Hak5 C2 Service Running, but Server Connection and TLS Handshake Errors

[cr38g]

Hak5 C2 Service is running, but I am getting this server connection error, and TLS handshake error. Every command was entered correctly, but don't know what it means.

*** System restart required ***
Last login: Mon Oct 23 18:42:02 2023 from 72.21.217.109
ubuntu@ip-XX.XXX.XXX.XXX:~$ sudo systemctl status hak5.service
● hak5.service - Hak5 C2
     Loaded: loaded (/etc/systemd/system/hak5.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-10-23 02:07:40 UTC; 16h ago
   Main PID: 45391 (c2-3.3.0_amd64_)
      Tasks: 18 (limit: 1134)
     Memory: 26.7M
     CGroup: /system.slice/hak5.service
             ├─45391 /usr/local/bin/c2-3.3.0_amd64_linux -hostname website.com -https -db /var/hak5c2/c2.db
             └─45400 /usr/local/bin/c2-3.3.0_amd64_linux -hostname website.com -https -db /var/hak5c2/c2.db

Oct 23 18:57:09 ip-XX.XXX.XXX.XXX c2-3.3.0_amd64_linux[45400]: 2023/10/23 18:57:09 http2: server connection error from XX.XXX.XXX.XXX:53119: connection error: PROTOCOL_ERROR
Oct 23 18:57:09 ip-XX.XXX.XXX.XXX c2-3.3.0_amd64_linux[45400]: 2023/10/23 18:57:09 http2: server connection error from XX.XXX.XXX.XXX:53119: connection error: PROTOCOL_ERROR
Oct 23 18:57:09 ip-XX.XXX.XXX.XXX c2-3.3.0_amd64_linux[45400]: 2023/10/23 18:57:09 http2: server connection error from XX.XXX.XXX.XXX:53119: connection error: PROTOCOL_ERROR
Oct 23 18:57:09 ip-XX.XXX.XXX.XXX c2-3.3.0_amd64_linux[45400]: 2023/10/23 18:57:09 http2: server connection error from XX.XXX.XXX.XXX:53119: connection error: PROTOCOL_ERROR
Oct 23 18:58:29 ip-XX.XXX.XXX.XXX c2-3.3.0_amd64_linux[45400]: 2023/10/23 18:58:29 http: TLS handshake error from XX.XXX.XXX.XXX:47059: acme/autocert: missing server name
Oct 23 18:59:09 ip-XX.XXX.XXX.XXX c2-3.3.0_amd64_linux[45400]: 2023/10/23 18:59:09 http2: server connection error from XX.XXX.XXX.XXX:53219: connection error: PROTOCOL_ERROR
Oct 23 18:59:09 ip-XX.XXX.XXX.XXX c2-3.3.0_amd64_linux[45400]: 2023/10/23 18:59:09 http2: server connection error from XX.XXX.XXX.XXX:53219: connection error: PROTOCOL_ERROR
Oct 23 18:59:09 ip-XX.XXX.XXX.XXX c2-3.3.0_amd64_linux[45400]: 2023/10/23 18:59:09 http2: server connection error from XX.XXX.XXX.XXX:53219: connection error: PROTOCOL_ERROR
Oct 23 18:59:09 ip-XX.XXX.XXX.XXX c2-3.3.0_amd64_linux[45400]: 2023/10/23 18:59:09 http2: server connection error from XX.XXX.XXX.XXX:53219: connection error: PROTOCOL_ERROR
Oct 23 19:03:37 ip-XX.XXX.XXX.XXX c2-3.3.0_amd64_linux[45400]: 2023/10/23 19:03:37 http: TLS handshake error from XX.XXX.XXX.XXX:50470: acme/autocert: host "XX.XXX.XXX.XXX" not co>

 

[dark_pyrro]

Looks like you're running your C2 server on Amazon. Did you open all the ports needed in the VPS firewall?

[cr38g]

The ports are open...

 

[dark_pyrro]

OK, and I assume that "website.com" in your service status output is just a temporary placeholder to not reveal your real domain on the forums. Is there a DNS A record created that links your domain name to the IP of the Amazon VPS public IP address?

[cr38g]

Yes, the "website.com" is not my real one. The DNS A TTL record is linked to my Amazon VPS public IP address.

[dark_pyrro]

Can you link the http2 events to when you try to visit your C2 server web interface?

[cr38g]

dark_pyrro, I don't understand your question. Please, explain it in simple terms, I am not an expert. Thank you very much for helping.

[dark_pyrro]

no problem, if you open a web browser and load your C2 server web interface in the browser (in simple terms "visiting your C2 server using a browser"), can you see your visit in the service status output, i.e.

1) Open your C2 server URL in your browser (note the time)

2) check the C2 server service status using the same command that you displayed in your first post

Are there error message entries (http2) in the status output that correlates with your attempts to load the C2 user interface in your web browser?

[cr38g]

Sorry for the delay. There no changes on the time. I stopped the service and restart it.

[dark_pyrro]

39 minutes ago, cr38g said:

There no changes on the time

What time are you referring to? To me, there are for sure changes in the time stamps for the errors listed if comparing your initial post and your latest screen shot of the service output.

[cr38g]

You are correct. I thought it should read the same time as mine, but I just realize the server is in another State. So, why are I am getting now a Dependency After=hak5.service dropped? Is this another problem additional from the handshake error?

[dark_pyrro]

You have to look into the service file you are using to find the reasons for that I guess

[cr38g]

Is this what you are referring as the service file? This is the file that I use to start hak5 service.

[cr38g]

I just noticed that when I go to my Public static IP address from the Amazon AWS server, it does not connect to my website, even though my website is attached to the Amazon AWS Public static IP. I think this is the culprit.

When I go to my website, it shows the Cloud C2 login page. I can login, but it show offline from my Mark VII.

What you think?

Edited October 25, 2023 by cr38g

[dark_pyrro]

57 minutes ago, cr38g said:

but it show offline from my Mark VII

not sure what you mean when saying that

[cr38g]

When I login into my Cloud C2 page, it list my Mark VII device, it shows the device is offline. Somehow my server is not seeing my device.

So I believe the way that it should work is...

1. DNS (my website) sees my...

2. Amazon AWS server which sees my...

3. Cloud C2 Login page, and then I can access my...

4. Mark VII

Am I right or not?

Edited October 25, 2023 by cr38g

[dark_pyrro]

Did you prepare the Pineapple to connect to the C2 server? I.e. created the device.config and transfer it to the Pineapple? Did you verify that the Pineapple is even able to reach the server (does it have internet access)?

[cr38g]

I did installed it into the Pineapple Mark VII's root directory. The Pineapple have Internet access.

[dark_pyrro]

The device.config file should be located in /etc

[cr38g]

The device.config file is in the /etc directory.

[cr38g]

When I type my website, it shows me the Cloud C2 login page. When I logged in, it showed me the device, in my case the Pineapple Mark VII, but it shows offline. The communication between my AWS server and my website service is there. Somehow the communication between my Amazon AWS server and my Pineapple Mark VII is not there. I'm scratching my head.  😞

[cr38g]

It just now, it showed online and when I click on the device and move to the other page it showed offline. Grrrrrrr!!!!

[dark_pyrro]

11 hours ago, cr38g said:

when I click on the device and move to the other page it showed offline

What "other page" are you referring to?

[cr38g]

I am referring to the dashboard screen. 

[dark_pyrro]

Do you have the local Pineapple web interface open at the same time as it's enrolled to the C2 server, like described in this post?