Step by step Cloud C2 setup

[Asterix]

This is my first post for absolutely ages to the Hak5 community, and was prompted after I discovered an issue whilst following the various set up guides within the community, and having read some really negative and unfounded comments from others having a go at Hak5 for set up issues. 

[disclaimer]

From the very start, let me say that the issues were caused by my Virtual Server hosts here in the UK (Fasthosts) and by there system built in Firewall policy.   Kudos goes to Hak5 Darren for pointing me in the right direction as I thought I was losing the plot.  With hindsight, I should have checked the default firewall policy offered by my VPS hosts first and not assumed that everything was taken care of by the control panel gui.... 

Having created a new Debian VPS I followed the installation and setup guide https://docs.hak5.org/hc/en-us/articles/360012947614-Installation-and-Setup which appeared to work, I was able to connect to my new Cloud C2 control panel and add the generated setup token and licence key, and then add my WIFI Pineapple Mark VII using the downloadable device.config file generated by C2, however my Pineapple VII was unable to communicate with C2 and the connection status showed "last seen: never" which was odd considering the port used showed on the server as "open" and was listed as such in the VPS firewall settings. 

I tried again using different ports, each time with the same results. Turns out that my VPS host (Fasthosts) automatically block ports opened using the ufw utility which I used during the set up process. 

ufw allow 22,2022,80,8080,443/tcp

ufw enable

ufw reload

ufw status

The results showed:-

          To                                                      Action      From
          --                                                     ------            ----
          22,43,80,2022,8080/tcp              ALLOW       Anywhere
          22,43,80,2022,8080/tcp (v6)      ALLOW       Anywhere (v6)

And so I believed that the firewall was created correctly and working as expected. But as the Pineapple could not see the VPS I needed to dig a little deeper.

 

So next I verified that the ports were closed using Netcat / Nmap

First I scanned for open ports :-  (**replace 192.168.1.1 with the IP of your server) 

nmap 192.168.1.1    

The results were:-

          PORT         STATE     SERVICE
          22/tcp        open      ssh
          80/tcp        open      http
          443/tcp     closed    https
          2022/tcp   closed    down

 

As I expected the ports to be open, I then asked nmap to check if the host was protected by a firewall

 

nmap -sA 192.168.1.1

          PORT     STATE      SERVICE
          22/tcp   filtered ssh
          80/tcp   filtered http
          2022/tcp filtered down
          8080/tcp filtered http-proxy

 

Then I asked nmap to scan the host protected by a firewall

nmap -PN 192.168.1.1

          PORT     STATE  SERVICE
          22/tcp   open   ssh
          80/tcp   open   http
          2022/tcp closed  down
          8080/tcp closed http-proxy

The results were exactly the same after I disabled the ufw firewall ?  and so I spoke to the tech support guys at Fasthosts who told me that they automatically block certain ports and using ufw and their built in firewall could cause various problems.  One of the VPS setting options with Fasthosts is to create a firewall rule, opening (or closing) various ports.

The default settings already included 22, 80, and although I had added 2022 & 8080 and they showed as "open" in the Fasthosts GUI they were in fact "closed" as Fasthosts were themselves blocking the two ports (and some others).  Enabling and disabling the ufw firewall didn't have any affect but by enabling the Fasthosts firewall and closing all ports, then enabling the ufw firewall allowed the Pineapple MkVII to finally connect to the C2 server. 

Lesson learned. Don't believe what the VPS host GUI tells you.  

Here are all of the steps I used to spin up the Cloud C2 server from a completely fresh Debian install which did not have any networking tools enabled, the steps include the changes to the filenames to version 3.0.0. I realise that you can string commands together using && and automate confirmation using -y flag

First I installed all of the tools that I wanted to have on my new VPS, you may have different ideas, also I had given myself root permissions, but you could use the sudo command. 

apt install vim 

apt install netcat

apt install net-tools

apt install unzip

apt install ufw

apt install wget

 

Then I opened the ports

ufw allow 22,2022,80,8080,443/tcp

ufw enable

ufw reload

ufw status

 

Next, collect the setup file from Hak5

wget https://c2.hak5.org/download/community -O /tmp/community 

Then unzip it

unzip /tmp/community -d /tmp

The version I used (v 3.0.0) creates a folder in the temp directory called C2-3.0.0 (note capital C) and places the setup files inside.  I'm going to be using c2-3.0.0_amd64_linux in my example.

First move the unzipped files to the bin folder

mv /tmp/C2-3.0.0 /usr/local/bin

Then create a new directory

mkdir /var/hak5c2

Then create a service using Vim or your favourite text editor.

 vim /etc/systemd/system/hak5.service

Then enter the following (or cut and paste) replacing xxx.xxx.xxx.xxx with the IP address of your virtual server. This example uses https.

