NickBeanDNB Posted January 15 Share Posted January 15 I need some help and would like someone to assist me. I feel like I followed the directions, but I messed up somewhere as I went to relaunch using "sudo ./c2-3.3.0_amd64_linux -hostname https://X/" (which worked before), the following is provided. [*] Initializing Hak5 Cloud C2 v3.3.0 [*] Hostname: https://X [*] DB Path: c2.db [*] Initial Setup Required - Setup token: X [!] Error starting SSH server: listen tcp 0.0.0.0:2022: bind: address already in use Admittedly, I am at my knowledge limit, a bit lost, and not sure how to resolve this the correct way. I want to delete everything and start over, but wanted to see if someone here could help me first, lol. Thanks in advance! Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 15 Share Posted January 15 21 minutes ago, NickBeanDNB said: Error starting SSH server: listen tcp 0.0.0.0:2022: bind: address already in use Check the ports already in use on your system. Also, check processes in the case you might have a C2 instance already running. 22 minutes ago, NickBeanDNB said: sudo ./c2-3.3.0_amd64_linux -hostname https://X/ Running with "https", colon and slashes included in the hostname will most likely not work. I also assume that the "X" is just a temp replacement for an actual valid hostname (and not an IP address). If https is going to be used, IP addresses isn't going to work if using the built-in Let's Encrypt support. If using https without the built-in support, then more parameters are needed to get it working. Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 16 Author Share Posted January 16 You are right on both. I used my static ip after -hostname in the second example and I think that messed up Let's Encript's SSL somehow. Also, I did already have a C2 instance in systemd which was cloud2.service. I edited the systemd service file to add new domain that I created yesterday. Now when I use "sudo systemctl status cloudc2.service", I get the following. (x & X are placeholders.) missing server name TLS handshake error from x:31579: acme/autocert: host "X" not configured in HostWhitelist I hope that makes sense. I don't now where to go or how to fix it and want to wipe it all and start over, but I feel like that does not teach me anything. Thank you again for your assistance. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 16 Share Posted January 16 The machine where you run C2; is it possible to access it from the internet? I.e. is it a public VPS or a resource on an internal/private network behind a firewall? More info needed about that to be able to troubleshoot things correctly. Is the new domain possible to resolve to the relevant IP address where C2 is running? Are port(s) open in any firewall that is needed by Let's Encrypt? Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 17 Author Share Posted January 17 All ports are open per the instructions followed and I'm using Amazon Lightsail VPS following the instructions posted. I cannot access with the domain name or IP address from a browser. When I use port 8080 I get ERR_CONNECTION_REFUSED but when I use the static IP It returns ERR_SSL_PROTOCOL_ERROR. When I enter the domain name into the browser it returns the same. When I run 'sudo systemctl status cloudc2.service', it shows http instead of https in the domain name after -hostname. I'm not sure if that's important or not. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 17 Share Posted January 17 I think you need to step back a bit and specify what setup you want to achieve. Some parameters seem to be set, such as the fact that you're using a Lightsail VPS Then you need to decide if you want to use a domain name and if you're going to use https or not. When the details have been established, it's possible to offer some kind of guidance on how to set it all up. Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 17 Author Share Posted January 17 I want to be able to connect to C2 from anywhere to 3 devices that I have set up at my home network (packet squirrel, key croc, and screen crab). I do want to use HTTPS, but I don't think a domain name would not be required for what I am planning. Pretty much, I am just wanting to learn more and play around with the tech, mostly the packet squirrel, that will be at my house, where ever I am. Obviously I am using everything on my own networks. I hope that helps and makes sense. Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 17 Author Share Posted January 17 All devices will be on the same computer/home network. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 17 Share Posted January 17 OK, so if you want to use https with the built in Let's Encrypt functionality, you will need a registered domain name. If not, you can't use Let's Encrypt and you have to obtain/create certificates in some other way. Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 17 Author Share Posted January 17 I got a random one (x.uno) from Route 53, two days ago. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 17 Share Posted January 17 OK, then you need to decide what route you want to travel; using that domain name you already have and go with Let's Encrypt, or go down the other path involving more setup. I wouldn't advise trying to use any certificate handling other than Let's Encrypt in this case, just to keep things as simple as possible. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 17 Share Posted January 17 If you have "reserved" that domain name for other use, you can most likely use one registered for free at (for example) freenom.com Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 17 Author Share Posted January 17 I definitely want to that the simpler route and use Let's Encrypt. I have not used that domain for anything yet and the only intention of obtaining it was for this. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 17 Share Posted January 17 Is the domain name linked to the public facing IP address of the Lightsail VPS (DNS A record)? Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 17 Author Share Posted January 17 Yes, I linked it to the static IP. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 17 Share Posted January 17 So, when you have C2 running, you can access the C2 web UI using the domain name? Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 17 Author Share Posted January 17 No, I get the following error ERR_SSL_PROTOCOL_ERROR Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 17 Share Posted January 17 What ports are opened in the Lightsail admin web UI for that specific VPS? Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 17 Share Posted January 17 And, how is the C2 service started? Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 17 Author Share Posted January 17 See attached for the open ports. I followed the directions to move the C2 binary and service file (cloudc2.service) to systemd so it would stay up, but I think I messed something up there. I was able to access the WebUI at one point before I attempted the Let's Encript and "service on boot" guides on the docs.hak5.org website. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 17 Share Posted January 17 11 minutes ago, dark_pyrro said: And, how is the C2 service started? What does the command line in the service file look like that starts C2 (remove any reference to your specific domain name if you don't want to post it publicly)? Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 17 Author Share Posted January 17 ### /etc/systemd/system/cloudc2.service # [Unit] # Description=Hak5 Cloud C2 # After=cloudc2.service # [Service] # Type=idle # ExecStart=/usr/local/bin/c2-3.3.0_amd64_linux -hostname http://x/ -https -db /var/cloudc2/c2.db # [Install] # WantedBy=multi-user.target What is odd is that I edited it and removed the http:// after host name. Before that, I had my IP in there and you showed me that -https would not work with an IP so that is when I registered the domain and added it into the service file. Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 17 Author Share Posted January 17 I think I screwed it up when I was following (https://docs.hak5.org/cloud-c2/guides/lets-encrypt-ssl-configuration-and-device-enrollment) I used an IP address rather than a domain even though it literally says that you can't, LOL. Quote Link to comment Share on other sites More sharing options...
dark_pyrro Posted January 17 Share Posted January 17 As I said before On 1/15/2024 at 5:26 PM, dark_pyrro said: Running with "https", colon and slashes included in the hostname will most likely not work The same goes with anything used to specify the hostname parameter So, if the A record that resolves the domain name to the public IP address of the Lightsail VPS where C2 is running is "mydomainname.com" (without the quote marks), you have to use that (and that alone) along with the hostname parameter, nothing else. Don't add any http or https, any colons, or any slashes. I.e. not -hostname http://mydomainname.com/ or -hostname https://mydomainname.com/ but instead only -hostname mydomainname.com All in all, something like ExecStart=/usr/local/bin/c2-3.3.0_amd64_linux -hostname mydomainname.com -https -db /var/cloudc2/c2.db Quote Link to comment Share on other sites More sharing options...
NickBeanDNB Posted January 17 Author Share Posted January 17 I thought I resolved that the other day when you first stated it. I should be able to go in and edit it to the correct format and then restart the service, right? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.