Documentation ¶
Index ¶
- func NewPBErrorMessage(err error) *pb.Message
- func NewPBInfoMessage(msg string) *pb.Message
- func NewPBMessageFromMessage(msg *message.Message) *pb.Message
- func NewPBNoteMessage(msg string) *pb.Message
- func NewPBPlainMessage(msg string) *pb.Message
- func NewPBSuccessMessage(msg string) *pb.Message
- func NewPBWarnMessage(msg string) *pb.Message
- type Server
- func (s *Server) Any(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) CD(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) CMD(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) CheckIn(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) ClearJobs(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) ClearJobsCreated(ctx context.Context, e *emptypb.Empty) (msg *pb.Message, err error)
- func (s *Server) Connect(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) CreateListener(ctx context.Context, in *pb.Options) (msg *pb.Message, err error)
- func (s *Server) Download(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) ENV(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) ExecuteAssembly(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) ExecutePE(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) ExecuteShellcode(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Exit(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) GetAgent(ctx context.Context, id *pb.ID) (agentInfo *pb.AgentInfo, err error)
- func (s *Server) GetAgentActiveJobs(ctx context.Context, id *pb.ID) (*pb.Jobs, error)
- func (s *Server) GetAgentLinks(ctx context.Context, id *pb.ID) (*pb.Slice, error)
- func (s *Server) GetAgentRows(ctx context.Context, e *emptypb.Empty) (*pb.TableData, error)
- func (s *Server) GetAgentStatus(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) GetAgents(ctx context.Context, e *emptypb.Empty) (*pb.Slice, error)
- func (s *Server) GetAllActiveJobs(ctx context.Context, e *emptypb.Empty) (*pb.Jobs, error)
- func (s *Server) GetAllJobs(ctx context.Context, e *emptypb.Empty) (*pb.Jobs, error)
- func (s *Server) GetListenerDefaultOptions(ctx context.Context, in *pb.String) (options *pb.Options, err error)
- func (s *Server) GetListenerIDs(ctx context.Context, e *emptypb.Empty) (*pb.Slice, error)
- func (s *Server) GetListenerOptions(ctx context.Context, id *pb.ID) (options *pb.Options, err error)
- func (s *Server) GetListenerStatus(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) GetListenerTypes(ctx context.Context, e *emptypb.Empty) (*pb.Slice, error)
- func (s *Server) GetListeners(ctx context.Context, e *emptypb.Empty) (table *pb.TableData, err error)
- func (s *Server) GetModule(ctx context.Context, in *pb.String) (data *pb.Module, err error)
- func (s *Server) GetModuleList(ctx context.Context, e *emptypb.Empty) (data *pb.Slice, err error)
- func (s *Server) GroupAdd(ctx context.Context, in *pb.Group) (msg *pb.Message, err error)
- func (s *Server) GroupList(ctx context.Context, id *pb.ID) (*pb.Slice, error)
- func (s *Server) GroupListAll(ctx context.Context, e *emptypb.Empty) (*pb.GroupMembers, error)
- func (s *Server) GroupRemove(ctx context.Context, in *pb.Group) (msg *pb.Message, err error)
- func (s *Server) Groups(ctx context.Context, e *emptypb.Empty) (*pb.Slice, error)
- func (s *Server) IFConfig(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) InvokeAssembly(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) JA3(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) KillDate(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) KillProcess(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) LS(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) LinkAgent(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) ListAssemblies(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) Listen(in *pb.ID, stream pb.Merlin_ListenServer) error
- func (s *Server) ListenForClientMessages()
- func (s *Server) Listener(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) LoadAssembly(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) LoadCLR(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) MEMFD(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) MaxRetry(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Memory(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Netstat(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Note(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Nslookup(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) PS(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) PWD(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) Padding(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Parrot(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Pipes(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) RM(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Reconnect(ctx context.Context, id *pb.ID) (*pb.ID, error)
