ipfsec Posted May 25, 2020 Share Posted May 25, 2020 Hi, I'm not shure if i'm in the right forum because i don't know if its a C2Cloud or a Keycroc or a user issue 😕 I've got my keycroc last week and configured it over the weekend and played around. Now i have installed C2Cloud on a AWS Lightsail Instace and it's running fine. I've downloaded the device.config and scp'd it over to the keycroc (so its online in my wireless network) but the device never gonna connect to the c2 installation. 😕 C2 is running with certificate. Service status seems fine. I opened the ports tcp/80, tcp/8080, tcp/22, tcp/2022 and tcp/443 incoming. Does anyone have an idea why its not working? 😞 Thanks a lot! ipfsec Quote Link to comment Share on other sites More sharing options...
ipfsec Posted May 28, 2020 Author Share Posted May 28, 2020 Nevermind. Got it. Seems to be a problem when copying from OSX Machine via finder to the device. So if you having trouble also, try to scp directly 😉 1 Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted May 30, 2020 Share Posted May 30, 2020 Our of curiosity, what was the issue you had with Finder on your Mac? Quote Link to comment Share on other sites More sharing options...
ipfsec Posted June 1, 2020 Author Share Posted June 1, 2020 Hi Darren, seems that Finder is copying in strange way. Just drag & dropped it from my downloads folder onto the keycroc and it didn't work. After scp'ing it via terminal I had no issues with connecting.  😕 Quote Link to comment Share on other sites More sharing options...
brish Posted July 31, 2020 Share Posted July 31, 2020 Since upgrading to the latest firmware, I have been unable to get my Key Croc to connect to C2. Was there any follow up with this issue or other known aspects about it? I have completely reset it. I have tried with multiple internet and wifi connections where I have complete control. The Croc can see (at least ping) the server where C2 is located. All other devices can still connect to C2. I have tested removing the firewall settings on the C2 server. I have removed and created a new device in C2 downloading the updated config. Based on this post, I have removed all aspects of the device.config file and sent it to the Croc with scp from Windows. In all previous cases (including when it worked in the past), I was using arming mode and just copied the device.config file to the root of the Croc in Windows Explorer. On a side note that may not be related, I have had much more difficulty connecting to wifi since upgrading. Changing the config.txt has not worked immediately. I did find that I could update the wpa_supplicant.conf file which would work. After resetting, I noticed that the connections were easier. However, after I changed the root password, it was not wanting to connect when making changes to the config file. Once I changed it back to the default password, the config.txt file changes seem to work just fine. I have not tested this thoroughly, so it may just be a coincidence. This also did not resolve the issue with C2. Quote Link to comment Share on other sites More sharing options...
Jscott3717 Posted October 20, 2020 Share Posted October 20, 2020 I am having issues getting my key croc to connect to the C2 server I have moved to device.config file to the udisk using both the explorer and the command prompt with no luck Any suggestions? Thank you  Quote Link to comment Share on other sites More sharing options...
Jtyle6 Posted October 20, 2020 Share Posted October 20, 2020 (edited) Did you put your WiFi info into the confg file? https://docs.hak5.org/hc/en-us/articles/360048015093-Getting-the-Key-Croc-Online Edited October 20, 2020 by Jtyle6 Website Quote Link to comment Share on other sites More sharing options...
P0E Posted October 19, 2021 Share Posted October 19, 2021 Sorry to resurrect such an old thread but I'm having similar issues to you @brish - I've got a full functional C2 server with other Hak5 devices connecting fine, my KeyCroc connects to wifi no problem, C2 has a proper CA signed certificate, my KeyCroc can telnet to my C2 server on all ports no problem but it will just not connect! Tried both firmware versions, no luck - it's driving me nuts. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted October 24, 2021 Share Posted October 24, 2021 (edited) From my post(s) on Discord: It could be linked to the fact that Let's Encrypt changed their root certificate as per the 30th of September. This can/will create problems for certain devices and operating systems. There is a fair amount of general info about this on the internet to read and how to solve it. Since the Croc is running Debian Jessie 8, it could be working, or not. Jessie is one of the operating systems that could work depending on how updated it is. If it's not updated, it might not work since it trusts the old/unsupported chain and root cert. So, IdenTrust DST Root CA X3 has expired and ISRG Root X1 is the one to use. Validate the chain (for example using the "openssl" command on the Croc). It will perhaps say that the chain ends up with the expired IdenTrust DST Root CA X3 certificate. The scenario might be worth checking at least. On the Croc, do the following First check if this is the problem you are facing or not, either by executing: openssl s_client -connect your.c2-domain.com:443 -servername your.c2-domain.com or: curl -I https://your.c2-domain.com/ Both should indicate that the certificate has expired (the root certificate that is) Verify if the expired "DST Root CA X3" certificate is available on the system (hence probably giving you problems with the Croc), it will be there if you got expired certificate issues from the commands above Command: grep X3 /etc/ca-certificates.conf Output (or the vital part of it): mozilla/DST_Root_CA_X3.crt Older Debian releases most likely have the needed ISRG Root X1 present as well Command: grep X1 /etc/ca-certificates.conf Output (or the vital part of it): mozilla/ISRG_Root_X1.crt "Backup" the ca-certificates.conf file cp /etc/ca-certificates.conf /etc/ca-certificates.conf.old1 Disable/remove/"blacklist" the X3 root certificate: sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf Then execute: update-ca-certificates -f Check that the change has taken place. The output of the command below should show the "DST Root CA X3" as the "diff" since it's removed diff /etc/ca-certificates.conf /etc/ca-certificates.conf.old1 Verify the certificate chain again, it should now be OK (or, if you have C2 running, the Croc should show up more or less immediately after the "update-ca-certificates" command has been executed): openssl s_client -connect your.c2-domain.com:443 -servername your.c2-domain.com and/or: curl -I https://your.c2-domain.com/ Edited November 6, 2021 by dark_pyrro Quote Link to comment Share on other sites More sharing options...
P0E Posted October 25, 2021 Share Posted October 25, 2021 Awesome thanks buddy - I'll try it out! Quote Link to comment Share on other sites More sharing options...
MikeCheval Posted November 17, 2021 Share Posted November 17, 2021 Thank you so much ! Works perfectly ! 💯 Quote Link to comment Share on other sites More sharing options...
oldjamey Posted June 25 Share Posted June 25 This is the only thing that worked for me. It took me hours of troubleshooting to finally find my way to this post. The only thing that I might add is that this should also be done on the c2 server and not just the croc. It was only when I updated both that it successfully connected. Thanks for the help. @Darren Kitchen, they should really address this in the documentation or fix this via the device firmware and c2 binaries. Until then, just create use this patch script from @dark_pyrro's commands above and save in `~/c2_connection_patch.sh` on the croc and c2 server, then run `sh ~/c2_connection_patch.sh`: #!/bin/sh # check if patch needs to be applied: if grep X3 /etc/ca-certificates.conf | grep -qE '^!'; then echo 'system is already patched.' exit 0 fi # backup /etc/ca-certificates.conf: echo 'backing up /etc/certificates.conf...' cp /etc/ca-certificates.conf /etc/ca-certificates.conf.bak # blacklist the X3 root certificate: echo 'blacklisting the X3 root certificate...' sed -i '/^mozilla\/DST_Root_CA_X3/s/^/!/' /etc/ca-certificates.conf # update ca certs: echo 'updating ca certs...' update-ca-certificates -f echo 'done.' echo echo 'please reboot hak5 device, and restart cloud c2 server.'  Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.