Asterix Posted October 28, 2020 Share Posted October 28, 2020 This is my first post for absolutely ages to the Hak5 community, and was prompted after I discovered an issue whilst following the various set up guides within the community, and having read some really negative and unfounded comments from others having a go at Hak5 for set up issues. [disclaimer] From the very start, let me say that the issues were caused by my Virtual Server hosts here in the UK (Fasthosts) and by there system built in Firewall policy. Kudos goes to Hak5 Darren for pointing me in the right direction as I thought I was losing the plot. With hindsight, I should have checked the default firewall policy offered by my VPS hosts first and not assumed that everything was taken care of by the control panel gui.... Having created a new Debian VPS I followed the installation and setup guide https://docs.hak5.org/hc/en-us/articles/360012947614-Installation-and-Setup which appeared to work, I was able to connect to my new Cloud C2 control panel and add the generated setup token and licence key, and then add my WIFI Pineapple Mark VII using the downloadable device.config file generated by C2, however my Pineapple VII was unable to communicate with C2 and the connection status showed "last seen: never" which was odd considering the port used showed on the server as "open" and was listed as such in the VPS firewall settings. I tried again using different ports, each time with the same results. Turns out that my VPS host (Fasthosts) automatically block ports opened using the ufw utility which I used during the set up process. ufw allow 22,2022,80,8080,443/tcp ufw enable ufw reload ufw status The results showed:- To Action From -- ------ ---- 22,43,80,2022,8080/tcp ALLOW Anywhere 22,43,80,2022,8080/tcp (v6) ALLOW Anywhere (v6) And so I believed that the firewall was created correctly and working as expected. But as the Pineapple could not see the VPS I needed to dig a little deeper. So next I verified that the ports were closed using Netcat / Nmap First I scanned for open ports :- (**replace 192.168.1.1 with the IP of your server) nmap 192.168.1.1 The results were:- PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp closed https 2022/tcp closed down As I expected the ports to be open, I then asked nmap to check if the host was protected by a firewall nmap -sA 192.168.1.1 PORT STATE SERVICE 22/tcp filtered ssh 80/tcp filtered http 2022/tcp filtered down 8080/tcp filtered http-proxy Then I asked nmap to scan the host protected by a firewall nmap -PN 192.168.1.1 PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 2022/tcp closed down 8080/tcp closed http-proxy The results were exactly the same after I disabled the ufw firewall ? and so I spoke to the tech support guys at Fasthosts who told me that they automatically block certain ports and using ufw and their built in firewall could cause various problems. One of the VPS setting options with Fasthosts is to create a firewall rule, opening (or closing) various ports. The default settings already included 22, 80, and although I had added 2022 & 8080 and they showed as "open" in the Fasthosts GUI they were in fact "closed" as Fasthosts were themselves blocking the two ports (and some others). Enabling and disabling the ufw firewall didn't have any affect but by enabling the Fasthosts firewall and closing all ports, then enabling the ufw firewall allowed the Pineapple MkVII to finally connect to the C2 server. Lesson learned. Don't believe what the VPS host GUI tells you. Here are all of the steps I used to spin up the Cloud C2 server from a completely fresh Debian install which did not have any networking tools enabled, the steps include the changes to the filenames to version 3.0.0. I realise that you can string commands together using && and automate confirmation using -y flag First I installed all of the tools that I wanted to have on my new VPS, you may have different ideas, also I had given myself root permissions, but you could use the sudo command. apt install vim apt install netcat apt install net-tools apt install unzip apt install ufw apt install wget Then I opened the ports ufw allow 22,2022,80,8080,443/tcp ufw enable ufw reload ufw status Next, collect the setup file from Hak5 wget https://c2.hak5.org/download/community -O /tmp/community Then unzip it unzip /tmp/community -d /tmp The version I used (v 3.0.0) creates a folder in the temp directory called C2-3.0.0 (note capital C) and places the setup files inside. I'm going to be using c2-3.0.0_amd64_linux in my example. First move the unzipped files to the bin folder mv /tmp/C2-3.0.0 /usr/local/bin Then create a new directory mkdir /var/hak5c2 Then create a service using Vim or your favourite text editor. vim /etc/systemd/system/hak5.service Then enter the following (or cut and paste) replacing xxx.xxx.xxx.xxx with the IP address of your virtual server. This example uses https. [Unit] Description=Hak5 C2 After=hak5.service [Service] Type=idle ExecStart=/usr/local/bin/C2-3.0.0/c2-3.0.0_amd64_linux -hostname xxx.xxx.xxx.xxx -https -db /var/hak5c2/c2.db [Install] WantedBy=multi-user.target You can cut and paste into vim 1. copy the content of the text from the text file (Ctrl-C or right-click & copy) 2. open the file you want to edit with the vim editor. 3. type 'i' to enter the insert mode ( check at the bottom for — INSERT –) 4. hit this key combination: Shift + Right-click & choose the 'Paste' from the menu. To save and quit vim, press the escape key followed by : w q ( colon write quit) Now reload, enable and start the hak5 service systemctl daemon-reload systemctl enable hak5.service systemctl start hak5.service Check to see if the service is running systemctl status hak5.service You should get a confirmation that the service is running, along with a setup token which you will need to enter into the Cloud C2 setup page along with your License key and account information. It will look something like this:- Oct 28 14:15:51 localhost c2-3.0.0_amd64_linux: [*] Initial Setup Required - Setup token: ABCD-2EF3-G45H-6IMN Now open up your favourite web browser and enter the IP address of your VPS https://192.168.0.1/#/setup Fill in the blanks needed to validate your license etc You should now be able to add Hak5 gear. See https://docs.hak5.org/hc/en-us/articles/360014295634-Adding-Devices-to-Cloud-C2 I'm don't profess to be a Linux expert nor am I the best teacher, but hopefully someone will benefit from some of the information provided. Keep Safe Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.