feat: Add responses for TCP #168
Conversation
Signed-off-by: milinddethe15 <[email protected]>
|
Just to confirm:
|
|
1 and 2 is correct. For 3, just read once, no need to read until max payload, that is just protection. |
Signed-off-by: milinddethe15 <[email protected]>
|
what tool should I use to hit the target? |
|
try netcat: |
|
I tried to test it and the banner isn't sent as soon as connected, but until attacker's payload. Is this how it should work? |
|
You need to send the banner before we peek the connection here |
Signed-off-by: milinddethe15 <[email protected]>
|
Tested locally with TCP port 4444. works good. |
| //go:embed banners/* | ||
| var bannerFiles embed.FS | ||
|
|
||
| func SendBanner(conn net.Conn, port uint16) error { |
|
|
||
| func SendBanner(conn net.Conn, port uint16) error { | ||
| bannerPath := fmt.Sprintf("banners/%d_tcp", port) | ||
| banner, err := bannerFiles.ReadFile(bannerPath) |
There was a problem hiding this comment.
open the file and then use io.Copy to write the file content into the connection.
| } | ||
| if _, err := conn.Write(banner); err != nil { | ||
| return fmt.Errorf("failed to write banner: %w", err) | ||
| } |
There was a problem hiding this comment.
We still want to produce an event after sending the banner, see example
| if err := tcp.SendBanner(conn, md.TargetPort); err != nil { | ||
| log.Error("failed to send service banner", producer.ErrAttr(err)) | ||
| } |
There was a problem hiding this comment.
My concern now is that we write the banner without peeking and potentially detecting the HTTP payload. Maybe we should try to read it and, if we time out, send the banner.
|
Have a look at the failing test. |
fixes #53
TCP handler can handle other target ports without need of seperate port handlers.