surb Posted March 7, 2022 Share Posted March 7, 2022 Hello! I've been looking at the forums for the past couple of days hoping to find a solution to my keycroc/c2 connection problem and haven't had much luck yet. Here are the details: Keycroc is connected to wifi. I can SSH into the keycroc from wifi. I can also ping it. I can SSH into my cloud C2 server (VPS) from my keycroc on my lan. I can also ping it. I am not currently using https/SSL (that is coming after I figure this out). I have tried the certificate purge/refresh that has been suggested on most of the threads in the forum here. Server is being started on boot using systemd with "/usr/local/bin/c2-3.1.2_amd64_linux -hostname http://serverip -listenport serverport -db /var/cloudc2/c2.db When I download the device config from C2 and check the text, the IP and ports listed are all correct. The necessary ports are open (via nmap) Anyone have any ideas? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted March 8, 2022 Share Posted March 8, 2022 Get rid of the "http://" stuff for the hostname parameter. Quote Link to comment Share on other sites More sharing options...
tommyq Posted July 12, 2022 Share Posted July 12, 2022 I have what looks to be the exact same problem getting the key croc to connect to c2. NOTE I didn't have http:// in the -hostname part of the command as per dark_pyrro advice. I'm using the server name of the machine I'm hosting the c2 software with -hostname. I've checked with netcat (nc) on the croc in conjunction with tcpdump on my c2 server that port ports 22, 80, 8080, 2022 are listening and getting traffic when I I've not checked port 443 as I've not set up a certificate yet. The key croc is getting an IP from DHCP off my home router. I have no way of confirming the device.config is the right one though but I've downloaded this and placed in the root of the device folder. Windows 10 when it pops up in file explorer. When I use the example payload with 'hello' and see the world bit added, even if I use the C2NOTIFY command, I see nothing back in the C2 UI. Are there any more steps I can check?? One last point. I did type ssh <my c2 IP address> with ports 22 and 2022 and in both cases got a fingerprint response. I didn't accept these as I say nothing in the instructions suggesting I should. Any help gratefully received. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted July 12, 2022 Share Posted July 12, 2022 (edited) If you cat the device.config file on the Croc, is the name of the C2 machine in the file the same as what you use when starting the C2 server (hostname parameter)? Can you resolve the hostname of the server on the Croc? Also check the cc-client error log on the Croc. I think it's in /tmp (if I remember it correctly). Edited July 12, 2022 by dark_pyrro Quote Link to comment Share on other sites More sharing options...
SofaKing Posted August 30, 2022 Share Posted August 30, 2022 OK... So... I am having issues with my croc connecting to my c2 instance on my VPS... My nano, tetra, and mk7 all connect just fine. My c2 instance automagicly spins up whenever i initiate my VPS instance i have my domain name, https, etc. etc. basically i just followed the videos, looking at the above post i checked cc-client error log and it repeats [1596077524 !ERR DEVICE ] Error getting wan interface name [1596077524 !ERR DEVICE ] WAN interface not found. [1596077525 !ERR CURL ] Error posting update to server... [1596077525 !ERR INITSYNC ] Error in startup sync post [1596077525 !ERR MAIN ] Device startup sync failed. Retrying... [1596077530 !ERR CURL ] Error posting update to server... [1596077530 !ERR INITSYNC ] Error in startup sync post [1596077530 !ERR MAIN ] Device startup sync failed. Retrying... over and over. and i thought well duh of course startup sync failed. lmao. N E way, I digress, I checked my divice.config, make out my domain name and ports, its ssh key. Obviously i cant get the croc to communicate with c2. and i dont know what/where to look for the next clue. Also did a factory reset on the croc but the version returns with the current 1.3_513 (twice) first time password reverted to hak5croc, everything else seems to work logs keys, deploys and triggers just fine. Someone, anyone, please, Help! Quote Link to comment Share on other sites More sharing options...
SofaKing Posted August 30, 2022 Share Posted August 30, 2022 Ok I had problems with ca-certificates thanks @dark_pyrro. https://forums.hak5.org/topic/52070-keycroc-cannot-connect-to-c2/?do=findComment&comment=344952 key croc is purring like a gator now ready to take a few bytes outa something... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.