httpservefile

package

v1.13.0 Latest Latest Go to latest Published: May 3, 2024 License: Apache-2.0 Imports: 12 Imported by: 2

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/vulncheck-oss/go-exploit

Links

Open Source Insights

Documentation ¶

Overview ¶

httpservefile c2 spawns an HTTP or HTTPS server and hosts arbitrary user-provided files. The normal use case is for an exploit to curl/wget the file and execute it. This is useful to spawn connections to other tools (e.g. Metasploit, nc, etc.) or to go-exploit. This is not a traditional "c2" but serves as a useful backend that logically plugs into our c2 design.

Files are provided on the command line as a comma delimited string. For example:

-httpServeFile.FilesToServe ./build/reverse_shell_windows-arm64.exe,./build/reverse_shell_linux-amd64

The above will load two files: a windows reverse shell and a linux reverse shell. This c2 will then generate random names for the files and host them on an HTTP / HTTPS server. To interact with the files from an implementing exploit, you can fetch the filename to random name mapping using GetRandomName(). For example:

httpservefile.GetInstance().GetRandomName(linux64)

Where linux64 is a variable that contains "reverse_shell_linux-amd64".

If you are only hosting one file, then GetRandom("") will also return your one file.

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type HostedFile ¶ added in v1.3.0

type HostedFile struct {
	// The user provided filename
	RealName string
	// A randomly generated filename to serve
	RandomName string
	// The file's data
	FileData []byte
}

type Server ¶

type Server struct {
	// The HTTP address to bind to
	HTTPAddr string
	// The HTTP port to bind to
	HTTPPort int
	// Set to the Server field in HTTP response
	ServerField string
	// Indicates if TLS should be enabled
	TLS bool
	// The file path to the user provided private key (if provided)
	PrivateKeyFile string
	// The file path to the user provided certificate (if provided)
	CertificateFile string
	// Loaded certificate
	Certificate tls.Certificate
	// A map of hosted files
	HostedFiles map[string]HostedFile // RealName -> struct
	// A comma delimited list of all the files to serve
	FilesToServe string
}

func GetInstance ¶

func GetInstance() *Server

A basic singleton interface for the c2.

func (*Server) CreateFlags ¶

func (httpServer *Server) CreateFlags()

User options for serving a file over HTTP as the "c2".

func (*Server) GetRandomName ¶ added in v1.3.0

func (httpServer *Server) GetRandomName(filename string) string

Returns the random name of the provided filename. If filename is empty, return the first entry.

func (*Server) Init ¶

func (httpServer *Server) Init(rhostAddr string, rhostPort int, isClient bool) bool

load the provided files into memory, stored in a map, and loads the tls cert if needed.

func (*Server) Run ¶

func (httpServer *Server) Run(timeout int)

start the HTTP server and listen for incoming requests for `httpServer.FileName`.

Source Files ¶

View all Source files

httpservefile.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL