Jump to content

License Validation Clarification


oac

Recommended Posts

Can I get some info on how the licenses are validated?  I'm attempting to shove that Hak5C2 into a docker container, but I'm getting errors after deployment attempting to validate a license.

I'm deploying a Debian 9.5, both as a Digital Ocean droplet for initial testing and then as a Debian container.  When I run as the container, it can't validate the licensing.

I did a PCAP of the network traffic on the Droplet and can see it chatting with the licensing server, but that's obviously encrypted and I have no idea what the licensing server is looking for or why it can't validate.  Does the licensing server require additional visibility on the deployment?

Link to comment
Share on other sites

You're welcome to give it a look yourself, but I can't figure it out.  I've validated the container can reach https://c2.hak5.org and tried it with debian and ubuntu builds.

There might be an issue with how I'm doing the reverse proxy as the c2 host itself is not directly accessible on 80,8080,or 443 - it feeds through a reverse proxy on the front.  I put that info in the README on the github.  But I just get the following when entering the info using a key I ordered less than an hour ago and never used before.

Capture.png

https://github.com/overallcoma/Hak5-C2

Also - if it is a problem that I put a copy of the client on github let me know and I'll pull it off - I can implement a download-at-build setup if that is preferred.

Link to comment
Share on other sites

Quick update - I did modify the docker run slightly and attempt to just do 8080:8080 mapping, skip the encryption all together and go by IP address.  This also failed in the same way.

Does the license validation do something to check that it can directly reach the host?  Or that the hostname it gives itself is a valid, internet-accessible hostname?  Because I'm putting it behind a reverse proxy I set the hostname as the internal IP (you'll that in the run.sh script).

Still the same error and I tried it with another license I just generated a few minutes before I made this post, a few bit after the last post.  Maybe there is a verbose logging mechanism so I can see what is going on when it tries to connect?

Link to comment
Share on other sites

Hi Oac,

Currently the Cloud C2 server doesn't work properly behind a reverse proxy - we'll introduce settings which support this in the next update, which should be out within the week.

Unfortunately, this doesn't seem to have anything to do with the fact the license cannot be validated. The message "error validating license key" means that there was an issue communicating with the c2.hak5.org server, or that the response was incomplete or corrupted. 

I'm going to see if I can replicate the issue. If I can we'll make sure it's fixed for the next update.

Link to comment
Share on other sites

Thanks Seb

Let me know if I can assist.  Bear in mind if you're using that repo I linked that I did not put in any volumes so none of the config data will be stored.  I figured I would implement volumes once it was validating the setup.

If you want a pcap or whatnot of the communication coming off the container during license validation, let me know.

Link to comment
Share on other sites

  • 1 month later...

The problem still exists, but I found the cause: the package ca-certificates is missing in the Docker containers. Using the Dockerfile below, I confirmed that C2 is able to validate the license key.

FROM debian:stable-slim

RUN apt-get update && apt-get install -y --no-install-recommends \
		ca-certificates \
	&& rm -rf /var/lib/apt/lists/*

...

 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...