c2

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2021 License: GPL-3.0 Imports: 21 Imported by: 4

Documentation

Index

Constants

View Source 
const (
	// DefaultSleep is the default sleep Time when the provided sleep value is empty or negative.
	DefaultSleep = time.Duration(60) * time.Second

	// DefaultJitter is the default Jitter value when the provided jitter value is negative.
	DefaultJitter uint8 = 5
)
View Source 
const (
	Waiting  status = 0
	Accepted status = iota
	Completed
	Error
)

These are status values that indicate the general status of the Job.

View Source 
const (
	MvInvalid  uint8 = 0x00
	MvNop      uint8 = 0x01
	MvHello    uint8 = 0x02
	MvError    uint8 = 0x07
	MvSpawn    uint8 = 0x11
	MvProxy    uint8 = 0x12
	MvResult   uint8 = 0x14
	MvUpdate   uint8 = 0x06
	MvRegister uint8 = 0x03
	MvComplete uint8 = 0x04
	MvShutdown uint8 = 0x05
	MvMultiple uint8 = 0x13
)
  • Message ID Value Mappings

Message ID Values are a byte value from 0 to 255 (uint8).

This value will assist in determining the action of the specified value. Values under 20 (<20) are considered system ID values and are used for controlling the Client session and invoking system specific functions. System functions are handled directly by the Session thread to prevent any lagtime during processing. Many system functions do not have a return.

Custom Message ID Values are defined in the "task" package.

Message ID Value Mappings

MvInvalid - 0: Invalid ID value. This value is always zero and is used to detect corrupted or invalid data. MvNop - 1: Instructs the server or client to wait until the next wakeup as there is no data to return. MvHello - 2: Initial ID value to send to the server as a client to begin the registration process. By design, this 

Packet should contain the device information struct.

MvError - 7: Used to inform that the Job ID that this Packet contains resulted in an error. By design, this Packet 

should contain a string value that describes the error.

MvSpawn - 17: Instructs the client Session to spawn a separate and independent Session from the current one. By design, 

this Packet payload should include an address to connect to and an optional Profile struct. If the Profile
struct is not provided, the new Session will use the current Profile.

MvProxy - 18: Instructs the client to open a new Listener to proxy traffic from other clients to the server. By design, 

the Packet payload should include a listening address and a Profile struct. These options will specify
the listening Proxy type and Profile used.

MvResult - 20: The first non-system ID value. This is used to respond to any Tasks issued with the payload of the 

Packet containing the Task result output.

MvUpdate - 6: Instructs the client to update it's time/jitter settings from the server. This Packet should contain 

an uint8 (jitter) and a uint64 (sleep) in the payload. This has no effect on the server.

MvRegister - 3: Sent by the server to a client when a client attempts to communicate to a server that it has not 

previously registered with. By design, the client should re-invoke the MvHello packet with the device
information to establish a proper connection to the target server.

MvComplete - 4: Response by the server when a client issues a MvHello packet. This indicates that registration is 

successful and the client may start the standard communication protocol.

MvShutdown - 5: Indicates shutdown by the server or client. If sent by the client, the server will remove the client 

Session from its database on the next cycle. If sent by the server, this instructs the client process
to stop working and perform cleanup functions.

MvMultiple - 19: Indicates that the Packet payload contains multiple separate Packets. This also indicates to the Packet 

reader that the Frag settings on the Packet should be read as Multi-Packet length and size values instead.

