Jump to content

[RELEASE] Hak5 Cloud C2 3.0.x


Recommended Posts

Hi!

Hak5 is proud to announce the second major annual update to our Command and Control platform — Cloud C2.

Version 3.0.0 introduces Teams Edition with support for multiple users and multiple sites — further enabling red teams and pentest firms to conduct collaborative remote operations from anywhere. With granular real-time Role-Based Access Controls and advanced audit logging, administrators are provided comprehensive and historical insight into every aspect of Cloud C2.

Moreover, architectural changes pave the way for more frequent releases to take advantage of the rich library of hardware, modules and payloads within the Hak5 ecosystem.

The new user interface, inspired by the 7th generation WiFi Pineapple, will feel as familiar as it is refined — providing at-a-glance insight and simplified controls on desktop and mobile. We've even introduced some experimental features, such as the 3D Cartographer Recon view for 6th and 7th generation WiFi Pineapple platforms.

Supported platforms will receive firmware updates — bringing higher performance with lower network throughput. As an example, 6th and 7th generation WiFi Pineapples will benefit from a PineAP engine optimization, reducing CPU utilization from a ~70% to ~3% average, all the while providing faster and more reliable Recon scans.

Cloud C2 version 3.0 is available today as a free over-the-air update to all Community and Professional users. Installations are now simplified with a unified binary, while dynamic licensing allows you to scale your Cloud C2 instance by upgrading at any time.

We hope you enjoy this monumental release. Thank you for your continued support, and as always please share your feedback here and from the link within Cloud C2.

c21.png

Cloud C2 version 3.0.0 Key Features

  • Introducing Teams Edition
  • Multiple Users
  • Multiple Sites
  • Role-Based Access Control / real-time permission controls
  • Advanced Auditing
  • Single binary for all editions (Community, Professional, Teams)
  • Automatic data migration for upgrades
  • Dynamic licensing enabling edition upgrades without redeployment
  • Avatars for users, sites and devices
  • Refined dashboard adopting style from 7th generation WiFi Pineapple
  • Experimental Cartographer Recon view for 6th and 7th generation WiFi Pineapples
  • Support for WiFi Pineapple Mark VII in addition to all networked Hak5 gear
  • Server side database administration controls
  • Device synchronization status and device state history
  • Command line password recovery option

c22.png

You can grab the download via the OTA system once the update becomes available to your Cloud C2 instance (this could take up-to an hour!), or via the Hak5 Download Portal. License upgrades (e.g. Pro -> Teams) will be available fromc2.hak5.org soon.

Once logging in, existing devices will be unassigned to a site. Add them to the default site by going to Settings > Device Settings > All Devices and then assign them to an available site.

3.0.1 Changelog

  • Fix an issue where UI license upgrades / reactivation returned error
  • Improved server output and logging
  • Add verbose flag (-v) to show timestamps in log output
  • Add -setLicenseKey and -setEdition flags
  • Improved server performance and stability under high load
  • Default avatars added to migration process
  • Devices will be automatically added to default site on upgrade to 3.X.X
  • Fix a Firefox caching bug that constantly refreshes the UI
  • Various minor UI fixes and improvements
  • Add links to the Hak5 icon library
  • Various improvements to mobile layout
  • Double clicking the server on Windows will now display server usage

3.0.2 Changelog

  • Fix an issue preventing Signal Owl devices from being opened.

 

  • Like 1
Link to post
Share on other sites

As mentioned in the above post, existing C2 instances will require your device to be assigned to the default site. You can do this by navigating to Settings > Device Settings > All Devices and then assigning them to an available site.

 

  • Like 1
Link to post
Share on other sites

I already downloaded and for all I saw, is working very well. So far, so good. Congratulations to the development team because the new UI is really light and fast. I will be using only the MK7 to make all the tests until I verify all the features. Definitely, is a Cloud C2 milestone: All new, all fresh, all fast. Is another Hak5 signature product. 

So, now this "controversy" is ended and I don't have to read anymore the comments from @Jtyle6 trying to justify the 4 times delayed release. 😀. So, let's work!

I will describe how I did to help other users that are using the same platform.

