template. Here we will also have to provide some variables, I will use "admin" as both the username and password, and "Example Operation" as the operation name.

Adding custom configurations to Forge.

Once this form is complete, we can see that the configuration has been added. However, before we save the changes, we must also add Docker which is a prerequisite for Mythic C2. Follow the above steps but instead selecting "Docker Install" as the template.

Finally, we must ensure that Docker is installed before Mythic, therefore, we can use the drag handles to reorder the configurations. Your final configuration should match mine below.

Final Mythic C2 server configurations.

To apply the configurations, click "Save" and then head back to the deployment overview page. From here, we can select "Configure" within the "Deployment Status" card.

The server will now connect to the infrastructure over Tailscale, and apply the configurations we defined using Ansible. There is currently a bug which may prevent Ansible from connecting to the host. If you see this error message, simply click "Configure" again and it should connect on the second attempt.

Connecting to Mythic

At this stage, we have done everything we need to within Forge. If we needed we could go back and add further infrastructure, or configurations, however, this tutorial will only cover Mythic.

To connect to our Mythic instance, we have a few options. The easiest and recommended option is to connect over Tailscale. Simply connect your host device to the Tailscale network specified earlier and you should have access to any resource created by Forge (depending on your Tailscale ACLs).

To find a host's Tailscale IP, you can either look within your Tailscale admin console, or select the resource within Forge. Look within the "Networking" card to find the Tailscale IP. Alternatively, if the host is exposed publicly (not recommended), you can also find the public IP information here.

Infrastructure network addresses.

To connect to Mythic, use the IP identified and navigate to https://xxx.xxx.xxx.xxx:7443/ in a web browser. You can authenticate with the credentials you supplied when adding the configruation template.

Mythic C2 login page.

Conclusion

To conclude, in this tutorial we have covered the following:

Configuring your Lodestar Forge instance to create basic infrastructure.
Creating and preparing deployments.
Adding custom infrastructure to deployments within Forge.
Adding, ordering, and applying configurations to infrastructure created within Forge.
Connecting to Mythic C2.

Next steps would likely include configuring your Mythic C2 instance further, however, this will not be covered in this tutorial. You could either utilise the SSH key created by Forge, or create an additional configuration template which can be used by Ansible.

I hope this post has been insightful and has inspired you to give Lodestar Forge a try. I'd highly recommend going beyond the scope of this tutorial and creating your own infrastructure and configuration templates tailored to your needs - this is where Forge really shines.

Stay tuned for some exciting updates and developments coming soon to Forge.

Thanks, J