Variables

View Source 
var (
	// WrapHex is a Setting that enables the Hex Wrapper for the generated Profile.
	WrapHex = Setting{hexID}
	// WrapZlib is a Setting that enables the ZLIB Wrapper for the generated Profile.
	WrapZlib = Setting{zlibID}
	// WrapGzip is a Setting that enables the GZIP Wrapper for the generated Profile.
	WrapGzip = Setting{gzipID}
	// WrapBase64 is a Setting that enables the Base64 Wrapper for the generated Profile.
	WrapBase64 = Setting{base64ID}

	// ConnectTCP will provide a TCP connection 'hint' to the generated Profile. Hints will suggest the connection
	// type used if the connection setting in the 'Connect*', 'Oneshot' or 'Listen' functions is nil. If multiple
	// connection hints are contained in a Config, a 'ErrMultipleHints' will be returned.
	ConnectTCP = Setting{tcpID}
	// ConnectTLS will provide a TLS over TCP connection 'hint' to the generated Profile. Hints will suggest the
	// connection type used if the connection setting in the 'Connect*', 'Oneshot' or 'Listen' functions is nil.
	// If multiple connection hints are contained in a Config, a 'ErrMultipleHints' will be returned. This hint
	// cannot be used as a Listener.
	ConnectTLS = Setting{tlsID}
	// ConnectUDP will provide a UCO connection 'hint' to the generated Profile. Hints will suggest the connection
	// type used if the connection setting in the 'Connect*', 'Oneshot' or 'Listen' functions is nil. If multiple
	// connection hints are contained in a Config, a 'ErrMultipleHints' will be returned.
	ConnectUDP = Setting{udpID}
	// ConnectICMP will provide a ICMP connection 'hint' to the generated Profile. Hints will suggest the connection
	// type used if the connection setting in the 'Connect*', 'Oneshot' or 'Listen' functions is nil. If multiple
	// connection hints are contained in a Config, a 'ErrMultipleHints' will be returned.
	ConnectICMP = Setting{ipID, 1}
	// ConnectTLSNoVerify will provide a TLS over TCP connection 'hint' to the generated Profile. Hints will suggest
	// the connection type used if the connection setting in the 'Connect*', 'Oneshot' or 'Listen' functions is nil.
	// If multiple connection hints are contained in a Config, a 'ErrMultipleHints' will be returned. This setting
	// DOES NOT check the server certificate for validity. This hint cannot be used as a Listener.
	ConnectTLSNoVerify = Setting{tlsID, 1}

	// DefaultProfile is an simple profile for use with testing or filling without having to define all the
	// profile properties.
	DefaultProfile = &Profile{Size: uint(limits.MediumLimit()), Sleep: DefaultSleep, Jitter: uint(DefaultJitter)}

	// TransformBase64 is a Setting that enables the Base64 Transform for the generated Profile.
	TransformBase64 = Setting{base64TID}

	// ErrMultipleHints is an error returned by the 'Profile' function if more that one Connection Hint Setting is
	// attempted to be applied by the Config.
	ErrMultipleHints = xerr.New("config attempted to add multiple transforms")
	// ErrInvalidSetting is an error returned by the 'Profile' function if any of the specified Settings are invalid
	// or do contain valid information. The error returned will be a wrapped version of this error.
	ErrInvalidSetting = xerr.New("config setting is invalid")
	// ErrMultipleTransforms is an error returned by the 'Profile' function if more that one Transform Setting is
	// attempted to be applied by the Config. Unlink Wrappers, Transforms cannot be stacked.
	ErrMultipleTransforms = xerr.New("config attempted to add multiple transforms")
)
View Source 
var (
	// Default is the default Server instance. This can be used to directly use a client without having to
	// setup a Server instance first. This instance will use the 'NOP' logger, as logging is not needed.
	Default = NewServerContext(context.Background(), logx.NOP)

	// ErrNoConnector is a error returned by the Connect and Listen functions when the Connector is nil and the
	// provided Profile is also nil or does not contain a connection hint.
	ErrNoConnector = xerr.New("invalid or missing connector")
	// ErrEmptyPacket is a error returned by the Connect function when the expected return result from the
	// server was invalid or not expected.
	ErrEmptyPacket = xerr.New("server sent an invalid response")
)
View Source 
var (
	// ErrUnable is an error returned for a generic action if there is some condition that prevents the action
	// from running.
	ErrUnable = xerr.New("cannot preform this action")
	// ErrFullBuffer is returned from the WritePacket function when the send buffer for Session is full.
	ErrFullBuffer = xerr.New("cannot add a Packet to a full send buffer")
)
View Source 
var DefaultClientMux = MuxFunc(defaultClientMux)

DefaultClientMux is the default Session Mux instance that handles the default C2 server and client functions. This operates cleanly with the default Server Mux instance.

