Hak5 Cloud C2 on a Raspberry Pi

Setting up the Raspberry Pi (RPi) itself isn't covered here, a default installation of Raspberry Pi OS Lite will do the job. This setup will work on a LAN only, i.e. no external access to the C2 instance from the internet. To get that working, port openings and stuff is needed but that isn't covered here.

If needed, run the following to get information about which C2 version to run on the RPi:
cat /proc/cpuinfo

Note!
You need a license key from Hak5 in order to activate/validate the installation (the community edition is free, but still needs a license key). The RPi also needs to have a working connection to the internet since the C2 license is validated at service start, and during runtime as well.

Download the C2 zip file to the RPi and unzip it
wget https://c2.hak5.org/download/community -O c2.zip
unzip c2.zip

Start the server manually to verify that it works:
./c2-3.1.2_armv7_linux -hostname <ip address>
(or whatever version that was downloaded)

When the C2 instance has been verified as working properly (possible to login, possible to add devices, etc. via the web GUI) it is good to set it up as a service.

It's also good to let the RPi have a static IP address on the local network, or at least a static DHCP lease.

Move the Cloud C2 binary to a more suitable location in the file system
sudo mv c2-3.1.2_armv7_linux /usr/local/bin

Create a directory for the database file
sudo mkdir /var/cloudc2

Move the database file
sudo mv c2.db /var/cloudc2/

Create a systemd service file for Cloud C2
sudo nano /etc/systemd/system/cloudc2.service

Add the lines below (replace parameters as necessary for this specific C2 instance if needed)

[Unit]
Description=Hak5 Cloud C2
After=cloudc2.service
[Service]
Type=idle
ExecStart=/usr/local/bin/c2-3.1.2_armv7_linux -hostname <ip address> -db /var/cloudc2/c2.db
[Install]
WantedBy=multi-user.target

Save and exit the file

Run the following commands to reload, enable on boot, start and inspect the newly created Cloud C2 service:
sudo systemctl daemon-reload
sudo systemctl enable cloudc2.service
sudo systemctl start cloudc2.service
sudo systemctl status cloudc2.service

Reboot the RPi and verify that Cloud C2 is available as a service (i.e. browse to the C2 instance from a device on the local network, use port 8080).

It's of course also possible to ssh into the RPi and run ps ax and look for the C2 process (if ssh has been enabled on the RPi that is).

If the C2 service does not start (can be checked with the same command as above: sudo systemctl status cloudc2.service) then it might be due to the fact that the service tries to start before the RPi has gotten a connection to the internet, hence not possible for it to validate the C2 license and therefore the service will not start. In that case, it's possible to add a sleep in the service to let it sleep for a specified amount of time before the C2 instance starts. In the [Service] section, add the following line before "ExecStart", adjust the time as needed
ExecStartPre=/usr/bin/sleep 30

Save and reboot again... Verify...

Comments

Post a Comment

Popular posts from this blog

Hak5 Cloud C2 as a Windows service

As long as the C2 Windows binary is just a plain and simple exe (i.e. a "non-service" executable), it won't be allowed to start as a service in Windows (error 1053). To do this, either A) the C2 binary for Windows needs to be developed in a way that it is allowed to be started as a service or B) use one of the utilities out there on the interwebs that allows using an "ordinary" exe as a service. The "Plan B" is used here building on the tool "srvstart". Download the latest C2 zip file from Hak5 and extract it Download srvstart and extract the zip file https://github.com/rozanski/srvstart/blob/master/srvstart/srvstart_run.v110.zip Copy/move the two DLL and two EXE files from the srvstart zip to the C:\Windows folder of the computer (or somewhere in PATH) Make sure that there is a "msvcrt.dll" file in C:\Windows\System32 Rename the Hak5 C2 executable (64 bit variant used here) to c2_amd64_windows.exe This makes it more "transpare
Read more

Project name: WEIRDFEED

  Project name: WEIRDFEED Instruction on installing Kali Linux 2020.4 AMD64 using an ISO file downloaded from kali.org on a Windows 10 2004 host/"hypervisor" running VirtualBox 6.1.16 r140961 (w/ VirtualBox Extension Pack) and get the Hak5 Shark Jack available to the VM Make sure that virtualization is enabled in BIOS/UEFI (VT-x/AMD-V) otherwise you might get the turtle Create a new VM in VirtualBox by clicking "New" Name the VM and select Linux as Type and Debian 64-bit as Version Set the desired amount of RAM (using 2048 MB here) Create a Virtual storage device (using 24 GB here) The VM is now created, click "Settings" and make any additional config to the VM (# of CPUs/cores, video RAM, disable floppy, disable audio, shared folders, etc. anything of choice that is valid) Last but not least, attach the Kali Linux ISO file to the virtual optical drive of the VM Click "OK" Click "Start" to boot the VM Select the startup disk if asked (o
Read more