Documentation
¶
Index ¶
- Constants
- Variables
- func Cwd(d string) *com.Packet
- func Download(src string) *com.Packet
- func Inject(b []byte) *com.Packet
- func InjectEx(a *Assembly) *com.Packet
- func InjectFile(s string) (*com.Packet, error)
- func InjectPath(s string) *com.Packet
- func InjectReader(r io.Reader) (*com.Packet, error)
- func Ls(d string) *com.Packet
- func Pull(url, path string) *com.Packet
- func PullExec(url string) *com.Packet
- func PullExecEx(url string, f *cmd.Filter, w bool) *com.Packet
- func Pwd() *com.Packet
- func RegisterEngine(i uint8, s Engine) error
- func Run(c string) *com.Packet
- func RunArgs(c ...string) *com.Packet
- func RunEx(p *Process) *com.Packet
- func RunShell(c string) *com.Packet
- func Upload(dst string, b []byte) *com.Packet
- func UploadFile(dst, src string) (*com.Packet, error)
- func UploadReader(dst string, r io.Reader) (*com.Packet, error)
- type Assembly
- type Engine
- type Process
- type Tasker
Constants ¶
const ( MvRefresh uint8 = 0x07 MvTime uint8 = 0x08 MvPwd uint8 = 0x09 MvCwd uint8 = 0x0A MvProxy uint8 = 0x0B // TODO(dij): setup MvSpawn uint8 = 0x0C // TODO(dij): setup MvMigrate uint8 = 0x0D // TODO(dij): setup? MvElevate uint8 = 0x0E // TODO(dij): setup? MvList uint8 = 0x0F )
The Mv* Packet ID values are built-in task values that are handled directory before the Mux, as these are critical for operations.
const ( TvDownload uint8 = 0xC0 TvUpload uint8 = 0xC1 TvExecute uint8 = 0xC2 TvAssembly uint8 = 0xC3 // TvPull - pulls a file from a web URI // params URI, destination TvPull uint8 = 0xC7 // TvPullExecute - pulls a file from a web URI and executes it. // uses similar rules to the Sentinel Downloader // params URI TvPullExecute uint8 = 0xC8 )
Built in Task Message ID Values
Variables ¶
var Mappings = [0xFF]Tasker{ TvDownload: download, TvUpload: upload, TvExecute: execute, TvAssembly: assembly, TvPull: pull, TvPullExecute: pullExec, }
Mappings is an fixed size array that contains the Tasker mappings for each ID value.
Values that are less than 22 are ignored. Adding a mapping to here will allow it to be executed via the client Scheduler.
Functions ¶
func Cwd ¶ added in v0.1.0
Cwd returns a change directory Packet. This can be used to instruct the client to change from it's current working directory to the directory specified.
Empty or invalid directory entires will return an error.
The source path may contain environment variables that will be resolved during runtime.
C2 Details:
ID: MvCwd
Input:
- string (Dir)
Output:
NONE
func Download ¶
Download will instruct the client to read the (client local) filepath provided and return the raw binary data.
The source path may contain environment variables that will be resolved during runtime.
C2 Details:
ID: TvDownload
Input:
- string (src)
Output:
- string (expanded path)
- bool (is dir)
- int64 (file size)
- bytes..... (file data)
func Inject ¶ added in v0.0.6
Inject will create a Task that will instruct the client to run shellcode.
This command will run under the current process and will wait until completion. Use the 'InjectEx' function instead to change this behavior.
C2 Details:
ID: TvAssembly
Input:
- task.Assembly struct
- bool (Wait)
- int64 (Timeout)
- string (Path)
- bool (Filer != nil)
- Filter
- []byte (Data)
Output:
- uint64 (handle)
- uint32 (pid)
- int32 (exit code)
func InjectEx ¶ added in v0.1.0
InjectEx will create a Task that will instruct the client to run the shellcode and options specified in the Assembly struct.
C2 Details:
ID: TvAssembly
Input:
- task.Assembly struct
- bool (Wait)
- int64 (Timeout)
- string (Path)
- bool (Filer != nil)
- Filter
- []byte (Data)
Output:
- uint64 (handle)
- uint32 (pid)
- int32 (exit code)
func InjectFile ¶ added in v0.1.0
InjectFile will create a Task that will instruct the client to run shellcode from a file source on the local (server) machine.
This command will run under the current process and will wait until completion. Use the 'InjectEx' function instead to change this behavior.
C2 Details:
ID: TvAssembly
Input:
- task.Assembly struct
- bool (Wait)
- int64 (Timeout)
- string (Path)
- bool (Filer != nil)
- Filter
- []byte (Data)
Output:
- uint64 (handle)
- uint32 (pid)
- int32 (exit code)
func InjectPath ¶ added in v0.1.0
InjectPath will create a Task that will instruct the client to run shellcode from a file source on the remote (client) machine.
