Jump to content

Éd_D

Active Members
  • Posts

    26
  • Joined

  • Last visited

Everything posted by Éd_D

  1. On the LAN Turtle, AutoSSH is running: root@turtle:~# ps […] 28771 root 936 S /usr/sbin/autossh -M 20000 -i /root/.ssh/id_rsa -N -T -R xxxxx:localhost:22 turtle@vps.domain.tld -p 22 […] root@turtle:~# (Debian man page about autossh [https://manpages.debian.org/bullseye/autossh/autossh.1.en.html] is not complete enough to understand all the command line arguments.) From here, everything looks ok. No problem with the ssh connection to the VPS.
  2. In fact, I have changed the ssh port (22) by a custom one (port number chosen between 49152 and 65535) for security reason. When I copy commands and screen output on the forum, I write 2222 instead the real l number because "2222" look nice as customed ssh number… 🙂
  3. I tried both: turtle@vps:~$ ssh root@localhost ssh: connect to host localhost port 22: Connection refused turtle@vps:~$ ssh -p 22 root@localhost ssh: connect to host localhost port 22: Connection refused turtle@vps:~$ ssh -p 2222 root@localhost root@localhost's password: Permission denied, please try again. root@localhost's password: Permission denied, please try again. root@localhost's password: ^C turtle@vps:~$
  4. I think that sshd is misconfigured on the vps: root@vps:~# grep ^[^#] /etc/ssh/sshd_config Port 2222 PermitRootLogin no ChallengeResponseAuthentication no UsePAM yes PrintMotd no AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server PasswordAuthentication yes root@vps:~# (When commissioning, I only uncommented the Port directive, changed 22 to 2222 on this ligne and changed yes to no for the PermitRootLogin directive…)
  5. I have a problem that looks like… The AutoSSH connection is up on the Turtle. On the VPS, when I try: ssh root@localhost the connection is refused…
  6. I did some reading... and I realized that Tor does not work like a traditional VPN that I have been using until now! Tor does not use a dedicated interface like "tun0". Tor encrypts and forwards what it receives on port 9001 to the "next relay". Also, the command "iptables -t nat -A POSTROUTING -o lo --destination-port 9001 -j MASQUERADE" is not correct. There is something somewhere that I do not understand.
  7. 👍 You are my saviour! 😉 root@raspberry:~# find / -name tor@default.service /run/systemd/generator/tor.service.wants/tor@default.service /usr/lib/systemd/system/tor@default.service /sys/fs/cgroup/pids/system.slice/system-tor.slice/tor@default.service /sys/fs/cgroup/devices/system.slice/system-tor.slice/tor@default.service /sys/fs/cgroup/systemd/system.slice/system-tor.slice/tor@default.service /sys/fs/cgroup/unified/system.slice/system-tor.slice/tor@default.service root@raspberry:~# ls -l /run/systemd/generator/tor.service.wants/tor@default.service lrwxrwxrwx 1 root root 39 Feb 14 2019 /run/systemd/generator/tor.service.wants/tor@default.service -> /lib/systemd/system/tor@default.service root@raspberry:~# grep RunAsDaemon /usr/lib/systemd/system/tor@default.service ExecStartPre=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 --verify-config ExecStart=/usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 root@raspberry:~# Thank you. The next step now is a 'tun0' interface with Tor…
  8. root@raspberry:~# cat /etc/systemd/system/multi-user.target.wants/tor.service # This service is actually a systemd target, # but we are using a service since targets cannot be reloaded. [Unit] Description=Anonymizing overlay network for TCP (multi-instance-master) [Service] Type=oneshot RemainAfterExit=yes ExecStart=/bin/true ExecReload=/bin/true [Install] WantedBy=multi-user.target root@raspberry:~# ❓❓❓WTF root@raspberry:~# find / -name tor.service /etc/systemd/system/multi-user.target.wants/tor.service /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/tor.service /usr/lib/systemd/system/tor.service /sys/fs/cgroup/pids/system.slice/tor.service /sys/fs/cgroup/devices/system.slice/tor.service /sys/fs/cgroup/systemd/system.slice/tor.service /sys/fs/cgroup/unified/system.slice/tor.service root@raspberry:~# ls -l /etc/systemd/system/multi-user.target.wants/tor.service \ > /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/tor.service \ > /usr/lib/systemd/system/tor.service /sys/fs/cgroup/pids/system.slice/tor.service \ > /sys/fs/cgroup/devices/system.slice/tor.service \ > /sys/fs/cgroup/systemd/system.slice/tor.service \ > /sys/fs/cgroup/unified/system.slice/tor.service lrwxrwxrwx 1 root root 31 Aug 9 22:39 /etc/systemd/system/multi-user.target.wants/tor.service -> /lib/systemd/system/tor.service -rw-r--r-- 1 root root 312 Jun 18 08:27 /usr/lib/systemd/system/tor.service -rw-r--r-- 1 root root 0 Aug 8 22:09 /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/tor.service /sys/fs/cgroup/devices/system.slice/tor.service: total 0 -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.clone_children -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.procs --w------- 1 root root 0 Aug 9 22:39 devices.allow --w------- 1 root root 0 Aug 10 14:08 devices.deny -r--r--r-- 1 root root 0 Aug 10 14:08 devices.list -rw-r--r-- 1 root root 0 Aug 10 14:08 notify_on_release -rw-r--r-- 1 root root 0 Aug 10 14:08 tasks /sys/fs/cgroup/pids/system.slice/tor.service: total 0 -rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.clone_children -rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.procs -rw-r--r-- 1 root root 0 Aug 10 13:53 notify_on_release -r--r--r-- 1 root root 0 Aug 10 13:53 pids.current -r--r--r-- 1 root root 0 Aug 10 13:53 pids.events -rw-r--r-- 1 root root 0 Aug 9 22:39 pids.max -rw-r--r-- 1 root root 0 Aug 10 13:53 tasks /sys/fs/cgroup/systemd/system.slice/tor.service: total 0 -rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.clone_children -rw-r--r-- 1 root root 0 Aug 10 13:53 cgroup.procs -rw-r--r-- 1 root root 0 Aug 10 13:53 notify_on_release -rw-r--r-- 1 root root 0 Aug 10 13:53 tasks /sys/fs/cgroup/unified/system.slice/tor.service: total 0 -r--r--r-- 1 root root 0 Aug 10 14:08 cgroup.controllers -r--r--r-- 1 root root 0 Aug 9 22:39 cgroup.events -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.freeze -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.max.depth -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.max.descendants -rw-r--r-- 1 root root 0 Aug 9 22:39 cgroup.procs -r--r--r-- 1 root root 0 Aug 10 14:08 cgroup.stat -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.subtree_control -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.threads -rw-r--r-- 1 root root 0 Aug 10 14:08 cgroup.type -r--r--r-- 1 root root 0 Aug 10 14:08 cpu.stat root@raspberry:~# Oh, my God! What are these directories and empty files???
  9. Hi Everybody, I hope this topic is the good one for my problem… I use a raspberry Pi 3B as small wireless router : 1. 'eth0' interface is using 'dhcpcd' for the WAN connection; 2. 'wlan0' interface is running with 'hostapd' and 'dnsmasq' as a hotspot; 3. the rule 'iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE' allows routing… Everything is ok, but not secure… Next step: I want to use Tor as a tunnel and change the routing rule as 'iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE'… root@raspberry:~# apt-get update […] root@raspberry:~# apt-get upgrade […] root@raspberry:~# apt-get install tor […] root@raspberry:~# ps xa […] 1064 ? Ss 0:06 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 […] root@raspberry:~# Tor is running… The 'ifconfig' command shows 'eth0', 'lo' and 'wlan0' interfaces but there is no 'tun0' interface on my RPI! I think, Tor is not using a 'tun0' interface because it is not a daemon (client mode) with the option "--Run AsDaemon 0". root@raspberry:~# cat /usr/share/tor/tor-service-defaults-torrc DataDirectory /var/lib/tor PidFile /run/tor/tor.pid RunAsDaemon 1 User debian-tor ControlSocket /run/tor/control GroupWritable RelaxDirModeCheck ControlSocketsGroupWritable 1 SocksPort unix:/run/tor/socks WorldWritable SocksPort 9050 CookieAuthentication 1 CookieAuthFileGroupReadable 1 CookieAuthFile /run/tor/control.authcookie Log notice syslog root@raspberry:~# grep ^[^#] /etc/tor/torrc root@raspberry:~# As all lines in the the '/etc/tor/torrc' are commented, I have uncommented the 'RunAsDaemon 1' line. 