View Source 
var ErrCannotAssign = xerr.New("unable to assign a unused JobID (is Scheduler full?)")

ErrCannotAssign is an error returned by the 'Schedule' function when the random loop cannot find a valid JobID (unused). This may occur in random circumstances when the Scheduler is overused.

View Source 
var ErrInvalidPacketCount = xerr.New("frag total is zero on a multi or frag packet")

ErrInvalidPacketCount is returned when attempting to read a packet marked as multi or frag an the total count returned is zero.

Functions

func Oneshot 

func Oneshot(a string, c client, p *Profile, d *com.Packet) error

Oneshot sends the packet with the specified data to the server and does NOT register the device with the Server. This is used for spending specific data segments in single use connections. This function uses the Default Server instance.

func OneshotQuick 

func OneshotQuick(a string, c client, d *com.Packet) error

OneshotQuick sends the packet with the specified data to the server and does NOT register the device with the Server. This is used for spending specific data segments in single use connections. The '*Quick' functions infers the default Profile. This function uses the Default Server instance.

func Task 

func Task(t task.Tasker, s *Session, p *com.Packet)

Task will execute the provided Tasker with the provided Packet as the data input. The Session will be used to return the results to and will supply the context to run in. This function may return instantly if the Task is thread oriented, but will send the results after completion or error without further interaction.

Types

type Config 

type Config []Setting

Config is an array of settings that can be transformed into a valid C2 Profile. This alias also allows for reading/writing the settings from/into a Reader/Writer stream.

func (Config) Add 

func (c Config) Add(s Setting) Config

Add will append the specified Setting to the end of this Config array. This function also returns the Config array for convenience and easy chained use.

func (Config) Len 

func (c Config) Len() int

Len returns the amount of Settings contained in this Config.

func (Config) MarshalStream 

func (c Config) MarshalStream(w data.Writer) error

MarshalStream transforms this Config into a binary format and writes to the supplied data.Writer.

func (Config) Profile 

func (c Config) Profile() (*Profile, error)

Profile attempts to build a C2 Profile based on the Settings contained in this Config. This function will return 'ErrInvalidSetting' if any of the Settings contain invalid values, 'ErrMultipleTransforms' if multiple Transforms are contained in this Config or 'ErrMultipleHints' if multiple connection hints are contained in this Config.

func (*Config) Read 

func (c *Config) Read(r io.Reader) error

Read reads the data from the supplied Reader into this Config instance.

func (Config) String 

func (c Config) String() string

String returns a string representation of this Config.

func (*Config) UnmarshalStream 

func (c *Config) UnmarshalStream(r data.Reader) error

UnmarshalStream transforms this Config from a binary format that is read from the supplied data.Reader.

func (Config) Write 

func (c Config) Write(w io.Writer) error

Write writes this Config to a supplied io.Writer.

type ConnectFunc 

type ConnectFunc func(string) (net.Conn, error)

ConnectFunc is a wrapper alias that will fulfil the client interface and allow using a single function instead of creating a struct to create connections. This can be used in all Server 'Connect' function calls.

func (ConnectFunc) Connect 

func (c ConnectFunc) Connect(a string) (net.Conn, error)

Connect fulfills the serverClient interface.

type Job 

type Job struct {
	Start, Complete time.Time

	Result  *com.Packet
	Session *Session
	Update  func(*Job)

	Error  string
	ID     uint16
	Type   uint8
	Status status
	// contains filtered or unexported fields
}

Job is a struct that is used to track and manage Tasks given to Session Clients. This struct has function callbacks that can be used to watch for completion and also offers a Wait function to pause execution until a response is received.

func (*Job) IsDone 

func (j *Job) IsDone() bool

IsDone returns true when the Job has received a response.

func (*Job) IsError 

func (j *Job) IsError() bool

IsError returns true when the Job has received a response, but the response is an error.

