Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

V1.6.0/http c2 #1454

Merged
merged 123 commits into from
Nov 13, 2023
Merged

V1.6.0/http c2 #1454

merged 123 commits into from
Nov 13, 2023

Conversation

TimBF
Copy link
Member

@TimBF TimBF commented Nov 10, 2023

This pull request has the following features:

  • Allow operators to create and import HTTP profiles and to specify which profile to use during implant generation
  • Add a new command to view http c2 profiles
  • http listeners and configurations are now stored in the database and loaded on startup
  • Move stage compression/encryption server side and add an additional subcommand to profiles to generate modified implants
  • Associate a resource id to implants and modify the stager handler to allow retrieving them by that id (e.g. test.woff?p=ID)
  • Randomise traffic encoder id's on server startup

moloch-- and others added 30 commits May 17, 2023 16:31
@moloch--
Outline http c2 in db
8ad0dfb
@moloch--
Outline http c2 in db
f1f736d
@moloch--
Implement gorm hooks, cleanup
7661d0c
@moloch--
Expanded default http c2 config
55c8cdd
@moloch--
Added more cookie names
086eb7f
@moloch--
Implemented basic http c2 pb
afa2b5c
@moloch--
Implemented basic http c2 pb
a947d9e
@moloch--
Implemented ToProtobuf() conversions
ae101d3
@moloch--
Implemented ToProtobuf() conversions
bad1897
@moloch--
wip refactor of generate code
865f295
@TimBF
switch use of models.ImplantConfig to clientpb.ImplantConfig
89b0263
@TimBF
ImplantConfigSave uses model object instead of protobuf
82c68bd
@TimBF
added default http profile generator
bedc225
@TimBF
check for presence of default http c2 profile on startup, and if not …
0f38081 
…present generate and insert into database
@TimBF
add boolean checks for named pipe and tcp pivot
d98b24f
@TimBF
fix sliver rendering code variable name changes
d674b8d
@TimBF
added check for included c2 channels during config generation
09f2521
@TimBF
fixed renamed protobuf issues and default configuration save
3b295b3
@TimBF
fix path segments generation issues
95a4604
@TimBF
protobuf build update
8f7da07
@TimBF
load http configurations from database on listener creation
75c3d0c
@TimBF
autoload default profile during implant generation
4b7b8c4
@TimBF
Merge branch 'v1.6.0/master' into v1.6.0/http-c2
a6ba863
@TimBF
add ECCPublicKeyDigest to protobuf and database
429c520
@TimBF
added profile randomization during implant generation
c03975d
@TimBF
replaced hardcoded http profile value with commandline arg, fixed pb …
3e67c6e 
…issue with certificate digest and switched from profile id to profile name in implantconfig pb
@TimBF
fix for binary test cases
c8a661d
@TimBF
update protobuf definition for c2 listeners
43eb9e3
@TimBF
remove persistent flag from client job commands and update variable name
126dcf7
@TimBF
rebuild protobuf
906b8ee
@TimBF
resource id's no longer need to be prime
7a6f2c3
@TimBF
update protobuf definitions for generate stage rpc call
79ca1c9
@TimBF
fixed profile removal crash and automatically delete profile implantc…
749c3b9 
…onfig
@TimBF
check implant exists before freeing up resources
4b0190b
@TimBF
remove implant builds when implant profiles are removed
9a63b64
@TimBF
allow disabling http payload staging
c83a044
@TimBF
fixed missing implant config id bug
d3f4096
@TimBF
add missing field in implantconfig protobuf
3442599
@TimBF
fix config reuse bug and duplicate c2 object creation
a691484
@TimBF
move keys to implant build (WG, MTLS and ECC)
9178f6e
@TimBF
Move stage generation server side and add a new subcommand for profil…
2c5c3ac 
…es to generate them
@TimBF
remove http/s stage listeners
d88011e
@TimBF
implants command now displays resource id's
e6487fb
@TimBF
implants now also display whether compression/encryption was used in …
4e56c69 
…display
@TimBF
merge master
a19fddf
@TimBF
add option to save stage to disk
48d7e72
@TimBF TimBF requested a review from a team as a code owner November 10, 2023 21:50
@moloch-- moloch-- merged commit d994f76 into master Nov 13, 2023
5 checks passed
@bman46
Copy link
Contributor

bman46 commented Nov 28, 2023

Any reason for removing http and https from the stage-listener command?

sliver > stage-listener --url http://10.0.0.200:5645 --profile win64profile

[!] Unsupported staging protocol: http

Using TCP requires some customizations to existing stagers to work properly.

@moloch--
Copy link
Member

@bman46

We're reworking the way stage listeners work to be more flexible, patches incoming to the master branch for it. As a reminder the master branch is unstable use release branches for anything unrelated to development.

@bman46
Copy link
Contributor

bman46 commented Nov 28, 2023

Ok, sounds good. Looking forward to the changes!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moloch-- moloch-- moloch-- approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@TimBF @bman46 @moloch--