core

package
v1.5.34 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 5, 2023 License: GPL-3.0 Imports: 18 Imported by: 0

README

Core

The core packages handles the server's state (maintaining references to running jobs, open connections, etc), generally no other packages should hold state.

Documentation

Index

Constants

View Source
const (
	PivotTransportName = "pivot"
)

Variables

View Source
var (

	// Sessions - Manages implant connections
	Sessions = &sessions{
		sessions: &sync.Map{},
	}

	// ErrUnknownMessageType - Returned if the implant did not understand the message for
	//                         example when the command is not supported on the platform
	ErrUnknownMessageType = errors.New("unknown message type")

	// ErrImplantTimeout - The implant did not respond prior to timeout deadline
	ErrImplantTimeout = errors.New("implant timeout")
)
View Source
var (
	// Tunnels - Interacting with duplex tunnels
	Tunnels = tunnels{
			// contains filtered or unexported fields
	}

	// ErrInvalidTunnelID - Invalid tunnel ID value
	ErrInvalidTunnelID = errors.New("invalid tunnel ID")
)
View Source
var (
	// Clients - Manages client active
	Clients = &clients{
		active: map[int]*Client{},
		mutex:  &sync.Mutex{},
	}
)
View Source
var (
	ErrDuplicateExternalBuilderName = errors.New("builder name must be unique, this name is already in use")
)
View Source
var (
	// EventBroker - Distributes event messages
	EventBroker = newBroker()
)
View Source
var (
	// Jobs - Holds pointers to all the current jobs
	Jobs = &jobs{

		active: &sync.Map{},
	}
)
View Source
var (
	PivotSessions = &sync.Map{} // ID -> Pivot
)
View Source
var (
	// TunSocksTunnels - Interacting with duplex SocksTunnels
	SocksTunnels = tcpTunnel{
		// contains filtered or unexported fields
	}
)

Functions

func AddBuilder

func AddBuilder(builder *clientpb.Builder) error

func AllBuilders

func AllBuilders() []*clientpb.Builder

func EnvelopeID

func EnvelopeID() int64

EnvelopeID - Generate random ID of 8 bytes

func GetBuilder

func GetBuilder(builderName string) *clientpb.Builder

func NewTunnelID

func NewTunnelID() uint64

NewTunnelID - New 64-bit identifier

func NextJobID

func NextJobID() int

NextJobID - Returns an incremental nonce as an id

func RemoveBuilder

func RemoveBuilder(builderName string)

func StartEventAutomation

func StartEventAutomation()

StartEventAutomation - Starts an event automation goroutine

Types

type Client

type Client struct {
	ID       int
	Operator *clientpb.Operator
}

Client - Single client connection

func NewClient

func NewClient(operatorName string) *Client

NewClient - Create a new client object

func (*Client) ToProtobuf

func (c *Client) ToProtobuf() *clientpb.Client

ToProtobuf - Get the protobuf version of the object

type Event

type Event struct {
	Session *Session
	Job     *Job
	Client  *Client
	Beacon  *models.Beacon

	EventType string

	Data []byte
	Err  error
}

Event - An event is fired when there's a state change involving a

session, job, or client.

type ImplantConnection

type ImplantConnection struct {
	ID               string
	Send             chan *sliverpb.Envelope
	RespMutex        *sync.RWMutex
	LastMessageMutex *sync.RWMutex
	Resp             map[int64]chan *sliverpb.Envelope
	Transport        string
	RemoteAddress    string
	LastMessage      time.Time
	Cleanup          func()
}

ImplantConnection - Abstract connection to an implant

func NewImplantConnection

func NewImplantConnection(transport string, remoteAddress string) *ImplantConnection

NewImplantConnection - Creates a new implant connection

func (*ImplantConnection) GetLastMessage

func (c *ImplantConnection) GetLastMessage() time.Time

GetLastMessage - Retrieves the last message time

func (*ImplantConnection) RequestResend

func (c *ImplantConnection) RequestResend(data []byte)

func (*ImplantConnection) UpdateLastMessage

func (c *ImplantConnection) UpdateLastMessage()

UpdateLastMessage - Updates the last message time

type Job

type Job struct {
	ID           int
	Name         string
	Description  string
	Protocol     string
	Port         uint16
	Domains      []string
	JobCtrl      chan bool
	PersistentID string
}

