Enabling Cloud C² as a service on boot and Exfiltration
Note: From version 3.0.0 onward all, Cloud C² editions (Community, Edition, Teams) use the same binary. Filenames for Cloud C² will differ from example - however all parameters remain the same.
# Enabling Cloud C2 as a service on a Linux-64 host with SystemD
# Builds on Hak5 episodes 2701 and 2702 with credit to Void-Byte
# https://forums.hak5.org/topic/50283-u...
# Expects Cloud C2 Community edition has run once before, generating c2.db
#
# Move Cloud C2 binary.
sudo mv c2_3.2.0_amd64_linux /usr/local/bin
# Create directory for database file
sudo mkdir /var/cloudc2
# Move database file
sudo mv c2.db /var/cloudc2/
# Create systemd service file.
sudo vi /etc/systemd/system/cloudc2.service
# Replace parameters as necessary for your instance
[Unit]
Description=Hak5 Cloud C2
After=cloudc2.service
[Service]
Type=idle
ExecStart=/usr/local/bin/c2_3.2.0_amd64_linux -hostname example.com -https -db /var/cloudc2/c2.db
[Install]
WantedBy=multi-user.target
# Reload, enable on boot, start and inspect the newly created Cloud C2 service
sudo systemctl daemon-reload
sudo systemctl enable cloudc2.service
sudo systemctl start cloudc2.service
sudo systemctl status cloudc2.service