Documentation
¶
Overview ¶
core - the "core" package is used to organize all primary libraries and utilities that are made use of across several aspects of the application.
This can include anything from custom data structures, to colors for text output.
Index ¶
- Variables
- func AssignWolfBroadcast(username string, rhost string, response string)
- func AssignWolfResponse(username string, rhost string, response string)
- func BroadcastSession(session string)
- func BroadcastWolfPackChat(response string)
- func ChatLog(data string) error
- func ClientLoadExtendedFunctions(activeSession int) []byte
- func DownloadFile(filename string, fileb64 string)
- func ExecuteConnection(rhost string, rport int, protocol string, path string, commandQuery string, ...) (string, error)
- func GeneratePSK() string
- func GetFirstUsePSK() (response string, psk string, instructions string, help string)
- func KillListener(id int) (responseSuccess string, responseFail string)
- func LoadExtendedFunctions(sessionApp *grumble.App, activeSession int)
- func LogData(data string) error
- func ManagePSK(psk string, isRandom bool, operator string) (response string, currentPSK string, instruction string)
- func QueueImplantCommand(sessionID int, cmd string, operator string)
- func RegisterSession(sessionID int, protocol string, implant Implant, rhost string, rport int, ...)
- func SessionCheckIn(sessionID int)
- func SessionExists(session int) bool
- func SessionStatusUpdate(sessionID int, status string)
- func ShowListeners() map[string]ListenerStrings
- func ShowSessions() map[string]SessionStrings
- func StartConnector(id int, rhost string, rport int, protocol string, requestType string, ...) (string, error)
- func UpdateImplant(sessionID int, updateInterval float64, functions map[string]interface{})
- func UpdateWolf(username string, rhost string)
- func UploadFile(file string) string
- func WebShellStatus(id int, rhost string, rport int, protocol string, requestType string, ...) (bool, error)
- type Commands
- type Implant
- type Listener
- type ListenerStrings
- type ManageResponse
- type Session
- type SessionStrings
- type StartResponse
- type TCPData
- type Wolf
Constants ¶
This section is empty.
Variables ¶
var ActiveSession = -1
ActiveSession = global value to keep track of the current active session. Since session "0" is a valid session, this starts at "-1" to determine if no session is active.
var DefaultPSK = GeneratePSK()
DefaultPSK = Globally generated PSK to set as default if the user does not specify one
var DidDisplayPsk = false
DidDisplayPsk - a boolean to check if the pre-generated PSK was already given to the user so it is not printed each time
ErrorColorBold - bold red color useful for error messages
ErrorColorBoldIns - insert variant for variables, bold red color useful for error messages
ErrorColorUnderline - underlined bold red color useful for strong error messages
var GreenColor = color.New(color.FgGreen)
GreenColor - green color for text output
var GreenColorIns = color.New(color.FgGreen).SprintFunc()
GreenColorIns - insert variant for variables, green color for text output
var Listeners = make(map[int]Listener)
Listeners - a map of Listeners. This is used to manage listeners that are created by the user. The map structure makes it easy to search, add, modify, and delete a large amount of Listeners.
var MagentaColor = color.New(color.FgMagenta)
MagentaColor - magenta color for text output
MagentaColorBold - bold magenta color for text output
var PSK string
PSK - global PSK for listeners to manage and set the server PSK
var RedColor = color.New(color.FgRed)
RedColor - red color for text output
var RedColorIns = color.New(color.FgRed).SprintFunc()
RedColorIns - insert variant for variables, red color for text output
var SessionID int = 0
SessionID - Global SessionID counter. Session IDs are unique and auto-increment on creation. This value is kept track of throughout a Session's life cycle so it can be incremented/decremented automatically wherever appropriate.
var Sessions = make(map[int]Session)
Sessions - map of all sessions. This is used to manage sessions that are registered successfully by implants. The map structure makes it easy to search, add, modify, and delete a large amount of Sessions.
