Jump to content

DigitalOcean CloudC2 Droplet


J3 Remy
 Share

Go to solution Solved by dark_pyrro,

Recommended Posts

Hey everyone, I have been out of the CyberSecurity field for a minute and wanted to get back in by creating a CloudC2 droplet in DigitalOcean.  In the video, Darren is using AWS.  What would my bash scrip look like for my droplet?  

Thank you in advance for the guidance.

Link to comment
Share on other sites

  • 1 month later...

UPDATE:
When I run the following bash script:

wget https://c2.hak5.org/com -q -O c2.zip && unzip -qq c2.zip && \ IP=$(curl -s https://checkip.digitalocean.com) && \
echo "Copy the below setup token and browse to http://$IP:8080" && \./c2_community-linux64 -hostname $IP-listenip $IP

I get the error: "IP=: command not found"

I have checked it against the one that Darren runs in his YouTube video and  it is the same.  The only difference is, that I can see is, Darren is running Ubuntu 18.04 on Amazon LightSail and I am running Ubuntu 20.04 on DigitalOcean.

 

Again, any help is greatly appreciated.

 

S\F,

J3 Remy

Link to comment
Share on other sites

I would say that you are using a URL that probably does not exist. Where did you get that checkip URL from?

Or the fact that there are backslashes in odd places.

And that a binary name is used that isn't a part of what's unpacked; c2_community-linux64 should be c2-*_amd64_linux

And that the string to start C2 is malformed; $IP-listenip should be -listenip or.... actually only -hostname is needed since that is a mandatory parameter when starting C2, listenip.... skip it!

Edited by dark_pyrro
Link to comment
Share on other sites

18 hours ago, dark_pyrro said:

I would say that you are using a URL that probably does not exist. Where did you get that checkip URL from?  I guessed at the URL thinking it would close.  I honestly, am not sure what the address should look like.

Or the fact that there are backslashes in odd places.  The backslashes are in following Darren's example in the YouTube video, he mentions they indicate once a command is finished that it will start a new line, for a new command - I removed them.  I followed his entire script, just substituting where I thought was applicable.

And that a binary name is used that isn't a part of what's unpacked; c2_community-linux64 should be c2-*_amd64_linux.  Changed.

And that the string to start C2 is malformed; $IP-listenip should be -listenip or.... actually only -hostname is needed since that is a mandatory parameter when starting C2, listenip.... skip it!  Changed.

My new script looks like:

wget https://c2.hak5.org/com -q -O c2.zip && unzip -qq c2.zip && IP=$(curl -s https://checkip.cloud.digitalocean.com) && echo "Copy the below setup token and browse to http://$IP:8080" && ./c2-*_community-linux64 -hostname

When I execute it, it runs, however I am not presented with the setup token it brings me back to a command prompt.  Additionally, when I try to browse to the IP of the droplet, I do not see the CloudC2 login screen.   

 

 

Link to comment
Share on other sites

I broke my script into individual lines:

The line beginning with "wget..." executes.  I know this because all of the C2 editions are in my home directory, unzipped.

The next line "IP=$..." nothing happens.  

The last line "echo..." executes.  I am presented with "Usage of ./c2..."

 

My issue is now, how do I get a token to set it up as well as bind with the IP address of my droplet so that I can log into it via browser?  I'm guessing it has something to do with the line in which nothing happens.

Link to comment
Share on other sites

(You replied as I was typing, posting this anyway)

OK, this isn't working. Don't take a shovel of horse dung and throw it at the fan hoping not to get hit by it. You are still guessing. Stick to facts of things that works.

Dissect it all instead. It will most likely not be the way you usually start your C2 server anyway.

This is your latest startup command

wget https://c2.hak5.org/com -q -O c2.zip && unzip -qq c2.zip && IP=$(curl -s https://checkip.cloud.digitalocean.com) && echo "Copy the below setup token and browse to http://$IP:8080" && ./c2-*_community-linux64 -hostname

Break it down

wget https://c2.hak5.org/com -q -O c2.zip

Comment: OK, this works, should only be used once though (first time), although you could use this URL as well; https://c2.hak5.org/dl

unzip -qq c2.zip

Comment: Still OK

IP=$(curl -s https://checkip.cloud.digitalocean.com)

Comment: This is still not a valid URL to get your public IP. You are still guessing. Don't do that, stick to known URLs that is known to return a raw IP address that represents your C2 server. Use the Amazon one, for example, that Darren used. It works even though you are on DigitalOcean.

echo "Copy the below setup token and browse to http://$IP:8080"

Comment: Works good

./c2-*_community-linux64 -hostname

Comment: You are missing a vital part here, the IP address that is needed to get things running ./c2-*_community-linux64 -hostname $IP
And..... look at the binary your are trying to start, does it match anything that was downloaded and unpacked? No! You are calling a binary that doesn't exist (if you don't manually rename it after download and unzip)

Edited by dark_pyrro
Link to comment
Share on other sites

FIrst off, thank you for reply.  Breaking it out line by line to deduce the issue worked.  Hindsight, I should have done this a lot soon - would have saved the frustration.  I will be more cognizant of this going forward.

