Jump to content

Hak5 Cloud C2


Sebkinne

Recommended Posts

Hi everyone,

We just launched the Hak5 Cloud C2!

I just wanted to give everyone a heads up and give some basic instructions on how to get everything set up:

Setting up the Hak5 Cloud C2 Server

To set up the Hak5 Cloud C2 server, simply head over to https://c2.hak5.org, download either the community or professional edition, and wait for an email to arrive with the download link and licence key.

Once you have downloaded the ZIP file containing the server, choose the correct version for your OS and architecture (such as linux 64bit), and execute the binary. You will be prompted to add some parameters such as '-hostname'. We recommend setting up the Hak5 Cloud C2 with DNS.

Once running, you will have a setup token printed to your terminal. Make a note of that and head over to the configured IP / DNS and port using your favorite web browser (Firefox or Chrome(ium) are recommended). You will be be guided through the setup there, and asked to enter your setup token and licence key.

After performing the initial setup, if you need further help, click on the three dots in the top right corner and click on "Help".

 

Update your device firmwares:

WiFi Pineapple

  • Update your WiFi Pineapple NANO or TETRA to version 2.4.0 or above, via the webinterface as you do normally

Packet Squirrel

LAN Turtle

  • Update your LT, LT-SD, or LT-3G by using the "Check for updates" button inside of the turtle shell. Alternatively, follow the manual upgrade instructions from https://lanturtle.com/setup.  You'll want to be on version 5 or above to have Cloud C2 support.

 

Provisioning your devices:

Once you have updated all of your Hak5 devices, you can go ahead and create new devices in the Hak5 Cloud C2 interface. After doing so, you'll be able to download the device.config files for each device by clicking the device from the list and then clicking the setup button from the device's menu.

Once you have the config file, SCP it into the /etc/ folder on your device of choice and reboot the device. You should see it come online in the Hak5 Cloud C2 interface within a few minutes.

Please remember that your devices will need to be networked to be able to reach the Hak5 Cloud C2 server (a mistake we made a lot during development).

 

Introducing the Hak5 Cloud C2 video:

 

Link to comment
Share on other sites

  • Replies 71
  • Created
  • Last Reply

You guys are awesome. Quick question about the Individual Pen Tester/Free version. What does "Single User, Single Site" mean exactly? Does that mean I can't have devices in more than 1 place at a time? I need to keep my Pineapples all in one place? Thanks!

 

D

Link to comment
Share on other sites

2 hours ago, Darren Kitchen said:

The business version will add the ability to logically differentiate by site, along with multiple logins for teams / collaboration. 

There is no limit to where devices may be deployed, however the stats on the home tab are aggregated from all devices in the site.

Awesome - this is great. I can't wait to play around with this tonight when I get home :)

Link to comment
Share on other sites

On 10/1/2018 at 8:43 PM, Sebkinne said:

Please remember that your devices will need to be networked to be able to reach the Hak5 Cloud C2 server (a mistake we made a lot during development)

as an enthusiast im wanting to learn so.....

im running everything on my home network.

 

1337th post

Link to comment
Share on other sites

Appreciate any comments. I'm sure i'm not"getting" the instructions above... i did the download, and i have c2_community-linux-64 in my home directory. I then constructed the following string which i'm sure is wrong:

sudo ./c2_community-linux-64 -hostname 127.0.0.1 -https -listenip 127.0.0.1     and i get "Running Hak5 Cloud C2"


And when i go to use Firefox, i enter: http://127.0.0.1:8080 and i get the error message:

An error occurred during a connection to 127.0.0.1:8080. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

 

I also tried it without the -https.  Thanks for help!  --orrin

Link to comment
Share on other sites

29 minutes ago, orrin said:

Appreciate any comments. I'm sure i'm not"getting" the instructions above... i did the download, and i have c2_community-linux-64 in my home directory. I then constructed the following string which i'm sure is wrong:

sudo ./c2_community-linux-64 -hostname 127.0.0.1 -https -listenip 127.0.0.1     and i get "Running Hak5 Cloud C2"