SuccessColorBold - bold green color useful for success messages
WarningColorBold - bold yellow color useful for warning messages
var Wolves = make(map[string]Wolf)
Wolves - map of all operators (wolves). This is used to manage wolf pack server users that have been generated. The map structure makes it easy to search, add, modify, and delete a large amount of Wolves.
var ZeroedUUID, _ = uuid.Parse("00000000-0000-0000-0000-000000000000")
ZeroedUUID - zeroed global used to clear UUIDs wherever applicable
Functions ¶
func AssignWolfBroadcast ¶
AssignWolfBroadcast - this function takes in a username and rhost to keep track of the user being assigned the broadcast message. The response parameter is then updated and linked to a wolf which will be returned by the WolfPack Server.
func AssignWolfResponse ¶
AssignWolfResponse - this function takes in a username and rhost to keep track of the user being assigned the response. The response parameter is then updated and linked to a wolf which will be returned by the WolfPack Server.
func BroadcastSession ¶
func BroadcastSession(session string)
BroadcastSession - Broadcast a message that a new session has been established
func BroadcastWolfPackChat ¶
func BroadcastWolfPackChat(response string)
BroadcastWolfPackChat - this function takes in a chat message response and broadcasts it to all wolves, they will only receive it if making a request from the Chat CLI. The response parameter is then updated and linked to each wolf which will be returned by the WolfPack Server.
func ClientLoadExtendedFunctions ¶
ClientLoadExtendedFunctions - Loads the functions registered by an implant and returns those functions for the lupo client to load
func DownloadFile ¶
DownloadFile - Reads a base64 encoded string and writes it out to a local file
func ExecuteConnection ¶
func ExecuteConnection(rhost string, rport int, protocol string, path string, commandQuery string, command string, query string, requestType string, filename string, file string) (string, error)
ExecuteConnection - function to handle binding HTTP/HTTPS connections from connector sessions
func GeneratePSK ¶
func GeneratePSK() string
GeneratePSK - Generates a random 32 character string, encodes it with SHA256 as a PSK that is set by default on startup unless the user specifies a static PSK
func GetFirstUsePSK ¶
func KillListener ¶
KillListener - kills a listener with the specified id and returns the response
func LoadExtendedFunctions ¶
LoadExtendedFunctions - Loads the functions registered by an implant
func LogData ¶
LogData - wrapper function to use golang's built in logger and append all operational data to a central log file
func QueueImplantCommand ¶
QueueImplantCommand - inserts a command to the command queue to be executed by a specified implant on the next check in
func RegisterSession ¶
func RegisterSession(sessionID int, protocol string, implant Implant, rhost string, rport int, command string, query string, requestType string, shellpath string)
RegisterSession - Registers a session and adds it to the session map and increments the global SessionID value
func SessionCheckIn ¶
func SessionCheckIn(sessionID int)
SessionCheckIn - Updates the Last Check In anytime a verified session calls back
func SessionExists ¶
SessionExists - returns if a session exists or not
func SessionStatusUpdate ¶
SessionStatusUpdate - Updates the current status of a session
func ShowListeners ¶
func ShowListeners() map[string]ListenerStrings
ShowListeners - returns a string map of Listeners and their details
func ShowSessions ¶
func ShowSessions() map[string]SessionStrings
ShowSessions - returns a map of Sessions and their details
func StartConnector ¶
func StartConnector(id int, rhost string, rport int, protocol string, requestType string, command string, query string, connectString string, shellpath string) (string, error)
StartConnector - Creates a connector based on parameters generated via the "connector start" subcommand.
Based on the parameters provided, this function will create a new connector structure and save it to the connectors map.
Each structure will contain either an HTTP(S) or TCP server instance which is used to start the actual connectors.
HTTP Servers make use of an anonymous goroutine initially to start the connector, but all core handling functions are passed off to the HTTPServerHanlder() function.
