Jayel Posted March 6, 2022 Share Posted March 6, 2022 Hi, It's my first Hak5 tool. Been trying to get it set up with the C2 instance I've created on a private server. I have upgraded the firmware to 1.1.0 and copying the device.config to /etc I've completed following steps but just can't get my SJ to connect to C2 it just says Last Seen:never. Using Kali version 2021.3 Sharkjack is updated to the latest Firmware - Version 1.1.0 Payload and loot works fine Got Hak5cloudC2 community edition running on Amazon lightsail on static IP Added device but update last seen:never I have placed the device.config - in /etc/ root@shark:/etc# ls *.config C2.config device.config While I have SJ plugged into the ethernet port of my laptop in arming mode, I manually tried to connect with C2CONNECT command: root@shark:/etc# C2CONNECT sshd already running warning: commands will be executed using /bin/sh job 1 at Wed Nov 6 06:25:00 2019 Tried to disconnect and reconnect several times C2DISCONNECT > C2CONNECT then I get the following message: root@shark:/etc# C2CONNECT sshd already running Device already connected to C2 Tried reboot in Hak5cloudC2 Tried remove and re-added device SSL certificate or DNS not configured so site is not secure. I just can't seem to get my SJ connected to C2. Where do I need to go from here? Need your help. Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 7, 2022 Share Posted March 7, 2022 You say that loot works fine. Do you mean "local" loot or loot sent to the C2 server from the Shark? Just to get an understanding if you have some kind of connection to the C2 server or not. In what way have you started your C2 server? What command line options are used? (Don't post any IP addresses though). Link to comment Share on other sites More sharing options...
Jayel Posted March 7, 2022 Author Share Posted March 7, 2022 I mean local loot works fine but not C2 server. Here's the process of how I start my C2 server. 1. I setup a C2 server in Amazon lightsail 2. Connected using SSH and ran the following command. wget https://c2.hak5.org/dl -O c2.zip 3. unzip c2.zip 4. IP=$(curl -s https://checkip.amazonaws.com) && \ echo "Copy the below setup token and browse to http://$IP:8080" && \ ./c2-*_amd64_linux -hostname $IP 5. Open browser and go to http://52.xx.xx.xx:8080 6. I was able to successfully login to Hak5 C2 cloud and added my SJ 7. I clicked on setup and downloaded C2 client. 8. Copied the device.config file to shark jack /etc directory. 9. Then manually invoked C2CONNECT 10. Still unable to connect to SJ, uptime is last seen:never I haven't been able to get my SJ connected to C2 at all. What am I doing wrong? If required, I can share snapshots of what I've exactly done. I could probably upload to google drive or something. Not sure if anyone is having same issue as me. Does not having SSL certificate affect C2 connection at all? Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 7, 2022 Share Posted March 7, 2022 OK, good explanation of what you have been trying to do. It helps when trying to troubleshoot. At first, it did sound like you were able to ship loot to the C2 server from the Shark, but now I understand that it's not working either (which makes it more of a logic scenario). If you cat the device.config file that you have put in /etc of the Shark, can you see the correct IP address of the C2 server in the file (it's a lot that's just unreadable, but the IP address should show at the start of the file)? Not using https shouldn't be an issue. It's not mandatory (even though it of course makes things secure over open networks such as the internet). Link to comment Share on other sites More sharing options...
Jayel Posted March 7, 2022 Author Share Posted March 7, 2022 Yes, I can see the correct IP address, this is what's on the first line. 52.xx.xx.xx*8080B �����\nF����U���F=I�YR�{c�▒^B} Also I'm not sure if it helps in troubleshooting but sharkjack.sh script wont connect to my SJ. I tried "[C]onnect - get a shell on your shark jack." but it's stuck on Waiting for a Shark Jack to be connected.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................. Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 7, 2022 Share Posted March 7, 2022 Did you restart the C2 server at some point? With what command line did you restart it (I guess you aren't running it as a service, but start it manually)? With the actual IP address as a command line parameter or the $IP variable that was used in Darren's YouTube tutorial? Link to comment Share on other sites More sharing options...
