C2 - Error starting SSH server: listen tcp 0.0.0.0:2022: bind: address already in use

[NickBeanDNB]

I need some help and would like someone to assist me. I feel like I followed the directions, but I messed up somewhere as I went to relaunch using "sudo ./c2-3.3.0_amd64_linux -hostname https://X/" (which worked before), the following is provided.

[*] Initializing Hak5 Cloud C2 v3.3.0
[*] Hostname: https://X
[*] DB Path: c2.db
[*] Initial Setup Required - Setup token: X
[!] Error starting SSH server: listen tcp 0.0.0.0:2022: bind: address already in use
 

Admittedly, I am at my knowledge limit, a bit lost, and not sure how to resolve this the correct way. I want to delete everything and start over, but wanted to see if someone here could help me first, lol. Thanks in advance!

[dark_pyrro]

21 minutes ago, NickBeanDNB said:

Error starting SSH server: listen tcp 0.0.0.0:2022: bind: address already in use

Check the ports already in use on your system. Also, check processes in the case you might have a C2 instance already running.

22 minutes ago, NickBeanDNB said:

sudo ./c2-3.3.0_amd64_linux -hostname https://X/

Running with "https", colon and slashes included in the hostname will most likely not work. I also assume that the "X" is just a temp replacement for an actual valid hostname (and not an IP address). If https is going to be used, IP addresses isn't going to work if using the built-in Let's Encrypt support. If using https without the built-in support, then more parameters are needed to get it working.

[NickBeanDNB]

You are right on both. I used my static ip after -hostname in the second example and I think that messed up Let's Encript's SSL somehow. Also, I did already have a C2 instance in systemd which was cloud2.service. I edited the systemd service file to add new domain that I created yesterday. Now when I use "sudo systemctl status cloudc2.service", I get the following. (x & X are placeholders.)

missing server name
TLS handshake error from x:31579: acme/autocert: host "X" not configured in HostWhitelist

I hope that makes sense. I don't now where to go or how to fix it and want to wipe it all and start over, but I feel like that does not teach me anything. Thank you again for your assistance.

[dark_pyrro]

The machine where you run C2; is it possible to access it from the internet? I.e. is it a public VPS or a resource on an internal/private network behind a firewall? More info needed about that to be able to troubleshoot things correctly.

Is the new domain possible to resolve to the relevant IP address where C2 is running?

Are port(s) open in any firewall that is needed by Let's Encrypt?

[NickBeanDNB]

All ports are open per the instructions followed and I'm using Amazon Lightsail VPS following the instructions posted. I cannot access with the domain name or IP address from a browser. When I use port 8080 I get ERR_CONNECTION_REFUSED but when I use the static IP It returns ERR_SSL_PROTOCOL_ERROR. When I enter the domain name into the browser it returns the same.

When I run 'sudo systemctl status cloudc2.service', it shows http instead of https in the domain name after -hostname. I'm not sure if that's important or not. 

 

 

[dark_pyrro]

I think you need to step back a bit and specify what setup you want to achieve.

Some parameters seem to be set, such as the fact that you're using a Lightsail VPS

Then you need to decide if you want to use a domain name and if you're going to use https or not.

When the details have been established, it's possible to offer some kind of guidance on how to set it all up.

[NickBeanDNB]

I want to be able to connect to C2 from anywhere to 3 devices that I have set up at my home network (packet squirrel, key croc, and screen crab). I do want to use HTTPS, but I don't think a domain name would not be required for what I am planning. Pretty much, I am just wanting to learn more and play around with the tech, mostly the packet squirrel, that will be at my house, where ever I am. Obviously I am using everything on my own networks. I hope that helps and makes sense. 

[NickBeanDNB]

All devices will be on the same computer/home network.

[dark_pyrro]

OK, so if you want to use https with the built in Let's Encrypt functionality, you will need a registered domain name. If not, you can't use Let's Encrypt and you have to obtain/create certificates in some other way.

[NickBeanDNB]

I got a random one (x.uno) from Route 53, two days ago.

[dark_pyrro]

OK, then you need to decide what route you want to travel; using that domain name you already have and go with Let's Encrypt, or go down the other path involving more setup. I wouldn't advise trying to use any certificate handling other than Let's Encrypt in this case, just to keep things as simple as possible.

[dark_pyrro]

If you have "reserved" that domain name for other use, you can most likely use one registered for free at (for example) freenom.com

[NickBeanDNB]

I definitely want to that the simpler route and use Let's Encrypt. I have not used that domain for anything yet and the only intention of obtaining it was for this. 

[dark_pyrro]

Is the domain name linked to the public facing IP address of the Lightsail VPS (DNS A record)?

[NickBeanDNB]

Yes, I linked it to the static IP.

[dark_pyrro]

So, when you have C2 running, you can access the C2 web UI using the domain name?

[NickBeanDNB]

No, I get the following error

ERR_SSL_PROTOCOL_ERROR

 

[dark_pyrro]

What ports are opened in the Lightsail admin web UI for that specific VPS?

[dark_pyrro]

And, how is the C2 service started?

[NickBeanDNB]

See attached for the open ports.

I followed the directions to move the C2 binary and service file (cloudc2.service) to systemd so it would stay up, but I think I messed something up there. I was able to access the WebUI at one point before I attempted the Let's Encript and "service on boot" guides on the docs.hak5.org website.

[dark_pyrro]

11 minutes ago, dark_pyrro said:

And, how is the C2 service started?

What does the command line in the service file look like that starts C2 (remove any reference to your specific domain name if you don't want to post it publicly)?

[NickBeanDNB]

### /etc/systemd/system/cloudc2.service
# [Unit]
# Description=Hak5 Cloud C2
# After=cloudc2.service
# [Service]
# Type=idle
# ExecStart=/usr/local/bin/c2-3.3.0_amd64_linux -hostname http://x/ -https -db /var/cloudc2/c2.db
# [Install]
# WantedBy=multi-user.target

What is odd is that I edited it and removed the http:// after host name. Before that, I had my IP in there and you showed me that -https would not work with an IP so that is when I registered the domain and added it into the service file.

[NickBeanDNB]

I think I screwed it up when I was following (https://docs.hak5.org/cloud-c2/guides/lets-encrypt-ssl-configuration-and-device-enrollment) I used an IP address rather than a domain even though it literally says that you can't, LOL.

[dark_pyrro]

As I said before

On 1/15/2024 at 5:26 PM, dark_pyrro said:

Running with "https", colon and slashes included in the hostname will most likely not work

The same goes with anything used to specify the hostname parameter

So, if the A record that resolves the domain name to the public IP address of the Lightsail VPS where C2 is running is "mydomainname.com" (without the quote marks), you have to use that (and that alone) along with the hostname parameter, nothing else. Don't add any http or https, any colons, or any slashes.

I.e. not

-hostname http://mydomainname.com/

or

-hostname https://mydomainname.com/

but instead only

-hostname mydomainname.com

 

All in all, something like

ExecStart=/usr/local/bin/c2-3.3.0_amd64_linux -hostname mydomainname.com -https -db /var/cloudc2/c2.db

 

[NickBeanDNB]

I thought I resolved that the other day when you first stated it. I should be able to go in and edit it to the correct format and then restart the service, right?