插件开发示例

根据之前定义的 .cnaC/C++/Golang/... 语言介绍,示例一些简单的demo.

portscan

C/C++ :


#include <stdio.h>

int crossc2_entry(int argc, char **argv) {
    // 只是测试demo,实际这里可能需要去从argc & argv中获取 HostIP, Port, Scan Type等等自定义传入的参数

    char *tempRes[] = {"(ICMP) Target '172.16.251.211' is alive. [read 8 bytes]",
        "(ICMP) Target '172.16.251.212' is alive. [read 8 bytes]",
        "(ICMP) Target '172.16.251.217' is alive.",
        "(ICMP) Target '172.16.251.219' is alive. [read 8 bytes]",
        "172.16.251.211:445 (platform: 500 version: 6.1 name: HAAAC-PC domain: WORKGROUP)",
        "172.16.251.212:445 (platform: 500 version: 6.0 name: C00101201 domain: test_domain.org)",
        "172.16.251.213:80 (Open-SSH-2.0,1)",
        "172.16.251.214:8001 (Apache Tomcat - Facebook)",
        "172.16.251.215:8002 (Nginx - 404 Not found)",
        "172.16.251.216:8003 (Tomcat - test's blog)",
        "172.16.251.217:8004 (Nginx - bing 搜索)",
        "172.16.251.218:8005 (MySQL - 5.7.14)",
        "172.16.251.219:8004 (tomcat - bing 検索する)",
        "172.16.251.221:8004 (tomcat - bing 검색)",
        "172.16.251.222:8004 (tomcat - bing Поиск дома)",
        "172.16.251.223:8004 (tomcat - bing ค้นหาหน้าแรก)",
        "172.16.251.220:22 (Open-SSH-2.0,1)",
        "172.16.251.221:22 (Open-SSH-2.0,1)"};
    for (int i = 0; i < (sizeof(tempRes)/sizeof(char *)); ++i) {
        printf("%s\n", tempRes[i]);
    }

    return 1;
}


cna: (请参考 API/cna demo 中的cna介绍)

include(script_resource("CrossC2Kit.cna"));

ssh_alias cc2_portscan_lib {
    $taskName = "cc2_portscan"; # 该任务的名称
    $taskType = "so";  # $taskType -> ELF, MachO, so, dylib
    $taskResType = "portscan"; # task返回值类型定义参考 "#变量定义"
    $loadlib = "./cc2_portscan.dylib"; # 需要载入的动态库/可执行文件

    $beaconid = $1;
    $host = $2;
    $port = $3;
    $scan_type = $4;
    $scan_thread = $5;
    $transportArg = $host . "^" . $port . "^" . $scan_type . "^" . $scan_thread;

    blog($beaconid, "portscan: " . $host . " " . $port);

    bcrossc2_load_dyn($beaconid, $taskType, $taskName, $taskResType, $loadlib, $transportArg);
}

ssh_command_register("cc2_portscan_lib", "Unix PortScan", "Use: cc2_portscan_lib -H [host] -P [port]\n\n-H 192.168.1.1/24   or   192.168.1.23-198\n-P 22,80,445,600-1000");

keystrokes

C/C++:

#include <stdio.h>

int crossc2_entry(int argc, char **argv) {
    printf("into crossc2_entry():\n");
    printf("\t-> argc = %d\n", argc);
    int i = 0;
    for (i = 0; i < argc; ++i) {
        printf("\t->%s\n", argv[i]);
    }

    printf("test demo\n");
    printf("User keyboard input: ssh root@10.14.11.32\n");
    printf("test_username\n");
    printf("pwd_123467aaa\n");
    printf("ifconfig\n");
    printf("[Ctrl-D]\n");

    return 1;
}



cna: (请参考 API/cna demo 中的cna介绍)

include(script_resource("CrossC2Kit.cna"));

ssh_alias cc2_keystrokes_lib {
    $taskName = "cc2_portscan"; # 该任务的名称
    $taskType = "so";  # $taskType -> ELF, MachO, so, dylib
    $taskResType = "keystrokes"; # task返回值类型定义参考 "#变量定义"
    $loadlib = "./cc2_keystrokes_lib.dylib"; # 需要载入的动态库/可执行文件

    $beaconid = $1;
    $tty = $2;
    $pid = $3;
    $transportArg = $tty . "^" . $pid;

    blog($beaconid, "keystrokes: " . $tty . " " . $pid);

    bcrossc2_load_dyn($beaconid, $taskType, $taskName, $taskResType, $loadlib, $transportArg);
}

ssh_command_register("cc2_keystrokes_lib", "Unix keystrokes", "Use: cc2_keystrokes_lib [tty] [pid]");

results matching ""

    No results matching ""