Enabling Cloud C² as a service on boot and Exfiltration

VIDEO GUIDE

ENABLING CLOUD C2 AS A SERVICE ON BOOT WITH SYSTEMD

Note: From version 3.0.0 onward all, Cloud C² editions (Community, Edition, Teams) use the same binary. Filenames for Cloud C² will differ from example - however all parameters remain the same.

# Enabling Cloud C2 as a service on a Linux-64 host with SystemD
# Builds on Hak5 episodes 2701 and 2702 with credit to Void-Byte
# https://forums.hak5.org/topic/50283-u...
# Expects Cloud C2 Community edition has run once before, generating c2.db
#
# Move Cloud C2 binary.
sudo mv c2-3.2.0_amd64_linux /usr/local/bin

# Create directory for database file
sudo mkdir /var/cloudc2

# Move database file
sudo mv c2.db /var/cloudc2/

# Create systemd service file. 
sudo vi /etc/systemd/system/cloudc2.service

# Replace parameters as necessary for your instance
[Unit]
Description=Hak5 Cloud C2
After=cloudc2.service
[Service]
Type=idle
ExecStart=/usr/local/bin/c2-3.2.0_amd64_linux -hostname example.com -https -db /var/cloudc2/c2.db
[Install]
WantedBy=multi-user.target

# Reload, enable on boot, start and inspect the newly created Cloud C2 service
sudo systemctl daemon-reload
sudo systemctl enable cloudc2.service
sudo systemctl start cloudc2.service
sudo systemctl status cloudc2.service

Last updated 10 months ago