aclx Posted November 28, 2023 Share Posted November 28, 2023 Hi, my Packet Squirrel version 3.2 is not connecting to my private C2 cloud in arming mode. I can ping my C2 server from packet squirrel and I have download the device.config file from C2 Server and uploaded to my packet squirrel to the folder /etc/ When I trying the command C2CONNECT I see no request from my packet squirrel. Help will be great! Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2023 Share Posted November 28, 2023 Do you have any cc-client error log file in /tmp ? Quote Link to comment Share on other sites More sharing options...
aclx Posted November 28, 2023 Author Share Posted November 28, 2023 yes [1701174979 !ERR MAIN ] Device startup sync failed. Retrying... [1701174985 !ERR CURL ] Error posting update to server... [1701174985 !ERR INITSYNC ] Error in startup sync post [1701174985 !ERR MAIN ] Device startup sync failed. Retrying... [1701174990 !ERR CURL ] Error posting update to server... [1701174990 !ERR INITSYNC ] Error in startup sync post [1701174990 !ERR MAIN ] Device startup sync failed. Retrying... [1701174995 !ERR CURL ] Error posting update to server... [1701174995 !ERR INITSYNC ] Error in startup sync post [1701174995 !ERR MAIN ] Device startup sync failed. Retrying... Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2023 Share Posted November 28, 2023 Are the relevant ports open on the C2 server side? In what way is the C2 server started (with which command line options, don't post any public IP or domain name that might be "private")? Is it possible to ssh on port 2022 on the C2 server from the Squirrel (won't let you log in, but should respond)? Quote Link to comment Share on other sites More sharing options...
aclx Posted November 28, 2023 Author Share Posted November 28, 2023 I running a network sniffer between the squirrel and the C2 server. I can ping the server. When I am using the command wget https://name I see the tcp connection with my sniffer. When I am using the command C2CONNECT I can´t see any request from the squirrel ... are there any other logs on the squirrel ro check? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2023 Share Posted November 28, 2023 I'm waiting for answers to my previous questions before diving into something else. Quote Link to comment Share on other sites More sharing options...
aclx Posted November 28, 2023 Author Share Posted November 28, 2023 sorry ... right now I have 2 shark jacks and one key croc running an my c2 server Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2023 Share Posted November 28, 2023 Why are you using a port along with the IP address for the hostname parameter? Quote Link to comment Share on other sites More sharing options...
aclx Posted November 28, 2023 Author Share Posted November 28, 2023 because tcp 443 is already in use by another application Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2023 Share Posted November 28, 2023 This will probably mess up things since you should only specify an IP address or DNS name for the hostname parameter Quote Link to comment Share on other sites More sharing options...
aclx Posted November 28, 2023 Author Share Posted November 28, 2023 but other devices are working fine. the c2 server is not the problem. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted November 28, 2023 Share Posted November 28, 2023 ok, you will perhaps figure it out, it's not the way the C2 server is supposed to be executed though so I can't help you from this point if you decide to run it that way Quote Link to comment Share on other sites More sharing options...
aclx Posted December 4, 2023 Author Share Posted December 4, 2023 how can i check, if I have installed my private/public key and the ca certificate correctly on the packet squirrel? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 4, 2023 Share Posted December 4, 2023 What CA certificate? Aren't you using a self signed one? Quote Link to comment Share on other sites More sharing options...
aclx Posted December 4, 2023 Author Share Posted December 4, 2023 (edited) My own one. I using my private PKI Edited December 4, 2023 by aclx Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 4, 2023 Share Posted December 4, 2023 Well, I'm pretty sure you're not a Certificate Authority, so you're just using a self signed public and private key combo, nothing else, but anyway... First of all, what information did you provide for CN when creating the private/public key pair? Quote Link to comment Share on other sites More sharing options...
aclx Posted December 4, 2023 Author Share Posted December 4, 2023 the CN=squirrel01 Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 4, 2023 Share Posted December 4, 2023 Is that possible to resolve to the address where the C2 server is running? You seemed to be running the C2 server using an IP address in a previous post. Has this changed now? Quote Link to comment Share on other sites More sharing options...
aclx Posted December 4, 2023 Author Share Posted December 4, 2023 yes. I have changed it. And I can ping the C2 server from the PS. DNS works also fine Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 4, 2023 Share Posted December 4, 2023 ok, so the C2 server is called "squirrel01" and it's possible to resolve that hostname to the IP address where the C2 server is running. With that established, where did you put the public key/cert file on the Squirrel? Quote Link to comment Share on other sites More sharing options...
aclx Posted December 4, 2023 Author Share Posted December 4, 2023 no the squirrel is called squirrel01 and the server DemoC2. the squirrel can resolve the the name DemoC2 via DNS. Ping is working fine. is it necessary the that the CN (squirrel01) is sequel the hostname (squirrel)? I added the public key from the rootca /etc/ssl/certs/ca-certificates.crt and the priv/pub key to /etc/ssl/private/cert.pem Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 4, 2023 Share Posted December 4, 2023 The private key should never be copied to any other place than where it is really needed (which should be the C2 server in this case), only the public key/cert should "leave" the C2 server. The CN needs to represent the C2 server if you are using self signed certs, nothing else. Quote Link to comment Share on other sites More sharing options...
aclx Posted December 4, 2023 Author Share Posted December 4, 2023 okay. so far I am understand. the squirrel needs no client certificate, right? and the public key from the C2SERVER must be added to /etc/ssl/certs/ca-certificates.crt right? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted December 4, 2023 Share Posted December 4, 2023 You create a private/public key pair on the C2 server (using the correct/relevant CN). The public key/cert file from that key pair is then copied to the Squirrel. When it has been copied to the Squirrel it should be added to the file you mention. Quote Link to comment Share on other sites More sharing options...
aclx Posted December 4, 2023 Author Share Posted December 4, 2023 thanks a lot for your time and support!!! I will reset the squirrel to factory defaults and try it again. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.