Jayel Posted March 7, 2022 Author Share Posted March 7, 2022 I only restarted via Hak5CloudC2 GUI by selecting my SJ then hitting Reboot option under the description. Also tried to reboot my AWS lightsail C2 server instance from AWS's main menu but each and every time I start my AWS C2 server, I need to run the following command in order to be able to connect to Hak5 Cloud C2 GUI console. ubuntu@ip-172-26-4-206:~$ IP=$(curl -s https://checkip.amazonaws.com) && \ > > echo "Copy the below setup token and browse to http://$IP:8080" && \ > > ./c2-*_amd64_linux -hostname $IP Copy the below setup token and browse to http://52.xx.xx.xx:8080 [*] Initializing Hak5 Cloud C2 v3.1.2 [*] Hostname: 52.xx.xx.xx [*] DB Path: c2.db [*] Validating License [*] License Valid [*] Running Hak5 Cloud C2 How do you expect me to restart the C2 server, which commandline can I use to restart? As mentioned, I only tried to reboot via GUI. Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 7, 2022 Share Posted March 7, 2022 As long as you populate the $IP variable each time, it should work. It's just that I've helped users that use the tutorial that Darren put up on YouTube, but they don't fully understand how it works and starts the C2 server using the $IP variable, but isn't populating that variable with any relevant IP address. This makes it look like the C2 server is correctly started but the hostname is all wrong. Are all the necessary ports open on the Lightsail VPS? Link to comment Share on other sites More sharing options...
Jayel Posted March 7, 2022 Author Share Posted March 7, 2022 Yes, all necessary ports are open exactly as per Dareen's instructions. I don't really fully understand how it works either but just followed Darren's video. Have I ran out of options? Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 7, 2022 Share Posted March 7, 2022 No, this should work without any problems. I have my Shark connected to my C2 server which is on a Lightsail VPS as well. I will go out for a walk now, perhaps there are some other things that I don't include in the troubleshooting scenario right now that might pop up during the walk. Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 7, 2022 Share Posted March 7, 2022 I would suggest going back to basics and start over. Not the download part, but start the C2 server without using the $IP variable, instead, use: ./c2-*_amd64_linux -hostname [public IP address of the C2 server/VPS] Keep the terminal window open on the VPS where you started the C2 server using the command above. Do not close it. That will terminate the server. Go to the C2 web UI and remove the already existing Shark, then add it once again and create a new device.config file Transfer the device.config file to the Shark (/etc) Make sure that the Shark has a working internet connection Run C2CONNECT on the Shark Link to comment Share on other sites More sharing options...
Jayel Posted March 8, 2022 Author Share Posted March 8, 2022 As suggested I actioned the following: 1. Replaced $IP variable with C2 server IP. IP=$(curl -s https://checkip.amazonaws.com) && \ echo "Copy the below setup token and browse to http://52.xx.xx.xx:8080" && \ ./c2-*_amd64_linux -hostname 52.xx.xx.xx 2. Removed SJ from C2 web UI and re-added then removed existing device.config file then downloaded a new file from c2 web UI then created a new device.config file and transferred the device.config file into /etc directory. Removed existing device.config file: root@shark:/etc# ls *.config C2.config device.config root@shark:/etc# rm device.config root@shark:/etc# ls *.config C2.config Downloaded a new device.config file from c2 web UI Transferred device.config file into the /etc directory ┌──(test㉿test)-[~/Downloads] └─$ scp device.config root@172.16.24.1:/etc/ root@172.16.24.1's password: device.config root@shark:/etc# ls *.config C2.config device.config Ran C2CONNECT on SJ root@shark:/etc# C2CONNECT sshd already running warning: commands will be executed using /bin/sh job 1 at Sun Mar 6 12:56:00 2022 Waited 10 minutes to see if if it'll pick up my SJ in C2 web GUI but problem still exists. Uptime last seen never. 3. I rebooted via GUI but no success. 4. I rebooted C2 server with commandline sudo reboot and reinitiated connection with single commandline below: ./c2-*_amd64_linux -hostname 52.xx.xx.xx 5. Then C2 server got started: ast login: Tue Mar 8 03:28:30 2022 from 54.xxx.xxx.xx ubuntu@ip-172-26-4-206:~$ ./c2-*_amd64_linux -hostname 52.xx.xx.xx [*] Initializing Hak5 Cloud C2 v3.1.2 [*] Hostname: 52.xx.xx.xx [*] DB Path: c2.db [*] Validating License [*] License Valid [*] Running Hak5 Cloud C2 6. C2 web UI is accessible again but SJ device still shows Uptime last seen never. Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 OK, right now I'm out of options regarding ways to try to assist you. My Shark works perfectly well with my C2 server. Since you have the most basic setup of C2 (no https, no domain name used, etc.) it should really work. A lot of stuff is taken away from the scenario that could add complexity when running it in the way you do. The only thing that I can think of is network access, but that is such a basic thing that I haven't bothered to ask since I know that you are aware of the fact that the Shark of course needs access to the internet. It's the last thing I can think of to try, ping some resource on the internet (but don't ping your Lightsail VPS since it won't answer to pings by default). Other than that, review the firewall settings on your VPS instance and make sure they are exactly as specified in the tutorial/docs. If you have added/installed/activated some local firewall on the VPS OS (such as ufw) then check that as well ("sudo ufw status" if running Ubuntu Server). Also (with the C2 server running) execute: ssh -lwhatever [C2 server public IP address] -p 2022 or ssh whatever@[C2 server public IP address] -p 2022 You won't be able to login, but you should get some kind of response if the VPS is set up correctly. An nmap scan will show (at least) the ports relevant to C2. Other than that, you could perhaps "shark the Shark". In other terms, use Wireshark and sit between the Shark and the network and record some traffic as you try to connect with C2CONNECT and look at what's happening on the wire. As a last resort, I would probably set up the C2 server locally in my own network to exclude any "disturbances" and control all of the infrastructure used. Limiting any sources of failure. If that works I would try running it on the VPS again assured that it should really work and nothing is wrong with the Shark or C2 themselves. Link to comment Share on other sites More sharing options...
