Jump to content

reinaertvdc

Active Members
  • Content Count

    9
  • Joined

  • Last visited

About reinaertvdc

  • Rank
    Hackling

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Sorry for my slow response, I only got around to trying it out now. Adding your line works indeed, many thanks! My C² container now uses <20MB RAM, a fraction of what it used before, awesome!
  2. To the Hak5 staff, would you consider distributing Cloud C² binaries that will run in Alpine Linux, which is "built around musl libc and busybox" instead of glibc? Alpine uses only a fraction of the storage/ram of other Linux distro's, which is particularly interesting for Docker containers (and Alpine also has some additional security measures). Thank you for considering. https://alpinelinux.org/about/
  3. As a follow-up, @3mrgnc3, is your C2 available over plain HTTP too? Because otherwise you either got the devices working over HTTPS or they are indeed phoning home over SSH. Either way I'd love to know.
  4. My server logs indicate that devices call back via HTTP, and that's confirmed by Darren Kitchen in another thread. https://forums.hak5.org/topic/44491-guide-hak5c2/?do=findComment&comment=311892 From his post I understand that SSH is optional and only needed if you want the terminal. Now if I respond to the device callbacks with a 301 redirect to https, the devices ignore it. If I set my reverse proxy port on 443, NGINX logs complain of invalid requests, so I'm guessing the devices are trying to connect to 443 via plain HTTP. Therefore I see no way to get the devices to use HTTPS. Concerning your "Disconnected." problem, my LAN Turtle did the same, while my Tetra and my Squirrel worked just fine. Rebooted my Turtle, problem remained. Rebooted again, problem was gone. Rebooted again, problem still gone. So I'm guessing it's a bug and your configuration is fine. I suggest rebooting your Tetra and/or server and see if that helps. I didn't check my C2 logs at the time, and I've reinstalled the server since, so I have no idea if I had those "multiple response.WriteHeader calls" errors too.
  5. I've done some more testing and it seems the LAN Turtle will just never phone home over HTTPS. No matter if I run C2 with the -https flag or set -reverseProxyPort 443 or set -listenport 443, the LAN Turtle will always use plain HTTP when connecting to C2. Is this correct? My current setup checks almost all boxes. C2 is available at c2.mydomain.com through HTTPS, and HTTPS is handled transparently by NGINX while the proxied C2 remains plain HTTP. The only thing I'm missing is the Turtle also connecting over HTTPS, but at this point I'm assuming that's just not supported. For reference, I run C2 as follows. c2_community-linux-64 -hostname c2.mydomain.com -reverseProxy -reverseProxyPort 80 The accompanying NGINX configuration looks as follows (simplified). server { listen 80; server_name c2.mydomain.com; # Requests by Hak5 devices remain on plain HTTP. location /dapi { proxy_pass http://localhost:8080; } # All other requests are redirected to HTTPS. location / { return 301 https://$server_name$request_uri; } } server { listen 443 ssl; server_name c2.mydomain.com; # Browser only, Hak5 devices don't seem to use HTTPS. location / { proxy_pass http://localhost:8080; } } Again, is there a way to move the Turtle to HTTPS too, or is this the best I can do?
  6. The problem still exists, but I found the cause: the package ca-certificates is missing in the Docker containers. Using the Dockerfile below, I confirmed that C2 is able to validate the license key. FROM debian:stable-slim RUN apt-get update && apt-get install -y --no-install-recommends \ ca-certificates \ && rm -rf /var/lib/apt/lists/* ...
  7. Does this mean that what I'm trying to do should at least be possible? And that my last setup with reverse proxy is more or less correct?
  8. Yes, I'm sure, I did ping and wget from the Turtle. The C2 SSH port 2022 is also reachable.
  9. I have an existing domain mydomain.com, already secured with Let's Encrypt, and hosted through NGINX. Now I wanted to make C2 available at c2.mydomain.com, and I accomplished this using an NGINX proxy_pass, of which I put a simplified version below. server { listen 443 ssl; server_name c2.mydomain.com; proxy_pass http://127.0.0.1:8080; ... } C2 is then run simply as follows. c2_community-linux-64 -hostname c2.mydomain.com As you can see, NGINX converts the incoming HTTPS connections to HTTP before passing them through to C2, which is how I would prefer it. This setup works fine when surfing to c2.mydomain.com using my browser, but my LAN Turtle won't show up in the C2 device list. I've tried several different combinations of parameters for C2, but nothing worked so far. I've deleted c2.db after each attempt and I've made sure that device.config is placed in /etc on my Turtle. For the C2 arguments, I'm assuming I should not use the -https flag, since I want C2 to be a plain HTTP server and let NGINX handle HTTPS. My latest attempt was to enable reverse proxy with port 443, but that didn't fly either. c2_community-linux-64 -hostname c2.mydomain.com -reverseProxy -reverseProxyPort 443 Is what I'm trying to do even possible? Any help would be much appreciated.
×
×
  • Create New...