Job - Manages background jobs

func (*Job) ToProtobuf

func (j *Job) ToProtobuf() *clientpb.Job

ToProtobuf - Get the protobuf version of the object

type Pivot

type Pivot struct {
	ID                   string
	OriginID             int64
	ImplantConn          *ImplantConnection
	ImmediateImplantConn *ImplantConnection
	CipherCtx            *cryptography.CipherContext
	Peers                []*sliverpb.PivotPeer
}

Pivot - Wraps an ImplantConnection

func NewPivotSession

func NewPivotSession(chain []*sliverpb.PivotPeer) *Pivot

NewPivotSession - Creates a new pivot session

func (*Pivot) Start

func (p *Pivot) Start()

Start - Starts the pivot send loop which forwards envelopes from the pivot ImplantConnection to the ImmediateImplantConnection (the closest peer in the chain)

type PivotGraphEntry

type PivotGraphEntry struct {
	PeerID    int64
	SessionID string
	Name      string

	// PeerID -> Child
	Children map[int64]*PivotGraphEntry
}

PivotGraphEntry - A single entry in the pivot graph

func PivotGraph

func PivotGraph() []*PivotGraphEntry

PivotGraph - Creates a graph structure of sessions/pivots

func (*PivotGraphEntry) AllChildren

func (e *PivotGraphEntry) AllChildren() []*PivotGraphEntry

AllChildren - Flat list of all children (including children of children)

func (*PivotGraphEntry) FindEntryByPeerID

func (e *PivotGraphEntry) FindEntryByPeerID(peerID int64) *PivotGraphEntry

FindEntryByPeerID - Finds a pivot graph entry by peer ID, recursively

func (*PivotGraphEntry) Insert

func (e *PivotGraphEntry) Insert(input *PivotGraphEntry)

Insert - Inserts a pivot into the graph, if it doesn't yet exist

func (*PivotGraphEntry) ToProtobuf

func (e *PivotGraphEntry) ToProtobuf() *clientpb.PivotGraphEntry

ToProtobuf - Recursively converts the pivot graph to protobuf

type Session

type Session struct {
	ID                string
	Name              string
	Hostname          string
	Username          string
	UUID              string
	UID               string
	GID               string
	OS                string
	Version           string
	Arch              string
	PID               int32
	Filename          string
	Connection        *ImplantConnection
	ActiveC2          string
	ReconnectInterval int64
	ProxyURL          string
	PollTimeout       int64
	Burned            bool
	Extensions        []string
	ConfigID          string
	PeerID            int64
	Locale            string
	FirstContact      int64
}

Session - Represents a connection to an implant

func NewSession

func NewSession(implantConn *ImplantConnection) *Session

NewSession - Create a new session

func (*Session) IsDead

func (s *Session) IsDead() bool

IsDead - See if last check-in is within expected variance

func (*Session) LastCheckin

func (s *Session) LastCheckin() time.Time

LastCheckin - Get the last time a session message was received

func (*Session) Request

func (s *Session) Request(msgType uint32, timeout time.Duration, data []byte) ([]byte, error)

Request - Sends a protobuf request to the active sliver and returns the response

func (*Session) ToProtobuf

func (s *Session) ToProtobuf() *clientpb.Session

ToProtobuf - Get the protobuf version of the object

type TcpTunnel

type TcpTunnel struct {
	ID                uint64
	SessionID         string
	ToImplantSequence uint64
	ToImplantMux      sync.Mutex

	FromImplant         chan *sliverpb.SocksData
	FromImplantSequence uint64
	Client              rpcpb.SliverRPC_SocksProxyServer
}

type Tunnel

type Tunnel struct {
	ID        uint64
	SessionID string

	ToImplant         chan []byte
	ToImplantSequence uint64

	FromImplant         chan *sliverpb.TunnelData
	FromImplantSequence uint64

	Client rpcpb.SliverRPC_TunnelDataServer
	// contains filtered or unexported fields
}

Tunnel - Essentially just a mapping between a specific client and sliver with an identifier, these tunnels are full duplex. The server doesn't really care what data gets passed back and forth it just facilitates the connection

func NewTunnel

func NewTunnel(id uint64, sessionID string) *Tunnel

func (*Tunnel) GetLastMessageTime

func (t *Tunnel) GetLastMessageTime() time.Time

func (*Tunnel) SendDataFromImplant

func (t *Tunnel) SendDataFromImplant(tunnelData *sliverpb.TunnelData)

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL