Fix HTTPServeShell accidentally sharing channels & fix session timeout

terrorbyte · terrorbyte · commit 7dc66f650bea · 2025-05-02T11:16:39.000-06:00
with sessions open.
diff --git a/c2/httpserveshell/httpserveshell.go b/c2/httpserveshell/httpserveshell.go
@@ -77,32 +77,42 @@ func (serveShell *Server) CreateFlags() {
 }
 
 // load the provided file into memory. Generate the random filename.
-func (serveShell *Server) Init(channel *channel.Channel) bool {
-	if channel.Shutdown == nil {
+func (serveShell *Server) Init(ch *channel.Channel) bool {
+	if ch.Shutdown == nil {
 		// Initialize the shutdown atomic. This lets us not have to define it if the C2 is manually
 		// configured.
 		var shutdown atomic.Bool
 		shutdown.Store(false)
-		channel.Shutdown = &shutdown
+		ch.Shutdown = &shutdown
 	}
-	serveShell.channel = channel
+	serveShell.channel = ch
 	if len(serveShell.HTTPAddr) == 0 {
 		output.PrintFrameworkError("User must specify -httpServeFile.BindAddr")
 
 		return false
 	}
-	channel.HTTPAddr = serveShell.HTTPAddr
-	channel.HTTPPort = serveShell.HTTPPort
+	ch.HTTPAddr = serveShell.HTTPAddr
+	ch.HTTPPort = serveShell.HTTPPort
 
-	if !httpservefile.GetInstance().Init(channel) {
+	if !httpservefile.GetInstance().Init(ch) {
 		return false
 	}
 
+	// Initialize the shell server channels with variables from upstream
+	var shutdown atomic.Bool
+	shutdown.Store(false)
+	shellChannel := &channel.Channel{
+		IPAddr:   ch.IPAddr,
+		Port:     ch.Port,
+		IsClient: false,
+		Shutdown: &shutdown,
+	}
+	shellChannel.Shutdown = &shutdown
 	if serveShell.SSLShell {
-		return sslshell.GetInstance().Init(channel)
+		return sslshell.GetInstance().Init(shellChannel)
 	}
 
-	return simpleshell.GetServerInstance().Init(channel)
+	return simpleshell.GetServerInstance().Init(shellChannel)
 }
 
 // Shutdown triggers the shutdown for all running C2s.
@@ -154,7 +164,6 @@ func (serveShell *Server) Run(timeout int) {
 			go func() {
 				for {
 					if sslshell.GetInstance().Channel().Shutdown.Load() {
-						sslshell.GetInstance().Shutdown()
 						wg.Done()
 
 						break
@@ -167,7 +176,6 @@ func (serveShell *Server) Run(timeout int) {
 			go func() {
 				for {
 					if simpleshell.GetServerInstance().Channel().Shutdown.Load() {
-						simpleshell.GetServerInstance().Shutdown()
 						wg.Done()
 
 						break
diff --git a/c2/simpleshell/simpleshellserver.go b/c2/simpleshell/simpleshellserver.go
@@ -48,7 +48,7 @@ func (shellServer *Server) Shutdown() bool {
 	output.PrintFrameworkStatus("C2 received shutdown, killing server and client sockets for shell server")
 	if len(shellServer.Channel().Sessions) > 0 {
 		for k, session := range shellServer.Channel().Sessions {
-			output.PrintfFrameworkStatus("Connection closed: %s", session.RemoteAddr)
+			output.PrintfFrameworkStatus("Connection closed for shell server: %s", session.RemoteAddr)
 			shellServer.Channel().RemoveSession(k)
 		}
 	}
@@ -95,8 +95,10 @@ func (shellServer *Server) Run(timeout int) {
 	go func() {
 		time.Sleep(time.Duration(timeout) * time.Second)
 		if !shellServer.Channel().HasSessions() {
-			output.PrintFrameworkError("Timeout met. Shutting down shell listener.")
-			shellServer.Channel().Shutdown.Store(true)
+			if shellServer.Channel().Shutdown.Load() {
+				output.PrintFrameworkError("Timeout met. Shutting down shell listener.")
+				shellServer.Channel().Shutdown.Store(true)
+			}
 		}
 	}()
 	// Track if the shutdown is signaled for any reason.
