Allow for manual triggering of C2 startup

vulncheck-oss · Jan 10, 2025 · 7c71a33 · 7c71a33
1 parent cd5f42f
commit 7c71a33
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/config/config.go b/config/config.go
@@ -98,6 +98,8 @@ type Config struct {
 	DoVersionCheck bool
 	// indicates if we run the exploit
 	DoExploit bool
+	// automatically start the c2 or not
+	C2AutoStart bool
 	// the user requested c2 to use
 	C2Type c2.Impl
 	// C2 server timeout
@@ -171,6 +173,7 @@ func NewRemoteExploit(implemented ImplementedFeatures, extype ExploitType, suppo
 	newConf.Vendor = vendor
 	newConf.Products = product
 	newConf.Product = fmt.Sprintf("%s %s", vendor, strings.Join(product, "/"))
+	newConf.C2AutoStart = true
 	newConf.CPE = cpe
 	newConf.CVE = cve
 	newConf.Protocol = protocol
@@ -191,6 +194,7 @@ func NewLocalExploit(implemented ImplementedFeatures, extype ExploitType, suppor
 	newConf.Vendor = vendor
 	newConf.Products = product
 	newConf.Product = fmt.Sprintf("%s %s", vendor, strings.Join(product, "/"))
+	newConf.C2AutoStart = true
 	newConf.CPE = cpe
 	newConf.CVE = cve
 
@@ -312,6 +316,12 @@ func (conf *Config) GetBoolFlag(name string) bool {
 	return *value
 }
 
+// Disable automatic start of c2 servers. Manually starting is required after
+// this function is called.
+func (conf *Config) DisableC2Start() {
+	conf.C2AutoStart = false
+}
+
 // Some C2 (ShellTunnel) don't actually care how the payload is generated, but
 // the underlying C2 might be implied depending on how the individual exploit
 // has been developed. It is certainly not a requirement to call this function

diff --git a/framework.go b/framework.go
@@ -278,6 +278,13 @@ func parseCommandLine(conf *config.Config) bool {
 	}
 }
 
+// Manually start the C2 server. This is used when Config.C2AutoStart is
+// disabled and for when you may not want to start the server until
+// another action is complete.
+func StartC2(conf *config.Config) bool {
+	return startC2Server(conf)
+}
+
 func startC2Server(conf *config.Config) bool {
 	if conf.DoExploit && !conf.ThirdPartyC2Server && conf.Bport == 0 &&
 		(conf.ExType != config.InformationDisclosure && conf.ExType != config.Webshell) {
@@ -416,8 +423,10 @@ func RunProgram(sploit Exploit, conf *config.Config) {
 	}
 
 	// if the c2 server is meant to catch responses, initialize and start so it can bind
-	if !startC2Server(conf) {
-		return
+	if conf.C2AutoStart {
+		if !startC2Server(conf) {
+			return
+		}
 	}
 
 	if conf.ExType == config.FileFormat || conf.ExType == config.Local {