rpc

package
v1.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 23, 2024 License: GPL-3.0 Imports: 24 Imported by: 0

Documentation

Overview

Package rpc provides the gRPC client for communicating with the Merlin server

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Any 

func Any(id uuid.UUID, args []string) (msg *message.UserMessage)

Any is used to execute arbitrary Agent commands. The first argument is the command to execute, and the remaining arguments are passed to the command. args[0] = command to execute (e.g., connect, download) args[1: ] = arguments to pass to the command

func CD 

func CD(id uuid.UUID, args []string) (msg *message.UserMessage)

CD is used to change the agent's current working directory args[0] = the directory path to change to

func CMD 

func CMD(id uuid.UUID, args []string) (msg *message.UserMessage)

CMD is used to send a command to the agent to run a command or execute a program args[0] = "cmd" args[1:] = program and arguments to be executed on the host OS of the running agent Used with `cmd` and `shell` commands as well as through "standard" modules

func CheckIn 

func CheckIn(id uuid.UUID) (msg *message.UserMessage)

CheckIn creates an AgentInfo job that forces the Agent to send data back to the server

func ClearJobs 

func ClearJobs(agentID uuid.UUID) (msg *message.UserMessage)

ClearJobs removes any jobs the queue for a specific Agent that have been created, but NOT sent to the agent

func ClearJobsCreated 

func ClearJobsCreated() (msg *message.UserMessage)

ClearJobsCreated clears all created (but unsent) jobs for all agents

func Connect 

func Connect(id uuid.UUID, args []string) (msg *message.UserMessage)

Connect instructs an Agent to disconnect from its current server and connect to the new provided target Args[0] = the target address or URI to connect to

func CreateListener 

func CreateListener(options map[string]string) (msg *message.UserMessage)

CreateListener instantiates a listener on the RPC server from the provided options

func Download 

func Download(id uuid.UUID, args []string) (msg *message.UserMessage)

Download is used to download the file through the corresponding agent from the provided input file path args[0] = the file path to download

func ENV 

func ENV(id uuid.UUID, args []string) (msg *message.UserMessage)

ENV is used to view or modify a host's environment variables args[0] = the action to take (e.g., get, set, showall, unset) args[1] = the name of the environment variable to modify args[2] = the value to set the environment variable to

func ExecuteAssembly 

func ExecuteAssembly(id uuid.UUID, args []string) (msg *message.UserMessage)

ExecuteAssembly calls the donut module to create shellcode from a .NET 4.0 assembly and then uses the CreateProcess module to create a job that executes the shellcode in a remote process args[0] .NET assembly File bytes as Base64 string args[1] .NET assembly arguments args[2] SpawnTo path args[3] SpawnTo arguments

func ExecutePE 

func ExecutePE(id uuid.UUID, args []string) (msg *message.UserMessage)

ExecutePE calls the donut module to create shellcode from PE and then uses the CreateProcess module to create a job that executes the shellcode in a remote process args[0] PE file bytes as Base64 string args[1] PE arguments args[2] SpawnTo path args[3] SpawnTo arguments

func ExecuteShellcode 

func ExecuteShellcode(id uuid.UUID, args []string) (msg *message.UserMessage)

ExecuteShellcode calls the corresponding shellcode module to create a job that executes the provided shellcode args[0] shellcode bytes as Base64 string args[1] Shellcode execution method (e.g., self, remote, rtlcreateuserthread, userapc) args[2] PID to inject shellcode into (only used with remote, rtlcreateuserthread, and userapc methods)

func Exit 

func Exit(id uuid.UUID) (msg *message.UserMessage)

Exit instructs the agent to quit running

func GetAgent 

func GetAgent(id uuid.UUID) (a *agent.Agent, err error)

GetAgent returns an Agent structure for the provided Agent UUID

func GetAgentActiveJobs 

func GetAgentActiveJobs(id uuid.UUID) (jobs []job.Job, err error)

GetAgentActiveJobs returns all jobs from the RPC server for the specified Agent id 

func GetAgentLinks(id uuid.UUID) (links []uuid.UUID, err error)

GetAgentLinks returns a list of linked child Agent IDs

func GetAgents 

func GetAgents() (agents []uuid.UUID, err error)

GetAgents returns a list of existing Agent UUID values

func GetAgentsRows 

func GetAgentsRows() (header []string, rows [][]string, err error)

GetAgentsRows returns a row of data for every agent that is alive and includes information about it such as the Agent's GUID, platform, user, host, transport, and status

func GetAllActiveJobs 

func GetAllActiveJobs() (jobs []job.Job, err error)

GetAllActiveJobs returns all Agent jobs from the RPC server that have not completed

func GetModule 

func GetModule(modulePath string) (msg *message.UserMessage, m *module.Module)

GetModule return information about a specific module from the RPC server so a module object can be created on the client

func GetModuleList 

func GetModuleList() (msg *message.UserMessage, modules []string)

GetModuleList returns a list of all available modules on the RPC server

func GroupAdd 

func GroupAdd(id uuid.UUID, group string) (msg *message.UserMessage)

GroupAdd adds the provided Agent id to the group on the RPC server

func GroupList 

func GroupList(group string) (groups []string)

GroupList lists agents that are part of a specific group Return an empty slice instead of an error so that way other functions can still complete

func GroupListAll 

func GroupListAll() map[string][]string

GroupListAll returns a list of all groups and their member's from the RPC server

func GroupRemove 

func GroupRemove(id uuid.UUID, group string) (msg *message.UserMessage)

GroupRemove deletes the provided Agent id from the group

func Groups 

func Groups() []string

Groups returns a list of existing group names from the server Will not return an error so that completers are not blocked but will instead return an empty slice

func IFConfig 

func IFConfig(id uuid.UUID) (msg *message.UserMessage)

func InvokeAssembly 

func InvokeAssembly(id uuid.UUID, args []string) (msg *message.UserMessage)

InvokeAssembly executes an assembly that was previously loaded with the load-assembly command args[0] = the assembly name to execute args[1: ] = arguments to pass to the assembly

func JA3 

func JA3(id uuid.UUID, args []string) (msg *message.UserMessage)

JA3 is used to change the Agent's JA3 signature args[0] = the JA3 signature to change to

func KillDate 

func KillDate(id uuid.UUID, args []string) (msg *message.UserMessage)

KillDate configures the date and time that the agent will stop running args[0] = the date and time to stop running

func KillProcess 

func KillProcess(id uuid.UUID, args []string) (msg *message.UserMessage)

KillProcess tasks an agent to kill a process by its number identifier args[0] = the process ID to kill

func LS 

func LS(id uuid.UUID, args []string) (msg *message.UserMessage)

LS uses native Go to list the directory contents of the provided path args[0] = the directory path to list

func LinkAgent 

func LinkAgent(id uuid.UUID, args []string) (msg *message.UserMessage)

LinkAgent tasks a parent agent to connect to and link a child agent args[0] = the link method (e.g., add|list|remove|refresh|tcp|udp|smb) args[1] = method arguments

func ListAssemblies 

func ListAssemblies(id uuid.UUID) (msg *message.UserMessage)

ListAssemblies instructs the agent to list the .NET assemblies that are currently loaded into the agent's process .NET assemblies are loaded with the LoadAssembly call

func Listener 

func Listener(id uuid.UUID, args []string) (msg *message.UserMessage)

Listener interacts with Agent listeners used for peer-to-peer communications args[0] = the listener method (e.g., list|start|stop) args[1:] = method arguments; [protocol] [address]

func ListenerGetConfiguredOptions 

func ListenerGetConfiguredOptions(id uuid.UUID) (msg *message.UserMessage, options map[string]string)

ListenerGetConfiguredOptions returns a map of the Listener's configured options

func ListenerGetDefaultOptions 

func ListenerGetDefaultOptions(listenerType string) (msg *message.UserMessage, options map[string]string)

ListenerGetDefaultOptions returns a map of the Listener's default options

func ListenerGetIDs 

func ListenerGetIDs() (msg *message.UserMessage, ids []string)

