Merge pull request #202 from vulncheck-oss/new-exploit-types

j-baines · web-flow · commit 566c3d8e2dd0 · 2024-07-29T15:52:35.000-04:00
Updates to C2 Handling New Exploit Types
diff --git a/cli/commandline.go b/cli/commandline.go
@@ -411,6 +411,14 @@ func dbFlags(conf *config.Config) {
 
 // handle generic sounding c2 flags.
 func c2Flags(c2Selection *string, conf *config.Config) {
+
+	flag.BoolVar(&conf.ThirdPartyC2Server, "o", false, "Indicates if the reverse shell should be caught by an outside program (nc, openssl)")
+
+	if len(conf.SupportedC2) == 0 {
+		// the implementing exploit doesn't support any c2, just exit
+		return
+	}
+
 	c2Default, _ := c2.ImplToString(conf.SupportedC2[0])
 	c2Available := "The C2 server implementation to use. Supported: "
 	for _, value := range conf.SupportedC2 {
@@ -437,15 +445,13 @@ func c2Flags(c2Selection *string, conf *config.Config) {
 	} else {
 		flag.IntVar(&conf.C2Timeout, "t", 30, "The number of seconds to listen for reverse shells.")
 	}
-
-	flag.BoolVar(&conf.ThirdPartyC2Server, "o", false, "Indicates if the reverse shell should be caught by an outside program (nc, openssl)")
 }
 
 // loop through the c2 the exploit supports and find the one the user actually selected.
 func validateC2Selection(c2Selection string, conf *config.Config) bool {
 	c2Selected, ok := c2.StringToImpl(c2Selection)
 	if !ok {
-		output.PrintFrameworkError("Provided an invalid c2 implementation")
+		output.PrintFrameworkError("The user provided an invalid c2 implementation")
 
 		return false
 	}
@@ -679,7 +685,9 @@ func FormatFileCmdLineParse(conf *config.Config) bool {
 
 		return false
 	}
-	if !validateC2Selection(c2Selection, conf) {
+
+	// must be validate (to set default for payload gen) and then check third party c2
+	if validateC2Selection(c2Selection, conf) && !conf.ThirdPartyC2Server {
 		return false
 	}
 	if !conf.ThirdPartyC2Server && (conf.Lport == 0 || len(conf.Lhost) == 0) {
@@ -715,7 +723,8 @@ func LocalCmdLineParse(conf *config.Config) bool {
 	}
 	flag.Parse()
 
-	if !validateC2Selection(c2Selection, conf) {
+	// must be validate (to set default for payload gen) and then check third party c2
+	if validateC2Selection(c2Selection, conf) && !conf.ThirdPartyC2Server {
 		return false
 	}
 
diff --git a/framework.go b/framework.go
@@ -66,6 +66,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/vulncheck-oss/go-exploit"
 	"github.com/vulncheck-oss/go-exploit/c2"
 	"github.com/vulncheck-oss/go-exploit/cli"
 	"github.com/vulncheck-oss/go-exploit/config"
@@ -275,7 +276,8 @@ func parseCommandLine(conf *config.Config) bool {
 }
 
 func startC2Server(conf *config.Config) bool {
-	if conf.DoExploit && !conf.ThirdPartyC2Server && conf.Bport == 0 {
+	if conf.DoExploit && !conf.ThirdPartyC2Server && conf.Bport == 0 &&
+		(conf.ExType != exploit.InformationDisclosure && conf.ExType != exploit.Webshell) {
 		c2Impl, success := c2.GetInstance(conf.C2Type)
 		if !success || c2Impl == nil {
 			return false