func (*Job) Wait 

func (j *Job) Wait()

Wait will block until the Job is completed or the parent Server is shutdown.

type Listener 

type Listener struct {
	New, Connect func(*Session)
	Oneshot      func(*com.Packet)

	Receive func(*Session, *com.Packet)
	// contains filtered or unexported fields
}

Listener is a struct that is passed back when a C2 Listener is added to the Server. The Listener struct allows for controlling the Listener and setting callback functions to be used when a client connects, registers or disconnects.

func Listen 

func Listen(n, b string, c listener, p *Profile) (*Listener, error)

Listen adds the Listener under the name provided. A Listener struct to control and receive callback functions is added to assist in manageing connections to this Listener. This function uses the Default Server instance.

func (*Listener) Close 

func (l *Listener) Close() error

Close stops the operation of the Listener and any Sessions that may be connected. Resources used with this Listener will be freed up for reuse. This function blocks until the listener socket is closed.

func (*Listener) Connected 

func (l *Listener) Connected() []*Session

Connected returns an array of all the current Sessions connected to this Listener.

func (*Listener) Context 

func (l *Listener) Context() context.Context

Context returns the current Listener's context. This function can be useful for canceling running processes when this Listener closes.

func (Listener) IsActive 

func (l Listener) IsActive() bool

IsActive returns true if the Listener is still able to send and receive Packets.

func (*Listener) MarshalJSON 

func (l *Listener) MarshalJSON() ([]byte, error)

MarshalJSON fulfils the JSON Marshaler interface.

func (*Listener) Remove 

func (l *Listener) Remove(i device.ID)

Remove removes and closes the Session and releases all it's associated resources. This does not close the Session on the client's end, use the Shutdown function to properly shutdown the client process.

func (*Listener) Session 

func (l *Listener) Session(i device.ID) *Session

Session returns the Session that matches the specified Device ID. This function will return nil if no matching Device ID is found.

func (*Listener) Shutdown 

func (l *Listener) Shutdown(i device.ID)

Shutdown triggers a remote Shutdown and closure of the Session associated with the Device ID. This will not immediately close a Session. The Session will be removed when the Client acknowledges the shutdown request.

func (*Listener) String 

func (l *Listener) String() string

String returns the Name of this Listener.

func (*Listener) Wait 

func (l *Listener) Wait()

Wait will block until the current socket associated with this Listener is closed and shutdown.

type ListenerFunc 

type ListenerFunc func(string) (net.Listener, error)

ListenerFunc is a wrapper alias that will fulfil the listener interface and allow using a single function instead of creating a struct to create listeners. This can be used in all Server 'Listen' function calls.

func (ListenerFunc) Listen 

func (l ListenerFunc) Listen(a string) (net.Listener, error)

Listen fulfills the serverListener interface.

type MultiWrapper 

type MultiWrapper []Wrapper

MultiWrapper is an alias for an array of Wrappers. This will preform the wrapper/unwrapping operations in the order of the array. This is automatically created by a Config instance when multiple Wrappers are present.

func (MultiWrapper) Unwrap 

func (m MultiWrapper) Unwrap(r io.ReadCloser) (io.ReadCloser, error)

Unwrap satisfies the Wrapper interface.

func (MultiWrapper) Wrap 

func (m MultiWrapper) Wrap(w io.WriteCloser) (io.WriteCloser, error)

Wrap satisfies the Wrapper interface.

type Mux 

type Mux interface {
	Handle(*Session, *com.Packet)
}

Mux is an interface that handles Packets when they arrive for Processing.

type MuxFunc 

type MuxFunc func(*Session, *com.Packet)

MuxFunc is the definition of a Mux Handler func. Once wrapped as a 'MuxFunc', these function aliases can be also used in place of the Mux interface.

func (MuxFunc) Handle 

func (m MuxFunc) Handle(s *Session, p *com.Packet)

Handle satisfies the Mux interface requirement and will process the received Packet. This function allows Wrapped MuxFunc objects to be used directly in place of more complex Mux definitions.

