Updates
Updating your ./HAVOC installation
Updating your ./HAVOC installation is a fairly simple process thanks to Terraform's ability to track the current state of the installation as it compares to the template files and artifacts used in the installation. So for example, if the ./HAVOC development team makes code changes to the source code of one of the Lambda functions, Terraform will recognize that the file hash of the source deployment package is different from what is currently deployed in your installation and update it accordingly.
When updates are released, the ./HAVOC CLI can be used to pull down the updates and deploy them to your AWS environment. The update function of the ./HAVOC CLI will also update your local environment with any new ./HAVOC CLI code and playbooks.
To run the ./HAVOC update script, run the following command from your ./HAVOC installation directory:
./havoc --deployment update
Updating Container Tasks
If the ./HAVOC development team updates one or more container tasks, the updated version of the container tasks will automatically be pulled when a new task is launched. A running container task cannot be updated in place so the update process consists of terminating the existing container tasks and launching new ones to replace them. If you need to upgrade an existing Metasploit or Powershell Empire container task that has active sessions or agents, you can launch the new container tasks first, generate the new payload or launcher and execute it through the existing session on your victim hosts to establish new connections to the new container tasks. At that point, you'll be free to decommission the old container tasks without interrupting the active sessions/agents. See the Usage pages for more information about terminating existing container tasks and launching new ones.
Updating remote Container Tasks
To update remote container tasks, you'll need to pull the latest container image and then start a new container. The specific steps are as follows:
- Pull down the latest image (take care to replace <task-type> with the actual name of the task type image).
sudo docker pull public.ecr.aws/havoc_sh/<task-type>:latest
- Start a new container using the
sudo docker run
command as described in the Launching Remote Container Tasks section. - Stop the currently running container as described in the Terminating Container Tasks section.
- List containers to retrieve the container ID of the old remote container task
sudo docker ps -a
- Remove the old container.
sudo docker rm <container-id>
As with the cloud container tasks, if you need to maintain active sessions/agents, start new sessions/agents that connect to your new remote container tasks on your victim hosts before terminating the existing remote container tasks.
Updated about 1 year ago