Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

V1.6.0/http c2 #1454

Merged
merged 123 commits into from
Nov 13, 2023
Merged

V1.6.0/http c2 #1454

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
123 commits
Select commit Hold shift + click to select a range
8ad0dfb
Outline http c2 in db
moloch-- May 17, 2023
f1f736d
Outline http c2 in db
moloch-- May 17, 2023
7661d0c
Implement gorm hooks, cleanup
moloch-- May 17, 2023
55c8cdd
Expanded default http c2 config
moloch-- May 18, 2023
086eb7f
Added more cookie names
moloch-- May 18, 2023
afa2b5c
Implemented basic http c2 pb
moloch-- May 18, 2023
a947d9e
Implemented basic http c2 pb
moloch-- May 18, 2023
ae101d3
Implemented ToProtobuf() conversions
moloch-- May 18, 2023
bad1897
Implemented ToProtobuf() conversions
moloch-- May 18, 2023
865f295
wip refactor of generate code
moloch-- May 19, 2023
89b0263
switch use of models.ImplantConfig to clientpb.ImplantConfig
TimBF May 23, 2023
82c68bd
ImplantConfigSave uses model object instead of protobuf
TimBF May 25, 2023
bedc225
added default http profile generator
TimBF May 25, 2023
0f38081
check for presence of default http c2 profile on startup, and if not …
TimBF May 25, 2023
d98b24f
add boolean checks for named pipe and tcp pivot
TimBF May 25, 2023
d674b8d
fix sliver rendering code variable name changes
TimBF May 25, 2023
09f2521
added check for included c2 channels during config generation
TimBF May 26, 2023
3b295b3
fixed renamed protobuf issues and default configuration save
TimBF May 28, 2023
95a4604
fix path segments generation issues
TimBF May 30, 2023
8f7da07
protobuf build update
TimBF May 30, 2023
75c3d0c
load http configurations from database on listener creation
TimBF May 30, 2023
4b7b8c4
autoload default profile during implant generation
TimBF May 30, 2023
a6ba863
Merge branch 'v1.6.0/master' into v1.6.0/http-c2
TimBF May 30, 2023
429c520
add ECCPublicKeyDigest to protobuf and database
TimBF May 30, 2023
c03975d
added profile randomization during implant generation
TimBF May 30, 2023
3e67c6e
replaced hardcoded http profile value with commandline arg, fixed pb …
TimBF May 30, 2023
c8a661d
fix for binary test cases
TimBF Jun 4, 2023
43eb9e3
update protobuf definition for c2 listeners
TimBF Jun 5, 2023
126dcf7
remove persistent flag from client job commands and update variable name
TimBF Jun 5, 2023
906b8ee
rebuild protobuf
TimBF Jun 5, 2023
dd43313
move away from server object to protobuf
TimBF Jun 5, 2023
5281465
typo
TimBF Jun 5, 2023
a463aa1
added listener jobs to database, fixed jobid output issue and impleme…
TimBF Jun 5, 2023
3dc7002
fixed jobid display error and added sql tables for dns domains and mtls
TimBF Jun 5, 2023
1241d87
remove listener from db when killed
TimBF Jun 5, 2023
1419e71
store and retrieve persistent listeners from database
TimBF Jun 6, 2023
1953547
remove unused code
TimBF Jun 6, 2023
dcb0128
added multiplayer mode job listener to db
TimBF Jun 6, 2023
2cac1eb
set default value for c2 profile and move to constant strings
TimBF Jun 7, 2023
a73bdf9
automatically update job id's on server restart
TimBF Jun 7, 2023
ee95829
refactor job creation and move hardcoded values to constants
TimBF Jun 7, 2023
678c70d
add default port check for mtls
TimBF Jun 7, 2023
25f7c6e
switch to constants variable
TimBF Jun 7, 2023
6e49197
add protobuf definition for watchtower config
TimBF Jun 7, 2023
fca1202
added watchtower objects to sql db
TimBF Jun 8, 2023
20221a8
updated watchtower pb object, and added commands for listing adding a…
TimBF Jun 9, 2023
aac5b22
added rpc functions for watchtower configuration
TimBF Jun 9, 2023
a1194c0
allow inserting, deleting and retrieving watchtower configurations fr…
TimBF Jun 11, 2023
b7d8c53
retrieve monitor config from sqlite db on start command
TimBF Jun 11, 2023
c7531bd
fixed http c2 randomizer and path segments length bug
TimBF Jun 11, 2023
aa2652e
add default http c2 profile parameter for beacons
TimBF Jun 11, 2023
58b4596
merged 1.6 master into branch
TimBF Aug 30, 2023
29c2c9d
merge master into branch
TimBF Aug 30, 2023
4f98512
merged master into branch
TimBF Sep 4, 2023
67c519e
add autocomplete for c2profile parameter during generation
TimBF Sep 4, 2023
580d512
added main request handler for http profiles
TimBF Sep 4, 2023
b1ba761
update handler to select session cookie based on profile
TimBF Sep 4, 2023
f2b4221
remove error handling statement
TimBF Sep 6, 2023
eccc31f
fix regression, http listener now uses correct port, and http headers…
TimBF Sep 7, 2023
4921fa4
display implant c2 profile in implants command
TimBF Sep 13, 2023
99817a5
implemented c2 profile import and display
