插件开发示例
根据之前定义的 .cna 与 C/C++/Golang/... 语言介绍,示例一些简单的demo.
portscan
C/C++ :
#include <stdio.h>
int crossc2_entry(int argc, char **argv) {
// 只是测试demo,实际这里可能需要去从argc & argv中获取 HostIP, Port, Scan Type等等自定义传入的参数
char *tempRes[] = {"(ICMP) Target '172.16.251.211' is alive. [read 8 bytes]",
"(ICMP) Target '172.16.251.212' is alive. [read 8 bytes]",
"(ICMP) Target '172.16.251.217' is alive.",
"(ICMP) Target '172.16.251.219' is alive. [read 8 bytes]",
"172.16.251.211:445 (platform: 500 version: 6.1 name: HAAAC-PC domain: WORKGROUP)",
"172.16.251.212:445 (platform: 500 version: 6.0 name: C00101201 domain: test_domain.org)",
"172.16.251.213:80 (Open-SSH-2.0,1)",
"172.16.251.214:8001 (Apache Tomcat - Facebook)",
"172.16.251.215:8002 (Nginx - 404 Not found)",
"172.16.251.216:8003 (Tomcat - test's blog)",
"172.16.251.217:8004 (Nginx - bing 搜索)",
"172.16.251.218:8005 (MySQL - 5.7.14)",
"172.16.251.219:8004 (tomcat - bing 検索する)",
"172.16.251.221:8004 (tomcat - bing 검색)",
"172.16.251.222:8004 (tomcat - bing Поиск дома)",
"172.16.251.223:8004 (tomcat - bing ค้นหาหน้าแรก)",
"172.16.251.220:22 (Open-SSH-2.0,1)",
"172.16.251.221:22 (Open-SSH-2.0,1)"};
for (int i = 0; i < (sizeof(tempRes)/sizeof(char *)); ++i) {
printf("%s\n", tempRes[i]);
}
return 1;
}
cna: (请参考 API/cna demo 中的cna介绍)
include(script_resource("CrossC2Kit.cna"));
ssh_alias cc2_portscan_lib {
$taskName = "cc2_portscan"; # 该任务的名称
$taskType = "so"; # $taskType -> ELF, MachO, so, dylib
$taskResType = "portscan"; # task返回值类型定义参考 "#变量定义"
$loadlib = "./cc2_portscan.dylib"; # 需要载入的动态库/可执行文件
$beaconid = $1;
$host = $2;
$port = $3;
$scan_type = $4;
$scan_thread = $5;
$transportArg = $host . "^" . $port . "^" . $scan_type . "^" . $scan_thread;
blog($beaconid, "portscan: " . $host . " " . $port);
bcrossc2_load_dyn($beaconid, $taskType, $taskName, $taskResType, $loadlib, $transportArg);
}
ssh_command_register("cc2_portscan_lib", "Unix PortScan", "Use: cc2_portscan_lib -H [host] -P [port]\n\n-H 192.168.1.1/24 or 192.168.1.23-198\n-P 22,80,445,600-1000");
keystrokes
C/C++:
#include <stdio.h>
int crossc2_entry(int argc, char **argv) {
printf("into crossc2_entry():\n");
printf("\t-> argc = %d\n", argc);
int i = 0;
for (i = 0; i < argc; ++i) {
printf("\t->%s\n", argv[i]);
}
printf("test demo\n");
printf("User keyboard input: ssh root@10.14.11.32\n");
printf("test_username\n");
printf("pwd_123467aaa\n");
printf("ifconfig\n");
printf("[Ctrl-D]\n");
return 1;
}
cna: (请参考 API/cna demo 中的cna介绍)
include(script_resource("CrossC2Kit.cna"));
ssh_alias cc2_keystrokes_lib {
$taskName = "cc2_portscan"; # 该任务的名称
$taskType = "so"; # $taskType -> ELF, MachO, so, dylib
$taskResType = "keystrokes"; # task返回值类型定义参考 "#变量定义"
$loadlib = "./cc2_keystrokes_lib.dylib"; # 需要载入的动态库/可执行文件
$beaconid = $1;
$tty = $2;
$pid = $3;
$transportArg = $tty . "^" . $pid;
blog($beaconid, "keystrokes: " . $tty . " " . $pid);
bcrossc2_load_dyn($beaconid, $taskType, $taskName, $taskResType, $loadlib, $transportArg);
}
ssh_command_register("cc2_keystrokes_lib", "Unix keystrokes", "Use: cc2_keystrokes_lib [tty] [pid]");