feat: impl bind mode

Author: M09Ic

client/command/basic/bind.go

@@ -2,7 +2,6 @@ package basic
 
 import (
 	"github.com/chainreactors/IoM-go/client"
-	"github.com/chainreactors/IoM-go/consts"
 	"github.com/chainreactors/IoM-go/proto/client/clientpb"
 	"github.com/chainreactors/IoM-go/proto/implant/implantpb"
 	"github.com/chainreactors/malice-network/client/core"
@@ -49,8 +48,8 @@ func InitCmd(cmd *cobra.Command, con *core.Console) error {
 }
 
 func Init(con *core.Console, sess *client.Session) (bool, error) {
-	_, err := con.Rpc.InitBindSession(sess.Context(), &implantpb.Request{
-		Name: consts.ModuleInit,
+	_, err := con.Rpc.InitBindSession(sess.Context(), &implantpb.Init{
+		Data: sess.Raw(),
 	})
 	if err != nil {
 		return false, err

client/command/listener/commands.go

@@ -57,7 +57,7 @@ job
 			return StartPipelineCmd(cmd, con)
 		},
 		Example: `~~~
-tcp start tcp_test
+pipeline start tcp_test
 ~~~`,
 	}
 

client/command/listener/pipeline.go

@@ -101,13 +101,10 @@ func ListPipelineCmd(cmd *cobra.Command, con *core.Console) error {
 func StartPipelineCmd(cmd *cobra.Command, con *core.Console) error {
 	name := cmd.Flags().Arg(0)
 
-	if _, ok := con.Pipelines[name]; ok {
-		_, err := con.Rpc.StopPipeline(con.Context(), &clientpb.CtrlPipeline{
+	if p, ok := con.Pipelines[name]; ok && p.Enable {
+		con.Rpc.StopPipeline(con.Context(), &clientpb.CtrlPipeline{
 			Name: name,
 		})
-		if err != nil {
-			return err
-		}
 	}
 	certName, _ := cmd.Flags().GetString("cert-name")
 	_, err := con.Rpc.StartPipeline(con.Context(), &clientpb.CtrlPipeline{

client/command/pipeline/commands.go

@@ -20,13 +20,13 @@ func Commands(con *core.Console) []*cobra.Command {
 		Args: cobra.MaximumNArgs(1),
 		Example: `~~~
 // Register a TCP pipeline with the default settings
-tcp --listener tcp_default
+tcp --listener listener
 
 // Register a TCP pipeline with a custom name, host, and port
-tcp --name tcp_test --listener tcp_default --host 192.168.0.43 --port 5003
+tcp --name tcp_test --listener listener --host 192.168.0.43 --port 5003
 
 // Register a TCP pipeline with TLS enabled and specify certificate and key paths
-tcp --listener tcp_default --tls --cert_path /path/to/cert --key_path /path/to/key
+tcp --listener listener --tls --cert_path /path/to/cert --key_path /path/to/key
 ~~~`,
 	}
 	common.BindFlag(tcpCmd, common.PipelineFlagSet, common.TlsCertFlagSet, common.SecureFlagSet, common.EncryptionFlagSet)
@@ -53,13 +53,13 @@ tcp --listener tcp_default --tls --cert_path /path/to/cert --key_path /path/to/k
 		Args: cobra.MaximumNArgs(1),
 		Example: `~~~
 // Register an HTTP pipeline with the default settings
-http --listener http_default
+http --listener listener
 
 // Register an HTTP pipeline with custom headers and error page
-http --name http_test --listener http_default --host 192.168.0.43 --port 8080 --headers "Content-Type=text/html" --error-page /path/to/error.html
+http --name http_test --listener listener --host 192.168.0.43 --port 8080 --headers "Content-Type=text/html" --error-page /path/to/error.html
 
