Accessing the portal
Open the following URL in your browser, substituting your Guacamole Elastic IP fromdeployment_info:
Guacamole uses a self-signed TLS certificate generated at deploy time. Your browser will show a certificate warning. Accept the exception to proceed — this is expected for lab infrastructure.
| Field | Value |
|---|---|
| Username | guacadmin |
| Password | From terraform output deployment_info → GUACAMOLE ACCESS PORTAL → Password |
Pre-configured connections
After logging in, the home screen shows seven pre-configured connections. Each one was created automatically by the Guacamole setup script using the private IPs and credentials from your Terraform deployment.Windows Operator Workstation
Protocol: RDP — Port 3389Auto-connects with the Administrator account. Credentials are pre-filled. XFCE4 desktop loads in 10–30 seconds.
Mythic Team Server (SSH)
Protocol: SSH — Port 22Connects to the Mythic team server. Password auth — no key required. The Mythic web UI runs on port 7443.
Guacamole Server (SSH)
Protocol: SSH — Port 22Connects to the Guacamole host itself via its private IP. Useful for inspecting logs or restarting containers.
Apache Redirector (SSH)
Protocol: SSH — Port 22Connects to the Apache redirector. Use this connection to run Certbot, inspect logs, and review VirtualHost config.
Sliver C2 Server (SSH)
Protocol: SSH — Port 22Connects to the Sliver C2 server. Start the Sliver daemon and interactive console from here.
Havoc C2 Server (SSH)
Protocol: SSH — Port 22Connects to the Havoc team server. Use this to manage the Havoc teamserver daemon.
Havoc C2 Desktop (VNC)
Protocol: VNC — Port 5901Full XFCE4 graphical desktop on the Havoc server. The Havoc GUI client runs here and connects to the teamserver over localhost.
All SSH connections use password authentication. Credentials are pre-populated from the auto-generated lab password. You do not need to provide an SSH key to use any Guacamole connection.
Accessing the Windows workstation
Click Windows Operator Workstation
On the Guacamole home screen, click the Windows Operator Workstation tile. Guacamole immediately initiates an RDP session using pre-filled Administrator credentials — you are not prompted to enter a password.
Wait for the desktop to load
The Windows desktop takes 10–30 seconds to appear after the RDP connection is established. A black screen during this period is normal.
Verify installed tools
Once the desktop loads, confirm these tools are present:
| Tool | Location |
|---|---|
| Chromium | Desktop shortcut / taskbar |
| VS Code | Desktop shortcut / taskbar |
| MobaXterm | Desktop shortcut / taskbar |
| 7-Zip | Right-click context menu on any file |
Open MobaXterm and verify SSH sessions
Open MobaXterm from the desktop or taskbar. In the left panel, expand the redStack Sessions folder. You will see pre-configured SSH sessions for all lab machines:
- Mythic C2 (SSH)
- Sliver C2 (SSH)
- Havoc C2 (SSH)
- Apache Redirector (SSH)
- Guacamole Server (SSH)
Pre-configured hostname resolution
Every machine in the lab resolves all other machines by hostname. You never need to look up a private IP fromdeployment_info to connect between lab machines.
- Linux machines
- Windows workstation
Hostnames are written to You will see entries for all six machines (actual IPs depend on your
/etc/hosts on every Linux instance at deploy time:vpc_cidr setting, default 10.50.0.0/16):Connection reference
Windows Operator Workstation (RDP)
Windows Operator Workstation (RDP)
- Protocol: RDP
- Target: Windows private IP (internal)
- Port: 3389
- Username:
Administrator - Password: Auto-filled from Terraform (decrypted using your
.pemkey) - Features: Drive sharing enabled (
GuacShareappears as a network drive in Windows Explorer), server layout set toen-us-qwerty - Use for: Running agents, accessing the Mythic web UI, using MobaXterm, building and testing payloads
Mythic Team Server (SSH)
Mythic Team Server (SSH)
- Protocol: SSH
- Target: Mythic private IP (internal)
- Port: 22
- Username:
admin - Password: Lab password from
terraform output deployment_info - Color scheme: Green on black
- Use for: Checking Mythic container status (
sudo ./mythic-cli status), installing profiles and agents, reviewing logs
Guacamole Server (SSH)
Guacamole Server (SSH)
- Protocol: SSH
- Target: Guacamole private IP (internal, not localhost — guacd runs in Docker)
- Port: 22
- Username:
admin - Password: Lab password from
terraform output deployment_info - Use for: Inspecting Docker containers (
docker ps), reviewing/var/log/user-data.log, restarting Nginx
Apache Redirector (SSH)
Apache Redirector (SSH)
- Protocol: SSH
- Target: Redirector private IP (cross-VPC via VPC peering)
- Port: 22
- Username:
admin - Password: Lab password from
terraform output deployment_info - Use for: Running Certbot for SSL, reviewing Apache logs, running
test_redirector.sh, inspecting VirtualHost config
Sliver C2 Server (SSH)
Sliver C2 Server (SSH)
- Protocol: SSH
- Target: Sliver private IP (internal)
- Port: 22
- Username:
admin - Password: Lab password from
terraform output deployment_info - Use for: Running
sliver-client, importing C2 profiles, starting listeners, generating implants
Havoc C2 Server (SSH)
Havoc C2 Server (SSH)
- Protocol: SSH
- Target: Havoc private IP (internal)
- Port: 22
- Username:
admin - Password: Lab password from
terraform output deployment_info - Use for: Building Havoc from source (first run), managing the teamserver daemon, reviewing logs
Havoc C2 Desktop (VNC)
Havoc C2 Desktop (VNC)
- Protocol: VNC
- Target: Havoc private IP (internal)
- Port: 5901
- Password: Lab password from
terraform output deployment_info - Color depth: 24-bit
- Use for: Running the Havoc GUI client to connect to the teamserver, managing listeners and demons from the graphical interface