- func (s *Server) Register(ctx context.Context, e *emptypb.Empty) (*pb.ID, error)
- func (s *Server) Remove(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) RemoveListener(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) RestartListener(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) RunAs(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) RunModule(ctx context.Context, m *pb.ModuleRun) (msgs *pb.Messages, err error)
- func (s *Server) SSH(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) SecureDelete(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Servers(ctx context.Context, e *emptypb.Empty) (*pb.Slice, error)
- func (s *Server) SetListenerOption(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) SharpGen(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Skew(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Sleep(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Socks(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) StartListener(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) StopListener(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- func (s *Server) Token(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Touch(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) UnlinkAgent(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Upload(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
- func (s *Server) Uptime(ctx context.Context, id *pb.ID) (msg *pb.Message, err error)
- type Service
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewPBErrorMessage ¶
NewPBErrorMessage creates an RPC client message from an error
func NewPBInfoMessage ¶
NewPBInfoMessage Creates an "info" RPC client message
func NewPBMessageFromMessage ¶
NewPBMessageFromMessage convert a message.Message into a client RPC message
func NewPBNoteMessage ¶
NewPBNoteMessage creates a "note" RPC client message
func NewPBPlainMessage ¶
NewPBPlainMessage creates a "plain" RPC client message
func NewPBSuccessMessage ¶
NewPBSuccessMessage create a "success" RPC client message
func NewPBWarnMessage ¶
NewPBWarnMessage creates a "warn" RPC client message
Types ¶
type Server ¶
type Server struct { pb.UnimplementedMerlinServer // contains filtered or unexported fields }
Server is the structure used with the RPC service
func (*Server) Any ¶
Any is used to execute arbitrary Agent commands. The first argument is the command to execute, and the remaining arguments are passed to the command in.Arguments[0] = command to execute (e.g., connect, download) in.Arguments[1:] = arguments to pass to the command
func (*Server) CD ¶
CD is used to change the agent's current working directory in.Arguments[0] = the directory path to change to
func (*Server) CMD ¶
CMD is used to send a command to the agent to run a command or execute a program in.Arguments[0] = "cmd" in.Arguments[1:] = program and arguments to be executed on the host OS of the running agent Used with `cmd` and `shell` commands as well as through "standard" modules
func (*Server) CheckIn ¶
CheckIn creates an AgentInfo job that forces the Agent to send data back to the server
func (*Server) ClearJobs ¶
ClearJobs removes any jobs the queue for a specific Agent that have been created, but NOT sent to the agent
func (*Server) ClearJobsCreated ¶
func (s *Server) ClearJobsCreated(ctx context.Context, e *emptypb.Empty) (msg *pb.Message, err error)
ClearJobsCreated clears all created (but unsent) jobs for all agents
func (*Server) Connect ¶
Connect instructs an Agent to disconnect from its current server and connect to the new provided target in.Arguments[0] = the target address or URI to connect to
func (*Server) CreateListener ¶
CreateListener instantiates a new Listener on the RPC server
func (*Server) Download ¶
Download is used to download the file through the corresponding agent from the provided input file path in.Arguments[0] = the file path to download
func (*Server) ENV ¶
ENV is used to view or modify a host's environment variables in.Arguments[0] = the action to take (e.g., get, set, showall, unset) in.Arguments[1] = the name of the environment variable to modify in.Arguments[2] = the value to set the environment variable to
func (*Server) ExecuteAssembly ¶
ExecuteAssembly calls the donut module to create shellcode from a .NET 4.0 assembly and then uses the CreateProcess module to create a job that executes the shellcode in a remote process in.Arguments[0] .NET assembly File bytes as Base64 string in.Arguments[1] .NET assembly arguments in.Arguments[2] SpawnTo path in.Arguments[3] SpawnTo arguments
