Skip to content

HTTP C2 URI lowercased, messing up proxy password #1126

New issue
New issue
Closed
Closed
HTTP C2 URI lowercased, messing up proxy password#1126
Labels
bugSomething isn't working
@akmalhisyam

Description

@akmalhisyam
akmalhisyam
opened on Mar 2, 2023

Password became lowercased, causing authentication to fail

=====================
Generate
=====================

sliver > generate --http http://192.168.10.10/?proxy=http://098789:[email protected]:8080 --debug --name test002-linux --os linux

[*] Generating new linux/amd64 implant binary
[*] Build completed in 44s
[*] Implant saved to /root/test002-linux

=====================
Run implant
=====================

[user@pc ~]$ ./test002-linux
2023/03/02 21:44:51 sliver.go:87: Hello my name is test002-linux
2023/03/02 21:44:51 limits.go:58: Limit checks completed
2023/03/02 21:44:51 sliver.go:105: Running in session mode
2023/03/02 21:44:51 session.go:67: Starting interactive session connection loop ...
2023/03/02 21:44:51 transports.go:41: Starting c2 url generator () ...
2023/03/02 21:44:51 transports.go:95: Return generator: (chan *url.URL)(0xc0000287e0)
2023/03/02 21:44:51 transports.go:83: Yield c2 uri = 'http://192.168.10.10?proxy=http://098789:[email protected]:8080'
2023/03/02 21:44:51 transports.go:83: Yield c2 uri = 'http://192.168.10.10?proxy=http://098789:[email protected]:8080'
2023/03/02 21:44:51 session.go:84: Next CC = http://192.168.10.10?proxy=http://098789:[email protected]:8080
2023/03/02 21:44:51 session.go:84: Next CC = http://192.168.10.10?proxy=http://098789:[email protected]:8080
2023/03/02 21:44:51 transports.go:83: Yield c2 uri = 'http://192.168.10.10?proxy=http://098789:[email protected]:8080'
2023/03/02 21:44:51 session.go:172: Connecting -> http(s)://192.168.10.10
2023/03/02 21:44:51 gohttp.go:97: Force proxy "http://098789:[email protected]:8080"
2023/03/02 21:44:51 gohttp.go:107: Proxy URL = 'http://098789:[email protected]:8080'
2023/03/02 21:44:51 httpclient.go:672: [http] segments = [], filename = sign-up, ext = php
2023/03/02 21:44:51 crypto.go:189: TOTP Code (2023-03-02 13:44:51.694866088 +0000 UTC): 72621053
2023/03/02 21:44:51 httpclient.go:339: [http] POST -> https://192.168.10.10/sign-up.html?cn=7l2621053&m=18h740664 (106 bytes)

======================
"Proxy"
======================

[user@pc ~]$ sudo nc -lvp 8080
Listening on 0.0.0.0 8080
Connection received on hehe 57280
CONNECT 192.168.10.10:443 HTTP/1.1
Host: 192.168.10.10:443
User-Agent: Go-http-client/1.1
Proxy-Authorization: Basic MDk4Nzg5OmhlaGVoZXl5eXl5eQ==

[user@pc ~]$ echo MDk4Nzg5OmhlaGVoZXl5eXl5eQ== | base64 -d
098789:heheheyyyyyy

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions