Allow for manual triggering of C2 startup (#300)

terrorbyte · web-flow · commit 95496b6f1a3a · 2025-01-29T17:00:24.000-07:00
* Allow for manual triggering of C2 startup
* Add DisableC2Start details as why you would want to use it
diff --git a/config/config.go b/config/config.go
@@ -98,6 +98,8 @@ type Config struct {
 	DoVersionCheck bool
 	// indicates if we run the exploit
 	DoExploit bool
+	// automatically start the c2 or not
+	C2AutoStart bool
 	// the user requested c2 to use
 	C2Type c2.Impl
 	// C2 server timeout
@@ -171,6 +173,7 @@ func NewRemoteExploit(implemented ImplementedFeatures, extype ExploitType, suppo
 	newConf.Vendor = vendor
 	newConf.Products = product
 	newConf.Product = fmt.Sprintf("%s %s", vendor, strings.Join(product, "/"))
+	newConf.C2AutoStart = true
 	newConf.CPE = cpe
 	newConf.CVE = cve
 	newConf.Protocol = protocol
@@ -191,6 +194,7 @@ func NewLocalExploit(implemented ImplementedFeatures, extype ExploitType, suppor
 	newConf.Vendor = vendor
 	newConf.Products = product
 	newConf.Product = fmt.Sprintf("%s %s", vendor, strings.Join(product, "/"))
+	newConf.C2AutoStart = true
 	newConf.CPE = cpe
 	newConf.CVE = cve
 
@@ -312,6 +316,16 @@ func (conf *Config) GetBoolFlag(name string) bool {
 	return *value
 }
 
+// Disable automatic start of c2 servers. Manually starting is required after
+// this function is called. This is useful when you have an exploit that
+// may have multiple stages and you are guaranteed to not need the C2
+// setup. An example is an exploit that needs to retrieve a CAPTCHA may not
+// want to start up the C2 until the first stage is retrieved and the
+// CAPTCHA is solved.
+func (conf *Config) DisableC2Start() {
+	conf.C2AutoStart = false
+}
+
 // Some C2 (ShellTunnel) don't actually care how the payload is generated, but
 // the underlying C2 might be implied depending on how the individual exploit
 // has been developed. It is certainly not a requirement to call this function
diff --git a/framework.go b/framework.go
@@ -278,6 +278,13 @@ func parseCommandLine(conf *config.Config) bool {
 	}
 }
 
+// Manually start the C2 server. This is used when Config.C2AutoStart is
+// disabled and for when you may not want to start the server until
+// another action is complete.
+func StartC2(conf *config.Config) bool {
+	return startC2Server(conf)
+}
+
 func startC2Server(conf *config.Config) bool {
 	if conf.DoExploit && !conf.ThirdPartyC2Server && conf.Bport == 0 &&
 		(conf.ExType != config.InformationDisclosure && conf.ExType != config.Webshell) {
@@ -416,8 +423,10 @@ func RunProgram(sploit Exploit, conf *config.Config) {
 	}
 
 	// if the c2 server is meant to catch responses, initialize and start so it can bind
-	if !startC2Server(conf) {
-		return
+	if conf.C2AutoStart {
+		if !startC2Server(conf) {
+			return
+		}
 	}
 
 	if conf.ExType == config.FileFormat || conf.ExType == config.Local {

Original file line number	Diff line number	Diff line change
`@@ -278,6 +278,13 @@ func parseCommandLine(conf *config.Config) bool {`
`278`	`278`	`}`
`279`	`279`	`}`
`280`	`280`
	`281`	`+// Manually start the C2 server. This is used when Config.C2AutoStart is`
	`282`	`+// disabled and for when you may not want to start the server until`
	`283`	`+// another action is complete.`
	`284`	`+func StartC2(conf *config.Config) bool {`
	`285`	`+ return startC2Server(conf)`
	`286`	`+}`
	`287`	`+`
`281`	`288`	`func startC2Server(conf *config.Config) bool {`
`282`	`289`	`if conf.DoExploit && !conf.ThirdPartyC2Server && conf.Bport == 0 &&`
`283`	`290`	`(conf.ExType != config.InformationDisclosure && conf.ExType != config.Webshell) {`
`@@ -416,8 +423,10 @@ func RunProgram(sploit Exploit, conf *config.Config) {`
`416`	`423`	`}`
`417`	`424`
`418`	`425`	`// if the c2 server is meant to catch responses, initialize and start so it can bind`
`419`		`- if !startC2Server(conf) {`
`420`		`- return`
	`426`	`+ if conf.C2AutoStart {`
	`427`	`+ if !startC2Server(conf) {`
	`428`	`+ return`
	`429`	`+ }`
`421`	`430`	`}`
`422`	`431`
`423`	`432`	`if conf.ExType == config.FileFormat \|\| conf.ExType == config.Local {`