seqre / rast Goto Github PK

Any functionality added to the agent and/or C2 server that is not required to run should be behind the Rust feature to allow for enabling/disabling them by the user.

Implement a new one or improve protocol from #3 to enable sending data between agents and the C2 server.

In the current state, only instances of String up to 255 characters are allowed to be sent. This should be changed to send some predefined data structure that can be (de)serialized to be able to send it over the Internet and successfully recreate it.

Agents should be able to execute system commands.

A handler of the C2 server should be able to send commands to be executed on the chosen agent and receive a response.

Implement using ICMP for data transfer between agents and the C2 server.

yaml-rust is unmaintained.

The maintainer seems unreachable.

Many issues and pull requests have been submitted over the years
without any response.

Alternatives

Consider switching to the actively maintained yaml-rust2 fork of the original project:

• yaml-rust2
• yaml-rust2 @ crates.io)

See advisory page for additional details.

Implement using DNS for data transfer between agents and C2 server.

Requirements:

• needs to run on Linux
• able to use basic protocol from #3
• able to connect to C2 server

Requirements:

• be able to send classic ping/pong message between agent and c2 server

Implement using HTTP(s) for data transfer between agents and C2 server.

Implement an option for agents and C2 server to be able to load config at runtime or compile time. The config should specify options such as C2 server location, ports/protocols in use, etc.

Implement a basic shell inside the C2 server able to execute built-in commands and just send commands to be executed on the agents.

For embedding config in prod and loading in dev for the agent, this flag will be of use: https://doc.rust-lang.org/reference/conditional-compilation.html#debug_assertions

Possible implementation: https://github.com/pyrossh/rust-embed/blob/master/src/lib.rs

Originally posted by @seqre in #4 (comment)

Agents should be able to update themselves to the newer version requested from the C2 server.

CI pipeline should be set up to test for proper compilation, lining, and formatting of the code.

Requirements:

• runs on Linux
• can accept connection from the agent
• able to use basic protocol from #3

Add commands for common system information gathering.

The server binary should be able to accept connections from multiple agents.

Extend shell and agent functionality in terms of file manipulations. The built-in shell should be able to change directories, create/manipulate files, download/upload files, etc. without executing commands directly on the host.

Tungstenite allows remote attackers to cause a denial of service

The Tungstenite crate through 0.20.0 for Rust allows remote attackers to cause
a denial of service (minutes of CPU consumption) via an excessive length of an
HTTP header in a client handshake. The length affects both how many times a parse
is attempted (e.g., thousands of times) and the average amount of data for each
parse attempt (e.g., millions of bytes).

See advisory page for additional details.