type Profile 

type Profile struct {
	Wrapper   Wrapper
	Transform Transform

	Size   uint
	Sleep  time.Duration
	Jitter uint
	// contains filtered or unexported fields
}

Profile is a struct that represents a C2 profile. This is used for defining the specifics that will be used to listen by servers and for connections by clients. Nil or empty values will be replaced with defaults.

type Proxy 

type Proxy struct {
	// contains filtered or unexported fields
}

Proxy is a struct that controls a Proxied connection between a client and a server and allows for packets to be routed through a current established Session.

func (*Proxy) Close 

func (p *Proxy) Close() error

Close stops the operation of the Proxy and any Sessions that may be connected. Resources used with this Proxy will be freed up for reuse.

func (Proxy) IsActive 

func (p Proxy) IsActive() bool

IsActive returns true if the Proxy is still able to send and receive Packets.

func (*Proxy) Wait 

func (p *Proxy) Wait()

Wait will block until the current Proxy is closed and shutdown.

type Scheduler 

type Scheduler struct {
	// contains filtered or unexported fields
}

Scheduler is a handler that can manage and schedule Packets as Jobs to be sent to a Session and tracked. The resulting output (or errors) can be tracked by the resulting Job structs.

func (*Scheduler) Handle 

func (x *Scheduler) Handle(s *Session, p *com.Packet)

Handle is the function that inherits the Mux interface. This is used to find and redirect received Jobs. This Mux is rarely used in Sessions.

func (*Scheduler) Schedule 

func (x *Scheduler) Schedule(s *Session, p *com.Packet) (*Job, error)

Schedule will schedule the supplied Packet to the Session and will return a Job struct. This struct will indicate when a response from the client has been received. This function will write the Packet to the resulting Session.

type Server 

type Server struct {
	Log       logx.Log
	Scheduler *Scheduler
	// contains filtered or unexported fields
}

Server is the manager for all C2 Listener and Sessions connection and states. This struct also manages all events and connection changes.

func NewServer 

func NewServer(l logx.Log) *Server

NewServer creates a new Server instance for managing C2 Listeners and Sessions. If the supplied Log is nil, the 'logx.NOP' log will be used.

func NewServerContext 

func NewServerContext(x context.Context, l logx.Log) *Server

NewServerContext creates a new Server instance for managing C2 Listeners and Sessions. If the supplied Log is nil, the 'logx.NOP' log will be used. This function will use the supplied Context as the base context for cancelation.

func (*Server) Close 

func (s *Server) Close() error

Close stops the processing thread from this Server and releases all associated resources. This will signal the shutdown of all attached Listeners and Sessions.

func (*Server) Connect 

func (s *Server) Connect(a string, c client, p *Profile) (*Session, error)

Connect creates a Session using the supplied Profile to connect to the listening server specified. A Session will be returned if the connection handshake succeeds.

func (*Server) ConnectQuick 

func (s *Server) ConnectQuick(a string, c client) (*Session, error)

ConnectQuick creates a Session using the supplied Profile to connect to the listening server specified. A Session will be returned if the connection handshake succeeds. The '*Quick' functions infers the default Profile.

func (*Server) ConnectWith 

func (s *Server) ConnectWith(a string, c client, p *Profile, d *com.Packet) (*Session, error)

ConnectWith creates a Session using the supplied Profile to connect to the listening server specified. This function allows for passing the data Packet specified to the server with the initial registration. The data will be passed on normally.

func (*Server) Connected 

func (s *Server) Connected() []*Session

Connected returns an array of all the current Sessions connected to Listeners connected to this Server.

func (*Server) EnableRPC 

func (s *Server) EnableRPC(a string) error

EnableRPC will enable the JSON RPC listener at the following address. The RPC listener can be used to instruct and control the Server, as well as view Session information. An error may be returned if the current listening address is in use.

func (*Server) IsActive 

func (s *Server) IsActive() bool

IsActive returns true if this Controller is still able to Process events.