TimBF Sep 13, 2023
002e38e
Merge branch 'master' into v1.6.0/http-c2
TimBF Sep 13, 2023
1bba353
fix profile parsing errors
TimBF Sep 13, 2023
4bcefdd
fix circular dependency
TimBF Sep 14, 2023
e5a01ae
moved c2profile struct to client assets
TimBF Sep 14, 2023
7b67ec8
save profile to database on import
TimBF Sep 14, 2023
d924d80
added dropdown to choose c2 profile
TimBF Sep 18, 2023
e70a022
add check for duplicate stager extension and duplicate c2 profile name
TimBF Sep 18, 2023
96a6efa
restart http/s listeners on c2 profile import
TimBF Sep 25, 2023
237663b
move job restart on profile import client side
TimBF Sep 25, 2023
7fce95e
allow overwriting c2 profiles on the fly
TimBF Sep 28, 2023
01c8131
added watchtower configuration import/deletion/view
TimBF Sep 29, 2023
3da9ffb
added c2 profile flag to profile creation
TimBF Oct 3, 2023
f6ac166
display c2 profile in profile details
TimBF Oct 3, 2023
3ba3cf1
create resourceID table
TimBF Oct 4, 2023
0b9d7cc
added resource id queries and save
TimBF Oct 4, 2023
b8dcf75
generate encoder id's on server setup for backend
TimBF Oct 6, 2023
49b8cd2
embed encoder id's during code rendering
TimBF Oct 6, 2023
ea1fbf1
save implant id to profile during profile creation
TimBF Oct 6, 2023
3d6a8dd
switch to uin64[] instead of int[]
TimBF Oct 6, 2023
114ad3e
remove resource id on profile deletion
TimBF Oct 6, 2023
03cfab5
Merge branch 'master' into v1.6.0/http-c2
TimBF Oct 6, 2023
cb8170c
change naming and type of encoder id's
TimBF Oct 6, 2023
da9b72c
modify stagerhandler to serve valid profile (without stage-listener m…
TimBF Oct 8, 2023
c578c42
fix stager listener url generationerror
TimBF Oct 8, 2023
a0fa261
display profile nonce
TimBF Oct 8, 2023
47f19d4
switch to referencing builds by resource ID instead of profiles in st…
TimBF Oct 13, 2023
05a6947
modify backend to server arbitrary stages for a given implant configu…
TimBF Oct 15, 2023
ff382e4
Refactor websites to only use protobuf objects
TimBF Oct 15, 2023
6c77151
started moving c2profile to only use protobuf, fixed bug in http main…
TimBF Oct 16, 2023
fdec3cb
Started moving all use of models.* structs to the models and helpers …
TimBF Oct 22, 2023
504e5c7
check port is not in use before spawning listener
TimBF Oct 22, 2023
e204247
move implantbuild models to protobuf struct
TimBF Oct 22, 2023
7dc6310
renamed db functions for consistency
TimBF Oct 22, 2023
b723194
fix implant config generation for stagers
TimBF Oct 22, 2023
fce8673
fix incorrect object reference error
TimBF Oct 24, 2023
02d1eb5
refactored generate rpc
TimBF Oct 24, 2023
99281ba
removed name from implantconfig, implant names are only tied to builds
TimBF Oct 24, 2023
9870c25
remove save stager rpc call
TimBF Oct 24, 2023
7a6f2c3
resource id's no longer need to be prime
TimBF Oct 31, 2023
79ca1c9
update protobuf definitions for generate stage rpc call
TimBF Oct 31, 2023
749c3b9
fixed profile removal crash and automatically delete profile implantc…
TimBF Oct 31, 2023
4b0190b
check implant exists before freeing up resources
TimBF Oct 31, 2023
9a63b64
remove implant builds when implant profiles are removed
TimBF Oct 31, 2023
c83a044
allow disabling http payload staging
TimBF Nov 4, 2023
d3f4096
fixed missing implant config id bug
TimBF Nov 4, 2023
3442599
add missing field in implantconfig protobuf
TimBF Nov 6, 2023
a691484
fix config reuse bug and duplicate c2 object creation
TimBF Nov 7, 2023
9178f6e
move keys to implant build (WG, MTLS and ECC)
TimBF Nov 8, 2023
2c5c3ac
Move stage generation server side and add a new subcommand for profil…
TimBF Nov 9, 2023
d88011e
remove http/s stage listeners
TimBF Nov 9, 2023
e6487fb
implants command now displays resource id's
TimBF Nov 9, 2023
4e56c69
implants now also display whether compression/encryption was used in …
TimBF Nov 9, 2023
a19fddf
merge master
TimBF Nov 10, 2023
48d7e72
add option to save stage to disk
TimBF Nov 10, 2023
21468a6
Duplicate minisign dep to client/
moloch-- Nov 10, 2023
eddfa20
Move minisign to util/
moloch-- Nov 10, 2023
b84092b
renamed resourceIDs
TimBF Nov 10, 2023
e25e228
remove server side imports from utils package
TimBF Nov 10, 2023
ebf68f6
Fix println, dropped err
moloch-- Nov 10, 2023
ac9b293
Fix website pkg tests and MapContent, refactor naming
moloch-- Nov 10, 2023
b6df1e2
update go.mod and update WGImplantPrivKey reference to build object
TimBF Nov 13, 2023
6e40fcd
fix binary generation tests
TimBF Nov 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
86 changes: 86 additions & 0 deletions client/assets/c2profiles.go
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,86 @@
package assets