Jayel Posted March 8, 2022 Author Share Posted March 8, 2022 Dump question but how do I verify that I have an internet connection on my SJ? It appears that I don't have an internet connection on my SJ. root@shark:~# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes ping: sendto: Network unreachable root@shark:~# ping google.com ping: bad address 'google.com' root@shark:~# ping 192.168.xxx.xxx <<<<<<<<<<< IP add of Kali box that I'm working from PING 192.168.xxx.xxx (192.168.xxx.xxx): 56 data bytes ping: sendto: Network unreachable root@shark:~# ping 52.xx.xx.xx <<<<<<<<<<< IP add of my AWS VPC PING 52.xx.xx.xx (52.xx.xx.xx): 56 data bytes ping: sendto: Network unreachable Sorry for being such a noob but how do I get internet on my SJ? VPS firewall settings are good. Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 One way is to connect it to a local network (that offers internet access) and using NETMODE DHCP_CLIENT in the payload (using arming mode). https://docs.hak5.org/shark-jack/writing-payloads/the-netmode-command This payload is specifically for testing internet access https://github.com/hak5/sharkjack-payloads/blob/master/payloads/library/util/internet-access-tester/payload.sh Link to comment Share on other sites More sharing options...
Jayel Posted March 8, 2022 Author Share Posted March 8, 2022 My SJ is connected to the ethernet port of laptop dock that's directly connected to my laptop. (as my laptop doesn't have an ethernet port) Tried NETMODE DHCP_CLIENT commandline but fails with Broken pipe error. root@shark:~# NETMODE DHCP_CLIENT client_loop: send disconnect: Broken pipe root@shark:~/payload# NETMODE DHCP_CLIENT client_loop: send disconnect: Broken pipe Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 Skip that scenario. Connect it to a switch port instead. Link to comment Share on other sites More sharing options...
Jayel Posted March 8, 2022 Author Share Posted March 8, 2022 1. I connected SJ to one of my modem port in Arming mode. Can't connect to SJ anymore via SSH. 2. Access via local browser shows: Status Device: shark Firmware Version: 1.1.0 Web UI Version: 1.0.1 IP Address: 172.16.24.1 3. Replaced original nmap payload with internet access test payload: #!/bin/bash # # Title: Internet Access Tester # Author: Hak5Darren # Version: 1.0 # # Description: This payload tests the port to see if the Shark Jack can # obtain an IP address from DHCP, and if it can access the Internet by # testing a specified HTTP URL. # # LED SETUP (Magenta)... Setting NETMODE to DHCP_CLIENT # LED Red... No IP address from DHCP yet # LED Yellow... Obtained IP address from DHCP, waiting on Internet access # LED Green... Confirmed access to Internet PUBLIC_TEST_URL="http://www.example.com" LED SETUP # Set NETMODE to DHCP_CLIENT for Shark Jack v1.1.0+ NETMODE DHCP_CLIENT LED R SOLID while ! ifconfig eth0 | grep "inet addr"; do sleep 1; done LED Y SOLID while ! wget $PUBLIC_TEST_URL -qO /dev/null; do sleep 1; done LED G SOLID LED status moved quickly from LED Red > LED Yellow > LED Solid Green while my SJ was connected to my modem port at all times. Now what's next? Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 Then your Shark has internet connection. You need to craft a payload that connects to your C2 server. Just add C2CONNECT to the bottom of the already existing "internet test" payload that your just tried. You can't access it using ssh because the ssh daemon isn't a part of the current payload. I seem to remember that it is a part of C2CONNECT though. Link to comment Share on other sites More sharing options...