 

[Unit]
Description=Hak5 C2
After=hak5.service
[Service]
Type=idle
ExecStart=/usr/local/bin/C2-3.0.0/c2-3.0.0_amd64_linux -hostname xxx.xxx.xxx.xxx  -https -db /var/hak5c2/c2.db
[Install]
WantedBy=multi-user.target

You can cut and paste into vim 

1. copy the content of the text from the text file (Ctrl-C or right-click & copy)
2. open the file you want to edit with the vim editor.
3. type 'i' to enter the insert mode ( check at the bottom for — INSERT –)
4. hit this key combination: Shift + Right-click & choose the 'Paste' from the menu.

To save and quit vim, press the escape key followed by : w q   ( colon write quit) 

Now reload, enable and start the hak5 service

systemctl daemon-reload 

systemctl enable hak5.service 

systemctl start hak5.service

Check to see if the service is running

systemctl status hak5.service

You should get a confirmation that the service is running, along with a setup token which you will need to enter into the Cloud C2 setup page along with your License key and account information. It will look something like this:-

Oct 28 14:15:51 localhost c2-3.0.0_amd64_linux[1665]: [*] Initial Setup Required - Setup token: ABCD-2EF3-G45H-6IMN

Now open up your favourite web browser and enter the IP address of your VPS 

https://192.168.0.1/#/setup

Fill in the blanks needed to validate your license etc

You should now be able to add Hak5 gear.  See https://docs.hak5.org/hc/en-us/articles/360014295634-Adding-Devices-to-Cloud-C2

 

I'm don't profess to be a Linux expert nor am I the best teacher, but hopefully someone will benefit from some of the information provided. 

 Keep Safe 

[odinroy]

impossible to mount, cloud, I'm with Debian running on a scratch, I constantly err file, does anyone know I'm doing wrong?thanks

 

pi@raspberry:/ $ sudo systemctl status hak5.service
● hak5.service - Hak5 C2
     Loaded: loaded (/etc/systemd/system/hak5.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Fri 2023-02-10 17:54:34 CET; 8s ago
    Process: 3399 ExecStart=/usr/local/bin/c2-3.2.0_i386_linux -hostname 192.168.5.73 -https -db /var/hak5c2/c2.db (code=exited, status=203/EXEC)
   Main PID: 3399 (code=exited, status=203/EXEC)
        CPU: 5ms

Feb 10 17:54:34 raspberry systemd[1]: Started Hak5 C2.
Feb 10 17:54:34 raspberry systemd[3399]: hak5.service: Failed to execute /usr/local/bin/c2-3.2.0_i386_linux: Exec format error
Feb 10 17:54:34 raspberry systemd[3399]: hak5.service: Failed at step EXEC spawning /usr/local/bin/c2-3.2.0_i386_linux: Exec format error
Feb 10 17:54:34 raspberry systemd[1]: hak5.service: Main process exited, code=exited, status=203/EXEC
Feb 10 17:54:34 raspberry systemd[1]: hak5.service: Failed with result 'exit-code'.
pi@raspberry:/ $ sudo vim /etc/systemd/system/hak5.service
pi@raspberry:/ $ sudo systemctl status hak5.service
Warning: The unit file, source configuration file or drop-ins of hak5.service changed on disk. Run 'systemctl daemon-reload' to reload units.
● hak5.service - Hak5 C2
     Loaded: loaded (/etc/systemd/system/hak5.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Fri 2023-02-10 17:54:34 CET; 4min 42s ago
    Process: 3399 ExecStart=/usr/local/bin/c2-3.2.0_i386_linux -hostname 192.168.5.73 -https -db /var/hak5c2/c2.db (code=exited, status=203/EXEC)
   Main PID: 3399 (code=exited, status=203/EXEC)
        CPU: 5ms

Feb 10 17:54:34 raspberry systemd[1]: Started Hak5 C2.
Feb 10 17:54:34 raspberry systemd[3399]: hak5.service: Failed to execute /usr/local/bin/c2-3.2.0_i386_linux: Exec format error
Feb 10 17:54:34 raspberry systemd[3399]: hak5.service: Failed at step EXEC spawning /usr/local/bin/c2-3.2.0_i386_linux: Exec format error
Feb 10 17:54:34 raspberry systemd[1]: hak5.service: Main process exited, code=exited, status=203/EXEC
Feb 10 17:54:34 raspberry systemd[1]: hak5.service: Failed with result 'exit-code'.
 