func (*Server) ExecutePE ¶
ExecutePE calls the donut module to create shellcode from PE and then uses the CreateProcess module to create a job that executes the shellcode in a remote process in.Arguments[0] PE file bytes as Base64 string in.Arguments[1] PE arguments in.Arguments[2] SpawnTo path in.Arguments[3] SpawnTo arguments
func (*Server) ExecuteShellcode ¶
func (s *Server) ExecuteShellcode(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
ExecuteShellcode calls the corresponding shellcode module to create a job that executes the provided shellcode in.Arguments[0] shellcode bytes as Base64 string in.Arguments[1] shellcode execution method (e.g., self|remote|RtlCreateUserThread|UserAPC) in.Arguments[2] PID to inject shellcode into (not used with the "self" method)
func (*Server) GetAgentActiveJobs ¶
GetAgentActiveJobs returns all jobs that have not completed for the specified Agent
func (*Server) GetAgentLinks ¶
GetAgentLinks returns a list of linked child Agent IDs
func (*Server) GetAgentRows ¶
GetAgentRows returns certain pieces of information for all Agents that can later be displayed in a table on the client
func (*Server) GetAgentStatus ¶
GetAgentStatus returns the status of an Agent (e.g., alive, dead, or delayed)
func (*Server) GetAllActiveJobs ¶
GetAllActiveJobs returns all Agent jobs that have not completed
func (*Server) GetAllJobs ¶
GetAllJobs returns all Agent jobs from the server
func (*Server) GetListenerDefaultOptions ¶
func (s *Server) GetListenerDefaultOptions(ctx context.Context, in *pb.String) (options *pb.Options, err error)
GetListenerDefaultOptions returns all the available options for a listener type, not for a previously instantiated listener
func (*Server) GetListenerIDs ¶
GetListenerIDs returns a list of all the previously instantiated listeners on the RPC server
func (*Server) GetListenerOptions ¶
func (s *Server) GetListenerOptions(ctx context.Context, id *pb.ID) (options *pb.Options, err error)
GetListenerOptions returns a previously instantiated listener's options
func (*Server) GetListenerStatus ¶
GetListenerStatus returns the status of a previously instantiated listener
func (*Server) GetListenerTypes ¶
GetListenerTypes returns a list of all available Listener types (e.g. http, tcp, etc.)
func (*Server) GetListeners ¶
func (s *Server) GetListeners(ctx context.Context, e *emptypb.Empty) (table *pb.TableData, err error)
GetListeners returns a list of all instantiated Listeners
func (*Server) GetModule ¶
GetModule returns all the information needed to instantiate a module object on the RPC client from the RPC server
func (*Server) GetModuleList ¶
GetModuleList returns a list of all modules from the RPC server
func (*Server) GroupList ¶
GroupList lists Agents that are part of a specific group id.Id contains the group name as a string
func (*Server) GroupListAll ¶
GroupListAll returns all existing Agent groups and their members
func (*Server) GroupRemove ¶
GroupRemove removes an Agent from an Agent group
func (*Server) InvokeAssembly ¶
InvokeAssembly executes an assembly that was previously loaded with the load-assembly command in.Arguments[0] = the assembly name in.Arguments[1:] = arguments to pass to the assembly
func (*Server) JA3 ¶
JA3 is used to change the Agent's JA3 signature in.Arguments[0] = the JA3 string to change to the TLS client to
func (*Server) KillDate ¶
KillDate configures the date and time that the agent will stop running in.Arguments[0] = Unix epoch date and time the Agent should stop running
func (*Server) KillProcess ¶
KillProcess tasks an agent to kill a process by its number identifier in.Arguments[0] = the process ID to kill
func (*Server) LS ¶
LS uses native Go to list the directory contents of the provided path in.Arguments[0] = the directory path to list
func (*Server) LinkAgent ¶
LinkAgent tasks a parent agent to connect to and link a child agent in.Arguments[0] = the link method (e.g., add|list|remove|refresh|tcp|udp|smb) in.Arguments[1] = method arguments
func (*Server) ListAssemblies ¶
ListAssemblies instructs the agent to list the .NET assemblies that are currently loaded into the agent's process .NET assemblies are loaded with the LoadAssembly call
func (*Server) ListenForClientMessages ¶
func (s *Server) ListenForClientMessages()
ListenForClientMessages is an infinite routine listening for RPC client messages from the server to send to the client
func (*Server) Listener ¶
Listener interacts with Agent listeners used for peer-to-peer communications in.Arguments[0] = the listener method (e.g., list|start|stop) in.Arguments[1] = method arguments
func (*Server) LoadAssembly ¶
