c2

package
v1.6.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 16, 2026 License: GPL-3.0 Imports: 47 Imported by: 7

README

server/c2

Overview

Command-and-control service wiring exposed by the server. Manages transport listeners, job dispatch, and staging pipelines. Key routines cover C2 profile, DNS, HTTP, and jobs within the c2 subsystem.

Go Files

  • c2_test.go (tests) – Tests core C2 orchestration behaviors.
  • c2profile.go – Manages C2 profile metadata and binding to listeners.
  • dns.go – Implements DNS listener management and query handling.
  • dns_test.go (tests) – Validates DNS C2 behavior.
  • http.go – Manages HTTP/HTTPS listener lifecycle and request routing.
  • http_test.go (tests) – Tests HTTP C2 operations.
  • jobs.go – Tracks running C2 jobs and listener status reporting.
  • mtls.go – Configures mTLS listeners and certificate usage.
  • tcp-stager.go – Provides TCP stager listener logic for payload delivery.
  • wireguard.go – Handles WireGuard listener setup and management.

Documentation

Index

Constants

View Source 
const (
	DefaultMaxBodyLength       = 2 * 1024 * 1024 * 1024 // 2Gb
	DefaultMaxUnauthBodyLength = 8 * 1024 * 1024        // 8Mb
	DefaultHTTPTimeout         = time.Minute
	DefaultLongPollTimeout     = time.Second
	DefaultLongPollJitter      = time.Second
)
View Source 
const (

	// ServerMaxMessageSize - Server-side max GRPC message size
	ServerMaxMessageSize = (2 * 1024 * 1024 * 1024) - 1
)

Variables

View Source 
var (
	ErrInvalidMsg         = errors.New("invalid dns message")
	ErrNoOutgoingMessages = errors.New("no outgoing messages")
	ErrMsgTooLong         = errors.New("too much data to encode")
	ErrMsgTooShort        = errors.New("too little data to encode")
)
View Source 
var (
	ErrMissingNonce   = errors.New("nonce not found in request")
	ErrInvalidEncoder = errors.New("invalid request encoder")
	ErrDecodeFailed   = errors.New("failed to decode request")
	ErrDecryptFailed  = errors.New("failed to decrypt request")
)

Functions

func SetupDefaultC2Profiles added in v1.6.0 

func SetupDefaultC2Profiles()

func StartDNSListenerJob 

func StartDNSListenerJob(dnsListener *clientpb.DNSListenerReq) (*core.Job, error)

StartDNSListenerJob - Start a DNS listener as a job

func StartHTTPListenerJob 

func StartHTTPListenerJob(req *clientpb.HTTPListenerReq) (*core.Job, error)

StartHTTPListenerJob - Start a HTTP listener as a job

func StartMTLSListenerJob 

func StartMTLSListenerJob(mtlsListener *clientpb.MTLSListenerReq) (*core.Job, error)

StartMTLSListenerJob - Start an mTLS listener as a job

func StartMutualTLSListener 

func StartMutualTLSListener(bindIface string, port uint16) (net.Listener, error)

StartMutualTLSListener - Start a mutual TLS listener

func StartTCPListener 

func StartTCPListener(bindIface string, port uint16, data []byte) (net.Listener, error)

StartTCPListener - Start a TCP listener

func StartTCPStagerListenerJob 

func StartTCPStagerListenerJob(host string, port uint16, name string, shellcode []byte) (*core.Job, error)

StartTCPStagerListenerJob - Start a TCP staging payload listener

func StartWGListener added in v1.4.9 

func StartWGListener(port uint16, netstackPort uint16, keyExchangeListenPort uint16) (net.Listener, *device.Device, *bytes.Buffer, error)

StartWGListener - First creates an inet.af network stack. then creates a Wireguard device/interface and applies configuration. Go routines are spun up to handle key exchange connections, as well as c2 comms connections.

func StartWGListenerJob added in v1.4.9 

func StartWGListenerJob(wgListener *clientpb.WGListenerReq) (*core.Job, error)

StartWGListenerJob - Start a WireGuard listener as a job

Types

type DNSSession 

type DNSSession struct {
	ID          uint32
	ImplantConn *core.ImplantConnection
	CipherCtx   *cryptography.CipherContext
	// contains filtered or unexported fields
}

DNSSession - Holds DNS session information

func (*DNSSession) ClearOutgoingEnvelope added in v1.5.0 

func (s *DNSSession) ClearOutgoingEnvelope(msgID uint32)

ClearOutgoingEnvelope - Clear an outgoing envelope this will generally, but not always, be the first value in the list

func (*DNSSession) ForwardCompletedEnvelope added in v1.5.0 

func (s *DNSSession) ForwardCompletedEnvelope(msgID uint32, pending *PendingEnvelope)