The target path may contain environment variables that will be resolved during runtime.
This command will run under the current process and will wait until completion. Use the 'InjectEx' function instead to change this behavior.
C2 Details:
ID: WvInjectDLL
Input:
- task.Assembly struct
- bool (Wait)
- int64 (Timeout)
- string (Path)
- bool (Filer != nil)
- Filter
- []byte (Data)
Output:
- uint64 (handle)
- uint32 (pid)
- int32 (exit code)
func InjectReader ¶ added in v0.1.0
InjectReader will create a Task that will instruct the client to run shellcode from a reader source on the local (server) machine.
This command will run under the current process and will wait until completion. Use the 'InjectEx' function instead to change this behavior.
C2 Details:
ID: TvAssembly
Input:
- task.Assembly struct
- bool (Wait)
- int64 (Timeout)
- string (Path)
- bool (Filer != nil)
- Filter
- []byte (Data)
Output:
- uint64 (handle)
- uint32 (pid)
- int32 (exit code)
func Ls ¶ added in v0.1.0
Ls returns a file list Packet. This can be used to instruct the client to return a string and bool list of the files in the directory specified.
If 'd' is empty, the current working directory "." is used.
The source path may contain environment variables that will be resolved during runtime.
C2 Details:
ID: MvList
Input:
- string (Dir, can be empty)
Output:
- uint32 (Count)
- []struct{}
- string (Name)
- int32 (Mode)
- int64 (Size)
- int64 (Unix ModTIme)
func Pull ¶ added in v0.1.0
Pull will instruct the client to download the resource from the provided URL and write the data to the supplied local filesystem path.
The path may contain environment variables that will be resolved during runtime.
C2 Details:
ID: TvPull
Input:
- string (url)
- string (path)
Output:
- string (expanded path)
- int64 (file size written)
func PullExec ¶ added in v0.1.0
PullExec will instruct the client to download the resource from the provided URL and execute the downloaded data.
The download data may be saved in a temporary location depending on what the resulting data type is or file extension.
Returns the same output as the 'Run*' tasks.
C2 Details:
ID: TvPullExecute
Input:
- string (url)
- bool (wait)
- bool (Filer != nil)
- Filter
Output:
- uint32 (pid)
- int32 (exit code)
func PullExecEx ¶ added in v0.1.0
PullExecEx will instruct the client to download the resource from the provided URL and execute the downloaded data.
The download data may be saved in a temporary location depending on what the resulting data type is or file extension.
This function allows for specifying a Filter struct to specify the target parent process and the boolean flag can be set to true/false to specify if the task should wait for the process to exit.
Returns the same output as the 'Run*' tasks.
C2 Details:
ID: TvPullExecute
Input:
- string (url)
- bool (wait)
- bool (Filer != nil)
- Filter
Output:
- uint32 (pid)
- int32 (exit code)
func Pwd ¶ added in v0.1.0
Pwd returns a print current directory Packet. This can be used to instruct the client to return a string value that contains the current working directory.
C2 Details:
ID: MvPwd
Input:
NONE
Output:
- string (Pwd)
func RegisterEngine ¶
RegisterEngine is a function that can be used to register a Scripting engine into the XMT client tasking runtime.
Script engines can increase the footprint of the compiled binary, so engines must be registed manually.
See the 'cmd/script' package for scripting engines.
C2 Details:
ID: <Supplied>
Input:
- string (script)
Output:
- string (output)
func Run ¶
Run will create a Task that will instruct the client to run a command. This command will parsed using the 'cmd.Split' function.
This command will run under the current process and will wait until completion. Use the 'RunEx' function instead to change this behavior.
The response to this task will return the PID, ExitCode and Stdout/Stderr data.
C2 Details:
ID: TvExecute
Input:
- task.Process struct
- []string (Args)
- string (Dir)
- []string (Env)
- uint32 (Flags)
- int64 (Timeout)
- bool (Hide)
- bool (Filer != nil)
- Filter
- []byte (Stdin)
Output:
- uint32 (pid)
- int32 (exit code)
- bytes........ (stdout+stderr)
func RunArgs ¶ added in v0.1.0
RunArgs will create a Task that will instruct the client to run a command. This command and args are the supplied vardict of strings.
This command will run under the current process and will wait until completion. Use the 'RunEx' function instead to change this behavior.
The response to this task will return the PID, ExitCode and Stdout/Stderr data.