[dark_pyrro]

4 hours ago, odinroy said:

ExecStart=/usr/local/bin/c2-3.2.0_i386_linux -hostname 192.168.5.73 -https -db /var/hak5c2/c2.db

There are more than one faulty use of C2 here. If you are using a Raspberry Pi, you can't use a Intel architecture binary. You have to use one that is suitable for the Raspberry Pi. Depending on what Pi model you are using and what OS, it's one of the Arm binaries, probably Armv7. Second thing, you can't use https along with an IP address if using the built in Lets Encrypt certificate. You need to use a domain name along with https.

So, get a domain name or just run C2 without https. Also use the correct C2 binary. I would suggest getting everything to work properly by executing it manually from the command line before setting it up as a service.

[odinroy]

Yes, the https, remove it, and I have tried with all the files, and now I get a permission error, I am by SSH and graphical desktop, with root permissions, this is crazy, I do not know that I have closed so that I do not give permissions, the server now gives me problems too, the same is now issue of router or ports nose,   In the end I take a hammer and solve it quickly with the Raspberry. 🙂

pi@raspberry:~ $ sudo systemctl daemon-reload
sudo systemctl enable hak5.service
sudo systemctl start hak5.service
sudo systemctl status hak5.service
● hak5.service - Hak5 C2
     Loaded: loaded (/etc/systemd/system/hak5.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Sat 2023-02-11 11:26:07 CET; 71ms ago
    Process: 3487 ExecStart=/usr/local/bin/c2-3.2.0_armv7_linux -hostname 192.168.5.73 (code=exited, status=203/EXEC)
   Main PID: 3487 (code=exited, status=203/EXEC)
        CPU: 4ms

Feb 11 11:26:07 raspberry systemd[1]: Started Hak5 C2.
Feb 11 11:26:07 raspberry systemd[3487]: hak5.service: Failed to locate executable /usr/local/bin/c2-3.2.0_armv7_linux: Permission denied
Feb 11 11:26:07 raspberry systemd[3487]: hak5.service: Failed at step EXEC spawning /usr/local/bin/c2-3.2.0_armv7_linux: Permission denied
Feb 11 11:26:07 raspberry systemd[1]: hak5.service: Main process exited, code=exited, status=203/EXEC
Feb 11 11:26:07 raspberry systemd[1]: hak5.service: Failed with result 'exit-code'.
 

 

[odinroy]

Forbidden

You don't have permission to access this resource.

---

Apache/2.4.54 (Raspbian) Server at 192.168.5.73 Port 80

[dark_pyrro]

Apache... what else are you running on that Raspberry Pi device that seem to bind ports?

What's the output of

sudo netstat -tulpn | grep LISTEN

What processes are listening to what ports?

[dark_pyrro]

And... as I said before, try to run the C2 server manually first before trying to set it up as a service.

[odinroy]

El 11/02/2023 a las 19:23, dark_pyrro dijo:

Y... como dije antes, intente ejecutar el servidor C2 manualmente antes de intentar configurarlo como un servicio.

Voy a empezar de cero, reinstalando debian en la raspberry, porque es cierto que ya tenía un servidor web y es posible que haya conflictos, pero no sé cómo iniciar C2 manualmente, ni siquiera en windows . Creo que soy demasiado nuevo o tengo demasiado control con ciertas configuraciones.

[dark_pyrro]

In English...

[odinroy]

Ups sorry

I'm going to start from scratch, reinstalling debian on the raspberry, because it's true that I already had a web server and there may be conflicts, but I don't know how to start C2 manually, not even on windows . I think I'm too new or have too much control with certain settings.

[dark_pyrro]

Starting from scratch is most likely a good way of moving forward. Starting C2 manually is not complicated at all. Especially not if reading the documentation or just simply reading the output when running the C2 binary without parameters. Looking at the videos available is also a source for knowledge. The most simple way of starting C2 from the command line is (for a ARMv7 based Pi):

./c2-*_armv7_linux -hostname <ip address of the Pi>

 

[odinroy]

6 minutes ago, dark_pyrro said:

Starting from scratch is most likely a good way of moving forward. Starting C2 manually is not complicated at all. Especially not if reading the documentation or just simply reading the output when running the C2 binary without parameters. Looking at the videos available is also a source for knowledge. The most simple way of starting C2 from the command line is (for a ARMv7 based Pi):

./c2-*_armv7_linux -hostname <ip address of the Pi>

 

I also think that by having, apart from the router, some repeaters to provide coverage to the room, I have a lot of trouble with port forwarding and IPs, I'm going to try again and we'll see if this time I'm less messed up. Thank you for your time, I'll tell you

[odinroy]

Indeed, I have repeated the entire process and now if the clud is activated, it does not give me errors, but I cannot enter through any browser, I don't know if it is something from the router or firewall, I will investigate. But the previous error is fixed, there was a conflict with the web server.