/*
Sliver Implant Framework
Copyright (C) 2019 Bishop Fox

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/

// HTTPC2Config - Parent config file struct for implant/server
type HTTPC2Config struct {
ImplantConfig HTTPC2ImplantConfig `json:"implant_config"`
ServerConfig HTTPC2ServerConfig `json:"server_config"`
}

// HTTPC2ServerConfig - Server configuration options
type HTTPC2ServerConfig struct {
RandomVersionHeaders bool `json:"random_version_headers"`
Headers []NameValueProbability `json:"headers"`
Cookies []string `json:"cookies"`
}

type NameValueProbability struct {
Name string `json:"name"`
Value string `json:"value"`
Probability int `json:"probability"`
Methods []string
}

// HTTPC2ImplantConfig - Implant configuration options
// Procedural C2
// ===============
// .txt = rsakey
// .css = start
// .php = session
//
// .js = poll
//
// .png = stop
// .woff = sliver shellcode
type HTTPC2ImplantConfig struct {
UserAgent string `json:"user_agent"`
ChromeBaseVersion int `json:"chrome_base_version"`
MacOSVersion string `json:"macos_version"`

NonceQueryArgChars string `json:"nonce_query_args"`
URLParameters []NameValueProbability `json:"url_parameters"`
Headers []NameValueProbability `json:"headers"`

MaxFiles int `json:"max_files"`
MinFiles int `json:"min_files"`
MaxPaths int `json:"max_paths"`
MinPaths int `json:"min_paths"`

// Stager files and paths
StagerFileExt string `json:"stager_file_ext"`
StagerFiles []string `json:"stager_files"`
StagerPaths []string `json:"stager_paths"`

// Poll files and paths
PollFileExt string `json:"poll_file_ext"`
PollFiles []string `json:"poll_files"`
PollPaths []string `json:"poll_paths"`

// Session files and paths
StartSessionFileExt string `json:"start_session_file_ext"`
SessionFileExt string `json:"session_file_ext"`
SessionFiles []string `json:"session_files"`
SessionPaths []string `json:"session_paths"`

// Close session files and paths
CloseFileExt string `json:"close_file_ext"`
CloseFiles []string `json:"close_files"`
ClosePaths []string `json:"close_paths"`
}
2 changes: 1 addition & 1 deletion client/command/armory/armory.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ import (
"github.com/bishopfox/sliver/client/command/extensions"
"github.com/bishopfox/sliver/client/command/settings"
"github.com/bishopfox/sliver/client/console"
"github.com/bishopfox/sliver/server/cryptography/minisign"
"github.com/bishopfox/sliver/util/minisign"
)

// ArmoryIndex - Index JSON containing alias/extension/bundle information
Expand Down
2 changes: 1 addition & 1 deletion client/command/armory/install.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ import (
"github.com/bishopfox/sliver/client/command/extensions"
"github.com/bishopfox/sliver/client/console"
"github.com/bishopfox/sliver/client/constants"
"github.com/bishopfox/sliver/server/cryptography/minisign"
"github.com/bishopfox/sliver/util/minisign"
)

// ErrPackageNotFound - The package was not found
Expand Down
2 changes: 1 addition & 1 deletion client/command/armory/parsers.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ import (
"time"

"github.com/bishopfox/sliver/client/assets"
"github.com/bishopfox/sliver/server/cryptography/minisign"
"github.com/bishopfox/sliver/util/minisign"
)

// ArmoryIndexParser - Generic interface to fetch armory indexes
Expand Down
Loading
Loading