README
¶
#define
Defined constants and variables which act like constants, similar to C-style
#defines.
Documentation
¶
Overview ¶
Package def - Defined constants
Index ¶
Constants ¶
View Source
const ( AcceptWait = time.Second / 4 /* Wait between failed accepts. */ C2URLParam = "c2" /* cURLGen query C2 URL parameter. */ DirPerms = 0770 /* Default directory permissions. */ FilePerms = 0660 /* Default file permissions. */ HTTPIOTimeout = 30 * time.Second /* HTTP read/write timeout. */ LogsPrompt = "(plonk)> " /* opshell prompt for log-watching. */ MaxExfilOpenTries = 100 /* Maximum number of exfil filenames to try. */ MaxOutput = 1 * 1024 * 1024 /* Output stops at 1MB. */ NSeen = 10 /* Max number of seen IDs. */ NamelessName = "an IDless implant" /* Name we give to ID "" */ NReplayLogs = 10 /* Number of logs to show with ,logs. */ OpNameWait = 10 * time.Second /* Wait for operator's name. */ StateWriteDelay = "5s" )
Other nonconfigurables
View Source
const ( ENGoodbye = "goodbye" /* Server's closing. */ ENName = "name" /* Operator name. */ ENEnqueue = "enqueue" /* Enqueue(d) task. */ ENListSeen = "listseen" /* List seen implants. */ )
Event names
View Source
const ( LMCaughtSignal = "Caught signal, exiting" LMCurlGen = "Implant generation" LMExfil = "Exfil" LMFileRequest = "Static file requested" LMImplantServing = "Implant service started" LMNewImplant = "New implant" LMOpConnected = "Operator connected" LMOpDisconnected = "Operator disconnected" LMOpListening = "Operator listener started" LMOpNameChange = "Operator name change" LMOutputRequest = "Output" LMSentSeenList = "Sent implant list" LMServerReady = "Server ready" LMTaskQueued = "Task queued" LMTaskRequest = "Task request" /* Errors */ LMDefaultFileFailed = "Opening default file failed" LMHTTPError = "HTTP error" LMHTTPErrorFailed = "HTTP error logger failed" LMOpInitialNameError = "Error getting initial operator name" LMServerDied = "Server died" LMStateWriteFailed = "State write failed" LMTemporaryAcceptError = "Temporary accept error" LMUnexpectedMessage = "Unexpected message" )
Log messages
View Source
const ( LKAddress = "address" LKConnNumber = "cnum" LKDirname = "dirname" LKErrorType = "error_type" LKFilename = "filename" LKHTTPAddr = "http_addr" LKHTTPSAddr = "https_addr" LKHash = "hash" LKHost = "host" LKID = "id" LKLocation = "location" LKMessage = "message" LKMessageType = "message_type" LKMethod = "method" LKOpName = "opname" LKOpOldName = "oldname" LKOutput = "output" LKParameters = "parameters" LKQLen = "qlen" LKRemoteAddr = "remote_address" LKReqPath = "requested_path" LKSNI = "sni" LKSignal = "signal" LKSize = "size" LKStatusCode = "status_code" LKTask = "task" LKURL = "url" )
Log keys
Variables ¶
View Source
var ( DefaultFile = "index.html" /* Default file served by HTTP. */ ExfilDir = "exfil" LogFile = "log.json" OpSock = "op.sock" /* Operator comms Unix socket. */ StateFile = "state.json" StaticFilesDir = "files" TemplateFile = "implant.tmpl" DirEnvVar = "PLONK_DIRECTORY" )
Files and directories, within working directory
View Source
var ( CurlGenPath = "/c" /* Implant generator. */ ExfilPath = "/p" FilePath = "/f" OutputPath = "/o" TaskPath = "/t" )
Request URL paths.
View Source
var (
StateWriteDelayD time.Duration
)
Other configurables
Functions ¶
This section is empty.
Types ¶
type EDGoodbye ¶
type EDGoodbye struct {
Message string
}
EDGoodbye indicates the server is shutting down.
type EDLMCurlGen ¶
type EDLMCurlGen struct {
Parameters struct {
RandN string
URL string
}
RemoteAddr string `json:"remote_address"`
}
EDLMCurlGen tells us when someone's generated implant code.
type EDLMExfil ¶
type EDLMExfil struct {
Filename string
Size int
RequestedPath string `json:"requested_path"`
RemoteAddr string `json:"remote_address"`
Error string
}
EDLMExfil tells us when we've got exfil.
type EDLMFileRequest ¶
type EDLMFileRequest struct {
StatusCode int `json:"status_code"`
RemoteAddr string `json:"remote_address"`
Filename string
Size int
}
EDLMFileRequest tells us when someone's asked for a file.
type EDLMNewImplant ¶
type EDLMNewImplant struct {
ID string
}
EDLMNewImplant informs about a newly-seen implant.
type EDLMOpConnected ¶
EDLMOpConnected is a log message indicating a new operator has connected. It also works for disconnections.
type EDLMOutputRequest ¶
EDLMOutputRequest is a log message sent after a request to send output.
type EDLMTaskQueued ¶
EDLMTaskQueued is a log message indicating a queued task.
Source Files
Click to show internal directories.
Click to hide internal directories.