Merge branch 'main' into config-template-strings

vulncheck-oss · Jan 30, 2025 · a3132a7 · a3132a7
2 parents 3e9393a + 95496b6
commit a3132a7
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 2 deletions.
diff --git a/config/config.go b/config/config.go
@@ -100,6 +100,8 @@ type Config struct {
 	DoVersionCheck bool
 	// indicates if we run the exploit
 	DoExploit bool
+	// automatically start the c2 or not
+	C2AutoStart bool
 	// the user requested c2 to use
 	C2Type c2.Impl
 	// C2 server timeout
@@ -173,6 +175,7 @@ func NewRemoteExploit(implemented ImplementedFeatures, extype ExploitType, suppo
 	newConf.Vendor = vendor
 	newConf.Products = product
 	newConf.Product = fmt.Sprintf("%s %s", vendor, strings.Join(product, "/"))
+	newConf.C2AutoStart = true
 	newConf.CPE = cpe
 	newConf.CVE = cve
 	newConf.Protocol = protocol
@@ -193,6 +196,7 @@ func NewLocalExploit(implemented ImplementedFeatures, extype ExploitType, suppor
 	newConf.Vendor = vendor
 	newConf.Products = product
 	newConf.Product = fmt.Sprintf("%s %s", vendor, strings.Join(product, "/"))
+	newConf.C2AutoStart = true
 	newConf.CPE = cpe
 	newConf.CVE = cve
 
@@ -357,6 +361,16 @@ func (conf *Config) ApplyTemplate(name string) string {
 	return buf.String()
 }
 
+// Disable automatic start of c2 servers. Manually starting is required after
+// this function is called. This is useful when you have an exploit that
+// may have multiple stages and you are guaranteed to not need the C2
+// setup. An example is an exploit that needs to retrieve a CAPTCHA may not
+// want to start up the C2 until the first stage is retrieved and the
+// CAPTCHA is solved.
+func (conf *Config) DisableC2Start() {
+	conf.C2AutoStart = false
+}
+
 // Some C2 (ShellTunnel) don't actually care how the payload is generated, but
 // the underlying C2 might be implied depending on how the individual exploit
 // has been developed. It is certainly not a requirement to call this function

diff --git a/framework.go b/framework.go
@@ -278,6 +278,13 @@ func parseCommandLine(conf *config.Config) bool {
 	}
 }
 
+// Manually start the C2 server. This is used when Config.C2AutoStart is
+// disabled and for when you may not want to start the server until
+// another action is complete.
+func StartC2(conf *config.Config) bool {
+	return startC2Server(conf)
+}
+
 func startC2Server(conf *config.Config) bool {
 	if conf.DoExploit && !conf.ThirdPartyC2Server && conf.Bport == 0 &&
 		(conf.ExType != config.InformationDisclosure && conf.ExType != config.Webshell) {
@@ -416,8 +423,10 @@ func RunProgram(sploit Exploit, conf *config.Config) {
 	}
 
 	// if the c2 server is meant to catch responses, initialize and start so it can bind
-	if !startC2Server(conf) {
-		return
+	if conf.C2AutoStart {
+		if !startC2Server(conf) {
+			return
+		}
 	}
 
 	if conf.ExType == config.FileFormat || conf.ExType == config.Local {