C2 Server Setup on a Raspberry Pi

I’ve owned numerous pieces of Hak5 gear for years (Pineapples, Turtles, Squirrels, etc..), and I’ve known of their Cloud C2 server (https://shop.hak5.org/products/c2) since its release but have not got around to setting one up… until now.

C2 was designed for deploying and managing Hak5 gear in the wild. It has a simple and straight forward web interface, an encrypted connection to devices with shell access and more from a single executable. It is self-hosted, which means you can host it almost anywhere. For example, many choose to host them on AWS or Azure, while others use their corporate networks. However, I wanted to host mine from home, and on a Raspberry Pi.

To accomplish this I needed a few things:

A dynamic DNS (DDNS) service.  Since virtually all residential internet providers (ISP) provide dynamic IP addresses to their customers. There many DDNS companies out there with dyn.com arguably being the largest. However, my firewall vendor provides its own DDNS service, saving me this small expense.

A license for the C2 server. Unless you are planning to use the C2 server in a professional manner (Pen-testing), you can sign up for the free community edition https://shop.hak5.org/products/c2#c2-versions. This step is required to get the activation key needed to run the server.

And lastly, you will need a Raspberry Pi. I chose to use a Raspberry Pi 3 for a couple of reasons. The first is that I already had several of them laying around unused from other long-dead (or never started) projects. The second reason is that they have a NIC and I did not want to have the extra steps of connecting it to my wireless network. I also always choose a wired connection over wireless when given the opportunity.

The first step in the setup process is to get an OS running on your Raspberry Pi. For this, I highly recommend the DietPi distribution (https://dietpi.com/). It is lightweight and though it has a ton of pre-configured software packages (https://dietpi.com/dietpi-software.html) they are not pre-installed.  This barebones default setup makes a great option for running a C2 server as it not only helps maximize performance (by having fewer services running) but also improves security (by having fewer services to keep up to date).

Once you have downloaded the latest DiePi ISO for your Raspberry Pi (or similar single-board computer), use the method of your choice to write the image do and SD card and power on the system. When running through the initial setup be sure to set your language and keyboard setting to match your region as the default is GB. I personally prefer to SSH in for the first run to avoid and potential keyboard language issues when setting passwords.

Now that the initial setup is completed, we can move onto the C2 server setup. For this, I have created a setup script to download the latest C2 files, set server variables, and configure it use SSL, plus add the C2 server as a service. Well, I just expanded on the work already completed on the Hak5 forms and Github repo from GoVanguard (https://github.com/GoVanguard/c2_cloud).

For the install DietPi should already have wget and unzip installed, so you just need to add git (apt-get install git). To download the setup script run:

“git clone https://github.com/br-at-d/c2_cloud.git

Then you will need to give the install script executable permissions with:

“chmod + x install.sh”

Now you can run the installer. Along the way you will be asked a series of question for how you want your C2 server to be setup. The only mandatory one is the first question which will ask to provide a Fully Qualified Domain Name (FQDN). For the rest, you can accept the default settings by hitting “Enter”.  Since the C2 server will need to be accessed from the internet I wanted to have the option to deviate from the default settings just in case someone wanted to scan the net looking for them.

The C2 download comes with multiple executables, the scripts are defaulted to use c2_community-linux-armv7 since my Raspberry Pi 3B+ is running an ARM7 processor. To confirm the processor of your hardware you either check the banner that is shown when logging in to the DietPi install or run “lscpu”. If you have a different processor or ARM version, you can make the necessary changes to the c2_start.sh file prior to running the installer.

Once the setup is complete you will need to run the c2_start.sh located in /usr/bin manually (not as a service) to complete the first-time setup. Prior to the first run you will need to make sure that your Pi is directly on the WAN or have your port forwarding rules in place not only for the C2 setting you specified but also for ports 80 and 443 (HTTP/S). This is needed for the Let’s Encrypt certificate generation process.

Be patient with the first run as it does take some time to set everything up. Once completed you will be given a setup token “XXXX-XXXX-XXXX-XXXX” that you will need to use along with our activation code that you would have received via email when registering.

At this point, you should be ready to open a web browser to navigate to your C2 server and complete the setup (activation, user names, and passwords, etc).

Now that the setup is complete you can start and stop the service whenever you choose with:

“service kak5c2 start/stop”

Or set the service to start automatically when powered on. With DietPi this is easily accomplished by using the dietpi-services tool to add it as a startup service.

One final note. I did struggle with getting my WiFi Pineapple Tetra to connect when testing internally. I did create a DNS A record for resolving the external FQDN of C2 to its internal IP. After numerous test, and thinking that there was something wrong with my config, I connected to the Tetra via SSH to run some nslookup commands and discovered that it was using its own DNS and ignoring the those that would normally be assigned via DHCP. After trying a few different configurations, I ended up just adding an entry to the Tetra’s host file, which I will have to remove prior to using it in the wild.

If you have a solution or a better workaround to this DNS setting please comment on the thread that I started over on the Hak5 forums: https://forums.hak5.org/topic/49690-getting-dns-from-dhcp-settings/