And when i go to use Firefox, i enter: http://127.0.0.1:8080 and i get the error message:

An error occurred during a connection to 127.0.0.1:8080. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG. The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

 

I also tried it without the -https.  Thanks for help!  --orrin

There are a couple of issues I can see:

  1. Listening on 127.0.0.1 / setting the hostname to 127.0.0.1 while enabling https - This will not work, as HTTPS uses let's encrypt and expects a DNS name
  2. Listening on 127.0.01 - While this should work, devices (WiFi Pineapple, LAN Turtle, Packet Squirrel) will not be able to communicate with the server.

If you want to run it locally, I would suggest doing something like "sudo ./c2_community-linux-64 -hostname localhost".

Link to comment
Share on other sites

1 hour ago, Sebkinne said:

There are a couple of issues I can see:

  1. Listening on 127.0.0.1 / setting the hostname to 127.0.0.1 while enabling https - This will not work, as HTTPS uses let's encrypt and expects a DNS name
  2. Listening on 127.0.01 - While this should work, devices (WiFi Pineapple, LAN Turtle, Packet Squirrel) will not be able to communicate with the server.

If you want to run it locally, I would suggest doing something like "sudo ./c2_community-linux-64 -hostname localhost".

Seb, i did "sudo ./c2_community-linux-64 -hostname localhost" and in the firefox browser "localhost:8080" and i get the setup screen, yay! but i couldn't find a "setup token" in or at my terminal. (I have my license key okay.)  Then i did "cat c2.db" and near the end of that file was " == token" + 4 groups of 4 letters, so i used that as a token.  Is that correct?

Then, on the setup screen, for Username and Password,  i just made up something new.

Then, after i get the setup done, do i understand you to mean that " -hostname localhost" won't allow communicating with the Pineapple? If that is the case, what would be an example of a -hostname that *would* allow comms with a Pineapple? Thanks... i got to the "Devices - Clients - Landscape" screen so i am making progress. ... Thanks for help!

Link to comment
Share on other sites

the token should of been on the output of the command line when it starts , the FIRST time .. if you cat or tail the db file i beleive the very last line should include the token .. it will be in all caps, and int i think the format of XXX-XXX-XXX

 

Hope this helps

Link to comment
Share on other sites

image.png

When running Hak5 Cloud C2 for the first time it will display the setup token as shown above.

If you haven't completed setup during this first run of the server and you've lost the terminal log / setup token - you can force initial setup again by deleting the c2.db file (or whatever other file you may have specified with -db).

Do this with caution as any connected device will then be lost - so if you've completed setup, added devices and deployed them in the field then deleting the .db file is absolutely not something you want to be doing.

Link to comment
Share on other sites

14 hours ago, lowk3y said:

Hey, how can I download Hak5 Cloud C2; I've placed order and everything got Order confirmed email as well as "Invoice for that order", but no download link?

Check your spam folder for an email from Hak5 Downloads noreply@sendowl.com with a subject line containing your HakShop.com order number. 

Link to comment
Share on other sites

22 minutes ago, Darren Kitchen said:

Check your spam folder for an email from Hak5 Downloads noreply@sendowl.com with a subject line containing your HakShop.com order number. 

Fun, nothing in spam folder only mail from shop@hak5.org with subject "Order #xxxxxx confirmed", but without any links to download. It only says "..
Your order will ship as soon as possible — typically within 1-3
business days."

 

 

Link to comment
Share on other sites

4 hours ago, Darren Kitchen said:

image.png

When running Hak5 Cloud C2 for the first time it will display the setup token as shown above.

If you haven't completed setup during this first run of the server and you've lost the terminal log / setup token - you can force initial setup again by deleting the c2.db file (or whatever other file you may have specified with -db).

