[feature] Upgrade from beacon session

Question

[feature] Upgrade from beacon session

Closed this issue 2 days ago · 4 comments

A session is a real-time communication from an operator to an agent. These connections can be handled by an intermediate server. Some module/tome will require a session to work. For ex: reverse socks5.

Operator init a session-upgrade task
Agent get the task, open a tcp/websocket (or whatever bi-directional transport is supported) to the server
Server maintain this connection and waiting for operator to connect. When operator connected, server pipe data in both direction.
When an agent-server-opertator connection established, agent start "bind" mode over the reverse tunnel socket. Operator submit task directly to the agent. C2 task polling loop still work as new operator may come to play.

Sliver C2 supported session, we can learn from it. I will submit a PR but put an issue here for further discussion.

Answer 1 · 2024-04-05T05:06:23.000Z

Some authentication and multiplexing need to be implemented. Can use rust-yamux and yamux-go for multiplexing the reverse tunnel.

Answer 2 · 2024-04-05T05:13:09.000Z

Or use libp2p which support multiple transport and easy to build pivots module which allow no-internet agent to connect to c2 over internet-available agent.

Answer 3 · 2024-04-05T15:08:45.000Z

Thanks for opening an issue!
What workflow or capability you trying to achieve with sessions that beacons are not fulfilling?

Answer 4 · 2024-07-04T01:01:29.000Z

Closing for now since it's been a while.