From 7c71a33943550d5980f85f345806fc83d432745d Mon Sep 17 00:00:00 2001 From: terrorbyte Date: Fri, 10 Jan 2025 12:57:44 -0700 Subject: [PATCH 1/2] Allow for manual triggering of C2 startup --- config/config.go | 10 ++++++++++ framework.go | 13 +++++++++++-- 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/config/config.go b/config/config.go index c842617..0310fbe 100644 --- a/config/config.go +++ b/config/config.go @@ -98,6 +98,8 @@ type Config struct { DoVersionCheck bool // indicates if we run the exploit DoExploit bool + // automatically start the c2 or not + C2AutoStart bool // the user requested c2 to use C2Type c2.Impl // C2 server timeout @@ -171,6 +173,7 @@ func NewRemoteExploit(implemented ImplementedFeatures, extype ExploitType, suppo newConf.Vendor = vendor newConf.Products = product newConf.Product = fmt.Sprintf("%s %s", vendor, strings.Join(product, "/")) + newConf.C2AutoStart = true newConf.CPE = cpe newConf.CVE = cve newConf.Protocol = protocol @@ -191,6 +194,7 @@ func NewLocalExploit(implemented ImplementedFeatures, extype ExploitType, suppor newConf.Vendor = vendor newConf.Products = product newConf.Product = fmt.Sprintf("%s %s", vendor, strings.Join(product, "/")) + newConf.C2AutoStart = true newConf.CPE = cpe newConf.CVE = cve @@ -312,6 +316,12 @@ func (conf *Config) GetBoolFlag(name string) bool { return *value } +// Disable automatic start of c2 servers. Manually starting is required after +// this function is called. +func (conf *Config) DisableC2Start() { + conf.C2AutoStart = false +} + // Some C2 (ShellTunnel) don't actually care how the payload is generated, but // the underlying C2 might be implied depending on how the individual exploit // has been developed. It is certainly not a requirement to call this function diff --git a/framework.go b/framework.go index 2f35fef..75c3175 100644 --- a/framework.go +++ b/framework.go @@ -278,6 +278,13 @@ func parseCommandLine(conf *config.Config) bool { } } +// Manually start the C2 server. This is used when Config.C2AutoStart is +// disabled and for when you may not want to start the server until +// another action is complete. +func StartC2(conf *config.Config) bool { + return startC2Server(conf) +} + func startC2Server(conf *config.Config) bool { if conf.DoExploit && !conf.ThirdPartyC2Server && conf.Bport == 0 && (conf.ExType != config.InformationDisclosure && conf.ExType != config.Webshell) { @@ -416,8 +423,10 @@ func RunProgram(sploit Exploit, conf *config.Config) { } // if the c2 server is meant to catch responses, initialize and start so it can bind - if !startC2Server(conf) { - return + if conf.C2AutoStart { + if !startC2Server(conf) { + return + } } if conf.ExType == config.FileFormat || conf.ExType == config.Local { From 9de3326f6928db65585b7528af4634a651c4cf38 Mon Sep 17 00:00:00 2001 From: terrorbyte Date: Wed, 29 Jan 2025 12:18:14 -0700 Subject: [PATCH 2/2] Add DisableC2Start details as why you would want to use it --- config/config.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/config/config.go b/config/config.go index 0310fbe..5692a5f 100644 --- a/config/config.go +++ b/config/config.go @@ -317,7 +317,11 @@ func (conf *Config) GetBoolFlag(name string) bool { } // Disable automatic start of c2 servers. Manually starting is required after -// this function is called. +// this function is called. This is useful when you have an exploit that +// may have multiple stages and you are guaranteed to not need the C2 +// setup. An example is an exploit that needs to retrieve a CAPTCHA may not +// want to start up the C2 until the first stage is retrieved and the +// CAPTCHA is solved. func (conf *Config) DisableC2Start() { conf.C2AutoStart = false }