After Tor restarts, nothing has changed : root@raspberry:~# ps xa […] 3223 ? Ss 0:12 /usr/bin/tor --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --RunAsDaemon 0 […] root@raspberry:~# I can't understand where this '--RunAsDaemon 0' is coming from! 
I have not found any information about that, neither on raspbian site, nor on torproject site. Have you an idea?
 Something to read? Regards, Éd. D.
  10. I answer to myself… 😂 With internal "reformat_usb" command, it is working very fine! My squirrel is upgraded.
  11. Hi, How can I upgrade the firmware… when crc32C is missing for my USB stick! (I's a vicious circle!!!)
  12. 🤣 I am so used to doing my system configurations by hand with Vi!!! 🤣 For information, the GUI appends in the /etc/config/wireless file: config wifi-device 'radio2' option type 'mac80211' option channel '11' option hwmode '11g' option path 'platform/ehci-platform/usb1/1-1/1-1.3/1-1.3:1.0' option htmode 'HT20' config wifi-iface option device 'radio2' option ifname 'wlan2' option mode 'sta' option network 'wwan' option ssid 'myMobileWiFiSSID' option encryption 'psk2+ccmp' option key 'myMobileWiFiKey' and the path "platform/ehci-platform/usb1/<etc>" is a subsystem (like "/dev") in "/sys/devices"… I had almost reached the same point with the couple RTFM & Vi! I will put a note on my computer screen: "⚠️Visit the GUI before use SSH & Vi…" 😁 Regards. Éd.
  13. I want to mount the extra WiFi adapter as wlan2, in client mode, to use my WiFi Pineapple NANO alone, just plugged into a battery... I will look at the URL you sent me. Thank you.
  14. Hello, I need some clarification to understand what I am doing. After plugging my RT5390 WiFi adapter (sold by Hak5 with my WiFi Pineapple NANO, but not used until yet…), I can verify if the adapter is recognised by the Pineapple… root@Pineapple:~# dmesg | tail -n 5 [ 865.323205] usb 1-1.3: new high-speed USB device number 5 using ehci-platform [ 865.613332] usb 1-1.3: reset high-speed USB device number 5 using ehci-platform [ 865.783339] ieee80211 phy2: rt2x00_set_rt: Info - RT chipset 5390, rev 0502 detected [ 865.869931] ieee80211 phy2: rt2x00_set_rf: Info - RF chipset 5370 detected [ 865.902917] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht' root@Pineapple:~# lsmod | grep rt2x00 cfg80211 232618 11 rtlwifi,rtl8187,rt2x00lib,mt76x02_usb,mt76x02_lib,mt76,ath9k_htc,ath9k,ath9k_common,ath,mac80211 mac80211 465192 14 rtl8192cu,rtl_usb,rtlwifi,rtl8187,rt2800lib,rt2x00usb,rt2x00lib,mt76x2u,mt76x02_usb,mt76x02_lib,mt76_usb,mt76,ath9k_htc,ath9k rt2x00lib 36563 3 rt2800usb,rt2800lib,rt2x00usb rt2x00usb 8473 1 rt2800usb usbcore 134398 35 smsc95xx,sierra_net,rndis_host,qmi_wwan,cdc_ether,ax88179_178a,asix,usbnet,ums_usbat,ums_sddr55,ums_sddr09,ums_karma,ums_jumpshot,ums_isd200,ums_freecom,ums_datafab,ums_cypress,ums_alauda,cdc_wdm,cdc_acm,rtl8192cu,rtl_usb,rtl8187,rt2800usb,rt2x00usb,mt76x2u,mt76x02_usb,mt76_usb,ath9k_htc,usb_storage,uhci_hcd,ohci_platform,ohci_hcd,ehci_platform,ehci_hcd