Affected by 
README
¶
server/core
Overview
Core server runtime coordination, state, and dispatch. Oversees lifecycle management, hub services, and shared state. Key routines cover clients, connnection, crackstations, and events within the core subsystem.
Go Files
builders.go– Tracks builder jobs and integration with the core scheduler.clients.go– Manages connected operators and their state.connnection.go– Handles active connection bookkeeping (typo in filename retained).core.go– Initializes core services and orchestrates shared state.crackstations.go– Maintains crackstation worker metadata and status.events.go– Broadcasts and records core events for subscribers.hosts.go– Tracks discovered hosts and associated metadata.jobs.go– Manages background jobs and status reporting.pivots.go– Coordinates pivot graphs and routing information.sessions.go– Manages implant sessions and lifecycle hooks.socks.go– Tracks SOCKS proxy instances managed by the server.tunnels.go– Maintains tunnel state and routing entries.
Sub-packages
rtunnels/– Reverse tunnel coordination within the server core. Handles tunnel registration, negotiation, and multiplexing.
Documentation
¶
Index ¶
- Constants
- Variables
- func AddBuilder(builder *clientpb.Builder) error
- func AddCrackstation(crack *Crackstation) error
- func AllBuilders() []*clientpb.Builder
- func AllCrackstations() []*clientpb.Crackstation
- func EnvelopeID() int64
- func GetBuilder(builderName string) *clientpb.Builder
- func NewTunnelID() uint64
- func NextJobID() int
- func RemoveBuilder(builderName string)
- func RemoveCrackstation(hostUUID string)
- func StartEventAutomation()
- type Client
- type Crackstation
- type Event
- type ImplantConnection
- type Job
- type Pivot
- type PivotGraphEntry
- type Session
- type TcpTunnel
- type Tunnel
Constants ¶
View Source
const (
PivotTransportName = "pivot"
)
Variables ¶
View Source
var ( // Sessions - Manages implant connections Sessions = &sessions{ sessions: &sync.Map{}, } // ErrUnknownMessageType - Returned if the implant did not understand the message for // example when the command is not supported on the platform ErrUnknownMessageType = errors.New("unknown message type") // ErrImplantTimeout - The implant did not respond prior to timeout deadline ErrImplantTimeout = errors.New("implant timeout") )
View Source
var ( // Tunnels - Interacting with duplex tunnels Tunnels = tunnels{ // contains filtered or unexported fields } // ErrInvalidTunnelID - Invalid tunnel ID value ErrInvalidTunnelID = errors.New("invalid tunnel ID") )
View Source
var ( // Clients - Manages client active Clients = &clients{ active: map[int]*Client{}, mutex: &sync.Mutex{}, } )
View Source
var (
ErrDuplicateExternalBuilderName = errors.New("builder name must be unique, this name is already in use")
)
View Source
var (
ErrDuplicateHosts = errors.New("only one crackstation instance per host")
)
View Source
var (
// EventBroker - Distributes event messages
EventBroker = newBroker()
)
View Source
var ( // Jobs - Holds pointers to all the current jobs Jobs = &jobs{ active: &sync.Map{}, } )
View Source
var (
PivotSessions = &sync.Map{} // ID -> Pivot
)
View Source
var ( // TunSocksTunnels - Interacting with duplex SocksTunnels SocksTunnels = tcpTunnel{ // contains filtered or unexported fields } )
Functions ¶
func AddBuilder ¶ added in v1.5.30
func AddCrackstation ¶ added in v1.6.0
func AddCrackstation(crack *Crackstation) error
func AllBuilders ¶ added in v1.5.30
func AllCrackstations ¶ added in v1.6.0
func AllCrackstations() []*clientpb.Crackstation
func GetBuilder ¶ added in v1.5.30
func RemoveBuilder ¶ added in v1.5.30
func RemoveBuilder(builderName string)
func RemoveCrackstation ¶ added in v1.6.0
func RemoveCrackstation(hostUUID string)
func StartEventAutomation ¶ added in v1.5.0
func StartEventAutomation()
StartEventAutomation - Starts an event automation goroutine
Types ¶
type Client ¶
Client - Single client connection
func (*Client) ToProtobuf ¶
ToProtobuf - Get the protobuf version of the object
type Crackstation ¶ added in v1.6.0
type Crackstation struct {
HostUUID string
Station *clientpb.Crackstation
Events chan *clientpb.Event
// contains filtered or unexported fields
}
func GetCrackstation ¶ added in v1.6.0
func GetCrackstation(hostUUID string) *Crackstation
func NewCrackstation ¶ added in v1.6.0
func NewCrackstation(station *clientpb.Crackstation) *Crackstation
func (*Crackstation) GetStatus ¶ added in v1.6.0
func (c *Crackstation) GetStatus() *clientpb.CrackstationStatus
func (*Crackstation) UpdateStatus ¶ added in v1.6.0
func (c *Crackstation) UpdateStatus(status *clientpb.CrackstationStatus)
type Event ¶
type Event struct {
Session *Session
Job *Job
Client *Client
Beacon *models.Beacon
EventType string
Data []byte
Err error
}
Event - An event is fired when there's a state change involving a
session, job, or client.
