Jump to content

C2, Lan Turtle, and SSH


boxturtle

Recommended Posts

I seem to have successfully stood up a C2 server (2.0.0 edition) and have connected a Lan Turtle to it. I can see the turtle in the dashboard, and the cc-client command appears to successfully connect (I spent a long time just getting to this point). When I try to light up an SSH connection from the browser, it doesn't work. From the browser's perspective it just looks like a timeout. From the turtle, I was able to capture a command that was executing:

 1673 root      3616 SN   {ssh} C2TERM -NR 22:localhost:22 XXXXX.YYYYY.cloudapp.azure.com -p 2022

This command executed for a little while on the turtle and then stopped. It certainly looks like a reverse SSH shell command, but why in the world is it assuming port 22 is open on the remote host (the -R option)? Of course it's not, and I'd venture to guess that's the reason this is failing.

Is there any way to override that?

Link to comment
Share on other sites

  • 2 weeks later...

I recommend checking your firewall settings. The C2 Server listens by default on port 2022 for incoming SSH connections. This is configurable with the -sshport parameter. From the CLI usage:

  -certFile string
    	Custom SSL Certificate file (disabled letsencrypt)
  -db string
    	Path to the c2 database (default "c2.db")
  -hostname string
    	Hostname of server (ip or DNS name)
  -https
    	Enable https (requires ports 80 and 443)
  -keyFile string
    	Custom SSL Key file (disables letsencrypt)
  -listenip string
    	IP address to listen on (default "0.0.0.0")
  -listenport string
    	Port of the HTTP server (default "8080")
  -reverseProxy
    	If set, Cloud C2 will work behind a reverse proxy
  -reverseProxyPort string
    	If reverseProxyPort is set, this port will be the internet facing port the Cloud C2 will be available at
  -sshport string
    	Port of the SSH server (default "2022")

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...