J3 Remy Posted October 7, 2021 Posted October 7, 2021 Hey everyone, I have been out of the CyberSecurity field for a minute and wanted to get back in by creating a CloudC2 droplet in DigitalOcean. In the video, Darren is using AWS. What would my bash scrip look like for my droplet? Thank you in advance for the guidance.
J3 Remy Posted November 19, 2021 Author Posted November 19, 2021 UPDATE: When I run the following bash script: wget https://c2.hak5.org/com -q -O c2.zip && unzip -qq c2.zip && \ IP=$(curl -s https://checkip.digitalocean.com) && \ echo "Copy the below setup token and browse to http://$IP:8080" && \./c2_community-linux64 -hostname $IP-listenip $IP I get the error: "IP=: command not found" I have checked it against the one that Darren runs in his YouTube video and it is the same. The only difference is, that I can see is, Darren is running Ubuntu 18.04 on Amazon LightSail and I am running Ubuntu 20.04 on DigitalOcean. Again, any help is greatly appreciated. S\F, J3 Remy
dark_pyrro Posted November 19, 2021 Posted November 19, 2021 I would say that you are using a URL that probably does not exist. Where did you get that checkip URL from? Or the fact that there are backslashes in odd places. And that a binary name is used that isn't a part of what's unpacked; c2_community-linux64 should be c2-*_amd64_linux And that the string to start C2 is malformed; $IP-listenip should be -listenip or.... actually only -hostname is needed since that is a mandatory parameter when starting C2, listenip.... skip it!
J3 Remy Posted November 20, 2021 Author Posted November 20, 2021 18 hours ago, dark_pyrro said: I would say that you are using a URL that probably does not exist. Where did you get that checkip URL from? I guessed at the URL thinking it would close. I honestly, am not sure what the address should look like. Or the fact that there are backslashes in odd places. The backslashes are in following Darren's example in the YouTube video, he mentions they indicate once a command is finished that it will start a new line, for a new command - I removed them. I followed his entire script, just substituting where I thought was applicable. And that a binary name is used that isn't a part of what's unpacked; c2_community-linux64 should be c2-*_amd64_linux. Changed. And that the string to start C2 is malformed; $IP-listenip should be -listenip or.... actually only -hostname is needed since that is a mandatory parameter when starting C2, listenip.... skip it! Changed. My new script looks like: wget https://c2.hak5.org/com -q -O c2.zip && unzip -qq c2.zip && IP=$(curl -s https://checkip.cloud.digitalocean.com) && echo "Copy the below setup token and browse to http://$IP:8080" && ./c2-*_community-linux64 -hostname When I execute it, it runs, however I am not presented with the setup token it brings me back to a command prompt. Additionally, when I try to browse to the IP of the droplet, I do not see the CloudC2 login screen.
J3 Remy Posted November 20, 2021 Author Posted November 20, 2021 I broke my script into individual lines: The line beginning with "wget..." executes. I know this because all of the C2 editions are in my home directory, unzipped. The next line "IP=$..." nothing happens. The last line "echo..." executes. I am presented with "Usage of ./c2..." My issue is now, how do I get a token to set it up as well as bind with the IP address of my droplet so that I can log into it via browser? I'm guessing it has something to do with the line in which nothing happens.
dark_pyrro Posted November 20, 2021 Posted November 20, 2021 (You replied as I was typing, posting this anyway) OK, this isn't working. Don't take a shovel of horse dung and throw it at the fan hoping not to get hit by it. You are still guessing. Stick to facts of things that works. Dissect it all instead. It will most likely not be the way you usually start your C2 server anyway. This is your latest startup command wget https://c2.hak5.org/com -q -O c2.zip && unzip -qq c2.zip && IP=$(curl -s https://checkip.cloud.digitalocean.com) && echo "Copy the below setup token and browse to http://$IP:8080" && ./c2-*_community-linux64 -hostname Break it down wget https://c2.hak5.org/com -q -O c2.zip Comment: OK, this works, should only be used once though (first time), although you could use this URL as well; https://c2.hak5.org/dl unzip -qq c2.zip Comment: Still OK IP=$(curl -s https://checkip.cloud.digitalocean.com) Comment: This is still not a valid URL to get your public IP. You are still guessing. Don't do that, stick to known URLs that is known to return a raw IP address that represents your C2 server. Use the Amazon one, for example, that Darren used. It works even though you are on DigitalOcean. echo "Copy the below setup token and browse to http://$IP:8080" Comment: Works good ./c2-*_community-linux64 -hostname Comment: You are missing a vital part here, the IP address that is needed to get things running ./c2-*_community-linux64 -hostname $IP And..... look at the binary your are trying to start, does it match anything that was downloaded and unpacked? No! You are calling a binary that doesn't exist (if you don't manually rename it after download and unzip)
J3 Remy Posted November 21, 2021 Author Posted November 21, 2021 FIrst off, thank you for reply. Breaking it out line by line to deduce the issue worked. Hindsight, I should have done this a lot soon - would have saved the frustration. I will be more cognizant of this going forward. My next issue that I am running into is, the service has started, however when I try to browse to the IP address of my droplet, I receive a "Deceptive Website Warning" message. Referring back to Darren's video, he assigns his VPS with a static IP, I thought I did this by assigning mine, what DigitalOcean refers to as a "Floating IP". After Cloud C2 starts, it has my hostname as being the IP of the droplet, NOT the "Floating IP" that I thought was assigned. Either address I browse to produces the warning and I receive a "Can't Open the Page" message, and that the server unexpectedly dropped the connection. Again, I thank you for your help. S\F, J3 Remy
dark_pyrro Posted November 21, 2021 Posted November 21, 2021 The issues/warnings you describe seems related to DigitalOcean. I haven't used them for any VPS so I can't tell, but I haven't encountered anythong similar running C2. Another possible reason is that it is Google Safe Browsing that triggers this behavior (or a combination). Difficult to tell though without the full picture of the setup and any specific DigitalOcean handling.