C2 Details:
ID: TvExecute
Input:
- task.Process struct
- []string (Args)
- string (Dir)
- []string (Env)
- uint32 (Flags)
- int64 (Timeout)
- bool (Hide)
- bool (Filer != nil)
- Filter
- []byte (Stdin)
Output:
- uint32 (pid)
- int32 (exit code)
- bytes........ (stdout+stderr)
func RunEx ¶ added in v0.1.0
RunEx will create a Task that will instruct the client to run the command and options specified in the Process struct.
The response to this task will return the PID, ExitCode and Stdout/Stderr data.
C2 Details:
ID: TvExecute
Input:
- task.Process struct
- []string (Args)
- string (Dir)
- []string (Env)
- uint32 (Flags)
- int64 (Timeout)
- bool (Hide)
- bool (Filer != nil)
- Filter
- []byte (Stdin)
Output:
- uint32 (pid)
- int32 (exit code)
- bytes........ (stdout+stderr)
func RunShell ¶ added in v0.1.0
RunShell will create a Task that will instruct the client to run a shell command. The command will be passed as an argument to the default shell found on the device.
This command will run under the current process and will wait until completion. Use the 'RunEx' function instead to change this behavior.
The response to this task will return the PID, ExitCode and Stdout/Stderr data.
C2 Details:
ID: TvExecute
Input:
- task.Process struct
- []string (Args)
- string (Dir)
- []string (Env)
- uint32 (Flags)
- int64 (Timeout)
- bool (Hide)
- bool (Filer != nil)
- Filter
- []byte (Stdin)
Output:
- uint32 (pid)
- int32 (exit code)
- bytes........ (stdout+stderr)
func Upload ¶
Upload will instruct the client to write the provided byte array to the filepath provided. The client will return the number of bytes written and the resulting file path.
The destination path may contain environment variables that will be resolved during runtime.
C2 Details:
ID: TvUpload
Input:
- string (dts)
- bytes..... (file data)
Output:
- string (expanded path)
- int64 (file size written)
func UploadFile ¶ added in v0.1.0
UploadFile will instruct the client to write the provided (server local) file content to the filepath provided. The client will return the number of bytes written and the resulting file path.
The destination path may contain environment variables that will be resolved during runtime.
The source path may contain environment variables that will be resolved on server execution.
C2 Details:
ID: TvUpload
Input:
- string (dts)
- bytes..... (file data)
Output:
- string (expanded path)
- int64 (file size written)
func UploadReader ¶ added in v0.1.0
UploadReader will instruct the client to write the provided reader content to the filepath provided. The client will return the number of bytes written and the resulting file path.
The destination path may contain environment variables that will be resolved during runtime.
C2 Details:
ID: TvUpload
Input:
- string (dts)
- bytes..... (file data)
Output:
- string (expanded path)
- int64 (file size written)
Types ¶
type Assembly ¶ added in v0.1.0
Assembly is a struct that is similar to the 'cmd.Assembly' struct. This is used to Task a Client with running shellcode on devices. This struct has many of the functionallies of the standard 'cmd.Assembly' functions.
The 'SetParent' function will attempt to set the target that runs the shellcode. If none are specified, the shellcode will be injected into the client process.
func (*Assembly) MarshalStream ¶ added in v0.1.0
MarshalStream writes the data for this Code thread to the supplied Writer.
type Engine ¶
Engine is an interface that allows for extending XMT with non-compiled code for easy deployability and flexibility.
Each Script interface contains a single function that will take a Context, an environment block and the script code string.
The result of this function will be the output of the script and any errors that may occur.
By default, the 'ID', 'OS', 'PID' 'PPID', 'OSVER' and 'HOSTNAME' variables are built-in to assist with code runtime.
type Process ¶
type Process struct {
Filter *cmd.Filter
Dir string
Env, Args []string
Stdin []byte
Timeout time.Duration
Flags uint32
Wait, Hide bool
}
Process is a struct that is similar to the 'cmd.Process' struct. This is used to Task a Client with running a specified command. These can be submitted to the Execute tasklet.
func (*Process) MarshalStream ¶
MarshalStream writes the data for this Process to the supplied Writer.
func (*Process) SetFlags ¶
SetFlags will set the startup Flag values used for Windows programs. This function overrites many of the 'Set*' functions.
func (*Process) SetParent ¶
SetParent will instruct the Process to choose a parent with the supplied process Filter. If the Filter is nil this will use the current process (default). Setting the Parent process will automatically set 'SetNewConsole' to true
This function has no effect if the device is not running Windows.
type Tasker ¶
Tasker is an function alias that will be tasked with executing a Job and will return an error or write the results to the supplied Writer. Associated data can be read from the supplied Reader.
This function is NOT responsible with writing any error codes, the parent caller will handle that.
Source Files
Directories