root@Pineapple:~# root@Pineapple:~# lsusb Bus 001 Device 004: ID 05e3:0745 Genesys Logic, Inc. Logilink CR0012 Bus 001 Device 003: ID 0cf3:9271 Qualcomm Atheros Communications AR9271 802.11n Bus 001 Device 005: ID 148f:5370 Ralink Technology, Corp. RT5370 Wireless Adapter Bus 001 Device 002: ID 058f:6254 Alcor Micro Corp. USB Hub Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub root@Pineapple:~# I think that everything is ok… The WiFi adapter look like recognized and ready to use. Nothing has changed in the the web admin interface of the WiFi Pineapple NANO, which is normal since the adapter is not yet configured in /etc/config/wireless (https://docs.hak5.org/hc/en-us/articles/360010471494-WiFi-Client-Mode). I found a config mini how-to at the URL: http://h-wrt.com/en/mini-how-to/wifi_openwrt I think that I need to append the following lines in the existing /etc/config/wireless file. config wifi-device 'radio2' option type 'mac80211' option channel 'auto' option hwmode '11n' option path 'platform/ehci-platform/< must be completed > option disabled '0' config wifi-iface option device 'radio2' option network 'wwan' option mode 'sta' Do you agree with this first step? How can I found the path to use for the radio device configuration ? Will 'radio2' be automatically linked to 'wlan2'? In the OpenWRT doc I read, the credentials to the access point connection (SSID & key) are stored in the /etc/config/wireless file: config wifi-iface option device 'radio2' option network 'wwan' option mode 'sta' option ssid 'testwifi' option encryption 'psk2' option key '1234567890' Does that mean, that I can configure only one access point? Can I use a wpa-supplicant configuration for one network at home, one at work and so on, like on a Linux laptop? But I did not find a file like wpa_supplicant.conf in the WiFi Pineapple NANO system files… Thank you in advance for your explanations. Regards, Éd.
  15. Hi everyone, Is there any particular reason to use Google® DNS servers (8.8.8.8 & 8.8.4.4) in the Hak5 devices configuration files? Regards, Éd.
  16. Éd_D

    LAN Turtle 3G

    Hi, What is the name of the software/package to use to receive/send SMS with the LAN Turtle 3G? Do you have a URL for Howto? Regards, Éd.
  17. Addendum In my previous post, I said that I had linked ProviderStandardSSLCA2.pem file to myFile.pem alias… I am not sure there is much point in having this link… I do not know if it is really useful for Cloud C² sofware to find a ".pem" file with same name, in the same directory of the certificate "myFile.crt" called by the argument: "-certFile /path/to/myFile.crt" when C² is launched. May be, it is more useful to run the "cat ProviderStandardSSA2.pem >> ca-certificates.crt" command line in the certs directory of the VPS… It is exactly the same command line as run on the device because /etc/ssl/cert.pem is an alias for /etc/ssl/certs/ca-certificates.crt file. In doubt, I had done both (but my message was already sent 🙂).
