Jump to content
All Your Base

C2 ports documentation

Recommended Posts

I've begun setting up my C2 today, and I'm really surprised that neither the official documentation (here), nor this forum, seems to contain any kind of comprehensive documentation for the network ports of the C2, like for example what they are respectively used for more exactly, and which of them are required to be exposed to the internet for the correct functionality (of the respective features) of the different Hak5 devices?

Am I missing something obvious here, or isn't this one of the first questions asked by many people settings up any kind of server with ports exposed to the internet?

Some important questions that I have regarding the ports are for example the following:

  1. Which ports of the C2 server are the required to expose to the internet in order for the different Hak5 devices to be able to connect back to the C2 over the internet?
  2. Which additional ports need to be exposed in order for any possible "extra features" of the different Hak5 devices to work (and in that case, which port for which feature)?
  3. Is it really true that I cannot use HTTPS over any other port than 443? In that case, why on earth is this? (I'd rather not draw unnecessary attention to my internet exposed server by exposing this standard HTTPS port to the internet)

For security reasons (including "keeping a low profile" for my internet exposed server), I'd rather expose as few ports as possible to the internet.

For example, if possible, it would be great if I only needed to expose one single (fully configurable!) port towards the internet in order for my Hak5 devices to work together with the C2, while keeping e.g. the HTTP admin GUI locked down completely network-wise, to rather only be accessed locally from my internal network. But this doesn't seem to be possible, am I right?

Share this post


Link to post
Share on other sites
On 2/20/2020 at 5:57 PM, All Your Base said:

I've begun setting up my C2 today, and I'm really surprised that neither the official documentation (here), nor this forum, seems to contain any kind of comprehensive documentation for the network ports of the C2, like for example what they are respectively used for more exactly, and which of them are required to be exposed to the internet for the correct functionality (of the respective features) of the different Hak5 devices?

Am I missing something obvious here, or isn't this one of the first questions asked by many people settings up any kind of server with ports exposed to the internet?

Some important questions that I have regarding the ports are for example the following:

  1. Which ports of the C2 server are the required to expose to the internet in order for the different Hak5 devices to be able to connect back to the C2 over the internet?
  2. Which additional ports need to be exposed in order for any possible "extra features" of the different Hak5 devices to work (and in that case, which port for which feature)?
  3. Is it really true that I cannot use HTTPS over any other port than 443? In that case, why on earth is this? (I'd rather not draw unnecessary attention to my internet exposed server by exposing this standard HTTPS port to the internet)

For security reasons (including "keeping a low profile" for my internet exposed server), I'd rather expose as few ports as possible to the internet.

For example, if possible, it would be great if I only needed to expose one single (fully configurable!) port towards the internet in order for my Hak5 devices to work together with the C2, while keeping e.g. the HTTP admin GUI locked down completely network-wise, to rather only be accessed locally from my internal network. But this doesn't seem to be possible, am I right?

Please remember that obfuscation is not truly considered a form of "security". Even though you will open port 443 for HTTPS that form of traffic is encrypted, and if you harden your server you can help counter general threats. If you are worried about people seeing that you have an open port you can create firewall rules to inhibit external traffic to that port, utilize anti-scanner tools, etc. 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...