ForwardCompletedEnvelope - Reassembles and forwards envelopes to core

func (*DNSSession) IncomingPendingEnvelope added in v1.5.0 

func (s *DNSSession) IncomingPendingEnvelope(msgID uint32, size uint32) *PendingEnvelope

IncomingPendingEnvelope - Get a pending message linked list, creates one if it doesn't exist

func (*DNSSession) OutgoingRead added in v1.5.0 

func (s *DNSSession) OutgoingRead(msgID uint32, start uint32, stop uint32) ([]byte, error)

OutgoingRead - Read request from implant

func (*DNSSession) PopOutgoingMsgID added in v1.5.0 

func (s *DNSSession) PopOutgoingMsgID(msg *dnspb.DNSMessage) (uint32, uint32, error)

PopOutgoingMsgID - Pop the next outgoing message ID, FIFO returns msgID, len, err

func (*DNSSession) StageOutgoingEnvelope added in v1.5.0 

func (s *DNSSession) StageOutgoingEnvelope(envelope *sliverpb.Envelope) error

StageOutgoingEnvelope - Stage an outgoing envelope

type HTTPHandler 

type HTTPHandler func(resp http.ResponseWriter, req *http.Request)

HTTPHandler - Path mapped to a handler function

type HTTPSession 

type HTTPSession struct {
	ID          string
	ImplantConn *core.ImplantConnection
	CipherCtx   *cryptography.CipherContext
	Started     time.Time
	C2Profile   string
}

HTTPSession - Holds data related to a sliver c2 session

type HTTPSessions 

type HTTPSessions struct {
	// contains filtered or unexported fields
}

HTTPSessions - All currently open HTTP sessions

func (*HTTPSessions) Add 

func (s *HTTPSessions) Add(session *HTTPSession)

Add - Add an HTTP session

func (*HTTPSessions) Get 

func (s *HTTPSessions) Get(sessionID string) *HTTPSession

Get - Get an HTTP session

func (*HTTPSessions) Remove 

func (s *HTTPSessions) Remove(sessionID string)

Remove - Remove an HTTP session

type PendingEnvelope added in v1.5.0 

type PendingEnvelope struct {
	Size uint32
	// contains filtered or unexported fields
}

PendingEnvelope - Holds data related to a pending incoming message

func (*PendingEnvelope) Insert added in v1.5.0 

func (p *PendingEnvelope) Insert(dnsMsg *dnspb.DNSMessage) bool

Insert - Pending message, returns true if message is complete

func (*PendingEnvelope) Reassemble added in v1.5.0 

func (p *PendingEnvelope) Reassemble() ([]byte, error)

Reassemble - Reassemble a completed message

type SliverDNSServer added in v1.5.0 

type SliverDNSServer struct {
	TTL          uint32
	MaxTXTLength int
	EnforceOTP   bool
	// contains filtered or unexported fields
}

SliverDNSServer - DNS server implementation

func StartDNSListener 

func StartDNSListener(bindIface string, lport uint16, domains []string, canaries bool, enforceOTP bool) *SliverDNSServer

StartDNSListener - Start a DNS listener

func (*SliverDNSServer) HandleDNSRequest added in v1.5.0 

func (s *SliverDNSServer) HandleDNSRequest(domains []string, canaries bool, writer dns.ResponseWriter, req *dns.Msg)

--------------------------- DNS Handler --------------------------- Handles all DNS queries, first we determine if the query is C2 or a canary

func (*SliverDNSServer) ListenAndServe added in v1.5.0 

func (s *SliverDNSServer) ListenAndServe() error

ListenAndServe - Listen for DNS requests and respond

func (*SliverDNSServer) Shutdown added in v1.5.0 

func (s *SliverDNSServer) Shutdown() error

Shutdown - Shutdown the DNS server

type SliverHTTPC2 

type SliverHTTPC2 struct {
	HTTPServer   *http.Server
	ServerConf   *clientpb.HTTPListenerReq // Server config (user args)
	HTTPSessions *HTTPSessions
	Cleanup      func()
	// contains filtered or unexported fields
}

SliverHTTPC2 - Holds refs to all the C2 objects

func StartHTTPListener added in v1.5.0 

func StartHTTPListener(req *clientpb.HTTPListenerReq) (*SliverHTTPC2, error)

StartHTTPListener - Start an HTTP(S) listener, this can be used to start both 

HTTP/HTTPS depending on the caller's conf

TODO: Better error handling, configurable ACME host/port

func (*SliverHTTPC2) DefaultRespHeaders 

func (s *SliverHTTPC2) DefaultRespHeaders(next http.Handler) http.Handler

DefaultRespHeaders - Configures default response headers

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.