func (*Server) Listen 

func (s *Server) Listen(n, b string, c listener, p *Profile) (*Listener, error)

Listen adds the Listener under the name provided. A Listener struct to control and receive callback functions is added to assist in manageing connections to this Listener.

func (*Server) MarshalJSON 

func (s *Server) MarshalJSON() ([]byte, error)

MarshalJSON fulfils the JSON Marshaler interface.

func (*Server) Oneshot 

func (s *Server) Oneshot(a string, c client, p *Profile, d *com.Packet) error

Oneshot sends the packet with the specified data to the server and does NOT register the device with the Server. This is used for spending specific data segments in single use connections.

func (*Server) OneshotQuick 

func (s *Server) OneshotQuick(a string, c client, d *com.Packet) error

OneshotQuick sends the packet with the specified data to the server and does NOT register the device with the Server. This is used for spending specific data segments in single use connections. The '*Quick' functions infers the default Profile.

func (*Server) Wait 

func (s *Server) Wait()

Wait will block until the current Server is closed and shutdown.

type Session 

type Session struct {
	Last, Created time.Time

	Shutdown func(*Session)

	Receive func(*Session, *com.Packet)

	Device device.Machine

	ID device.ID
	// contains filtered or unexported fields
}

Session is a struct that represents a connection between the client and the Listener. This struct does some automatic handeling and acts as the communication channel between the client and server.

func Connect 

func Connect(a string, c client, p *Profile) (*Session, error)

Connect creates a Session using the supplied Profile to connect to the listening server specified. A Session will be returned if the connection handshake succeeds. This function uses the Default Server instance.

func ConnectQuick 

func ConnectQuick(a string, c client) (*Session, error)

ConnectQuick creates a Session using the supplied Profile to connect to the listening server specified. A Session will be returned if the connection handshake succeeds. The '*Quick' functions infers the default Profile. This function uses the Default Server instance.

func ConnectWith 

func ConnectWith(a string, c client, p *Profile, d *com.Packet) (*Session, error)

ConnectWith creates a Session using the supplied Profile to connect to the listening server specified. This function allows for passing the data Packet specified to the server with the initial registration. The data will be passed on normally. This function uses the Default Server instance.

func (*Session) Close 

func (s *Session) Close() error

Close stops the listening thread from this Session and releases all associated resources.

func (*Session) Context 

func (s *Session) Context() context.Context

Context returns the current Session's context. This function can be useful for canceling running processes when this Session closes.

func (Session) IsActive 

func (s Session) IsActive() bool

IsActive returns true if this Session is still able to send and receive Packets.

func (Session) IsChannel 

func (s Session) IsChannel() bool

IsChannel will return true is this Session sets the Channel flag on any Packets that flow this this Session, including Proxied clients or if this Session is currently in Channel mode, even if not explicitly set.

func (Session) IsClient 

func (s Session) IsClient() bool

IsClient returns true when this Session is not associated to a Listener on this end, which signifies that this session is Client initiated.

func (Session) IsProxy 

func (s Session) IsProxy() bool

IsProxy returns true when a Proxy has been attached to this Session and is active.

func (Session) Jitter 

func (s Session) Jitter() uint8

Jitter returns the Jitter percentage value. Values of zero (0) indicate that Jitter is disabled.

func (Session) MarshalJSON 

func (s Session) MarshalJSON() ([]byte, error)

MarshalJSON fulfils the JSON Marshaler interface.

func (*Session) Next 

func (s *Session) Next() *com.Packet

Next attempts to grab a Packet from the receiving buffer. This function will wait for a Packet while the buffer is empty.

func (*Session) Packets 

func (s *Session) Packets() <-chan *com.Packet

Packets returns a receive only channel that can be used in a for loop for acting on Packets when they arrive without using the Receive function.

func (*Session) Proxy 

func (s *Session) Proxy(b string, c listener, p *Profile) (*Proxy, error)

