Creating a default HTTPS listener instead of HTTP in tuoni role

ClarifiedSecurity · Nov 21, 2024 · a8176bf · a8176bf
1 parent d68be51
commit a8176bf
Showing 1 changed file with 10 additions and 7 deletions.
diff --git a/nova/core/roles/tuoni/defaults/main.yml b/nova/core/roles/tuoni/defaults/main.yml
@@ -20,15 +20,18 @@ tuoni_users: # The list of users that will be created in Tuoni pass a custom lis
       - SEND_COMMANDS
       - VIEW_RESOURCES # this default permission, cannot be removed
 
+# The host that will be used for the default reverse HTTP listener
+tuoni_callbock_hosts:
+  - "{{ tuoni_fqdn }}"
+
 tuoni_listeners: # The list of listeners that will be created in Tuoni pass a custom list as a variable to override this default list
-  - name: HttpListener
+  - name: HTTPS-Listener
     plugin: shelldot.listener.agent-reverse-http
     configuration:
-      port: 80
+      port: 443
       bindToPort: null
       httpCallbacks:
-        - hosts:
-            - "{{ tuoni_fqdn }}"
+        - hosts: "{{ tuoni_callbock_hosts }}"
       getUri: /get
       postUri: /post
       stagedUri: /payload
@@ -37,18 +40,18 @@ tuoni_listeners: # The list of listeners that will be created in Tuoni pass a cu
       metadataCookieName: JWT_SESSION
       metadataPrefix: metaPrefix
       metadataSuffix: metaSuffix
-      https: false
+      https: true
       sleep: 5
       sleepRandom: 5
 
 tuoni_payloads: # The list of payloads that will be created in Tuoni pass a custom list as a variable to override this default list
   - payloadTemplateId: shelldot.payload.windows-x64
     configuration:
       type: EXECUTABLE
-    listenerId: "{{ tuoni_created_listeners.json.values() | selectattr('name', 'equalto', 'HttpListener') | map(attribute='id') | first }}"
+    listenerId: "{{ tuoni_created_listeners.json.values() | selectattr('name', 'equalto', 'HTTPS-Listener') | map(attribute='id') | first }}"
     encrypted: true
   - payloadTemplateId: shelldot.payload.windows-x64
     configuration:
       type: DLL
-    listenerId: "{{ tuoni_created_listeners.json.values() | selectattr('name', 'equalto', 'HttpListener') | map(attribute='id') | first }}"
+    listenerId: "{{ tuoni_created_listeners.json.values() | selectattr('name', 'equalto', 'HTTPS-Listener') | map(attribute='id') | first }}"
     encrypted: true