Jump to content

Taco5

Active Members
 View Profile  See their activity

  • Posts

    8

  • Joined

  • Last visited

Community Answers

  1. Taco5
    Taco5's post in C2 - Not Registering Clients was marked as the answer   
    Doing some additional testing by browsing the forums
    root@turtle:~# wget https://c2.tako.dev
    --2023-08-11 14:30:17--  https://c2.tako.dev/
    Resolving c2.tako.dev... 192.168.170.14
    Connecting to c2.tako.dev|192.168.170.14|:443... connected.
    ERROR: cannot verify c2.tako.dev's certificate, issued by 'CN=R3,O=Let\'s Encrypt,C=US':
      Unable to locally verify the issuer's authority.
    To connect to c2.tako.dev insecurely, use `--no-check-certificate'

    added new letsencrypts certs to /etc/ssl/certs. So I extracted ISRG_Root_1.crt and DST_Root_CA_03.crt from the fullchain.pem and make new crt files. I then moved them over /etc/ssl/certs overwritting the existing certs with the new ones. now I can get wget to work.
    root@turtle:~# wget c2.tako.dev
    --2023-08-11 14:49:37--  http://c2.tako.dev/
    Resolving c2.tako.dev... 192.168.170.14
    Connecting to c2.tako.dev|192.168.170.14|:80... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 1020 [text/html]
    Saving to: 'index.html'
    index.html                  100%[=================================================>]    1020  --.-KB/s    in 0s

    The c2 auto redirects 80 to 443, but for doucmentation purposes I am showing that it works with a wget to https.
    root@turtle:~# wget https://c2.tako.dev
    --2023-08-11 15:13:46--  https://c2.tako.dev/
    Resolving c2.tako.dev... 192.168.170.14
    Connecting to c2.tako.dev|192.168.170.14|:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 1020 [text/html]
    Saving to: 'index.html.1'
    index.html.1                  100%[=================================================>]    1020  --.-KB/s    in 0.01s

    Still not working so I added the wildcard public cert I am using on my C2 server. Following the process found here: https://docs.hak5.org/cloud-c2/guides/cloud-c-setup-with-self-signed-ssl-certificates. I get it is not self signed, but still.
    root@turtle:/etc/ssl# cat ./wildcard.crt >> cert.pem
    C2DISSCONNECT followed by C2CONNECT did not work. Rebooted the device and did not work. Firewall still shows tcp reset from client on port 443 same number of bytes transferred 3.5k. It looks like the issue remains when I updated the certificates on the appliance.

    *** SOLUTION ***
    I updated my C2 server to point to the fullchain and just the public cert and that seems to work. I am not sure if updating the certs helped. If you have the same issue make sure to include the fullchain.pem and possibly update the certbundle.
    ExecStart=/opt/c2/c2_amd64_linux -hostname c2.tako.dev -https -certFile /opt/c2/fullchain.pem -keyFile /opt/c2/privkey.pem -sshport 12912 -db /opt/c2/c2.db
    NOTE:
    - It looks like -sshport option only applies when you make a revse tunnel. All traffic is managed over 443. So I guess I need to make a new listening port for my server to change it from 443.
    - The device is stuck in "Online and Syncing Changes", but I can manually exfil data using the C2EXFIL command. Now the device will auto disconnect from C2 after an hour or two. looks like something else to troubleshoot...
×
×
  • Create New...