Jayel Posted March 8, 2022 Author Share Posted March 8, 2022 1. Added C2CONNECT on the script. #!/bin/bash # # Title: Internet Access Tester # Author: Hak5Darren # Version: 1.0 # # Description: This payload tests the port to see if the Shark Jack can # obtain an IP address from DHCP, and if it can access the Internet by # testing a specified HTTP URL. # # LED SETUP (Magenta)... Setting NETMODE to DHCP_CLIENT # LED Red... No IP address from DHCP yet # LED Yellow... Obtained IP address from DHCP, waiting on Internet access # LED Green... Confirmed access to Internet PUBLIC_TEST_URL="http://www.example.com" LED SETUP # Set NETMODE to DHCP_CLIENT for Shark Jack v1.1.0+ NETMODE DHCP_CLIENT LED R SOLID while ! ifconfig eth0 | grep "inet addr"; do sleep 1; done LED Y SOLID while ! wget $PUBLIC_TEST_URL -qO /dev/null; do sleep 1; done LED G SOLID C2CONNECT 2. Plugged in my SJ to modem port in attack mode. LED changed from Red > Yellow > Green then turned itself off. 3. Unplugged SJ from the modem and plugged it into the ethernet port of my laptop in arming mode. 4. Tried to reboot SJ via Hak5C2 cloud web UI. 5. Uptime still showing last seen never. 6. SSH into SJ and ran C2CONNECT again but nothing changes root@shark:/etc# C2CONNECT sshd already running warning: commands will be executed using /bin/sh job 1 at Sun Mar 6 13:36:00 2022 Uptime still showing last seen never and I can't ping 8.8.8.8 root@shark:~# ping 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes ping: sendto: Network unreachable Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 Why did you unplug it from your "modem"? Plugging it into your laptop Ethernet won't help you with that setup/configuration. 20 minutes ago, Jayel said: 4. Tried to reboot SJ via Hak5C2 cloud web UI Why did you try this? It's not possible if your Shark isn't accessible in C2. Link to comment Share on other sites More sharing options...
Jayel Posted March 8, 2022 Author Share Posted March 8, 2022 Reason why I unplugged it from the modem is bcos it was still showing last seen never in c2Web UI so I attempted to perform other actions. But you're right, SJ wasn't bookable in Web UI as it's not accessible in C2. If I just leave it plugged in the modem it'll turn itself off. Not sure where to go from here. Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 Well, it might turn itself off because the battery is empty, or are you using the newer Shark Jack Cable? Link to comment Share on other sites More sharing options...
Jayel Posted March 8, 2022 Author Share Posted March 8, 2022 No I'm using a wireless SJ. I'll give it another try with charging cable plugged into the SJ. Link to comment Share on other sites More sharing options...
Jayel Posted March 8, 2022 Author Share Posted March 8, 2022 1. This is what's currently on my payload.sh #!/bin/bash # # Title: Internet Access Tester # Author: Hak5Darren # Version: 1.0 # # Description: This payload tests the port to see if the Shark Jack can # obtain an IP address from DHCP, and if it can access the Internet by # testing a specified HTTP URL. # # LED SETUP (Magenta)... Setting NETMODE to DHCP_CLIENT # LED Red... No IP address from DHCP yet # LED Yellow... Obtained IP address from DHCP, waiting on Internet access # LED Green... Confirmed access to Internet PUBLIC_TEST_URL="http://www.example.com" LED SETUP # Set NETMODE to DHCP_CLIENT for Shark Jack v1.1.0+ NETMODE DHCP_CLIENT LED R SOLID while ! ifconfig eth0 | grep "inet addr"; do sleep 1; done LED Y SOLID while ! wget $PUBLIC_TEST_URL -qO /dev/null; do sleep 1; done LED G SOLID C2CONNECT 2. Plugged in my SJ to modem port in attack mode with charging cable plugged in to SJ. LED changed from Red > Yellow > Solid Green Waited for more than 20 minutes but nothing happens. Do I need to perform any further actions from here or should I expect something to happen? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.