 // Register an HTTP pipeline with TLS enabled
-http --listener http_default --tls --cert_path /path/to/cert --key_path /path/to/key
+http --listener listener --tls --cert_path /path/to/cert --key_path /path/to/key
 ~~~`,
 	}
 
@@ -95,7 +95,7 @@ http --listener http_default --tls --cert_path /path/to/cert --key_path /path/to
 		Example: `
 new bind pipeline
 ~~~
-bind listener
+bind --listener listener
 ~~~
 `,
 	}

client/command/sessions/commands.go

@@ -53,10 +53,9 @@ session -a --static
 		f.StringP("name", "n", "", "session name")
 		f.StringP("target", "t", "", "session target")
 		f.String("pipeline", "", "pipeline id")
-		bindSessNewCmd.MarkFlagRequired("target")
-		bindSessNewCmd.MarkFlagRequired("pipeline")
 	})
-
+	bindSessNewCmd.MarkFlagRequired("target")
+	bindSessNewCmd.MarkFlagRequired("pipeline")
 	common.BindFlagCompletions(bindSessNewCmd, func(comp carapace.ActionMap) {
 		comp["pipeline"] = common.AllPipelineCompleter(con)
 	})

client/command/sessions/new.go

@@ -36,7 +36,8 @@ func NewBindSession(con *core.Console, PipelineID string, target string, name st
 		Target:     target,
 		Type:       consts.ImplantMaleficBind,
 		RegisterData: &implantpb.Register{
-			Name: name,
+			Name:  name,
+			Timer: &implantpb.Timer{},
 		},
 	})
 	if err != nil {
@@ -46,8 +47,8 @@ func NewBindSession(con *core.Console, PipelineID string, target string, name st
 	if err != nil {
 		return nil, err
 	}
-	_, err = con.Rpc.InitBindSession(sess.Context(), &implantpb.Request{
-		Name: consts.ModuleInit,
+	_, err = con.Rpc.InitBindSession(sess.Context(), &implantpb.Init{
+		Data: sess.Raw(),
 	})
 	if err != nil {
 		return nil, err

client/core/server.go

@@ -182,6 +182,9 @@ func (s *Server) EventHandler() {
 		return
 	}
 	s.Update()
+	if s.GetInteractive() != nil {
+		s.UpdateSession(s.GetInteractive().SessionId)
+	}
 	s.EventStatus = true
 	client.Log.Info("starting event loop\n")
 	defer func() {

server/internal/core/connection.go

@@ -79,6 +79,9 @@ func GetConnection(conn *cryptostream.Conn, pipelineID string, secureConfig *imp
 // 优先从 ListenerSessions 获取，如果没有则从 secureConfig 获取交换密钥对
 func GetKeyPairForSession(sid uint32, secureConfig *implanttypes.SecureConfig) *clientpb.KeyPair {
 	// 优先从 session 中获取 KeyPair
+	if secureConfig == nil || !secureConfig.Enable {
+		return nil
+	}
 	if session := ListenerSessions.Get(sid); session != nil {
 		return session.KeyPair
 	}

server/internal/core/pipeline.go

@@ -62,6 +62,16 @@ func (p *PipelineConfig) WrapConn(conn io.ReadWriteCloser) (*cryptostream.Conn,
 	return cryptostream.WrapPeekConn(conn, crys, p.Parser)
 }
 
+// WrapBindConn wraps a connection for bind mode without pre-reading
+// Bind mode expects server to send data first, then receive response
+func (p *PipelineConfig) WrapBindConn(conn io.ReadWriteCloser) (*cryptostream.Conn, error) {
+	crys, err := configs.NewCrypto(p.Encryption.ToProtobuf())
+	if err != nil {
+		return nil, err
+	}
+	return cryptostream.WrapBindConn(conn, crys)
+}
+
 //
 //func (p *PipelineConfig) ToFile() *clientpb.Pipeline {
 //	return &clientpb.Pipeline{

server/internal/stream/peekconn.go

@@ -102,6 +102,36 @@ func WrapPeekConn(conn io.ReadWriteCloser, cryptos []Cryptor, parserName string)
 	}, nil
 }
 
+// WrapBindConn wraps a connection for bind mode without pre-reading
+// Bind mode: Server actively sends data first, then receives response from implant
+// Only supports malefic parser in bind mode
+func WrapBindConn(conn io.ReadWriteCloser, cryptos []Cryptor) (*Conn, error) {
+	if len(cryptos) == 0 {
+		return nil, net.ErrClosed
+	}
+
+	// Use the first cryptor for bind mode
+	c := cryptos[0]
+
+	// Bind mode only uses malefic parser
+	p, err := parser.NewParser("malefic")
+	if err != nil {
+		return nil, err
+	}
+
+	if _, ok := conn.(net.Conn); ok {
+		conn = NewCryptoConn(conn.(net.Conn), c)
+	} else {
+		conn = NewCryptoRWC(conn, c)
+	}
+
+	return &Conn{
+		ReadWriteCloser: conn,
+		Parser:          p,
+		buf:             nil, // No pre-read buffer for bind mode
+	}, nil
+}
+
 type Conn struct {
 	io.ReadWriteCloser
 	buf    []byte