TCP Servers are started by executing a StartTCPServer function via goroutine. To maintain concurrency a subsequent goroutine is executed to handle the data for all TCP connections via TCPServerHandler() function.
All connectors are concurrent and support multiple simultaneous connections.
func UpdateImplant ¶
UpdateImplant - function to update common implant fields on a given check in cycle such as the update interval, custom functions, and the command queue.
func UpdateWolf ¶
UpdateWolf - updates the properties of an individual wolfpack user for processing elsewhere in the application. Updates the current command in the queue and the remote host connection value.
func UploadFile ¶
UploadFile - Reads a file to be uploaded and converts it to base64 to pass to the server as a response for the session
Types ¶
type Commands ¶
Commands - defines the structure of Commands
Command - the actual command to be executed ¶
Operator - an operator or "wolf" that is executing the specific command
type Implant ¶
type Implant struct { ID uuid.UUID Arch string Commands []Commands Update float64 Functions map[string]interface{} // contains filtered or unexported fields }
Implant - defines an implant structure composed of:
id - unique identifier that is autoincremented on creation of a new implant
Arch - string for storing the Architecture of an implant's host system. This can be anything and is provided by the implant, but is expected to be something that identifies the host operating system and architecture.
Commands - a slice of commands that is populated and used as a queue based on interaction from the session CLI.
Update - an update interval in seconds that implants provide to tell the server how often it intends to check in. This value is used to determine if a session may have been killed.
response - populated by a data payload, usually the output of execute commands on the implant. Once an implant executes a command it will be retrieved, usually through a data parameter, and populated into the implant structure it is associated with.
Functions - a map of additional function names that can be registered to a given session. These contain a JSON string of {"name":"description"} that are loaded into the CLI if successfully registered via this property. Users can then execute these as unique session sub-commands. It is assumed that the implant has implemented these functions and will execute reserved actions once the registered keyword is received.
type Listener ¶
type Listener struct { ID int Lhost string Lport int Protocol string HTTPInstance *http.Server TCPInstance net.Listener CryptoPSK string }
Listener - defines a listener structure composed of:
id - unique identifier that is autoincremented on creation of a new listener
lhost - the "listening" host address. This tells a listener what interface to listen on based on the address it is tied to.
lport - the "listening" port. This tells a listener what port the lhost of the listener should open to receive connections on.
protocol - the protocol to use when listening for incoming connections. Currenlty supports HTTP(S) and TCP.
httpInstance - a pointer to an instance of the http.Server struct. This is used to reference the core HTTP Server itself when conducting operations such as starting/stopping a listener.
tcpInstance - a copy of the net.Listener struct. This is used to interact with the core TCP Server itself when conducting operations such as starting/stopping a listener.
type ListenerStrings ¶
ListenerStrings - more loose structure for handling listener data, primarily used to hand off as JSON to the lupo client. Contains all the same fields as a Listener structure but as string data types and omits the HTTP/TCPInstance values.
type ManageResponse ¶
type SessionStrings ¶
type SessionStrings struct { ID string Protocol string ImplantArch string ImplantUpdate string Rhost string RawCheckin string Checkin string Status string Rport string CommandQuery string Query string RequestType string ShellPath string }
SessionStrings - more loose structure for handling session data, primarily used to hand off as JSON to the lupo client. Contains all the same fields as a Session structure but as string data types and omits the HTTP/TCPInstance values.
type StartResponse ¶
type Wolf ¶
type Wolf struct { WolfPSK string Username string Rhost string Response string Broadcast string Checkin string }
Wolf - defines a user structure known as a "wolf" composed of:
WolfPSK - unique PSK randomly generated and seeded into the compilation of the wolfpack client binary on creation of a new user for authentication to the wolfpack server ¶
Username - a username to identify the user connecting to the wolfpack server ¶
Rhost - the "remote" host address. This contains a value of the external IP where a wolpack user is connecting from.
Response - a response to transmit to the wolfpack user (may not be necessary if the server handler loop takes care of this once implemented)