WiFi Pineapple Remains Offline In Cloud C2

[Simplicity_NoRe]

Hi All,

I have been having a pretty hard time getting my new Mark VII Pineapple to successfully connect to my Cloud C2 platform. I believe I have all the correct ports open, and if I am SSH'd into the pineapple I can ping 8.8.8.8 confirming I have internet access. I am unable to ping my VPS (amazon lightsail) which is where I am hosting my Cloud C2 instance. I have confirmed that my device.config file is in the proper directory on my pineapple.

I have TCP Ports 22,80,443,2022,8080 open on my VPS.

Anyone else experience an issue like this?

 

 

[Jiggy]

I am also having basically the same issue.  Im just running the Cloud C2 server locally and I can connect to it, add a device (wifi pinapple VII) then download my device.config file.  I have the wifi pineapple using ICS and it has connectivity as when on its browser gui I can successfully update the news and download modules etc.  At that point I go into its settings and upload the device.config file.  The file has properly uploaded because the browser displays the message "This device is enrolled in a Cloud C2 instance. Management from this local interface has been disabled".  At that point after a reboot its supposed to show up in Cloud C2 but it never does.

[chrizree]

Can you ping your local C2 server from your Mk7? Are necessary ports open on the C2 server making it possible for the Mk7 to communicate with the C2 instance?

[50m37h1n9_W1ck3d]

I am experiencing all the same issues. I also have I have TCP Ports 22,80,443,2022,8080 open on my VPS. from my MKVII I can ping 8.8.8.8 but I can not ping my AWS Lightsail servers static public ip or private ip. Has anyone figured out how to resolve this issue?

[chrizree]

You can't ping Lightsail servers, they don't respond to that. If you look inside your device.config file, do you see a domain name or IP address that corresponds with the address where you run your C2 instance? (Don't post any information here though that reveals unique information about your setup)

[spsjames]

Having similar trouble with a SharkJack. Should the device.config file have a mix of jibberish (as in actual code) as well as the hostname and SSH Key?

[chrizree]

Yes

[50m37h1n9_W1ck3d]

chrizree the only human readable text in my config file is "-listenip*8080B". 

No actual ip address or domain listed in plain text at least.  

[chrizree]

OK, it should be visible among the "binary garbage" in the device.config file. In what way do you start your C2 instance? (Don't post any sensitive/personal information such as domain names or IP addresses here though), I've helped ppl that has followed Darren's example using a variable for the IP address that makes a total mess of it all if you don't understand what you are doing and doing it wrong (no blame on Darren at all, he just did it in a way to help ppl and make it easier to get started). More exact, I've spent some hours with some users where it eventually surfaces that they have used $IP when starting the C2 instance, but using $IP isolated with nothing in that variable, it will for sure create problems that will make it look like the C2 instance is running perfectly well. However, it spills over all the way to the Hak5 devices since that creates a device.config file that also uses $IP as a parameter and that simply says nada to the Hak5 device which makes it impossible for it to connect to the C2 instance. I'm not sure if that is the fact for you specifically, but make sure that the C2 instance is started with an IP address or a domain name that is valid and reachable from the internet (or locally at least if using the C2 instance on a local network only) and then make sure that it's visible in the device.config file as well. From your output, it seems as if you have something wrong in the line that starts the C2 instance. "-listenip" shouldn't be a part of the device.config file. You should either have the IP address or domain name before the port in that file.

[50m37h1n9_W1ck3d]

Yes! I have been starting my instance with:  ./c2-*_amd64_linux -hostname $IP-listenip $IP

What should be changed? Where should in put my static IP in the command?

[chrizree]

Remove $IP and put the IP address there instead, you could also get rid of $IP-listenip, it's not a valid parameter (or it should be a space in there)

It could be scripted and use the $IP variable if $IP is given a valid value/IP address

Instead of:

./c2-*_amd64_linux -hostname $IP-listenip $IP

Use something like:

./c2-*_amd64_linux -hostname 10.10.10.10

(where 10.10.10.10 is an example)

[50m37h1n9_W1ck3d]

Damn, I thought we got somewhere. I entered the static IP for my Lightsale server after the hostname and got rid of the "-listenip $IP" and  the instance started right up. I started up my pineapple and I re-downloaded the config file from the C2 device setup. The config file now shows the static IP address and port 8080. I uploaded the file to my pineapple and... I'm stil getting the same issue. It is forcing me to remove the config file and reboot.

[chrizree]

What is forcing you to remove the config file and reboot?

[50m37h1n9_W1ck3d]

The Wifi Pineapple itself. After uploading the file it locks the pineapple and opens a window that says:

"This device is enrolled in a Cloud C² instance.
Management from this local interface has been disabled.

To re-enable, remove the Cloud C² configuration from this device."

 

However, this may be normal operation... maybe. Since the Pineapple is now running on the Cloud c2 server.  I'm not sure.  Seems a bit redundant if I can't access my evil portal now from the Cloud C2 session and such.

[chrizree]

Yeah, that's expected if you use the Mk7. You have a choice, either to administer it locally or using C2. If enrolling the Mk7 to C2, you get that message. It's unrelated to your previous issues.

[50m37h1n9_W1ck3d]

Awwww. That sucks. There seems to be way more user options and tools while using the MKVII locally compared to the C2. I really appreciate the help though! Thanks! 

[chrizree]

I know, it's a decision you have to make. I run all my Hak5 devices with Cloud C2 (that is possible), but not the Mk7 since I want to be able to access the features in the local web GUI rather than via Cloud C2.

[Aaron Outhier]

SharkJacks (mentioned earlier, albeit in the wrong area) won't connect to C2 by default. You have to explicitly call C2CONNECT from a payload when you're ready to connect to C2.

 

Similarly, use C2EXFIL to export loot.