From ac9c8d3865ee43b3608169b7bfb1721dcf563420 Mon Sep 17 00:00:00 2001 From: Simone Margaritelli Date: Wed, 27 Jan 2021 11:12:50 +0100 Subject: [PATCH] fix: added sasl authentication support for the c2 module --- modules/c2/c2.go | 45 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 38 insertions(+), 7 deletions(-) diff --git a/modules/c2/c2.go b/modules/c2/c2.go index ab908f0f..d5e30bad 100644 --- a/modules/c2/c2.go +++ b/modules/c2/c2.go @@ -16,10 +16,13 @@ import ( type settings struct { server string - ssl bool + tls bool + tlsVerify bool nick string user string password string + saslUser string + saslPassword string operator string controlChannel string eventsChannel string @@ -52,7 +55,8 @@ func NewC2(s *session.Session) *C2 { quit: make(chan bool), settings: settings{ server: "localhost:6697", - ssl: true, + tls: true, + tlsVerify: false, nick: "bettercap", user: "bettercap", password: "password", @@ -72,6 +76,10 @@ func NewC2(s *session.Session) *C2 { "true", "Enable or disable TLS.")) + mod.AddParam(session.NewBoolParameter("c2.server.tls.verify", + "false", + "Enable or disable TLS certificate validation.")) + mod.AddParam(session.NewStringParameter("c2.operator", mod.settings.operator, "", @@ -92,6 +100,16 @@ func NewC2(s *session.Session) *C2 { "", "IRC server password.")) + mod.AddParam(session.NewStringParameter("c2.sasl.username", + mod.settings.saslUser, + "", + "IRC SASL username.")) + + mod.AddParam(session.NewStringParameter("c2.sasl.password", + mod.settings.saslPassword, + "", + "IRC server SASL password.")) + mod.AddParam(session.NewStringParameter("c2.channel.output", mod.settings.outputChannel, "", @@ -200,7 +218,9 @@ func (mod *C2) Configure() (err error) { if err, mod.settings.server = mod.StringParam("c2.server"); err != nil { return err - } else if err, mod.settings.ssl = mod.BoolParam("c2.server.tls"); err != nil { + } else if err, mod.settings.tls = mod.BoolParam("c2.server.tls"); err != nil { + return err + } else if err, mod.settings.tlsVerify = mod.BoolParam("c2.server.tls.verify"); err != nil { return err } else if err, mod.settings.nick = mod.StringParam("c2.nick"); err != nil { return err @@ -208,6 +228,10 @@ func (mod *C2) Configure() (err error) { return err } else if err, mod.settings.password = mod.StringParam("c2.password"); err != nil { return err + } else if err, mod.settings.saslUser = mod.StringParam("c2.sasl.username"); err != nil { + return err + } else if err, mod.settings.saslPassword = mod.StringParam("c2.sasl.password"); err != nil { + return err } else if err, mod.settings.operator = mod.StringParam("c2.operator"); err != nil { return err } else if err, mod.settings.eventsChannel = mod.StringParam("c2.channel.events"); err != nil { @@ -226,10 +250,17 @@ func (mod *C2) Configure() (err error) { mod.client.VerboseCallbackHandler = true mod.client.Debug = true } + mod.client.Password = mod.settings.password - mod.client.UseTLS = mod.settings.ssl + mod.client.UseTLS = mod.settings.tls mod.client.TLSConfig = &tls.Config{ - InsecureSkipVerify: true, // TODO: pass this by parameter? + InsecureSkipVerify: !mod.settings.tlsVerify, + } + + if mod.settings.saslUser != "" || mod.settings.saslPassword != "" { + mod.client.SASLLogin = mod.settings.saslUser + mod.client.SASLPassword = mod.settings.saslPassword + mod.client.UseSASL = true } mod.client.AddCallback("PRIVMSG", func(event *irc.Event) { @@ -263,7 +294,7 @@ func (mod *C2) Configure() (err error) { } else if cmd == "nick" { mod.client.Nick(args) } else if err = mod.Session.Run(message); err == nil { - // mod.client.Privmsg(event.Nick, "ok") + } else { mod.client.Privmsgf(event.Nick, "error: %v", stripansi.Strip(err.Error())) } @@ -279,7 +310,7 @@ func (mod *C2) Configure() (err error) { return mod.client.Connect(mod.settings.server) } -func (mod *C2) onPrint(format string, args...interface{}) { +func (mod *C2) onPrint(format string, args ...interface{}) { if !mod.Running() { return }