Skip to content

Allow for manual triggering of C2 startup #300

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jan 30, 2025
Merged

Allow for manual triggering of C2 startup #300

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7c71a33
Allow for manual triggering of C2 startup
terrorbyte Jan 10, 2025
9de3326
Add DisableC2Start details as why you would want to use it
terrorbyte Jan 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 14 additions & 0 deletions config/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,8 @@ type Config struct {
DoVersionCheck bool
// indicates if we run the exploit
DoExploit bool
// automatically start the c2 or not
C2AutoStart bool
// the user requested c2 to use
C2Type c2.Impl
// C2 server timeout
Expand Down Expand Up @@ -171,6 +173,7 @@ func NewRemoteExploit(implemented ImplementedFeatures, extype ExploitType, suppo
newConf.Vendor = vendor
newConf.Products = product
newConf.Product = fmt.Sprintf("%s %s", vendor, strings.Join(product, "/"))
newConf.C2AutoStart = true
newConf.CPE = cpe
newConf.CVE = cve
newConf.Protocol = protocol
Expand All @@ -191,6 +194,7 @@ func NewLocalExploit(implemented ImplementedFeatures, extype ExploitType, suppor
newConf.Vendor = vendor
newConf.Products = product
newConf.Product = fmt.Sprintf("%s %s", vendor, strings.Join(product, "/"))
newConf.C2AutoStart = true
newConf.CPE = cpe
newConf.CVE = cve

Expand Down Expand Up @@ -312,6 +316,16 @@ func (conf *Config) GetBoolFlag(name string) bool {
return *value
}

// Disable automatic start of c2 servers. Manually starting is required after
// this function is called. This is useful when you have an exploit that
// may have multiple stages and you are guaranteed to not need the C2
// setup. An example is an exploit that needs to retrieve a CAPTCHA may not
// want to start up the C2 until the first stage is retrieved and the
// CAPTCHA is solved.
func (conf *Config) DisableC2Start() {
conf.C2AutoStart = false
}

// Some C2 (ShellTunnel) don't actually care how the payload is generated, but
// the underlying C2 might be implied depending on how the individual exploit
// has been developed. It is certainly not a requirement to call this function
Expand Down
13 changes: 11 additions & 2 deletions framework.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,13 @@ func parseCommandLine(conf *config.Config) bool {
}
}

// Manually start the C2 server. This is used when Config.C2AutoStart is
// disabled and for when you may not want to start the server until
// another action is complete.
func StartC2(conf *config.Config) bool {
return startC2Server(conf)
}

func startC2Server(conf *config.Config) bool {
if conf.DoExploit && !conf.ThirdPartyC2Server && conf.Bport == 0 &&
(conf.ExType != config.InformationDisclosure && conf.ExType != config.Webshell) {
Expand Down Expand Up @@ -416,8 +423,10 @@ func RunProgram(sploit Exploit, conf *config.Config) {
}

// if the c2 server is meant to catch responses, initialize and start so it can bind
if !startC2Server(conf) {
return
if conf.C2AutoStart {
if !startC2Server(conf) {
return
}
}

if conf.ExType == config.FileFormat || conf.ExType == config.Local {
Expand Down
Loading