LoadAssembly instructs the agent to load a .NET assembly into the agent's process in.Arguments[0] = a Base64 encoded string of the assembly bytes in.Arguments[1] = the assembly name in.Arguments[2] = calculated SHA256 hash of the assembly
func (*Server) LoadCLR ¶
LoadCLR loads the .NET Common Language Runtime (CLR) into the agent's process. .NET assemblies can subsequently be loaded with the LoadAssembly call and executed with the InvokeAssembly call in.Arguments[0] = the .NET CLR version to load (e.g., v2.0.50727, v4.0.30319, or v4.0)
func (*Server) MEMFD ¶
MEMFD run a linux executable "from memory" in.Arguments[0] = the executable as a base64 encoded string in.Arguments[1:] = arguments to pass to the executable
func (*Server) MaxRetry ¶
MaxRetry configures the amount of times an Agent will try to check in before it quits
func (*Server) Memory ¶
Memory interacts with virtual memory on the operating system where the agent is running in.Arguments[0] = the memory method (e.g., read|write|patch) in.Arguments[1:] = method arguments
func (*Server) Netstat ¶
Netstat is used to print network connections on the target system in.Arguments[0] = -p OPTIONAL in.Arguments[1] = the protocol to filter on (e.g., tcp or udp) OPTIONAL
func (*Server) Nslookup ¶
Nslookup instructs the agent to perform a DNS query on the input in.Arguments[0: ] = the host name or IP address to query
func (*Server) Padding ¶
Padding configures the maximum size for the random amount of padding added to each message in.Arguments[0] = the maximum size of the padding
func (*Server) Parrot ¶
Parrot configures the Agent's HTTP connection to mimic a specific browser in.Arguments[0] = the browser to mimic (e.g., HelloChrome_Auto)
func (*Server) Reconnect ¶
Reconnect is used by RPC client's to re-establish a connection to the RPC server
func (*Server) RemoveListener ¶
RemoveListener deletes an instantiated Listener on the RPC server
func (*Server) RestartListener ¶
RestartListener restarts a listener on the RPC server
func (*Server) RunAs ¶
RunAs creates a new process as the provided user in.Arguments[0] = the domain\username to run the program as in.Arguments[1] = the password for the provided user in.Arguments[2] = the program to run in.Arguments[3:] = the arguments to pass to the program
func (*Server) SSH ¶
SSH executes a command on a remote host through the SSH protocol and returns the output in.Arguments[0] = SSH username in.Arguments[1] = SSH password in.Arguments[2] = the SSH host:port in.Arguments[3] = the program to execute in.Arguments[4] = program arguments (optional)
func (*Server) SecureDelete ¶
SecureDelete securely deletes supplied file in.Arguments[0] = the file path to securely delete
func (*Server) SetListenerOption ¶
func (s *Server) SetListenerOption(ctx context.Context, in *pb.AgentCMD) (msg *pb.Message, err error)
SetListenerOption modifies a configurable listener option on the RPC server
func (*Server) SharpGen ¶
SharpGen generates a .NET core assembly, converts it to shellcode with go-donut, and executes it in the spawnto process in.Arguments[0] = the .NET Core C# code, as a string, to compile in.Arguments[1] = the SpawnTo process to inject the shellcode into in.Arguments[2] = the arguments to pass to the SpawnTo process (optional)
func (*Server) Skew ¶
Skew configures the amount of skew an Agent uses to randomize checkin times in.Arguments[0] = the amount of skew to use
func (*Server) Sleep ¶
Sleep configures the Agent's sleep time between checkins in.Arguments[0] = the amount of time to sleep between checkins
func (*Server) Socks ¶
Socks creates a TCP listener on the provided port and forwards SOCKS5 traffic to the provided agent in.Arguments[0] = method in.Arguments[1] = interface:port in.Arguments[2] = agent ID
func (*Server) StartListener ¶
StartListener starts a previously instantiated listener on the RPC server
func (*Server) StopListener ¶
StopListener stops a previously instantiated listener on the RPC server
func (*Server) Token ¶
Token is used to interact with Windows Access Tokens on the agent args[0] = the token method (e.g., make|privs|rev2self|steal|whoami) args[1:] = method arguments
func (*Server) Touch ¶
Touch matches the destination file's timestamps with source file in.Arguments[0] = the source file in.Arguments[1] = the destination file
func (*Server) UnlinkAgent ¶
UnlinkAgent instructs the parent Agent to close, or unlink, the connection with the child Agent in.Arguments[0] = the child Agent's UUID
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service holds the implementation of the RPC Server structure as a service
func NewRPCService ¶
NewRPCService is a factory to instantiate the server-side RPC Service, and it's an embedded Server structure
func (*Service) SendClientMessage ¶
SendClientMessage sends a message to all connected CLI clients