Cale Black
Cale Black
This one has been floating around for a while #160 and bumped into a situation with systems without sudo. I did the simple steps of checking if the user was...
# Problem At the moment the logic for exploits is that most of interactive functionality with attacker components is defined in the `c2` package. As of late with the exploration...
Currently we make assumptions about web servers being attacked and have some global flags that apply and make those assumptions. This isn't always the case nor wanted behavior. Instead, we...
Do not merge until the Go 1.23 mod changes as this relies on `slices.Chunk`. Adds a JJS based chunked dropper. It generates a valid JJS script with a base64 (I...
A few mistypes have caused me to break the framework for serving HTTP files and shells now, I think we should spend the time writing some tests to make sure...
During writing tests for #226 it became apparent that `HTTPServeFile` should use a server structure that's stored in it's singleton so that it can be cleanly shutdown like the others....
v2 was released about 2 weeks ago: https://github.com/golangci/golangci-lint/releases/tag/v2.0.2 This uses the migration guide for the basic: https://golangci-lint.run/product/migration-guide/
At the moment many exploits accidentally do not support `c2.ShellTunnel` because the generation logic does not detect them as SimpleShellServer or SSLShellServer. Mess with the logic of C2 assignment and...
If you have flags set and then pass `-details` the command will still parse the flags.
Currently `DoRawHTTPRequest` does not use Mixed Connect so we need to add a new function for that and then either keep this open for `api-break` or create a new one...