boxturtle Posted August 6, 2019 Posted August 6, 2019 I seem to have successfully stood up a C2 server (2.0.0 edition) and have connected a Lan Turtle to it. I can see the turtle in the dashboard, and the cc-client command appears to successfully connect (I spent a long time just getting to this point). When I try to light up an SSH connection from the browser, it doesn't work. From the browser's perspective it just looks like a timeout. From the turtle, I was able to capture a command that was executing: 1673 root 3616 SN {ssh} C2TERM -NR 22:localhost:22 XXXXX.YYYYY.cloudapp.azure.com -p 2022 This command executed for a little while on the turtle and then stopped. It certainly looks like a reverse SSH shell command, but why in the world is it assuming port 22 is open on the remote host (the -R option)? Of course it's not, and I'd venture to guess that's the reason this is failing. Is there any way to override that?
Audrick Posted August 16, 2019 Posted August 16, 2019 I am confused since I see the -p with 2022. I thought you only use one. Either -p or -R. Am I just not understanding the command.
Darren Kitchen Posted August 18, 2019 Posted August 18, 2019 I recommend checking your firewall settings. The C2 Server listens by default on port 2022 for incoming SSH connections. This is configurable with the -sshport parameter. From the CLI usage: -certFile string Custom SSL Certificate file (disabled letsencrypt) -db string Path to the c2 database (default "c2.db") -hostname string Hostname of server (ip or DNS name) -https Enable https (requires ports 80 and 443) -keyFile string Custom SSL Key file (disables letsencrypt) -listenip string IP address to listen on (default "0.0.0.0") -listenport string Port of the HTTP server (default "8080") -reverseProxy If set, Cloud C2 will work behind a reverse proxy -reverseProxyPort string If reverseProxyPort is set, this port will be the internet facing port the Cloud C2 will be available at -sshport string Port of the SSH server (default "2022")
Recommended Posts
Archived
This topic is now archived and is closed to further replies.