  1. First of all, you need to update the Pineapple MK7 to firmware 1.01 (remember that you need to recreate the credentials and redo the configuration after the update)
  2. I enter on my instance were I have the Cloud C2 Community Installed (running as service)
  3. When you log in, a window will appear asking to upgrade to V3 version. After this, the process initiate automatically.
  4. When I tried to log in, the installation refused my credentials (I think that was lost in the update process). 
  5. To make faster, I deleted the c2.db, forcing the system to recreate a new instance of the service with a new db file. 
  6. You will need the  License number (obtained when you bought a Hak5 product or was downloaded from the Hak5 site for free (Community Edition) and the setup Token (that appears when you start the program c2_community-platform) or use a command sudo systemctl status cloudc2.service if, like me, you are using c2 as service in linux.
  7. With this information, you can create a root user and a site (both with the possibility to use a file .jpg 400x400 as image). Great. 
  8. And the UI starts to working.
  9. To add a MK7, just click to add a device and will be asked to choose the type (now we have the MK7) name and description and you can choose an image too. 
  10. After this, enter on your device, click SETUP and download the configuration file device.config. This file needs to be downloaded in a folder that you can have access using the Pineapple. I made this using a device connected on the MK7 manager SSID. The MK7 is configured to use a WIFI link to provide the Internet connection. If you are connected to Internet (You can verify this on the MK7 checking the news or updates), you can enter on the C2 UI and download the device.config using a local folder and after make the upload to the MK7.
  11. At the end of left menu is a gear icon. At the end of Gear page you will find a button to do upload the device.config file.
  12. After the enroll process, you will see a popup with "Cloud C2 Enrolled" and the control now is on Cloud C2 UI.  

And, finally, let's do our job to use both products and give our important feedback to the developers, and make this product even better!!! 

c2v3.jpg

Edited by L3N1
Link to post
Share on other sites

Awesome 😊

I was going to be a little disappointed 2 days ago then I got the 1.0.1 update on the mark VII and had the feeling it was going to be released shortly after!

However, I didn't expect it this fast so I only found out today when I connected to my C2 cloud ^^

Thanks to all the the development team 1nd everyone at hak5 for their awesome work!

We very appreciate your hard work!

Take care

Link to post
Share on other sites
48 minutes ago, Jtyle6 said:

I keep on getting. page updated. Every few seconds.

Mozilla/5.0 (X11; Linux aarch64; rv:82.0) Gecko/20100101 Firefox/82.0

I'm having the same issue,

I thought it was just a server config like openvas at first,

But then I accessed my cloud c2 server on a Windows machine utilizing google chrome as the browser and it doesn't do this.

Have you worked out a fix for this yet?

 

 

Link to post
Share on other sites
8 minutes ago, Tammy876 said:

I'm having the same issue,

I thought it was just a server config like openvas at first,

But then I accessed my cloud c2 server on a Windows machine utilizing google chrome as the browser and it doesn't do this.

Have you worked out a fix for this yet?

 

 

No idea yet.

Link to post
Share on other sites
7 hours ago, Tammy876 said:

I'm having the same issue,

I thought it was just a server config like openvas at first,

But then I accessed my cloud c2 server on a Windows machine utilizing google chrome as the browser and it doesn't do this.

Have you worked out a fix for this yet?

 

 

Same here but only when I am using firefox on android..

It work just fine on firefox for linux

Link to post
Share on other sites
  • 2 weeks later...

Would love to have the option to use custom http / https ports . Would make things easier when running with apache...

Which ports do i need to open on a selfhosted vps ? (needed ports for c2 to work with devices ) is port 22 needed to be exposed to the internet ? (i guess for the shell access to the devices ) ?

Please some more infos :-)

Great Update and work !

Link to post
Share on other sites

Have you looked at the Cloud C2 setup videos that Darren has put up? Not explicitly for v3.0.0 but the ports should be the same. Not exactly sure what you mean with "selfhosted vps" but the ports needed should be the same as in the video.

https://youtu.be/TIpx_ENurLY?t=378

 

Link to post
Share on other sites

good hint ! so tcp 8080 (if used default) 2022 ok , but what about 22 ? do i need to open 22 if i dont ssh into the c2 server ?

does the c2 server need port 22 or is that just the common ssh port ( i guess yes ).

 

Still cutom ssl ports needed ! .-)

Link to post
Share on other sites

To my knowledge, port 22 has nothing to do with the functionality of Cloud C2, i.e. SSH is not a mandatory part to get it all up and running. For instance, I have no active internet facing port 22 on the VPS running my C2 instance and it works all fine for me. Why not just disabling/blocking port 22 and see how it works out for you. Not sure right now about the SSL port thing, have you tried the listenport parameter?

Link to post
Share on other sites

thanks for the 22 info ! as i guessed , but im uable to use the reverse shells , it just loads forever ...

the custom port is not setting the sll listener , so i would need to set http port and https to a custom cause port 80 and 443 are already used by apache

 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...