How can I set different host names in the 'devide.config' file?

[GN_82]

How can I set different host names in the 'devide.config' file?

Example
http -> XXX.mydomain.com:47509
ssh -> XXX.mydomain.com:5450

[GN_82]

Sorry! The example is:

http -> XXX.mydomain.com:47509
ssh -> XXX.my2domain.com:5450

[dark_pyrro]

Why would you want to do that? If you point the A record of both domains to the same server, it could work in theory, but you still need support for this kind of handling in the device.config file and in C2 and in the device itself I guess. Perhaps you are onto something with the way you spell the filename; devide.config could perhaps be divide.config in order to split the traffic in two pipes (that was a joke).

[GN_82]

Hi dark_pyrro... :-)

The idea is to be able to have an alternative reverse channel of communication with the device. For example, with Ngrok we cannot raise TCP and Http tunnels with the same address or domain.

Session Status                online
Region                        United States (us)
Web Interface                 http://0.0.0.0:4040
Forwarding                    tcp://XXX.tcp.ngrok.io:83354 -> demoh5c2:2022
Forwarding                    http://mydomain.ngrok.io -> http://demoh5c2:80
Forwarding                    https://mydomain.ngrok.io -> https://demoh5c2:443

 

[dark_pyrro]

OK, I couldn't see Ngrok as a part of it all in my crystal ball when reading the first posts. So, you want to host your own C2 server in your own internal network and access it from the outside using a free Ngrok plan with the limitations that comes with it?

[GN_82]

I am currently testing to lift C2 with docker container. I use SSLH to try to SSH over HTTPs to avoid these limitations.

My C2 container

docker run --rm -it --network docker_modulesnet -v h5domaindemo_data:/data -v $(pwd)/certs/:/certs --name h5domaindemo docker_h5domaindemo /bin/bash -c 'FILE="/data/backup.tar"; tar xvf $FILE -C / ; /app/c2 -hostname h5domaindemo.ngrok.io -https -certFile /certs/hiaas.crt -keyFile /certs/hiaas.key'

My SSLH container 

docker run --rm -it --network docker_modulesnet -e SSH_HOST=h5domaindemo -e SSH_PORT:2022 -e HTTPS_HOST=h5domaindemo -e HTTPS_PORT:443 --name sslh-hub shaddysignal/sslh-hub

My Ngrok config (bussines plan)

tunnels:
  c2_http:
    addr: h5domaindemo:80
    proto: http
    bind-tls: false
#    inspect: false
    hostname: mycustomdomain.ngrok.io
  c2_https:
    addr: sslh-hub:443
    proto: http
    bind-tls: true
#    inspect: false
    hostname: mycustomdomain.ngrok.io

I have not found any documentation that allows me to generate the device.config file manually.

[dark_pyrro]

I haven't seen any documentation on how to generate a device.config file manually and I'm pretty sure there is nothing publicly available. Your setup is really a way of making things complicated adding that many elements and layers to the mix.

[GN_82]

you are right :-), but

don't you think it's much better to use SSH over HTTPs as a firewall evasion measure?

Is there any documentation or repository of C2 code?

[dark_pyrro]

No, it's proprietary code. The best evasion measure is not hosting anything in your own network at all that needs to have connections initiated from the outside > in perspective. I use VPS for such things instead. An alternative could be to use a ZeroTier based network, but there's no guarantee for a secure environment. Depends on what Hak5 devices you are intending to connect to the C2 server though.

[GN_82]

Thanks :-)

Best regards.