Proxy establishes a new listening Proxy connection using the supplied listener that will send any received Packets "upstream" via the current Session. Packets destined for hosts connected to this proxy will be routed back and forth on this Session. This function will return a wrapped 'ErrUnable' if this is not a client Session.

func (*Session) Read 

func (s *Session) Read() *com.Packet

Read attempts to grab a Packet from the receiving buffer. This function returns nil if the buffer is empty.

func (Session) RemoteAddr 

func (s Session) RemoteAddr() string

RemoteAddr returns a string representation of the remotely connected IP address. This could be the IP address of the c2 server or the public IP of the client.

func (*Session) Schedule 

func (s *Session) Schedule(p *com.Packet) (*Job, error)

Schedule is a quick alias for the 'Server.Scheduler.Schedule' function that uses this current Session in the Session parameter. This function will return a wrapped 'ErrUnable' error if this is a client Session.

func (*Session) Send 

func (s *Session) Send(p *com.Packet)

Send adds the supplied Packet into the stack to be sent to the server on next wake. This call is asynchronous and returns immediately. Unlike 'Write' this function does NOT return an error and will wait if the send buffer is full.

func (*Session) SetChannel 

func (s *Session) SetChannel(c bool)

SetChannel will disable setting the Channel mode of this Session. If true, every Packet sent will trigger Channel mode. This setting does NOT affect the Session enabling Channel mode if a Packet is sent with the Channel Flag enabled. Channel is NOT supported by non-statefull connections (UDP/Web/ICMP, etc).

func (*Session) SetDuration 

func (s *Session) SetDuration(t time.Duration, j int)

SetDuration sets the wake interval period and Jitter for this Session. This is the time value between connections to the C2 Server. This does NOT apply to channels. Jitter is a 0 to 100 percentage (inclusive) that will determine any +/- time is added to the waiting period. This assists in evading IDS/NDS devices/systems. A value of 0 will disable Jitter and any value over 100 will set the value to 100, which represents using Jitter 100% of the time. If this is a Server-side Session, the new value will be sent to the Client in a MvUpdate Packet.

func (*Session) SetJitter 

func (s *Session) SetJitter(j int)

SetJitter sets Jitter percentage of the Session's wake interval. This is a 0 to 100 percentage (inclusive) that will determine any +/- time is added to the waiting period. This assists in evading IDS/NDS devices/systems. A value of 0 will disable Jitter and any value over 100 will set the value to 100, which represents using Jitter 100% of the time. If this is a Server-side Session, the new value will be sent to the Client in a MvUpdate Packet.

func (*Session) SetSleep 

func (s *Session) SetSleep(t time.Duration)

SetSleep sets the wake interval period for this Session. This is the time value between connections to the C2 Server. This does NOT apply to channels. If this is a Server-side Session, the new value will be sent to the Client in a MvUpdate Packet. This setting does not affect Jitter.

func (Session) String 

func (s Session) String() string

String returns the details of this Session as a string.

func (Session) Time 

func (s Session) Time() time.Duration

Time returns the value for the timeout period between C2 Server connections.

func (*Session) Wait 

func (s *Session) Wait()

Wait will block until the current Session is closed and shutdown.

func (*Session) Wake 

func (s *Session) Wake()

Wake will interrupt the sleep of the current Session thread. This will trigger the send and receive functions of this Session. This is not valid for Server side Sessions.

func (*Session) Write 

func (s *Session) Write(p *com.Packet) error

Write adds the supplied Packet into the stack to be sent to the server on next wake. This call is asynchronous and returns immediately. 'ErrFullBuffer' will be returned if the send buffer is full.

type Setting 

type Setting []byte

Setting is an alias for a byte array that represents a setting in binary form. This can be used inside a Config alias to generate a C2 Profile from binary data or write a Profile to a binary stream.

func ConnectIP 

func ConnectIP(p uint) Setting

ConnectIP will provide a IP connection 'hint' to the generated Profile with the specified protocol number. Hints will suggest the connection type used if the connection setting in the 'Connect*', 'Oneshot' or 'Listen' functions is nil. If multiple connection hints are contained in a Config, a 'ErrMultipleHints' will be returned.

