Jump to content

Step by step Cloud C2 setup


Recommended Posts

This is my first post for absolutely ages to the Hak5 community, and was prompted after I discovered an issue whilst following the various set up guides within the community, and having read some really negative and unfounded comments from others having a go at Hak5 for set up issues. 

[disclaimer]

From the very start, let me say that the issues were caused by my Virtual Server hosts here in the UK (Fasthosts) and by there system built in Firewall policy.   Kudos goes to Hak5 Darren for pointing me in the right direction as I thought I was losing the plot.  With hindsight, I should have checked the default firewall policy offered by my VPS hosts first and not assumed that everything was taken care of by the control panel gui.... 

Having created a new Debian VPS I followed the installation and setup guide https://docs.hak5.org/hc/en-us/articles/360012947614-Installation-and-Setup which appeared to work, I was able to connect to my new Cloud C2 control panel and add the generated setup token and licence key, and then add my WIFI Pineapple Mark VII using the downloadable device.config file generated by C2, however my Pineapple VII was unable to communicate with C2 and the connection status showed "last seen: never" which was odd considering the port used showed on the server as "open" and was listed as such in the VPS firewall settings. 

I tried again using different ports, each time with the same results. Turns out that my VPS host (Fasthosts) automatically block ports opened using the ufw utility which I used during the set up process. 

ufw allow 22,2022,80,8080,443/tcp
ufw enable
ufw reload
ufw status

The results showed:-


          To                                                      Action      From
          --                                                     ------            ----
          22,43,80,2022,8080/tcp              ALLOW       Anywhere
          22,43,80,2022,8080/tcp (v6)      ALLOW       Anywhere (v6)

And so I believed that the firewall was created correctly and working as expected. But as the Pineapple could not see the VPS I needed to dig a little deeper.

 

So next I verified that the ports were closed using Netcat / Nmap

First I scanned for open ports :-  (**replace 192.168.1.1 with the IP of your server) 

nmap 192.168.1.1    

The results were:-


          PORT         STATE     SERVICE
          22/tcp        open      ssh
          80/tcp        open      http
          443/tcp     closed    https
          2022/tcp   closed    down

 

As I expected the ports to be open, I then asked nmap to check if the host was protected by a firewall

 

nmap -sA 192.168.1.1

          PORT     STATE      SERVICE
          22/tcp   filtered ssh
          80/tcp   filtered http
          2022/tcp filtered down
          8080/tcp filtered http-proxy

 

Then I asked nmap to scan the host protected by a firewall

nmap -PN 192.168.1.1


          PORT     STATE  SERVICE
          22/tcp   open   ssh
          80/tcp   open   http
          2022/tcp closed  down
          8080/tcp closed http-proxy

The results were exactly the same after I disabled the ufw firewall ?  and so I spoke to the tech support guys at Fasthosts who told me that they automatically block certain ports and using ufw and their built in firewall could cause various problems.  One of the VPS setting options with Fasthosts is to create a firewall rule, opening (or closing) various ports.

The default settings already included 22, 80, and although I had added 2022 & 8080 and they showed as "open" in the Fasthosts GUI they were in fact "closed" as Fasthosts were themselves blocking the two ports (and some others).  Enabling and disabling the ufw firewall didn't have any affect but by enabling the Fasthosts firewall and closing all ports, then enabling the ufw firewall allowed the Pineapple MkVII to finally connect to the C2 server. 

Lesson learned. Don't believe what the VPS host GUI tells you.  

Here are all of the steps I used to spin up the Cloud C2 server from a completely fresh Debian install which did not have any networking tools enabled, the steps include the changes to the filenames to version 3.0.0. I realise that you can string commands together using && and automate confirmation using -y flag

First I installed all of the tools that I wanted to have on my new VPS, you may have different ideas, also I had given myself root permissions, but you could use the sudo command. 

apt install vim 
apt install netcat
apt install net-tools
apt install unzip
apt install ufw
apt install wget

 

Then I opened the ports

ufw allow 22,2022,80,8080,443/tcp
ufw enable
ufw reload
ufw status

 

Next, collect the setup file from Hak5

wget https://c2.hak5.org/download/community -O /tmp/community 

Then unzip it

unzip /tmp/community -d /tmp

The version I used (v 3.0.0) creates a folder in the temp directory called C2-3.0.0 (note capital C) and places the setup files inside.  I'm going to be using c2-3.0.0_amd64_linux in my example.

First move the unzipped files to the bin folder

mv /tmp/C2-3.0.0 /usr/local/bin

Then create a new directory

mkdir /var/hak5c2

Then create a service using Vim or your favourite text editor.

 vim /etc/systemd/system/hak5.service

Then enter the following (or cut and paste) replacing xxx.xxx.xxx.xxx with the IP address of your virtual server. This example uses https.

 

[Unit]
Description=Hak5 C2
After=hak5.service
[Service]
Type=idle
ExecStart=/usr/local/bin/C2-3.0.0/c2-3.0.0_amd64_linux -hostname xxx.xxx.xxx.xxx  -https -db /var/hak5c2/c2.db
[Install]
WantedBy=multi-user.target

You can cut and paste into vim 

1. copy the content of the text from the text file (Ctrl-C or right-click & copy)
2. open the file you want to edit with the vim editor.
3. type 'i' to enter the insert mode ( check at the bottom for — INSERT –)
4. hit this key combination: Shift + Right-click & choose the 'Paste' from the menu.

To save and quit vim, press the escape key followed by : w q   ( colon write quit) 

Now reload, enable and start the hak5 service

systemctl daemon-reload 
systemctl enable hak5.service 
systemctl start hak5.service

Check to see if the service is running

systemctl status hak5.service

You should get a confirmation that the service is running, along with a setup token which you will need to enter into the Cloud C2 setup page along with your License key and account information. It will look something like this:-


Oct 28 14:15:51 localhost c2-3.0.0_amd64_linux[1665]: [*] Initial Setup Required - Setup token: ABCD-2EF3-G45H-6IMN

Now open up your favourite web browser and enter the IP address of your VPS 

https://192.168.0.1/#/setup

Fill in the blanks needed to validate your license etc

You should now be able to add Hak5 gear.  See https://docs.hak5.org/hc/en-us/articles/360014295634-Adding-Devices-to-Cloud-C2

 

I'm don't profess to be a Linux expert nor am I the best teacher, but hopefully someone will benefit from some of the information provided. 

 Keep Safe 

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...