wintask

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2021 License: GPL-3.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	WvCheckDLL  uint8 = 0xD0
	WvReloadDLL uint8 = 0xD1
	WvInjectDLL uint8 = 0xD2
)

Wv* ID Values are Windows-specific ID values that will not be present on *nix systems.

View Source 
const Base uint8 = 0xD0

Base is the base TaskID for the wintask package. This is added to the base on init when the package is loaded.

Variables

This section is empty.

Functions

func CheckDLL added in v0.1.0 

func CheckDLL(d string) *com.Packet

CheckDLL is a similar function to ReloadDLL. This function will return 'true' if the contents in memory match the contents of the file on disk. Otherwise it returns false.

Always returns 'ErrNoWindows' on non-Windows devices.

C2 Details: 

ID: WvCheckDLL

Input:
    - string (DLL Name)
Output:
    - bool (Result of evade.CheckDLL)

func InjectDLL added in v0.0.8 

func InjectDLL(b []byte) *com.Packet

InjectDLL will create a Task that will instruct the client to run the raw DLL bytes.

This command will run under the current process and will wait until completion. Use the 'InjectEx' function instead to change this behavior.

C2 Details: 

ID: WvInjectDLL

Input:
    - wintask.DLL struct
      - string (Path)
      - bool (Wait)
      - bool (Filer != nil)
      - Filter
      - []byte (Data)
Output:
    - uint64 (handle)
    - uint32 (pid)
    - int32 (exit code)

func InjectDLLEx added in v0.1.0 

func InjectDLLEx(d *DLL) *com.Packet

InjectDLLEx will create a Task that will instruct the client to run the DLL and options specified in the DLL struct.

C2 Details: 

ID: WvInjectDLL

Input:
    - wintask.DLL struct
      - string (Path)
      - bool (Wait)
      - bool (Filer != nil)
      - Filter
      - []byte (Data)
Output:
    - uint64 (handle)
    - uint32 (pid)
    - int32 (exit code)

func InjectDLLFile added in v0.1.0 

func InjectDLLFile(s string) (*com.Packet, error)

InjectDLLFile will create a Task that will instruct the client to run a DLL from a file source on the local (server) machine.

The source path may contain environment variables that will be resolved on server execution.

This command will run under the current process and will wait until completion. Use the 'InjectEx' function instead to change this behavior.

C2 Details: 

ID: WvInjectDLL

Input:
    - wintask.DLL struct
      - string (Path)
      - bool (Wait)
      - bool (Filer != nil)
      - Filter
      - []byte (Data)
Output:
    - uint64 (handle)
    - uint32 (pid)
    - int32 (exit code)

func InjectDLLPath added in v0.1.0 

func InjectDLLPath(s string) *com.Packet

InjectDLLPath will create a Task that will instruct the client to run a DLL from a file source on the remote (client) machine.

The target path may contain environment variables that will be resolved during runtime.

This command will run under the current process and will wait until completion. Use the 'InjectEx' function instead to change this behavior.

C2 Details: 

ID: WvInjectDLL

Input:
    - wintask.DLL struct
      - string (Path)
      - bool (Wait)
      - bool (Filer != nil)
      - Filter
      - []byte (Data)
Output:
    - uint64 (handle)
    - uint32 (pid)
    - int32 (exit code)

func InjectDLLReader added in v0.1.0 

func InjectDLLReader(r io.Reader) (*com.Packet, error)

InjectDLLReader will create a Task that will instruct the client to run a DLL from a reader source machine.

This command will run under the current process and will wait until completion. Use the 'InjectEx' function instead to change this behavior.

C2 Details: 

ID: WvInjectDLL

Input:
    - wintask.DLL struct
      - string (Path)
      - bool (Wait)
      - bool (Filer != nil)
      - Filter
      - []byte (Data)
Output:
    - uint64 (handle)
    - uint32 (pid)
    - int32 (exit code)

func ReloadDLL added in v0.1.0 

func ReloadDLL(d string) *com.Packet

ReloadDLL is a function shamelessly stolen from the sliver project. This function will read a DLL file from on-disk and rewrite over it's current in-memory contents to erase any hooks placed on function calls.

Re-mastered and refactored to be less memory hungry and easier to read :P

Orig src here: 

https://github.com/BishopFox/sliver/blob/f94f0fc938ca3871390c5adfa71bf4edc288022d/implant/sliver/evasion/evasion_windows.go#L116

Always returns 'ErrNoWindows' on non-Windows devices.

C2 Details: 

ID: WvReloadDLL

Input:
    - string (DLL Name)
Output:
    NONE

func Tasks added in v0.1.0 

func Tasks() []func(context.Context, data.Reader, data.Writer) error

Tasks is an OS-dependant function that returns the task types that can be used specific to this package.

Types

type DLL 

type DLL struct {
	Filter *cmd.Filter

	Path string
	Data []byte
	Wait bool
}

DLL is a struct that is similar to the 'cmd.DLL' struct. This is used to Task a Client with loading a DLL on Windows devices. This struct has many of the functionallies of the standard 'cmd.DLL' struct.

The 'SetParent' function will attempt to set the target that runs the DLL. If none are specified, the DLL will be injected into the current process.

The Path parameter is the path (on the client) where the DLL is located. Name may be omitted and Data can be filled with the raw binary data to send and load a DLL instead.

func (*DLL) MarshalStream 

func (d *DLL) MarshalStream(w data.Writer) error

MarshalStream writes the data for this DLL task to the supplied Writer.

func (*DLL) UnmarshalStream 

func (d *DLL) UnmarshalStream(r data.Reader) error

UnmarshalStream reads the data for this DLL task from the supplied Reader.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.