Jump to content

Packet Squirrel is not connecting to my private C2 claud


Recommended Posts

OK... doing it from scratch...

- Cloud C2 running on a Ubuntu 20.04.x LTS machine
- Packet Squirrel Mk1 on fw 3.2
- Cloud C2 and Packet Squirrel both on local network (Cloud C2 server =

Download the Cloud C2 binary to the Ubuntu machine (verify the sha256 checksum of the downloaded file)
wget https://downloads.hak5.org/api/devices/cloudc2/firmwares/3.3.0-stable -O c2.zip

Unpack the zip file

Create a private/public key pair on the Ubuntu machine
openssl req -newkey rsa:2048 -x509 -sha256 -days 3650 -nodes -out c2-publ.crt -keyout c2-priv.key
NOTE! Be sure to use the address of the Cloud C2 server for the Common Name field when creating the key pair, in this case

Start the Cloud C2 server using the keys created
sudo ./c2-*_amd64_linux -hostname -https -keyFile ./c2-priv.key -certFile ./c2-publ.crt

Visit the Cloud C2 web UI, do the initial Cloud C2 setup, and add the Packet Squirrel device

Create a device.config file for the Packet Squirrel using the Cloud C2 web UI and download the device.config file from the Cloud C2 server

(The copying/scp of the files below can be made in different ways, here, it's done connecting to the Packet Squirrel in "arming mode" switch position to a computer, then the Packet Squirrel will be moved to the network where it will interact with the Cloud C2 server)

Copy the device.config file to /etc on the Packet Squirrel
scp device.config root@

Copy the public key file (never copy the private key!) to /etc/ssl/certs on the Packet Squirrel
scp c2-publ.crt root@

ssh into the Packet Squirrel and add the public key to the already existing ca-certificates.crt file on the Packet Squirrel
cat /etc/ssl/certs/c2-publ.crt >> /etc/ssl/certs/ca-certificates.crt

(Move the Packet Squirrel to the network where the Cloud C2 server is running, if it hasn't already, and connect the Packet Squirrel to that network using the "WAN" Ethernet port)

If the Cloud C2 Ubuntu based machine is running any local firewall, make sure to allow the relevant ports for Cloud C2

The Packet Squirrel should now show as online in the Cloud C2 web UI

Link to comment
Share on other sites

Then something is wrong in your setup. The way I described works as a generic instruction on how to set it up from start to finish.

The way I describe it is made with the Squirrel in arming mode. Any mode that allows the Squirrel to have internet access (or access to the network where C2 is running) should connect to C2 if it's properly configured, and since arming mode is using NETMODE NAT the Squirrel should have access to an external network. Make sure that C2CONNECT is executed (check that the cc-client process is running).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...