agent

package
v0.6.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 1, 2019 License: GPL-3.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// MEM_COMMIT is a Windows constant used with Windows API calls
	MEM_COMMIT = 0x1000
	// MEM_RESERVE is a Windows constant used with Windows API calls
	MEM_RESERVE = 0x2000
	// MEM_RELEASE is a Windows constant used with Windows API calls
	MEM_RELEASE = 0x8000
	// PAGE_EXECUTE is a Windows constant used with Windows API calls
	PAGE_EXECUTE = 0x10
	// PAGE_EXECUTE_READWRITE is a Windows constant used with Windows API calls
	PAGE_EXECUTE_READWRITE = 0x40
	// PAGE_READWRITE is a Windows constant used with Windows API calls
	PAGE_READWRITE = 0x04
	// PROCESS_CREATE_THREAD is a Windows constant used with Windows API calls
	PROCESS_CREATE_THREAD = 0x0002
	// PROCESS_VM_READ is a Windows constant used with Windows API calls
	PROCESS_VM_READ = 0x0010
	//PROCESS_VM_WRITE is a Windows constant used with Windows API calls
	PROCESS_VM_WRITE = 0x0020
	// PROCESS_VM_OPERATION is a Windows constant used with Windows API calls
	PROCESS_VM_OPERATION = 0x0008
	// PROCESS_QUERY_INFORMATION is a Windows constant used with Windows API calls
	PROCESS_QUERY_INFORMATION = 0x0400
	// TH32CS_SNAPHEAPLIST is a Windows constant used with Windows API calls
	TH32CS_SNAPHEAPLIST = 0x00000001
	// TH32CS_SNAPMODULE is a Windows constant used with Windows API calls
	TH32CS_SNAPMODULE = 0x00000008
	// TH32CS_SNAPPROCESS is a Windows constant used with Windows API calls
	TH32CS_SNAPPROCESS = 0x00000002
	// TH32CS_SNAPTHREAD is a Windows constant used with Windows API calls
	TH32CS_SNAPTHREAD = 0x00000004
	// THREAD_SET_CONTEXT is a Windows constant used with Windows API calls
	THREAD_SET_CONTEXT = 0x0010
)

Variables

This section is empty.

Functions

func ExecuteCommand 

func ExecuteCommand(name string, arg string) (stdout string, stderr string)

ExecuteCommand is function used to instruct an agent to execute a command on the host operating system

func ExecuteShellcodeQueueUserAPC added in v0.6.4 

func ExecuteShellcodeQueueUserAPC(shellcode []byte, pid uint32) error

ExecuteShellcodeQueueUserAPC executes provided shellcode in the provided target process using the Windows QueueUserAPC API call

func ExecuteShellcodeRemote added in v0.6.4 

func ExecuteShellcodeRemote(shellcode []byte, pid uint32) error

ExecuteShellcodeRemote executes provided shellcode in the provided target process

func ExecuteShellcodeRtlCreateUserThread added in v0.6.4 

func ExecuteShellcodeRtlCreateUserThread(shellcode []byte, pid uint32) error

ExecuteShellcodeRtlCreateUserThread executes provided shellcode in the provided target process using the Windows RtlCreateUserThread call

func ExecuteShellcodeSelf added in v0.6.4 

func ExecuteShellcodeSelf(shellcode []byte) error

ExecuteShellcodeSelf executes provided shellcode in the current process

Types

type Agent added in v0.5.0 

type Agent struct {
	ID           uuid.UUID // ID is a Universally Unique Identifier per agent
	Platform     string    // Platform is the operating system platform the agent is running on (i.e. windows)
	Architecture string    // Architecture is the operating system architecture the agent is running on (i.e. amd64)
	UserName     string    // UserName is the username that the agent is running as
	UserGUID     string    // UserGUID is a Globally Unique Identifier associated with username
	HostName     string    // HostName is the computer's host name
	Ips          []string  // Ips is a slice of all the IP addresses assigned to the host's interfaces
	Pid          int       // Pid is the Process ID that the agent is running under

	Version       string        // Version is the version number of the Merlin Agent program
	Build         string        // Build is the build number of the Merlin Agent program
	WaitTime      time.Duration // WaitTime is how much time the agent waits in-between checking in
	PaddingMax    int           // PaddingMax is the maximum size allowed for a randomly selected message padding length
	MaxRetry      int           // MaxRetry is the maximum amount of failed check in attempts before the agent quits
	FailedCheckin int           // FailedCheckin is a count of the total number of failed check ins
	Skew          int64         // Skew is size of skew added to each WaitTime to vary check in attempts
	Verbose       bool          // Verbose enables verbose messages to standard out
	Debug         bool          // Debug enables debug messages to standard out
	Proto         string        // Proto contains the transportation protocol the agent is using (i.e. h2 or hq)
	Client        *http.Client  // Client is an http.Client object used to make HTTP connections for agent communications
	UserAgent     string        // UserAgent is the user agent string used with HTTP connections
	// contains filtered or unexported fields
}

Agent is a structure for agent objects. It is not exported to force the use of the New() function

func New added in v0.5.0 

func New(protocol string, verbose bool, debug bool) Agent

New creates a new agent struct with specific values and returns the object

func (*Agent) Run added in v0.5.0 

func (a *Agent) Run(server string)

Run instructs an agent to establish communications with the passed in server using the passed in protocol

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.