My next issue that I am running into is, the service has started, however when I try to browse to the IP address of my droplet, I receive a "Deceptive Website Warning" message.  Referring back to Darren's video, he assigns his VPS with a static IP, I thought I did this by assigning mine, what DigitalOcean refers to as a "Floating IP".  After Cloud C2 starts, it has my hostname as being the IP of the droplet, NOT the "Floating IP" that I thought was assigned.  Either address I browse to produces the warning and I receive a "Can't Open the Page" message, and that the server unexpectedly dropped the connection.

 

Again, I thank you for your help.

 

S\F, 

J3 Remy

Link to comment
Share on other sites

The issues/warnings you describe seems related to DigitalOcean. I haven't used them for any VPS so I can't tell, but I haven't encountered anythong similar running C2. Another possible reason is that it is Google Safe Browsing that triggers this behavior (or a combination). Difficult to tell though without the full picture of the setup and any specific DigitalOcean handling.

Link to comment
Share on other sites

  • Solution

I just set up a C2 server on DigitalOcean now and I can't reproduce any warnings. No problems at all. This is how I did it.

 

Scenario: Not an already existing DigitalOcean customer, simply starting from scratch.

Create a DigitalOcean account

Log in and you should be presented with the projects landing page, if not, go there.

DigitalOcean has already created the "first-project", use that project.

Under the "Manage" section, click "Droplets" (there are other ways to do this though)

Click "Create Droplet"

Select an OS image in the "Distributions" section, using "Ubuntu 20.04 (LTS) x64" when writing this.

Plan = "Basic" (the $5 per month "deal"), there are "get 100 bucks free" deals as well for those who wants to try it without any need of trying to steal the wallet from Jules Winnfield.

Don't add any block storage

Select datacenter

Skip additional options

Set authentication method for SSH, SSH keys are recommended but it's up to you

Change the hostname if desired (not mandatory). This is NOT the same thing as the "hostname" parameter when using C2!

The project is already selected for you since you should just have one project being a new user.

Skip backups (or, the choice is yours really)

Click "Create Droplet"

Under the "Manage" section, click "Droplets"

After a short while, the Droplet should be up and running and has been assigned a public IPv4 address (skip any use of Floating IPs if there is no explicit need for them).

Try to ping the public IP and it should reply, take note of the public IP address since you will need it later on.

Click on the newly created Droplet in the DigitalOcean web based "control panel" interface

Click on "Networking", then scroll down to "Firewalls", then "Edit", then "Create Firewall"

Set a name for the firewall

SSH is already present as an inbound rule, that is OK, leave it there

Add HTTP for port 80 TCP

Add Custom for port 443 TCP

Add Custom for port 8080 TCP

Add Custom for port 2022 TCP

(Leave the outbound rules as is)

Apply the firewall rules created to the Droplet by entering the name of the previously created Droplet in the textbox

Click "Create Firewall"

Click on the firewall name and verify that all ports seems to have been entered correctly

Under the "Manage" section, click "Droplets" (again), click the Droplet that represents your server

Click on "Console"

Run: apt clean && apt update && apt upgrade -y
(not mandatory)

Install unzip
apt install unzip

Create a new directory; mkdir hc2
(not mandatory either, just to keep things clean)

Enter that new directory; cd hc2

Get the C2 binaries
wget https://c2.hak5.org/dl -O c2.zip

Unpack the zip
unzip c2.zip

Do some more cleaning (not mandatory)
rm *armv* && rm *wind* && rm *darw* && rm *386* && rm *.zip

This should leave the Linux 64 bit binary and the sha checksum file

Verify the checksum
sha256sum -c sha256sums

There will be a lot of errors (since/if files have been deleted) but the following line should be there
"c2-3.1.2_amd64_linux: OK"

If being a true "cleaning lady", then remove the sha file as well
rm sha256sums

Now start the C2 server, the IP address is something that you should already have taken note of in previous steps
./c2-*_amd64_linux -hostname [public IP address of the Droplet]

The C2 server should now start, presenting the string "Running Hak5 Cloud C2"

Now fire up any web browser of choice and enter
http://[public IP address of the Droplet]:8080

NOTE! Make sure you use http since there is no https set up for the server! If you have any "always on https" extension in your browser, you might experience issues.

The Server Setup page of C2 will now show in the web browser. Configure it and it should run/start as intended ready for Hak5 devices to be added.

NOTE! The C2 server runs as long as you have an SSH session active (or as long as the Droplet is running and C2 is started with " &" in the end of the command), it is recommended to set the C2 server up as a service.

  • Thanks 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...