[odinroy]

ok, it's giving me a failed ssl connection :-((

[dark_pyrro]

14 minutes ago, odinroy said:

it's giving me a failed ssl connection

Where? In the browser when trying to access the C2 web UI? Are you using a web browser that has "always on https" (or whatever it's called in different browsers) enabled? Assuming you are running the C2 server only using http and the local IP address of the Pi, then you should make sure the browser isn't stopping you from using http. Also remember to use port 8080 (if you haven't changed anything).

[odinroy]

9 minutes ago, dark_pyrro said:

¿Dónde? ¿En el navegador al intentar acceder a la interfaz de usuario web de C2? ¿Está utilizando un navegador web que tiene habilitado "siempre en https" (o como se llame en diferentes navegadores)? Suponiendo que está ejecutando el servidor C2 solo usando http y la dirección IP local de Pi, entonces debe asegurarse de que el navegador no le impida usar http. También recuerde usar el puerto 8080 (si no ha cambiado nada).

I have tried chrome, firefox, I have disconnected antivirus, and I have tried in windows and linux, and they all give me the same error.

This website cannot be reachedThe page ***.***.*.*** has refused the connection.
Try to:

check connection
Check proxy and firewall
ERR_CONNECTION_REFUSED

[dark_pyrro]

Can you ping the Pi machine from some other device on the same network?

[odinroy]

20 minutes ago, dark_pyrro said:

¿Puede hacer ping a la máquina Pi desde algún otro dispositivo en la misma red?

I have the cloud working, it gives me a token and the ip address perfectly, but I can't enter.
I have tried ping from another pc and it works fine, it gives me a response.
And the server starts ok:

pi@server:~ $ sudo systemctl status hak5.service
* hak5.service - hak5 C2
      Loaded: loaded (/etc/systemd/system/hak5.service; enabled; vendor preset: enabled)
      Active: active (running) since Mon 2023-02-13 13:13:39 CET; 1min 28s ago
    Main PID: 449 (c2-3.2.0_armv7_)
       Tasks: 19 (limit: 1596)
         CPU: 779ms
      CGroup: /system.slice/hak5.service
              |-449 /usr/local/bin/C2-3.2.0/c2-3.2.0_armv7_linux -hostname 192.168.5.221 -https -db /var/hak5c2/c2.db
              `-804 /usr/local/bin/C2-3.2.0/c2-3.2.0_armv7_linux -hostname 192.168.5.221 -https -db /var/hak5c2/c2.db

Feb 13 13:13:39 systemd server[1]: Started Hak5 C2.
Feb 13 13:13:46 server c2-3.2.0_armv7_linux[804]: [*] Initializing Hak5 Cloud C2 v3.2.0
Feb 13 13:13:46 server c2-3.2.0_armv7_linux[804]: [*] Hostname: 192.***.***.***
Feb 13 13:13:46 server c2-3.2.0_armv7_linux[804]: [*] DB Path: /var/hak5c2/c2.db
Feb 13 13:13:46 server c2-3.2.0_armv7_linux[804]: [*] Initial Setup Required - Setup token: B1BT-****-O2EZ-****
Feb 13 13:13:46 server c2-3.2.0_armv7_linux[804]: [*] Running Hak5 Cloud C2

[dark_pyrro]

I quote myself:

On 2/10/2023 at 10:30 PM, dark_pyrro said:

Second thing, you can't use https along with an IP address if using the built in Lets Encrypt certificate. You need to use a domain name along with https.

https://forums.hak5.org/topic/53537-step-by-step-cloud-c2-setup/?do=findComment&comment=360804

 

You can not use the https parameter along with an IP address if using the built in LetsEncrypt certificate handling! Still you start the service with:

8 minutes ago, odinroy said:

/usr/local/bin/C2-3.2.0/c2-3.2.0_armv7_linux -hostname 192.168.5.221 -https -db /var/hak5c2/c2.db

 

[odinroy]

5 minutes ago, dark_pyrro said:

I quote myself:

https://forums.hak5.org/topic/53537-step-by-step-cloud-c2-setup/?do=findComment&comment=360804

 

You can not use the https parameter along with an IP address if using the built in LetsEncrypt certificate handling! Still you start the service with:

 

OMG it's true, I didn't realize in that command line to remove it, I'm going to repeat the process again, we'll see what happens now.
Thank you

[odinroy]

It's finally here!!! , now I'm afraid to turn off the raspberry ;-), I hope it will still work when I start it. Thank you very much for the help, otherwise it would have been impossible.

[dark_pyrro]

One thing that might be a problem is that the Pi most likely doesn't get the network up and running before the Cloud C2 service starts. This will lead to a situation where Cloud C2 isn't starting on boot as it should be doing. This is happening because C2 checks if it's a valid license at every start and if C2 hasn't got any internet connection to verify the license, then the service will fail. You can solve this by adding a "sleep" to the service file. 20-30 seconds will be enough.