Update dns keyex issue #1354

BishopFox · Aug 5, 2023 · 0050bf8 · 0050bf8
1 parent 7e49a48
commit 0050bf8
Showing 1 changed file with 17 additions and 20 deletions.
diff --git a/server/c2/dns.go b/server/c2/dns.go
@@ -37,7 +37,6 @@ package c2
 import (
 	"bytes"
 	secureRand "crypto/rand"
-	"encoding/base64"
 	"encoding/binary"
 	"errors"
 	"fmt"
@@ -99,9 +98,9 @@ func StartDNSListener(bindIface string, lport uint16, domains []string, canaries
 
 // DNSSession - Holds DNS session information
 type DNSSession struct {
-	ID         uint32
-	ImplanConn *core.ImplantConnection
-	CipherCtx  *cryptography.CipherContext
+	ID          uint32
+	ImplantConn *core.ImplantConnection
+	CipherCtx   *cryptography.CipherContext
 
 	outgoingMsgIDs  []uint32
 	outgoingBuffers map[uint32][]byte
@@ -226,18 +225,18 @@ func (s *DNSSession) ForwardCompletedEnvelope(msgID uint32, pending *PendingEnve
 		return
 	}
 
-	s.ImplanConn.UpdateLastMessage()
+	s.ImplantConn.UpdateLastMessage()
 	handlers := sliverHandlers.GetHandlers()
 	if envelope.ID != 0 {
-		s.ImplanConn.RespMutex.RLock()
-		defer s.ImplanConn.RespMutex.RUnlock()
-		if resp, ok := s.ImplanConn.Resp[envelope.ID]; ok {
+		s.ImplantConn.RespMutex.RLock()
+		defer s.ImplantConn.RespMutex.RUnlock()
+		if resp, ok := s.ImplantConn.Resp[envelope.ID]; ok {
 			resp <- envelope
 		}
 	} else if handler, ok := handlers[envelope.Type]; ok {
-		respEnvelope := handler(s.ImplanConn, envelope.Data)
+		respEnvelope := handler(s.ImplantConn, envelope.Data)
 		if respEnvelope != nil {
-			s.ImplanConn.Send <- respEnvelope
+			s.ImplantConn.Send <- respEnvelope
 		}
 	}
 }
@@ -522,15 +521,13 @@ func (s *SliverDNSServer) handleDNSSessionInit(domain string, msg *dnspb.DNSMess
 		dnsLog.Errorf("[session init] error implant public key not found")
 		return s.refusedErrorResp(req)
 	}
-	publicKey, err := base64.RawStdEncoding.DecodeString(implantConfig.ECCPublicKey)
-	if err != nil || len(publicKey) != 32 {
-		dnsLog.Errorf("[session init] error decoding public key: %s", err)
-		return s.refusedErrorResp(req)
-	}
-	var senderPublicKey [32]byte
-	copy(senderPublicKey[:], publicKey)
+
 	serverKeyPair := cryptography.ECCServerKeyPair()
-	sessionInit, err := cryptography.AgeDecrypt(serverKeyPair.Private, msg.Data[32:])
+	sessionInit, err := cryptography.AgeKeyExFromImplant(
+		serverKeyPair.Private,
+		implantConfig.ECCPrivateKey,
+		msg.Data[32:],
+	)
 	if err != nil {
 		dnsLog.Errorf("[session init] error decrypting session init data: %s", err)
 		return s.refusedErrorResp(req)
@@ -541,10 +538,10 @@ func (s *SliverDNSServer) handleDNSSessionInit(domain string, msg *dnspb.DNSMess
 		return s.refusedErrorResp(req)
 	}
 
-	dnsSession.ImplanConn = core.NewImplantConnection("dns", "n/a")
+	dnsSession.ImplantConn = core.NewImplantConnection("dns", "n/a")
 	go func() {
 		dnsLog.Debugf("[dns] starting implant conn send loop")
-		for envelope := range dnsSession.ImplanConn.Send {
+		for envelope := range dnsSession.ImplantConn.Send {
 			dnsSession.StageOutgoingEnvelope(envelope)
 		}
 		dnsLog.Debugf("[dns] closing implant conn send loop")