func ConnectWC2 

func ConnectWC2(url, agent, host string) Setting

ConnectWC2 will provide a WebC2 connection 'hint' to the generated Profile with the specified User-Agent, URL and Host Matcher strings (strings can be empty). Hints will suggest the connection type used if the connection setting in the 'Connect*', 'Oneshot' or 'Listen' functions is nil. If multiple connection hints are contained in a Config, a 'ErrMultipleHints' will be returned. This hint cannot be used as a Listener.

func Jitter 

func Jitter(n uint) Setting

Jitter returns a Setting that will specify the Jitter setting of the generated Profile. Only Jitter values from zero to one-hundred are valid. Other values are ignored and replaced with the default.

func Size 

func Size(n uint) Setting

Size returns a Setting that will specify the buffer size of the generated Profile. Only sizes greater than zero are valid sizes. Otherwise the medium limit setting is used.

func Sleep 

func Sleep(t time.Duration) Setting

Sleep returns a Setting that will specify the Sleep timeout setting of the generated Profile. Values of zero are ignored.

func TransformBase64Shift 

func TransformBase64Shift(s int) Setting

TransformBase64Shift returns a Setting that will apply the Base64 Shift Transform to the generated Profile. The specified number will be the shift index of the Transform. If a Transform Setting is already contained in the parent Config, a 'ErrMultipleTransforms' error will be returned when the 'Profile' function is called.

func TransformDNS 

func TransformDNS(n ...string) Setting

TransformDNS returns a Setting that will apply the DNS Transform to the generated Profile. If any DNS Domains are specified, they will be used in the Transform. If a Transform Setting is already contained in the parent Config, a 'ErrMultipleTransforms' error will be returned when the 'Profile' function is called.

func WrapAES 

func WrapAES(k, iv []byte) Setting

WrapAES returns a Setting that will apply the AES Wrapper to the generated Profile. The specified key and IV will be the AES Key and IV used.

func WrapCBK 

func WrapCBK(a, b, c, d byte) Setting

WrapCBK returns a Setting that will apply the CBK Wrapper to the generated Profile. The specified ABC and Type values are the CBK letters used. To specify the CBK buffer size, use the 'WrapCBKSize' function instead.

func WrapCBKSize 

func WrapCBKSize(s, a, b, c, d byte) Setting

WrapCBKSize returns a Setting that will apply the CBK Wrapper to the generated Profile. The specified size, ABC and Type values are the CBK size and letters used.

func WrapGzipLevel 

func WrapGzipLevel(l int) Setting

WrapGzipLevel returns a Setting that will apply the Gzip Wrapper to the generated Profile. The specified level will determine the compression level. The 'Profile' function will return an 'ErrInvalidSetting' error if the compression level is invalid.

func WrapXOR 

func WrapXOR(k []byte) Setting

WrapXOR returns a Setting that will apply the XOR Wrapper to the generated Profile. The specified key will be the XOR key used.

func WrapZlibLevel 

func WrapZlibLevel(l int) Setting

WrapZlibLevel returns a Setting that will apply the Zlib Wrapper to the generated Profile. The specified level will determine the compression level. The 'Profile' function will return an 'ErrInvalidSetting' error if the compression level is invalid.

func (Setting) String 

func (s Setting) String() string

String returns a string representation of this Setting.

type Transform 

type Transform interface {
	Read(io.Writer, []byte) error
	Write(io.Writer, []byte) error
}

Transform is an interface that can modify the data BEFORE it is written or AFTER is read from a Connection. Transforms may be used to mask and unmask communications as benign protocols such as DNS, FTP or HTTP.

type Wrapper 

type Wrapper interface {
	Wrap(io.WriteCloser) (io.WriteCloser, error)
	Unwrap(io.ReadCloser) (io.ReadCloser, error)
}

Wrapper is an interface that wraps the binary streams into separate stream types. This allows for using encryption or compression (or both!).

Source Files

View all Source files

Directories

Path Synopsis
wintask

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.