  18. I already read the guide: https://docs.hak5.org/hc/en-us/articles/360049664554-Cloud-C2-setup-with-self-signed-SSL-certificates But, I don't use a self signed SSL certificate! I am using a standard wilcard one delivered by my an Internet Provider for "myDomain" and all first level subdomains "*.myDomain.tld". (My certificate is signed by a certification authority…) To have this certificate, the procedure is : I un the "openssl" command line, like a self signed SSL certificate guide… using "-out cert.csr" instead "-out cert.cst" and *.myDomain.tld" as FQDN. I send "cert.csr" file to the SSL certification department of an Internet provider of mine (and pay the bill! 🙂). On the one hand, the SSL certification department give me a fingerprint to add in a CNAME record of the myDomain.tld DNS server. On the other and, the SSL certification department send me the signed certificate ("cert.crt") and another file: an intermediate certificate called "ProviderStandardSSLCA2.pem". Writing these lines, I remember that, in the self signed SSL certificates guide, you run the "cat certs/cert.crt >> cert.pem" command line… 💡 … and remember that : On the VPS, the certificate (.crt) and intermediate certificate (.pem) don't share the same radical name! root@vps:~# cd /path/to/certs root@vps:/path/to/certs# ln -s ProviderStandardSSLCA2.pem myFile.pem root@vps:/path/to/certs# systemctl restart cloudc2.service root@vps:/path/to/certs# On the Pineapple device, I forget the cert.pem file! So, I do the following sequence: Copy (scp) the ProviderStandardSSLA2.pem to my PineApple device, in "/etc/ssl/". Connect (ssh) to the device : root@PineappleTetra:~# cd /etc/ssl root@PineappleTetra:/etc/ssl# cat ProviderStandardSSA2.pem >> cert.pem root@PineappleTetra:/etc/ssl# rm ProviderStandardSSA2.pem root@PineappleTetra:/etc/ssl# Generate and download a new "device.config" from Cloud C² server. Upload (scp) the "device.config" to my PineApple device, in "/etc/" and reboot it. AND 🥁 THE PINEAPPLE IS CONNECTED! Thanks very much for you, Foxtrot and chizree The exchanges with you are a great help. 👍👍👍 Problem solved.
  19. The server name and server ports did not change since Cloud C² is running on this VPS; and I did not not change anything else after downloading the device.config file. The /etc/cc-client-error.log file is full of the repetition of 3 lines : [1623716396 !ERR CURL ] Error posting update to server... [1623716396 !ERR INITSYNC ] Error in startup sync post [1623716396 !ERR MAIN ] Device startup sync failed. Retrying... [1623716401 !ERR CURL ] Error posting update to server... [1623716401 !ERR INITSYNC ] Error in startup sync post [1623716401 !ERR MAIN ] Device startup sync failed. Retrying... [1623716407 !ERR CURL ] Error posting update to server... [1623716407 !ERR INITSYNC ] Error in startup sync post [1623716407 !ERR MAIN ] Device startup sync failed. Retrying...
  20. Ok, I am doing the test… 1st step: Once cc-client process killed, I run the command line "cc-client /etc/device.config" Nothing displayed (not even the prompt: cc-client seems to be running). I run a second ssh session to verify: root@PineappleTetra:~# ps -xaf PID TTY STAT TIME COMMAND 2 ? S 0:00 [kthreadd] 7 ? S 0:07 \_ [ksoftirqd/0] 4 ? I< 0:00 \_ [kworker/0:0H] 3 ? I 0:27 \_ [kworker/0:0] 6 ? I< 0:00 \_ [mm_percpu_wq] 82 ? S 0:00 \_ [oom_reaper] 88 ? I< 0:00 \_ [kblockd] 86 ? I< 0:00 \_ [crypto] 83 ? I< 0:00 \_ [writeback] 85 ? S 0:00 \_ [kcompactd0] 122 ? S 0:00 \_ [kswapd0] 184 ? S 0:00 \_ [spi0] 281 ? I< 0:00 \_ [ipv6_addrconf] 283 ? I< 0:00 \_ [dsa_ordered] 295 ? S 0:00 \_ [ubi_bgt0d] 300 ? I< 0:00 \_ [kworker/0:1H] 361 ? I 0:00 \_ [kworker/0:3] 404 ? S 0:00 \_ [ubifs_bgt0_1] 594 ? I< 0:00 \_ [cfg80211] 632 ? I< 0:00 \_ [rpciod] 633 ? I< 0:00 \_ [xprtiod] 666 ? I< 0:00 \_ [nfsiod] 24344 ? I 0:01 \_ [kworker/u2:2] 25820 ? I 0:01 \_ [kworker/u2:1] 27165 ? I 0:00 \_ [kworker/u2:0] 1 ? Ss 0:02 /sbin/procd 470 ? S 0:00 /sbin/ubusd 498 ttyS0 Ss+ 0:00 /sbin/askfirst /bin/login 564 ? S 0:03 /sbin/urngd 889 ? S 0:00 /sbin/logd -S 64 1000 ? S 0:02 /sbin/netifd 1243 ? S 0:00 \_ udhcpc -p /var/run/udhcpc-eth0.pid -s /lib/netifd 1052 ? Ss 0:00 /usr/sbin/atd 1497 ? Ss 0:00 php-fpm: master process (/etc/php7-fpm.conf) 1498 ? S 0:09 \_ php-fpm: pool www 1499 ? S 0:09 \_ php-fpm: pool www 1527 ? S 0:00 /usr/sbin/sshd -D 25557 ? Ss 0:00 \_ sshd: root@pts/0 25671 pts/0 Ss 0:00 | \_ -ash 25962 pts/0 S+ 0:09 | \_ cc-client /etc/device.config 27166 ? Ss 0:00 \_ sshd: root@pts/1 27224 pts/1 Ss 0:00 \_ -ash 27288 pts/1 R+ 0:00 \_ ps -xaf 1571 ? S 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/n 1611 ? S 0:04 \_ nginx: worker process 1574 ? Ss 1:29 /usr/sbin/hostapd -P /var/run/wifi-phy0.pid -B /var/r 1625 ? S 0:04 /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c 1746 ? S< 0:00 /usr/sbin/ntpd -n -N -S /usr/sbin/ntpd-hotplug -p 0.o root@PineappleTetra:~# 2nd step: root@PineappleTetra:~# grep fullyQualifiedName.tld /etc/device.config fullyQualifiedName.tld *443B ??Ѓ???k#?? root@PineappleTetra:~# It seems that this is the first line of the file... root@PineappleTetra:~# grep 2022 /etc/device.config b2022 root@PineappleTetra:~# It is the last line in the file. If I look into the file with more (or less), I can see in these lines "non printable" characters, like in a binary file… Half an hour later, cc-client is still running and nothing new in Cloud C²!
  21. Cloud C² is running properly on the vps server (previous problem is solved, no more conflict with other application! Great thanks to chrizree.) A Chinese sentence says that a draw is better than 100,000 words… So, you can a picture that shows my network config at https://github.com/th3m1s-42/th3m1s-42/blob/main/img/networkScheme1.png The cloud C2 server is launched by systemd: /etc/systemd/system/cloudc2.service file: root@vps:/etc/systemd/system# cat cloudc2.service [Unit] Description=Hak5 Cloud C2 After=cloudc2.service [Service] Type=idle ExecStart=/usr/local/bin/c2-3.1.2_amd64_linux \ -hostname fullyQualifiedName.tld \ -https \ -keyFile /path/to/keys/myFile.key \ -certFile /path/to/certs/myFile.crt \ -db /path/to/hak5c2/c2.db [Install] WantedBy=multi-user.target root@vps:/etc/systemd/system# I connect my laptop on Internet through the WiFi Pineapple… So I presume that, if my laptop can join an host on the net, my Pineapple device can do it too… I can surf the Internet without problem. I have run 3 tests to ensure that ports 80, 443 and 2022 are enable: In the address field of my favorite browser, I type "fullyQualifiedName.tld:80". The Hack5 Cloud C² login page is displayed in the browser window without using SSL. C² is listening HTTP on port 80. Same thing with "fullyQualifiedName.tld:443", same result with SSL. C² is listening HTTPS on port 443. In a terminal window : myself@MacBook ~ % ssh -p 2022 foobar@fullyQualifiedName.tld The authenticity of host '[fullyQualifiedName.tld]:2022 ([aaa.bbb.ccc.ddd]:2022)' can't be established. RSA key fingerprint is SHA256:sgRolDenN95AzPaxDE6BUY6npK3VTdd2xOfVuZyQL/E. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[fullyQualifiedName.tld]:2022,[aaa.bbb.ccc.ddd]:2022' (RSA) to the list of known hosts. foobar@fullyQualifiedName.tld: Permission denied (publickey). myself@MacBook ~ % C² is listening SSH on port 2022 (even though the foobar user do not exist on this VPS! 😂). So, I think everything is ok to add my pineapple device on Cloud C². I create a device in the Cloud C² admin interface (Add button) with type "WiFi Pineapple NANO / TETRA ». I download the device.config with he Setup button on the newly created device page… I upload this file on Pineapple device: myself@MacBook ~ % scp ~/Downloads/device.config root@172.14.42.1:/etc/ root@172.16.42.1's password: device.config 100% 832 168.3KB/s 00:00 myself@MacBook ~ % I reboot Pineapple device with the admin interface of the Pineapple (http://172.16.42.1:1471/) Unfortunately, the Pineapple stays offline with the status "Last Seen: never". Another test: myself@MacBook ~ % ssh root@172.16.42.1 root@172.16.42.1's password: BusyBox v1.30.1 () built-in shell (ash) ***** WiFiPineapple Banner ***** With OpenWRT 19.07.2 --------------------- root@PineappleTetra:~# ps xaf PID TTY STAT TIME COMMAND 2 ? S 0:00 [kthreadd] 7 ? S 0:00 \_ [ksoftirqd/0] 6 ? I< 0:00 \_ [mm_percpu_wq] 4 ? I< 0:00 \_ [kworker/0:0H] 3 ? I 0:02 \_ [kworker/0:0] 5 ? I 0:01 \_ [kworker/u2:0] 8 ? I 0:01 \_ [kworker/u2:1] 82 ? S 0:00 \_ [oom_reaper] 88 ? I< 0:00 \_ [kblockd] 85 ? S 0:00 \_ [kcompactd0] 83 ? I< 0:00 \_ [writeback] 86 ? I< 0:00 \_ [crypto] 122 ? S 0:00 \_ [kswapd0] 184 ? S 0:00 \_ [spi0] 281 ? I< 0:00 \_ [ipv6_addrconf] 283 ? I< 0:00 \_ [dsa_ordered] 295 ? S 0:00 \_ [ubi_bgt0d] 300 ? I< 0:00 \_ [kworker/0:1H] 361 ? I 0:00 \_ [kworker/0:3] 404 ? S 0:00 \_ [ubifs_bgt0_1] 594 ? I< 0:00 \_ [cfg80211] 632 ? I< 0:00 \_ [rpciod] 633 ? I< 0:00 \_ [xprtiod] 666 ? I< 0:00 \_ [nfsiod] 3906 ? I 0:00 \_ [kworker/u2:2] 1 ? Ss 0:02 /sbin/procd 470 ? S 0:00 /sbin/ubusd 498 ttyS0 Ss+ 0:00 /sbin/askfirst /bin/login 564 ? S 0:01 /sbin/urngd 889 ? S 0:00 /sbin/logd -S 64 1000 ? S 0:00 /sbin/netifd 1243 ? S 0:00 \_ udhcpc -p /var/run/udhcpc-eth0.pid -s /lib/netifd 1052 ? Ss 0:00 /usr/sbin/atd 1497 ? Ss 0:00 php-fpm: master process (/etc/php7-fpm.conf) 1499 ? S 0:01 \_ php-fpm: pool www 1498 ? S 0:01 \_ php-fpm: pool www 1527 ? S 0:00 /usr/sbin/sshd -D 3632 ? Ss 0:00 \_ sshd: root@pts/0 3646 pts/0 Ss 0:00 \_ -ash 4635 pts/0 R+ 0:00 \_ ps xaf 1571 ? S 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/n 1611 ? S 0:00 \_ nginx: worker process 1574 ? Ss 0:07 /usr/sbin/hostapd -P /var/run/wifi-phy0.pid -B /var/r 1625 ? S 0:00 /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c 1746 ? S< 0:00 /usr/sbin/ntpd -n -N -S /usr/sbin/ntpd-hotplug -p 0.o 1749 ? S 0:00 /bin/sh /etc/rc.common /etc/rc.d/S99cc-client boot 1753 ? S 0:20 \_ cc-client /etc/device.config root@PineappleTetra:~# A cc-client process is running. The Pineapple device should connect to the C² Cloud server… but nothing! I even tried to change the device name to PineappleTertra (hostname of the device, seen during the ssh session, above) in the Cloud C² server and repeat the process of configuration (download device.congig from server, upload it to device and reboot device), to no avail. 🙃 I misunderstand: I think to have done everything like RTFM!! 😢 Has anyone an idea? Where can I look for the solution? Thank you for the help, Best regards. Éd.
