Jump to content

C2 - Error starting SSH server: listen tcp bind: address already in use


Recommended Posts

I need some help and would like someone to assist me. I feel like I followed the directions, but I messed up somewhere as I went to relaunch using "sudo ./c2-3.3.0_amd64_linux -hostname https://X/" (which worked before), the following is provided.

[*] Initializing Hak5 Cloud C2 v3.3.0
[*] Hostname: https://X
[*] DB Path: c2.db
[*] Initial Setup Required - Setup token: X
[!] Error starting SSH server: listen tcp bind: address already in use

Admittedly, I am at my knowledge limit, a bit lost, and not sure how to resolve this the correct way. I want to delete everything and start over, but wanted to see if someone here could help me first, lol. Thanks in advance!

Link to comment
Share on other sites

21 minutes ago, NickBeanDNB said:

Error starting SSH server: listen tcp bind: address already in use

Check the ports already in use on your system. Also, check processes in the case you might have a C2 instance already running.

22 minutes ago, NickBeanDNB said:

sudo ./c2-3.3.0_amd64_linux -hostname https://X/

Running with "https", colon and slashes included in the hostname will most likely not work. I also assume that the "X" is just a temp replacement for an actual valid hostname (and not an IP address). If https is going to be used, IP addresses isn't going to work if using the built-in Let's Encrypt support. If using https without the built-in support, then more parameters are needed to get it working.

Link to comment
Share on other sites

You are right on both. I used my static ip after -hostname in the second example and I think that messed up Let's Encript's SSL somehow. Also, I did already have a C2 instance in systemd which was cloud2.service. I edited the systemd service file to add new domain that I created yesterday. Now when I use "sudo systemctl status cloudc2.service", I get the following. (x & X are placeholders.)

missing server name
TLS handshake error from x:31579: acme/autocert: host "X" not configured in HostWhitelist

I hope that makes sense. I don't now where to go or how to fix it and want to wipe it all and start over, but I feel like that does not teach me anything. Thank you again for your assistance.

Link to comment
Share on other sites

The machine where you run C2; is it possible to access it from the internet? I.e. is it a public VPS or a resource on an internal/private network behind a firewall? More info needed about that to be able to troubleshoot things correctly.

Is the new domain possible to resolve to the relevant IP address where C2 is running?

Are port(s) open in any firewall that is needed by Let's Encrypt?

Link to comment
Share on other sites

All ports are open per the instructions followed and I'm using Amazon Lightsail VPS following the instructions posted. I cannot access with the domain name or IP address from a browser. When I use port 8080 I get ERR_CONNECTION_REFUSED but when I use the static IP It returns ERR_SSL_PROTOCOL_ERROR. When I enter the domain name into the browser it returns the same.

When I run 'sudo systemctl status cloudc2.service', it shows http instead of https in the domain name after -hostname. I'm not sure if that's important or not. 



Link to comment
Share on other sites

I think you need to step back a bit and specify what setup you want to achieve.

Some parameters seem to be set, such as the fact that you're using a Lightsail VPS

Then you need to decide if you want to use a domain name and if you're going to use https or not.

When the details have been established, it's possible to offer some kind of guidance on how to set it all up.

Link to comment
Share on other sites

I want to be able to connect to C2 from anywhere to 3 devices that I have set up at my home network (packet squirrel, key croc, and screen crab). I do want to use HTTPS, but I don't think a domain name would not be required for what I am planning. Pretty much, I am just wanting to learn more and play around with the tech, mostly the packet squirrel, that will be at my house, where ever I am. Obviously I am using everything on my own networks. I hope that helps and makes sense. 

Link to comment
Share on other sites

OK, then you need to decide what route you want to travel; using that domain name you already have and go with Let's Encrypt, or go down the other path involving more setup. I wouldn't advise trying to use any certificate handling other than Let's Encrypt in this case, just to keep things as simple as possible.

Link to comment
Share on other sites

See attached for the open ports.

I followed the directions to move the C2 binary and service file (cloudc2.service) to systemd so it would stay up, but I think I messed something up there. I was able to access the WebUI at one point before I attempted the Let's Encript and "service on boot" guides on the docs.hak5.org website.

Screenshot 2024-01-17 103020.png

Link to comment
Share on other sites

### /etc/systemd/system/cloudc2.service
# [Unit]
# Description=Hak5 Cloud C2
# After=cloudc2.service
# [Service]
# Type=idle
# ExecStart=/usr/local/bin/c2-3.3.0_amd64_linux -hostname http://x/ -https -db /var/cloudc2/c2.db
# [Install]
# WantedBy=multi-user.target

What is odd is that I edited it and removed the http:// after host name. Before that, I had my IP in there and you showed me that -https would not work with an IP so that is when I registered the domain and added it into the service file.

Link to comment
Share on other sites

As I said before

On 1/15/2024 at 5:26 PM, dark_pyrro said:

Running with "https", colon and slashes included in the hostname will most likely not work

The same goes with anything used to specify the hostname parameter

So, if the A record that resolves the domain name to the public IP address of the Lightsail VPS where C2 is running is "mydomainname.com" (without the quote marks), you have to use that (and that alone) along with the hostname parameter, nothing else. Don't add any http or https, any colons, or any slashes.

I.e. not

-hostname http://mydomainname.com/


-hostname https://mydomainname.com/

but instead only

-hostname mydomainname.com


All in all, something like

ExecStart=/usr/local/bin/c2-3.3.0_amd64_linux -hostname mydomainname.com -https -db /var/cloudc2/c2.db


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...