dark_pyrro Posted November 22, 2021 Posted November 22, 2021 I just set up a C2 server on DigitalOcean now and I can't reproduce any warnings. No problems at all. This is how I did it. Scenario: Not an already existing DigitalOcean customer, simply starting from scratch. Create a DigitalOcean account Log in and you should be presented with the projects landing page, if not, go there. DigitalOcean has already created the "first-project", use that project. Under the "Manage" section, click "Droplets" (there are other ways to do this though) Click "Create Droplet" Select an OS image in the "Distributions" section, using "Ubuntu 20.04 (LTS) x64" when writing this. Plan = "Basic" (the $5 per month "deal"), there are "get 100 bucks free" deals as well for those who wants to try it without any need of trying to steal the wallet from Jules Winnfield. Don't add any block storage Select datacenter Skip additional options Set authentication method for SSH, SSH keys are recommended but it's up to you Change the hostname if desired (not mandatory). This is NOT the same thing as the "hostname" parameter when using C2! The project is already selected for you since you should just have one project being a new user. Skip backups (or, the choice is yours really) Click "Create Droplet" Under the "Manage" section, click "Droplets" After a short while, the Droplet should be up and running and has been assigned a public IPv4 address (skip any use of Floating IPs if there is no explicit need for them). Try to ping the public IP and it should reply, take note of the public IP address since you will need it later on. Click on the newly created Droplet in the DigitalOcean web based "control panel" interface Click on "Networking", then scroll down to "Firewalls", then "Edit", then "Create Firewall" Set a name for the firewall SSH is already present as an inbound rule, that is OK, leave it there Add HTTP for port 80 TCP Add Custom for port 443 TCP Add Custom for port 8080 TCP Add Custom for port 2022 TCP (Leave the outbound rules as is) Apply the firewall rules created to the Droplet by entering the name of the previously created Droplet in the textbox Click "Create Firewall" Click on the firewall name and verify that all ports seems to have been entered correctly Under the "Manage" section, click "Droplets" (again), click the Droplet that represents your server Click on "Console" Run: apt clean && apt update && apt upgrade -y (not mandatory) Install unzip apt install unzip Create a new directory; mkdir hc2 (not mandatory either, just to keep things clean) Enter that new directory; cd hc2 Get the C2 binaries wget https://c2.hak5.org/dl -O c2.zip Unpack the zip unzip c2.zip Do some more cleaning (not mandatory) rm *armv* && rm *wind* && rm *darw* && rm *386* && rm *.zip This should leave the Linux 64 bit binary and the sha checksum file Verify the checksum sha256sum -c sha256sums There will be a lot of errors (since/if files have been deleted) but the following line should be there "c2-3.1.2_amd64_linux: OK" If being a true "cleaning lady", then remove the sha file as well rm sha256sums Now start the C2 server, the IP address is something that you should already have taken note of in previous steps ./c2-*_amd64_linux -hostname [public IP address of the Droplet] The C2 server should now start, presenting the string "Running Hak5 Cloud C2" Now fire up any web browser of choice and enter http://[public IP address of the Droplet]:8080 NOTE! Make sure you use http since there is no https set up for the server! If you have any "always on https" extension in your browser, you might experience issues. The Server Setup page of C2 will now show in the web browser. Configure it and it should run/start as intended ready for Hak5 devices to be added. NOTE! The C2 server runs as long as you have an SSH session active (or as long as the Droplet is running and C2 is started with " &" in the end of the command), it is recommended to set the C2 server up as a service.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.