cna Writing instructions

The first is the common basic function defined by CrossC2Kit, and finally the bcrossc2_load function is responsible for delivering to the CrossC2 beacon executable files or dynamic libraries that require no file loading in memory, and parameters that need to be passed in at runtime.

include(script_resource("CrossC2Kit.cna"));

CrossC2Kit.cna:

sub random_string {
    # <3 @offsec_ginger
    $limit = $1;
    @random_str = @();
    $characters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
    for ($x = 0; $x < $limit; $x++) {
        $n = rand(strlen($characters));
        add(@random_str, charAt($characters, $n));
    }
    return join('', @random_str);
}

sub runType {
    $type = $1;
    if ($type eq "ELF" || $type eq "MachO") {
        return "0";
    } else if ($type eq "so" || $type eq "dylib") {
        return "1";
    }
    return -1;
}

sub genTaskinfo_dyn {
    $taskType = $1;
    $taskName = $2;
    $taskResType = $3;
    $juicySize = $4;
    $transportArg = $5;

    $taskinfo = "CrossC2^" . $taskType . "^". $taskName . "^" . $taskResType . "^" . $juicySize . "^" . $transportArg;
    return $taskinfo;
}

sub bcrossc2_load_dyn {
    $beaconid = $1;
    $taskType = $2;
    $taskName = $3;
    $taskName = $taskName . random_string(4);
    $taskResType = $4;
    $loadFileName = $5;
    $taskArgs = $6;

    $handle = openf(script_resource($loadFileName));
    $juicyData = readb($handle, -1);
    closef($handle);

    $juicySize = lof(script_resource($loadFileName));
    $taskType = runType($taskType);
    if ($taskType == -1) {
        berror($beaconid, "[ CrossC2 ]: dynamic lib or executable filetype not found");
    }
    $ELFName = genTaskinfo_dyn($taskType, $taskName, $taskResType, $juicySize, $taskArgs);
    bupload_raw($beaconid,$ELFName,$juicyData);
}

Below will write a "Incoming Parameter Parsing". Cna plugin demo

include(script_resource("CrossC2Kit.cna"));
ssh_alias cc2_parseArgs {
    $taskName = "cc2_parseArgs"; # task Name
    $taskType = "so";  # $taskType -> ELF, MachO, so, dylib
    $taskResType = "info"; # task return value type definition reference "#Variable definitions"
    $loadlib = "test_parseArgs.so"; # Dynamic libraries / executable files to be loaded


    $beaconid = $1;
    $arg1 = $2;
    $arg2 = $3;
    $arg3 = $4;
    $transportArg = $arg1 . "^" . $arg2 . "^" . $arg3; # Use '^' to concatenate the various parameters that need to be passed in when running the execution file

    blog($beaconid, "cc2_parseArgs: " . $arg1 . " " . $arg2 . " " . $arg3);

    bcrossc2_load_dyn($beaconid, $taskType, $taskName, $taskResType, $loadlib, $transportArg);
}

ssh_command_register("cc2_parseArgs", "CrossC2 dynamic run in memory demo", "Use: cc2_parseArgs arg1 arg2 arg3");