-
Posts
2,618 -
Joined
-
Last visited
-
Days Won
198
Posts posted by dark_pyrro
-
-
Next step would be to investigate why you have that many C2 processes running in parallel. If that isn't solved, you will end up in the same situation over and over again when the VPS is started.
-
That's too many processes running C2. Two processes are enough.
-
Regarding
1 hour ago, NickBeanDNB said:Jan 17 17:12:22 ip-x c2-3.3.0_amd64_linux[11411]: [!] Error starting SSH server: listen tcp 0.0.0.0:2022: bind: address already in use
you need to check and verify what I said in the beginning of this thread when getting that error. I.e. you can't have other things running on the VPS on port 2022 at the same time as C2 (or multiple instances of C2, or anything else that might use port 2022).
Check your running processes (ps ax) and/or what ports that are used by running processes ( sudo ss -tulpn | grep 2022 or sudo netstat -tulpn | grep 2022 )
-
-
As I said before
On 1/15/2024 at 5:26 PM, dark_pyrro said:Running with "https", colon and slashes included in the hostname will most likely not work
The same goes with anything used to specify the hostname parameter
So, if the A record that resolves the domain name to the public IP address of the Lightsail VPS where C2 is running is "mydomainname.com" (without the quote marks), you have to use that (and that alone) along with the hostname parameter, nothing else. Don't add any http or https, any colons, or any slashes.
I.e. not
-hostname http://mydomainname.com/
or
-hostname https://mydomainname.com/
but instead only
-hostname mydomainname.com
All in all, something like
ExecStart=/usr/local/bin/c2-3.3.0_amd64_linux -hostname mydomainname.com -https -db /var/cloudc2/c2.db
-
11 minutes ago, dark_pyrro said:
And, how is the C2 service started?
What does the command line in the service file look like that starts C2 (remove any reference to your specific domain name if you don't want to post it publicly)?
-
And, how is the C2 service started?
-
What ports are opened in the Lightsail admin web UI for that specific VPS?
-
So, when you have C2 running, you can access the C2 web UI using the domain name?
-
Is the domain name linked to the public facing IP address of the Lightsail VPS (DNS A record)?
-
If you have "reserved" that domain name for other use, you can most likely use one registered for free at (for example) freenom.com
-
OK, then you need to decide what route you want to travel; using that domain name you already have and go with Let's Encrypt, or go down the other path involving more setup. I wouldn't advise trying to use any certificate handling other than Let's Encrypt in this case, just to keep things as simple as possible.
-
OK, so if you want to use https with the built in Let's Encrypt functionality, you will need a registered domain name. If not, you can't use Let's Encrypt and you have to obtain/create certificates in some other way.
-
I think you need to step back a bit and specify what setup you want to achieve.
Some parameters seem to be set, such as the fact that you're using a Lightsail VPS
Then you need to decide if you want to use a domain name and if you're going to use https or not.
When the details have been established, it's possible to offer some kind of guidance on how to set it all up.
-
I guess you're the same user as on Discord asking about the same thing. If so, you've already got the advise to create a support ticket.
-
The machine where you run C2; is it possible to access it from the internet? I.e. is it a public VPS or a resource on an internal/private network behind a firewall? More info needed about that to be able to troubleshoot things correctly.
Is the new domain possible to resolve to the relevant IP address where C2 is running?
Are port(s) open in any firewall that is needed by Let's Encrypt?
-
Yes it does, and both the v2 and v3 variants seem to share the same PID and that's probably why lsusb identifies it as a v2 even if it's actually a v3. Same chipset anyway.
-
That's for sure an old firmware version. Seems like no one has used that Nano since the model was first released.
The domain should be up, but I haven't used (or upgraded) my Nano for quite a while now so some parts of it might have been taken down.
I guess it should be possible to use splitweb and sysupgrade on the Nano just like on the Mark VII (and other OpenWrt based devices) to do a manual upgrade.
-
The answer is most likely some posts up this thread. The output in your post shows that it's the v2 variant of the TL-WN722N adapter and that is based on the RTL8188 chipset, not the Atheros one (that comes with the 1.x version). So, those who say that their TL-WN722N adapter works probably has got the 1.x version and those who experience issues have some other version of the same adapter "model" with an incompatible chipset (or at least a chipset with missing drivers).
-
21 minutes ago, NickBeanDNB said:
Error starting SSH server: listen tcp 0.0.0.0:2022: bind: address already in use
Check the ports already in use on your system. Also, check processes in the case you might have a C2 instance already running.
22 minutes ago, NickBeanDNB said:sudo ./c2-3.3.0_amd64_linux -hostname https://X/
Running with "https", colon and slashes included in the hostname will most likely not work. I also assume that the "X" is just a temp replacement for an actual valid hostname (and not an IP address). If https is going to be used, IP addresses isn't going to work if using the built-in Let's Encrypt support. If using https without the built-in support, then more parameters are needed to get it working.
-
Probably a question for the Pineapple section of the forums, and... probably something one should avoid since "use it walking around to use man in the middlle or evil twin attacks" most likely is illegal in any civilized country if it's being made on resources that you don't have explicit permission to do so.
-
Same thing was asked on Discord, so I guess it's the same user
-
If the networks/ESSIDs that the target devices are looking for are open networks, then you can spoof the ESSID and hope they will connect. If the networks are protected then you need to know the secret and set up the evil twin using that information.
https://docs.hak5.org/wifi-pineapple/ui-overview/pineap#impersonation
-
OK, I understand
2 hours ago, Jason Boreno said:I used Jakobys PowerShell-to-ducky-converter to convert PowerShell functions to ducky
That, however, doesn't convert anything to DuckyScript as I see it. So my question remains; what tool are you using to encode the DuckyScript code to an inject.bin file that the Ducky can execute?
2 hours ago, Jason Boreno said:I've only seen it use the US keyboard (Target keyboard)
That doesn't really answer my question about if the keyboard language used when encoding the DuckyScript payload is corresponding to the keyboard language used by the intended target. So, is the target Windows computer using a US keyboard layout?
2 hours ago, Jason Boreno said:what exactly is throwing the error in the plane text ducky?
From what I can tell by looking at the output posted, it seems as if line feeds aren't handled correctly. That's why I'm asking about keyboard layouts. It doesn't really look like that might be the issue, but I have to ask to rule that out of it all.
And my last question; are you using a true/original/official Hak5 USB Rubber Ducky (first generation) when doing all of this?
C2 - Error starting SSH server: listen tcp 0.0.0.0:2022: bind: address already in use
in Hak5 Cloud C²
Posted
(if it's not a result of you manually starting C2 in a specific session without reboot)