Do this with caution as any connected device will then be lost - so if you've completed setup, added devices and deployed them in the field then deleting the .db file is absolutely not something you want to be doing.

So, i missed seeing the token on first startup, but (as the suggestion just above yours says) i found "token XXXX-XXXX-XXXX-XXXX" at the tail end of the c2.db file. I used that and have gotten thru setup to the point where i see the "Devices - Clients - Landscape" screen.

So is that an okay way to retrieve the token? From the tail end of the c2.db file? Or should i delete c2.db and start over?      ... thanks

Link to comment
Share on other sites

Sebkinne, you wrote, in part:

15 hours ago, Sebkinne said:

If you want to run it locally, I would suggest doing something like "sudo ./c2_community-linux-64 -hostname localhost".


It does run like that, okay. But do i understand you correctly that it won't connect to my Pineapple when run like that? If that is the case, could you give me an example of a command-line that *will* allow me to connect to the Pineapple?  (C2 for dummies i guess.)    Like " -hostname 192.168.0.10" (if .10 is my ubuntu box) or should it be my network-assigned IP for the Pineapple. ... Thank you.

Link to comment
Share on other sites

Everyone,
This is how I see it. Please correct me if I am wrong....

orrin,
Its the IP (or DNS name if you have such a setup on an internal 192.168.xx.xx network) of the box you have put c2_community-linux-64 on. As I see it Cloud C² does not call up your devices, your devices call "home" to Cloud C². This will be the address that forms part of each device.config file so when your device goes online it knows where to call.

If you are testing Cloud C² on an internal / home network you could use sudo ./c2_community-linux-64 -hostname 192.168.0.10 if 192.168.0.10 is the computer running Cloud C². Of course if the device is not in your network a 192.168.xx.xx address will not be reachable over the Internet.

You then access the Cloud C² GUI using http://192.168.0.10:8080.

Then (once each device has had its device.config file generated and placed in the /etc/ directory on the device it was generated for, and the device is equipped / set to connect to the network) you can view the connections as they come in.

If you then later start up c2_community-linux-64 using different settings (like a different IP) you will need new device.configs for all the devices.

Same applies if you later point your external IP address to your Cloud C² box and start using a DNS name like cloudc2.example.com (where example.com is replaced by your domain) and https.

Basically once you have created device.config files for your devices you should use the same start-up settings for c2_community-linux-64 every time until you are finished, get all your devices back and can start all over again with different settings /options selected. 

Link to comment
Share on other sites

Aethernaut, Sebkinne, Darren & Florida Tech, thanks for all comments.  The gist is: success!   Details:

 

I got the C2 dashboard running. Generated a device.config file for a Pineapple, and scp'd it over to the Pineapple /etc/ directory, and rebooted it. The Pineapple connected to my home router via wlan2, got an IP address from the router. But the Pineapple wasn't showing up on the C2. Then i did a "remove" a couple times on the Pineapple. No joy.

Then i thought, well maybe i need to generate a new device.config file after removing and re-adding the device.  That worked finally. Yay!

Hope my experience helps a few more people too. I've been using Linux heavily for only a couple years, and only started watching Hak5 (and other sites) and decoding OOK (for example) in January 2018. I didn't know what SCP was until tonight.

Link to comment
Share on other sites

After playing for a few days there's one feature I would love to see implemented access to the management page of the Nano either forwarding 1471 to the server so you can access it through DNS or putting access to the management page in a tab on the C2 as once the pineapples deployed checking modules would be nice

Link to comment
Share on other sites

On 10/4/2018 at 9:34 PM, Darren Kitchen said:

Check your spam folder for an email from Hak5 Downloads noreply@sendowl.com with a subject line containing your HakShop.com order number. 

Ok, solved the mystery of not getting the email ..it seems this sendowl.com service is sending the email with non-deliverable mail so if you're having address verification turned on postfix it will bounce it back.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.

×
×
  • Create New...