ListenerGetIDs retrieves a list of all instantiated listener IDs from the RPC server

func ListenerGetRows 

func ListenerGetRows() (msg *message.UserMessage, header []string, rows [][]string)

ListenerGetRows gets information about all configured listeners as data that can be used to populate a table

func ListenerGetTypes 

func ListenerGetTypes() (msg *message.UserMessage, types []string)

ListenerGetTypes returns a list of all available Listener types (e.g. http, tcp, etc.)

func ListenerSetOption 

func ListenerSetOption(id uuid.UUID, args []string) (msg *message.UserMessage)

ListenerSetOption saves a configurable listener option in the server database

func ListenerStatus 

func ListenerStatus(id uuid.UUID) (msg *message.UserMessage)

ListenerStatus returns the status of the Listener's server

func ListenerStop 

func ListenerStop(id uuid.UUID) (msg *message.UserMessage)

ListenerStop terminates the Listener's server

func LoadAssembly 

func LoadAssembly(id uuid.UUID, args []string) (msg *message.UserMessage)

LoadAssembly instructs the agent to load a .NET assembly into the agent's process args[0] is a Base64 encoded string of the assembly bytes args[1] is the assembly name or alias args[2] is the calculated SHA256 hash of the assembly

func LoadCLR 

func LoadCLR(id uuid.UUID, args []string) (msg *message.UserMessage)

LoadCLR loads the .NET Common Language Runtime (CLR) into the agent's process. .NET assemblies can subsequently be loaded with the LoadAssembly call and executed with the InvokeAssembly call args[0] = the .NET CLR version to load (e.g., v2.0.50727, v4.0.30319, or v4.0)

func MEMFD 

func MEMFD(id uuid.UUID, args []string) (msg *message.UserMessage)

MEMFD run a linux executable "from memory" args[0] = the executable as a base64 encoded string args[1:] = arguments to pass to the executable

func MaxRetry 

func MaxRetry(id uuid.UUID, args []string) (msg *message.UserMessage)

MaxRetry configures the amount of times an Agent will try to check in before it quits args[0] = the number of times to retry

func Memory 

func Memory(id uuid.UUID, args []string) (msg *message.UserMessage)

Memory interacts with virtual memory on the operating system where the agent is running args[0] = the memory method (e.g., read|write|patch) args[1:] = method arguments

func NSLOOKUP 

func NSLOOKUP(id uuid.UUID, args []string) (msg *message.UserMessage)

NSLOOKUP instructs the agent to perform a DNS query on the input args[0:] = the host name or IP address to query

func Netstat 

func Netstat(id uuid.UUID, args []string) (msg *message.UserMessage)

Netstat is used to print network connections on the target system args[0] = -p OPTIONAL args[1] = the protocol to filter on (e.g., tcp or udp) OPTIONAL

func Note 

func Note(id uuid.UUID, args []string) (msg *message.UserMessage)

Note sets a note on the Agent's Note field args[0] = the note to set

func PS 

func PS(id uuid.UUID) (msg *message.UserMessage)

PS displays running processes

func PWD 

func PWD(id uuid.UUID) (msg *message.UserMessage)

PWD is used to print the Agent's current working directory

func Padding 

func Padding(id uuid.UUID, args []string) (msg *message.UserMessage)

Padding configures the maximum size for the random amount of padding added to each message args[0] = the maximum size of the padding

func Parrot added in v1.1.0 

func Parrot(id uuid.UUID, args []string) (msg *message.UserMessage)

Parrot configures the Agent's HTTP client to match the provided browser args[0] = the browser to match (e.g., HelloChrome_Auto)

func Pipes 

func Pipes(id uuid.UUID) (msg *message.UserMessage)

Pipes enumerates and displays named pipes on Windows hosts only

func RM 

func RM(id uuid.UUID, args []string) (msg *message.UserMessage)

RM removes or deletes a file args[0] = the file path to remove

func Reconnect 

func Reconnect() (msg *message.UserMessage)

