tommyq

Hi. Just one last thanks for all your help!! I'm going to do what you say and avoid the extra complexities that crept in.

Using your script and re-doing the TOKEN/LICENSE codes has the device connecting. THANKS!!! I'm still unable to pass the param to the systemctl command line for some reason though and so I have to keep the putty window open to keep the session up. I'm on the right track thanks to your kind help. That was driving me nuts. Still is but I'm so much closer now 🙂

I'll drop the listenip as you say. Thanks. I put getting the IP into .bash_profile and did an export IP. IP=$(ifconfig eth0 | grep 'inet ' | awk '{print $2}') export IP After sourcing it I can echo $IP and it looks fine. Pretty well the same as you have shown. I want it as start on boot though and I assume using the systemctl restarts things if they crash? . When I reload the daemon and start the cloud service, I get in the status command a line that looks like $IP isn't evaluating still? ExecStart=/usr/local/bin/c2-3.2.0_amd64_linux -hostname $IP -listenip $IP -db /var/cloudc2/c2.db I know this is more linux stuff now key croc, but any ideas here would also be very much appreciated. root@xxxxxxxx:~# systemctl status cloudc2.service ● cloudc2.service - Hak5 Cloud C2 Loaded: loaded (/etc/systemd/system/cloudc2.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2022-07-12 21:17:06 UTC; 2s ago Main PID: 1651 (c2-3.2.0_amd64_) Tasks: 14 (limit: 1131) Memory: 17.8M CGroup: /system.slice/cloudc2.service ├─1651 /usr/local/bin/c2-3.2.0_amd64_linux -hostname -listenip -db /var/cloudc2/c2.db └─1665 /usr/local/bin/c2-3.2.0_amd64_linux -hostname -listenip -db /var/cloudc2/c2.db As I was typing this, I saw your update. It looks very close indeed to what I just did, but when I tried to use this with systemctl it didn't seem to take $IP as a variable??

I'm closer now but I think I've got to re-register the whole UI wrt tokens etc.

Here the plot thickens. The cloud server has something like a 46.xx.xx.xx IP address BUT, I got the impression that the droplet may not keep the IP when powered off. So, I added a static IP in the control panel for digital ocean. There is an attach to droplet feature. What I believed I was doing by taking out the reserved IP was ensuring that if it changed, there would be no problem. The cloud firewall has a 188.xx.xx.xx IPaddress. My assumption was that is NATing to whatever IP the server assigns at boot?? Certainly I can nc IP PORT to either IP and it's all fine so traffic wise the firewall isn't causing a problem. Here may be the really stupid bit. I set the start on boot as follows: ./c2-3.2.0_amd64_linux -hostname $(ifconfig eth0 | grep 'inet ' | awk '{print $2}') -listenip $(ifconfig eth0 | grep 'inet ' | awk '{print $2}') So there is a eth0 but now I'm thinking I've likely got the syntax wrong.. I've fiddled with this but not got the substitution right yet ..

Ah. I trawled through the stuff at https://forums.hak5.org/forum/96-hak5-cloud-c²/ Looking at it from that angle as well as the key croc. Sorry for being dense, what other things are you suggesting? I've ignored anything to do with certs as I'm not using https yet. I'm adding the device and then downloading the device config. Well thats what I believe, so I also have no idea how this is happening. Can you point me to the other things and I'll try them.

The device.config has mangled looking characters in it and the rest looks like a ssh key? An excerpt from the 1st and 2nd line is: root@croc:~/udisk# cat device.config eth0*8080B ▒o▒▒~V▒qnؖL▒i▒▒▒▒▒▒ժ▒)9▒▒3J ▒▒ ▒EH▒▒k}h▒▒ ?No▒ i▒q▒Ɂ▒▒PZ▒ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDtgzXk I also looked at pretty well all 8 pages of stuff in the other thread. Nothing seemed to relate to my issue.

I have a digitalocean droplet running. SSL isn't configured yet. TCP ports 22, 2022, 8080 confirmed open with nc from the key croc and tcpdump on the server. Port 80 does not seem to be open. I can access the C2 UI with port 8080 as per various setups. From the croc, I can ssh to the server with ports 22 or 2022 and see different ssh servers are behing the ports. OpenSSH associated with port 22 and SSH-2.0-Go with 2022. The croc is getting an IP from my home router. I can ssh to it from my laptop. I've downloaded and copied the device.config file to the root of the croc with both windows file manager (drag/drop) and winscp. Using the example payload I even added the C2NOTIFY instruction. Typing 'hello' sees the expected 'world!' . I've recreated the c2.db and the device is shown as never connected. The only odd thing I see is the reativate licenses go red, but the audit and server logs don't seem to show any errors. I'm on the community edition and have no devices. The reactivate seems to have lottle effect but if I hit F5 to refresh the page, it is again red? Any ideas on how to progress gratefully appreciated.