Hak5 Cloud C2 as a service on a Ubuntu server (or alike) without domain name or https

First, make sure that the C2 instance runs without any problems when started manually from the command line. The C2 instance also has to be fully set up with a registered/valid license.

A good advise is to rename the executable C2 binary so that the service doesn't have to be renamed for every new version, for example rename to:
c2_community_linux64

Move the Cloud C2 binary to a more suitable location in the file system
sudo mv c2_community_linux64 /usr/local/bin

Create a directory for database file
sudo mkdir /var/cloudc2

Move the database file
sudo mv c2.db /var/cloudc2/

Create a systemd service file for Cloud C2
sudo nano /etc/systemd/system/cloudc2.service

Add the lines below (replace parameters as necessary for this specific C2 instance if needed)

[Unit]
Description=Hak5 Cloud C2
After=cloudc2.service
[Service]
Type=idle
ExecStart=/usr/local/bin/c2_community_linux64 -hostname <ip address> -db /var/cloudc2/c2.db
[Install]
WantedBy=multi-user.target

Run the following commands to reload, enable on boot, start and inspect the newly created Cloud C2 service
sudo systemctl daemon-reload
sudo systemctl enable cloudc2.service
sudo systemctl start cloudc2.service
sudo systemctl status cloudc2.service

Reboot the server and verify that Cloud C2 is available as a service (i.e. browse to the C2 instance)

It's also possible to ssh into the server and run ps ax and look for the C2 process

If the C2 service does not start (can be checked with the same command as above: sudo systemctl status cloudc2.service) then it might be a fact that the service tries to start before the server has gotten a connection to the internet, hence not possible for it to validate the C2 license and therefore the service will not start. In that case, it's possible to add a sleep in the service to let it sleep for a specified amount of time before the C2 instance starts. In the [Service] section, add the following line before ExecStart (adjust the time as needed)
ExecStartPre=/bin/sleep 30

Save and reboot the server again... Verify...

(Based on information in the 2703 episode Hak5 video by Darren)

Popular posts from this blog

Hak5 Cloud C2 on a Raspberry Pi

Setting up the Raspberry Pi (RPi) itself isn't covered here, a default installation of Raspberry Pi OS Lite will do the job. This setup will work on a LAN only, i.e. no external access to the C2 instance from the internet. To get that working, port openings and stuff is needed but that isn't covered here. If needed, run the following to get information about which C2 version to run on the RPi: cat /proc/cpuinfo Note! You need a license key from Hak5 in order to activate/validate the installation (the community edition is free, but still needs a license key). The RPi also needs to have a working connection to the internet since the C2 license is validated at service start, and during runtime as well. Download the C2 zip file to the RPi and unzip it wget https://c2.hak5.org/download/community -O c2.zip unzip c2.zip Start the server manually to verify that it works: ./c2-3.1.2_armv7_linux -hostname <ip address> (or whatever version that was downloaded) When the C2 instance h
Read more

Hak5 Cloud C2 as a Windows service

As long as the C2 Windows binary is just a plain and simple exe (i.e. a "non-service" executable), it won't be allowed to start as a service in Windows (error 1053). To do this, either A) the C2 binary for Windows needs to be developed in a way that it is allowed to be started as a service or B) use one of the utilities out there on the interwebs that allows using an "ordinary" exe as a service. The "Plan B" is used here building on the tool "srvstart". Download the latest C2 zip file from Hak5 and extract it Download srvstart and extract the zip file https://github.com/rozanski/srvstart/blob/master/srvstart/srvstart_run.v110.zip Copy/move the two DLL and two EXE files from the srvstart zip to the C:\Windows folder of the computer (or somewhere in PATH) Make sure that there is a "msvcrt.dll" file in C:\Windows\System32 Rename the Hak5 C2 executable (64 bit variant used here) to c2_amd64_windows.exe This makes it more "transpare
Read more

Project name: WEIRDFEED

  Project name: WEIRDFEED Instruction on installing Kali Linux 2020.4 AMD64 using an ISO file downloaded from kali.org on a Windows 10 2004 host/"hypervisor" running VirtualBox 6.1.16 r140961 (w/ VirtualBox Extension Pack) and get the Hak5 Shark Jack available to the VM Make sure that virtualization is enabled in BIOS/UEFI (VT-x/AMD-V) otherwise you might get the turtle Create a new VM in VirtualBox by clicking "New" Name the VM and select Linux as Type and Debian 64-bit as Version Set the desired amount of RAM (using 2048 MB here) Create a Virtual storage device (using 24 GB here) The VM is now created, click "Settings" and make any additional config to the VM (# of CPUs/cores, video RAM, disable floppy, disable audio, shared folders, etc. anything of choice that is valid) Last but not least, attach the Kali Linux ISO file to the virtual optical drive of the VM Click "OK" Click "Start" to boot the VM Select the startup disk if asked (o
Read more