Reconnect re-establish a connection with the RPC server after the connection was previously broken

func Remove 

func Remove(id uuid.UUID) (msg *message.UserMessage)

Remove deletes the agent from the server

func RemoveListener 

func RemoveListener(id uuid.UUID) (msg *message.UserMessage)

RemoveListener deletes a listener from the server

func RestartListener 

func RestartListener(id uuid.UUID) (msg *message.UserMessage)

RestartListener restarts a listener on the server

func RunAs 

func RunAs(id uuid.UUID, args []string) (msg *message.UserMessage)

RunAs creates a new process as the provided user args[0] = the domain\username to run the program as args[1] = the password for the provided user args[2] = the program to run args[3:] = the arguments to pass to the program

func RunModule 

func RunModule(m *module.Module) (msgs []*message.UserMessage)

RunModule sends information to the RPC server and executes the module there

func SSH 

func SSH(id uuid.UUID, args []string) (msg *message.UserMessage)

SSH executes a command on a remote host through the SSH protocol and returns the output args[0] = SSH username args[1] = SSH password args[2] = the SSH host:port args[3] = the program to execute args[4] = program arguments (optional)

func SecureDelete 

func SecureDelete(id uuid.UUID, args []string) (msg *message.UserMessage)

SecureDelete securely deletes supplied file args[0] = the file path to securely delete

func Servers 

func Servers() []string

Servers return a list of listeners' type that is available on the server Some listeners (e.g., HTTPS) have a server while others (e.g., SMB) do not

func SharpGen 

func SharpGen(id uuid.UUID, args []string) (msg *message.UserMessage)

SharpGen generates a .NET core assembly, converts it to shellcode with go-donut, and executes it in the spawnto process args[0] = the .NET Core C# code, as a string, to compile args[1] = the SpawnTo process to inject the shellcode into args[2] = the arguments to pass to the SpawnTo process (optional)

func Skew 

func Skew(id uuid.UUID, args []string) (msg *message.UserMessage)

Skew configures the amount of skew an Agent uses to randomize checkin times args[0] = the amount of skew to use

func Sleep 

func Sleep(id uuid.UUID, args []string) (msg *message.UserMessage)

Sleep configures the Agent's sleep time between checkins args[0] = the amount of time to sleep

func Socks 

func Socks(id uuid.UUID, args []string) (msg *message.UserMessage)

Socks creates a TCP listener on the provided port and forwards SOCKS5 traffic to the provided agent args[0] = method args[1] = interface:port args[2] = agent ID

func StartListener 

func StartListener(id uuid.UUID) (msg *message.UserMessage)

StartListener start the listener on the RPC server

func Token 

func Token(id uuid.UUID, args []string) (msg *message.UserMessage)

Token is used to interact with Windows Access Tokens on the agent args[0] = the token method (e.g., make|privs|rev2self|steal|whoami) args[1:] = method arguments

func Touch 

func Touch(id uuid.UUID, args []string) (msg *message.UserMessage)

Touch matches the destination file's timestamps with source file args[0] = the source file args[1] = the destination file

func UnlinkAgent 

func UnlinkAgent(id uuid.UUID, args []string) (msg *message.UserMessage)

UnlinkAgent instructs the parent Agent to close, or unlink, the connection with the child Agent args[0] = the child Agent ID to unlink

func Upload 

func Upload(id uuid.UUID, args []string) (msg *message.UserMessage)

Upload transfers a file from the Merlin Server to the Agent args[0] = the source file as a Base64 encoded string args[1] = the destination file path

func Uptime 

func Uptime(id uuid.UUID) (msg *message.UserMessage)

Uptime retrieves the target host's uptime. Windows only

Types

type Service 

type Service struct {
	// contains filtered or unexported fields
}

Service is the structure that holds all the connections for the service to operate

func NewRPCService 

func NewRPCService(password string, secure bool, tlsKey, tlsCert, tlsCA string) (*Service, error)

NewRPCService is a factory that returns an instantiated RPC Service

func (*Service) Connect 

func (s *Service) Connect(addr string) error

Connect establish a connection with the gRPC server

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.