  22. Thank you for this quick answer… 👍👍👍 So, I can conclude that I need to change the OpenVPN access server port if I want to keep cloud c² on the same VPS… 🤔 Regard, Éd.
  23. Hi everybody. Until now, I was playing with cloud c² locally in a private network. Now, we can use a VPS (linux Centos 😎 in wich run an OpenVPN access server. ***** 1st step ***** For the fist tests, we stop the OpenVPS access server to run cloud c². (Otherwise there is a conflict: both services use HTTPS (443) port. I run cloud c² with the command line : admin@vps ~]$ sudo /usr/local/bin/c2-3.1.2_amd64_linux \ -hostname fullyQuallifiedName.tld \ -https \ -keyFile /path/to/keys/myKey.key \ -certFile /path/to/certs/myCert.crt \ -db /path/to/hak5c2/c2.db [*] Initializing Hak5 Cloud C2 v3.1.2 [*] Hostname: fullyQuallifiedName.tld [*] DB Path: /path/to/hak5c2/c2.db [*] Validating License [*] License Valid [*] Running Hak5 Cloud C2 Everything is ok! ❤️ I can connect to the cloud c² web interface at the address "https://fullyQualifiedName.tld". To end the test, I can stop cloud c² by <ctrl-c> in the ssh client window… ^C[!] Signal caught, shutdown initiated [*] Shutting down gracefully [*] Server stopped [admin@vps ~]$ ***** when problems happen ***** Next step, we need to change the port of the cloud c² web interface to leave port 443 free for the OpenVPN access server… (we are used to choose our custom ports between 49152 and 65535.) So I tryed the command line : [admin@vps ~]$ sudo /usr/local/bin/c2-3.1.2_amd64_linux \ -hostname fullyQuallifiedName.tld \ -https \ -keyFile /path/to/keys/myKey.key \ -certFile /path/to/certs/myCert.crt \ -listenport 50xyz \ -db /path/to/hak5c2/c2.db [*] Initializing Hak5 Cloud C2 v3.1.2 [*] Hostname: fullyQuallifiedName.tld [*] DB Path: /path/to/hak5c2/c2.db [*] Validating License [*] License Valid [*] Running Hak5 Cloud C2 Cloud c² runs properly… But nothing happen in my web browser with the address "https://fullyQualifiedName.tld:50xyz/"! My browser says that the server don’t answer… Access to the cloud c² admin interface remains at the address "https://fullyQualifiedName.tld/" ("https://fullyQualifiedName.tld:443/"). It is like the "-listenport" argument was ignored! I also tried the command line with quotes around the port number: -listenport "50xyz" (to force 50xyz to be a string and not an integer!…) but the problem is same. Thank you for the help, Best regards. Éd.
  24. May be I make a mistake… I can't mount it! ☹️
  25. Hi, I've tested my LAN Turtle SD with a SanDisk® UltraPlus™ 128 GB microSDXC™ card: this card is supported… root@turtle:~# cat /proc/partitions major minor #blocks name 31 0 128 mtdblock0 31 1 1127 mtdblock1 31 2 15064 mtdblock2 31 3 1984 mtdblock3 31 4 64 mtdblock4 31 5 16192 mtdblock5 8 0 124868608 sda 8 1 124852224 sda1 root@turtle:~# (Sorry, I've not larger SD card!) Regards, Ed.
×
×
  • Create New...