[C2 Server hangs]

C2 3.4.0 should address any concerns here.

[Issue wiping a device (pineapple enterprise) from the CloudC2 dashboard]

wipe is for wiping the remote device, not deleting data in C2. The docs describe this. https://docs.hak5.org/cloud-c2/getting-started/managing-devices

We are very active on discord https://hak5.org/pages/community, as well as the official support channel https://hak5.org/pages/support

[how to change login page image]

it is not customizable currently

[[RELEASE] Hak5 Cloud C² 3.4.0]

8 hours ago, zZ1da0rKcIFFGRri said:

The update doesn't seem to progress at all- it just keeps constantly in spinning state and says "The page will automatically refresh when the update is complete." No log is produced either anywhere I checked (journal, syslog).

As dark_pyrro mentioned there should be output that the server is upgrading.
You might simply be running C2 in a context or directory that has limited permissions; does restarting the service (or command) yield 3.3.0 or is it upgraded to 3.4.0?


If youre not interested in troubleshooting further, you can always just download the bin from the link above and replace the bin manually.

[ScreenCrab not connecting]

Automated fix now available now on download portal: https://downloads.hak5.org/crab 

[[RELEASE] Hak5 Cloud C² 3.4.0]

C² 3.4.0 has been released!

Tons of improvements and some new features that have been long awaited; 2FA, user account invite links, built in application firewall and many performance improvements and bug fixes!

https://downloads.hak5.org/cloudc2

If you have a server already running no need to download from the above link as always it will come through via OTA. 

New features are self explanatory however docs will be brought up to speed ASAP.

Thanks for the feedback as always ❤️ 
Enjoy!

Changelog

General

• Added support and binaries for Apple Silicon devices.
• Adjusted update and license check-in intervals.
• Fixed a bug causing device online/sync/offline status to flip erratically.
• Addressed a rare race condition resulting in server hang.
• Drastically improved server DB performance across multiple areas.
• Removed static title from root index to eliminate identifiable information if server is scanned.
• Adjusted max picture upload size for sites/users/devices to ensure optimal server performance.
• Improved state syncing in the UI when navigating between components.
• Improved notification serving to prevent flooding users with a large number of notifications after extended periods of inactivity.
• Corrected a typo in audit logs when renaming a site.
• Added audit logging for user editing device actions.
• Added or adjusted various debug logging functionalities.
• Optimized default site/user/device pictures.

Command Line

• Added a banner to the first start output.
• Included a -nobanner flag to omit the banner on first start.
• Implemented hostname checks for local/private IP ranges.
• Added output for current configuration.
• Detection of configuration changes now notifies the user.
• Server setup now generates a direct link to open the Setup page with a prepopulated token.

Settings

• Added server configuration info.
• Added a loading spinner to log modals.
• Reorganized settings for improved accessibility.

Application Firewall

• Added the ability to configure allow/deny rules for device/UI access using regex.
• Included a configurable "autoban" option for failed login attempts.
• Added firewall reset and -allowip commands to command line arguments for recovery purposes.

User Accounts

• Added support for direct user invite links.
• Implemented support for 2FA.
• Added a configuration option to force 2FA enrollment.
• Provided the ability to force password reset upon the next login.
• Deleted users are now forcibly and instantly disconnected.
• Added an option to disable login for a user.

Login Page

• Dynamically generated login prompt to enhance obscurity against scanners.
• Polished UX by replacing the background.

Dashboard

• Added device last seen to the dashboard for a more real-time view of device check-ins.
• Fixed dashboard sorting issues.
• Fixed the dark mode banner.
• Fixed notifications theme.
• Corrected the display of offline device rows appearing as "half online."

Overview

• Added last seen and time online to the Uptime card.

Pineapple Recon Module

• Improved stats, pagination, sorting, filtering, scope, and live data update experience.
• Enhanced the cartography view with onclick filtering and camera travel.
• Orientation of nodes loosely generated based on signal strength in the cartography view.

Pineapple Probes Module

• Fixed "Total Probes" and "Most probed SSID" stats.
• Added pagination, sorting, and filtering.
• Included confirmation dialogue for clearing probes.
• Enabled clicking on top probed SSIDs/MACs for filtering.
• Improved page loading performance and database efficiency for high-traffic devices.

Pineapple PineAP Module

• Added confirmation dialogs for removing SSID from the pool and clearing SSID pool.
• Introduced deduplication when adding SSID to the pool.
• Included an "Enable Karma" option for a less fragmented experience (duplicate of Clients module).
• Fixed toggles flickering on load.

Terminal Module

• Fixed UI component flickering on load.
• Addressed a regression loading context.
• Resolved a bug causing desync on recon status in C2 due to stopping tunneling services on a pineapple with recon running.

Clients Module

• Improved page loading performance.
• Fixed an issue where table columns weren't device-specific.
• Added confirmation dialogs for "Forget" and "Disconnect" client buttons.
• Renamed "Allow Associations" to "Enable Karma" for clarity.

Crab

• Fixed the issue where the server failed to ingest images properly, resulting in missing loot and error notifications.
• Improved page loading performance.
• Made minor UI adjustments to the Configuration module.

Loot Module

• Fixed the "Learn more" link.
• Added titles when viewing or deleting loot.
• Rearranged the position of delete all, export, and filter fields.
• Automatically sorted by upload date and displayed size in a readable format.
• Enhanced the Export dialog and displayed file names in delete dialog.

Croc

• Fixed rendering issues in keystroke history that removed leading/trailing spaces (underlying data unaffected, correct keylogs displayed in downloads).

[Help me find my brothers' killer.]

On 9/2/2023 at 12:10 PM, Rkiver said:

This is the wrong place to ask for this.

Go speak to your local law enforcement if you really want something done.

This.

[No button on my ducky?]

This topic was in regards to the _original_ USB Rubber Ducky

If you cannot seem to find the button on a _new_ USB Rubber Ducky, please refer to the quick start documentation here: https://docs.hak5.org/hak5-usb-rubber-ducky/unboxing-quack-start-guide

This thread will now be locked. 

[[RELEASE] Bash Bunny Updater]

11 hours ago, haaaayden said:

Hey there Hak5 🙂 is this updater still supported? 🙂

 

TY

The bash bunny updater has been deprecated. See the docs on upgrading your firmware

[C2 offering deprecated crypto]

I will take a look, ty for report

[GUI SPACE not encode properly on jsencoder.html]

I will take a look into it

[Encoder changes quotation marks help]

@Rekondo  Our newer JS Ducky Encoder is available here listed under tools : https://downloads.hak5.org/ducky

The original Java encoder (duckencoder.jar) is available here: https://github.com/hak5darren/USB-Rubber-Ducky

[Encoder changes quotation marks help]

@Rekondo That is a 3rd party tool, have you tried one of our first party encoders? 

[Char { not sent by SEND]

@TeB DuckToolKit is 3rd party. Have you tried using one of our 1st party encoders?

[Encoder changes quotation marks help]

@Rekondo which encoder are you using?

[[RELEASE] HTML Duck Encoder]

Thank you for the report and I'm sorry to hear that you're having trouble with the new encoder; I will take a look and see if I can find the issue.