Posts

Hak5 Cloud C2 on a Raspberry Pi

Setting up the Raspberry Pi (RPi) itself isn't covered here, a default installation of Raspberry Pi OS Lite will do the job. This setup will work on a LAN only, i.e. no external access to the C2 instance from the internet. To get that working, port openings and stuff is needed but that isn't covered here. If needed, run the following to get information about which C2 version to run on the RPi: cat /proc/cpuinfo Note! You need a license key from Hak5 in order to activate/validate the installation (the community edition is free, but still needs a license key). The RPi also needs to have a working connection to the internet since the C2 license is validated at service start, and during runtime as well. Download the C2 zip file to the RPi and unzip it wget https://c2.hak5.org/download/community -O c2.zip unzip c2.zip Start the server manually to verify that it works: ./c2-3.1.2_armv7_linux -hostname <ip address> (or whatever version that was downloaded) When the C2 instance h
Post a Comment
Read more

KeyCroc and specific chars

 Just some words regarding the Key Croc having issues with special chars, both when it comes to QUACK them as well as trigger MATCH strings. (For those just stumbling on this text; you need to have been a part of the Hak5 Discord discussions about the matter to be able to place it into context) Running the following logged in using ssh on the Croc, it is obvious that the Croc thinks that there are no Swedish chars available to match even if you have told the Croc to use "se" as language. Some samples... root@croc:/usr/local/croc/bin# QUACK STRING "å" Traceback (most recent call last):   File "/usr/local/croc/bin/QUACK", line 281, in <module>     run_script(input_line, language)   File "/usr/local/croc/bin/QUACK", line 250, in run_script     context = run_ducky_line(context, line, lang_file)   File "/usr/local/croc/bin/QUACK", line 165, in run_ducky_line     elements = lang_file[char].split(","); KeyError: u'\xe5'
Read more

Hak5 Cloud C2 as a service on a Ubuntu server (or alike) without domain name or https

First, make sure that the C2 instance runs without any problems when started manually from the command line. The C2 instance also has to be fully set up with a registered/valid license. A good advise is to rename the executable C2 binary so that the service doesn't have to be renamed for every new version, for example rename to: c2_community_linux64 Move the Cloud C2 binary to a more suitable location in the file system sudo mv c2_community_linux64 /usr/local/bin Create a directory for database file sudo mkdir /var/cloudc2 Move the database file sudo mv c2.db /var/cloudc2/ Create a systemd service file for Cloud C2 sudo nano /etc/systemd/system/cloudc2.service Add the lines below (replace parameters as necessary for this specific C2 instance if needed) [Unit] Description=Hak5 Cloud C2 After=cloudc2.service [Service] Type=idle ExecStart=/usr/local/bin/c2_community_linux64 -hostname <ip address> -db /var/cloudc2/c2.db [Install] WantedBy=multi-user.target Run the following comma
Read more

Hak5 Cloud C2 as a Windows service

As long as the C2 Windows binary is just a plain and simple exe (i.e. a "non-service" executable), it won't be allowed to start as a service in Windows (error 1053). To do this, either A) the C2 binary for Windows needs to be developed in a way that it is allowed to be started as a service or B) use one of the utilities out there on the interwebs that allows using an "ordinary" exe as a service. The "Plan B" is used here building on the tool "srvstart". Download the latest C2 zip file from Hak5 and extract it Download srvstart and extract the zip file https://github.com/rozanski/srvstart/blob/master/srvstart/srvstart_run.v110.zip Copy/move the two DLL and two EXE files from the srvstart zip to the C:\Windows folder of the computer (or somewhere in PATH) Make sure that there is a "msvcrt.dll" file in C:\Windows\System32 Rename the Hak5 C2 executable (64 bit variant used here) to c2_amd64_windows.exe This makes it more "transpare
Read more

Project name: WEIRDFEED

  Project name: WEIRDFEED Instruction on installing Kali Linux 2020.4 AMD64 using an ISO file downloaded from kali.org on a Windows 10 2004 host/"hypervisor" running VirtualBox 6.1.16 r140961 (w/ VirtualBox Extension Pack) and get the Hak5 Shark Jack available to the VM Make sure that virtualization is enabled in BIOS/UEFI (VT-x/AMD-V) otherwise you might get the turtle Create a new VM in VirtualBox by clicking "New" Name the VM and select Linux as Type and Debian 64-bit as Version Set the desired amount of RAM (using 2048 MB here) Create a Virtual storage device (using 24 GB here) The VM is now created, click "Settings" and make any additional config to the VM (# of CPUs/cores, video RAM, disable floppy, disable audio, shared folders, etc. anything of choice that is valid) Last but not least, attach the Kali Linux ISO file to the virtual optical drive of the VM Click "OK" Click "Start" to boot the VM Select the startup disk if asked (o
Read more

Raspberry Pi - Bridge WLAN to local LAN

Object: Use a Raspberry Pi (RPi) to connect to a WiFi network (offering internet access) and “bridge” that using the ethernet port of the RPi to the WAN port of a WiFi router to act as a gateway for local endpoint devices. It is also possible to “bridge” the RPi ethernet port directly to a switch where other devices can get network access using an ethernet cable (or a single computer directly connected to the ethernet port of the RPi). “Schematics” for communication/setup: Internet > WiFi access point > WLAN NIC on RPi > Ethernet NIC on RPi > WAN port of a WiFi router > local WLAN (or ethernet ports) of the WiFi router > local endpoint devices/clients or, for a switch: Internet > WiFi access point > WLAN NIC on RPi > Ethernet NIC on RPi > switch port > local endpoint devices/clients via ethernet cable Things needed: Raspberry Pi (either an older one without onboard WLAN NIC or one with an onboard WLAN NIC) Raspberry Pi OS Lite, lates
Read more