type ImplantConnection ¶ added in v1.5.0
type ImplantConnection struct {
ID string
Send chan *sliverpb.Envelope
RespMutex *sync.RWMutex
Resp map[int64]chan *sliverpb.Envelope
Transport string
RemoteAddress string
LastMessage time.Time
LastMessageMutex *sync.RWMutex
Cleanup func()
}
ImplantConnection - Abstract connection to an implant
func NewImplantConnection ¶ added in v1.5.0
func NewImplantConnection(transport string, remoteAddress string) *ImplantConnection
NewImplantConnection - Creates a new implant connection
func (*ImplantConnection) GetLastMessage ¶ added in v1.5.14
func (c *ImplantConnection) GetLastMessage() time.Time
GetLastMessage - Retrieves the last message time
func (*ImplantConnection) RequestResend ¶ added in v1.5.27
func (c *ImplantConnection) RequestResend(data []byte)
func (*ImplantConnection) UpdateLastMessage ¶ added in v1.5.0
func (c *ImplantConnection) UpdateLastMessage()
UpdateLastMessage - Updates the last message time
type Job ¶
type Job struct {
ID int
Name string
Description string
Protocol string
Port uint16
Domains []string
JobCtrl chan bool
PersistentID string
ProfileName string
}
Job - Manages background jobs
func (*Job) ToProtobuf ¶
ToProtobuf - Get the protobuf version of the object
type Pivot ¶ added in v1.5.0
type Pivot struct {
ID string
OriginID int64
ImplantConn *ImplantConnection
ImmediateImplantConn *ImplantConnection
CipherCtx *cryptography.CipherContext
Peers []*sliverpb.PivotPeer
}
Pivot - Wraps an ImplantConnection
func NewPivotSession ¶ added in v1.5.0
NewPivotSession - Creates a new pivot session
type PivotGraphEntry ¶ added in v1.5.0
type PivotGraphEntry struct {
PeerID int64
SessionID string
Name string
// PeerID -> Child
Children map[int64]*PivotGraphEntry
}
PivotGraphEntry - A single entry in the pivot graph
func PivotGraph ¶ added in v1.5.0
func PivotGraph() []*PivotGraphEntry
PivotGraph - Creates a graph structure of sessions/pivots
func (*PivotGraphEntry) AllChildren ¶ added in v1.5.0
func (e *PivotGraphEntry) AllChildren() []*PivotGraphEntry
AllChildren - Flat list of all children (including children of children)
func (*PivotGraphEntry) FindEntryByPeerID ¶ added in v1.5.0
func (e *PivotGraphEntry) FindEntryByPeerID(peerID int64) *PivotGraphEntry
FindEntryByPeerID - Finds a pivot graph entry by peer ID, recursively
func (*PivotGraphEntry) Insert ¶ added in v1.5.0
func (e *PivotGraphEntry) Insert(input *PivotGraphEntry)
Insert - Inserts a pivot into the graph, if it doesn't yet exist
func (*PivotGraphEntry) ToProtobuf ¶ added in v1.5.0
func (e *PivotGraphEntry) ToProtobuf() *clientpb.PivotGraphEntry
ToProtobuf - Recursively converts the pivot graph to protobuf
type Session ¶
type Session struct {
ID string
Name string
Hostname string
Username string
UUID string
UID string
GID string
OS string
Version string
Arch string
PID int32
Filename string
Connection *ImplantConnection
ActiveC2 string
ReconnectInterval int64
ProxyURL string
PollTimeout int64
Burned bool
Extensions []string
ConfigID string
PeerID int64
Locale string
FirstContact int64
Integrity string
}
Session - Represents a connection to an implant
func NewSession ¶ added in v1.5.0
func NewSession(implantConn *ImplantConnection) *Session
NewSession - Create a new session
func (*Session) LastCheckin ¶
LastCheckin - Get the last time a session message was received
func (*Session) Request ¶
Request - Sends a protobuf request to the active sliver and returns the response
func (*Session) ToProtobuf ¶
ToProtobuf - Get the protobuf version of the object
type Tunnel ¶
type Tunnel struct {
ID uint64
SessionID string
ToImplant chan []byte
ToImplantSequence uint64
FromImplant chan *sliverpb.TunnelData
FromImplantSequence uint64
Client rpcpb.SliverRPC_TunnelDataServer
// contains filtered or unexported fields
}
Tunnel - Essentially just a mapping between a specific client and sliver with an identifier, these tunnels are full duplex. The server doesn't really care what data gets passed back and forth it just facilitates the connection
func (*Tunnel) GetLastMessageTime ¶ added in v1.5.14
func (*Tunnel) SendDataFromImplant ¶ added in v1.5.14
func (t *Tunnel) SendDataFromImplant(tunnelData *sliverpb.TunnelData)
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.