wmiexec

package
v1.8.23 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 3, 2023 License: MIT Imports: 18 Imported by: 0

Documentation

Overview

nolint

nolint

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewExecer

func NewExecer(cfg *WmiExecConfig) *wmiExecer

func WMIExec

func WMIExec(target, username, password, hash, domain, command, clientHostname string, timeout int, cfgIn *WmiExecConfig) error

Types

type ActivationContextInfo

type ActivationContextInfo struct {
	CommonHeader                                        CommonTypeHeader
	PrivateHeader                                       PrivateHeader
	ClientOk                                            uint32
	Reserved                                            uint32
	Reserved2                                           uint32
	Reserved3                                           uint32
	ClientPtrReferentID                                 uint32
	NULLPtr                                             uint32
	ClientPtrClientContextUnknown                       uint32
	ClientPtrClientContextCntData                       uint32
	ClientPtrClientContextOBJREFSignature               uint32
	ClientPtrClientContextOBJREFFlags                   uint32
	ClientPtrClientContextOBJREFIID                     [16]byte
	ClientPtrClientContextOBJREFCUSTOMOBJREFCLSID       [16]byte
	ClientPtrClientContextOBJREFCUSTOMOBJREFCBExtension uint32
	ClientPtrClientContextOBJREFCUSTOMOBJREFSize        uint32
	UnusedBuffer                                        [48]byte
}

type CUSTOMOBJREF

type CUSTOMOBJREF struct {
	CLSID          [16]byte
	CBExtension    uint32
	Size           uint32
	IActProperties IActProperties2
}

func (CUSTOMOBJREF) Bytes

func (i CUSTOMOBJREF) Bytes() []byte

type ClsId

type ClsId struct {
	PtrReferentID             uint32
	PtrSizesReferentID        uint32
	NULLPointer               uint32
	PtrMaxCount               uint32
	PtrPropertyStructGUID     [16]byte
	PtrPropertyStructGUID2    [16]byte
	PtrPropertyStructGUID3    [16]byte
	PtrPropertyStructGUID4    [16]byte
	PtrPropertyStructGUID5    [16]byte
	PtrPropertyStructGUID6    [16]byte
	SizesPtrMaxCount          uint32
	SizesPtrPropertyDataSize  uint32
	SizesPtrPropertyDataSize2 uint32
	SizesPtrPropertyDataSize3 uint32
	SizesPtrPropertyDataSize4 uint32
	SizesPtrPropertyDataSize5 uint32
	SizesPtrPropertyDataSize6 uint32
}

type CommonTypeHeader

type CommonTypeHeader struct {
	Version            byte
	Endianness         byte
	CommonHeaderLength uint16
	Filler             uint32
}

func NewCommonHeader1

func NewCommonHeader1(endian int) CommonTypeHeader

type CustomHeader

type CustomHeader struct {
	CommonHeader                  CommonTypeHeader
	PrivateHeader                 PrivateHeader
	TotalSize                     uint32
	CustomHeaderSize              uint32
	Reserved                      uint32
	DestinationContext            uint32
	NumActivationProptertyStructs uint32
	ClassInfoClsid                [16]byte
	ClsId                         ClsId
}

type DCOMORPCThis

type DCOMORPCThis struct {
	VersionMajor uint16
	VersionMinor uint16
	Flags        uint32
	Reserved     uint32
	CausalityID  [16]byte
	Unknown      uint32
}

type DCOMOXIDResolver

type DCOMOXIDResolver struct {
	VersionMajor     uint16
	VersionMinor     uint16
	Unknown          [8]byte
	NumEntries       uint16
	SecurityOffset   uint16
	StringBindings   []DCOMStringBinding
	SecurityBindings []DCOMSecurityBinding
	Unknown2         [8]byte
}

func NewDCOMOXIDResolver

func NewDCOMOXIDResolver(b []byte) DCOMOXIDResolver

type DCOMSecurityBinding

type DCOMSecurityBinding struct {
	AuthnSvc  uint16
	AuthzSvc  uint16
	PrincName []byte
}

type DCOMStringBinding

type DCOMStringBinding struct {
	TowerId     uint16
	NetworkAddr []byte
}

type IAct2Properties

type IAct2Properties struct {
	SpecialSystemProperties SpecialSystemProperties
	InstantiationInfo       InstantiationInfo
	ActivationContextInfo   ActivationContextInfo
	SecurityInfo            SecurityInfo
	LocationInfo            LocationInfo
	ScmRequestInfo          ScmRequestInfo
}

type IActProperties

type IActProperties struct {
	CntData uint32
	OBJREF  OBJREF
}

func (IActProperties) Bytes

func (i IActProperties) Bytes() []byte

type IActProperties2

type IActProperties2 struct {
	TotalSize    uint32
	Reserved     uint32
	CustomHeader CustomHeader
	Properties   IAct2Properties
}

idk man, I'm doing this from the wireshark dissection, not the standard ok

func (IActProperties2) Bytes

func (i IActProperties2) Bytes() []byte

type InstantiationInfo

type InstantiationInfo struct {
	CommonHeader            CommonTypeHeader
	PrivateHeader           PrivateHeader
	InstantiatedObjectClsId [16]byte
	ClassContext,
	ActivationFlags,
	FlagsSurrogate,
	InterfaceIdCount,
	InstantiationFlag,
	InterfaceIdsPtr,
	EntirePropertySize uint32
	VersionMajor, VersionMinor uint16
	InterfaceIdsMaxCount       uint32
	InterfaceIds               [16]byte
	UnusedBuffer               uint32
}

type LocationInfo

type LocationInfo struct {
	CommonHeader  CommonTypeHeader
	PrivateHeader PrivateHeader
	NULLPtr       uint32
	ProcessID     uint32
	ApartmentID   uint32
	ContextID     uint32
}

type OBJREF

type OBJREF struct {
	Signature    uint32
	Flags        uint32
	IID          [16]byte
	CUSTOMOBJREF CUSTOMOBJREF
}

type PacketDCOMMemRelease

type PacketDCOMMemRelease struct {
	VersionMajor  uint16
	VersionMinor  uint16
	Flags         uint32
	Reserved      uint32
	CausalityID   [16]byte
	Reserved2     uint32
	Unknown       uint32
	InterfaceRefs uint32
	IPID          [16]byte
	PublicRefs    uint32
	PrivateRefs   uint32

	PublicRefs2  uint32
	PrivateRefs2 uint32
	// contains filtered or unexported fields
}

func NewPacketDCOMMemRelease

func NewPacketDCOMMemRelease(causality, ipid, ipid2 []byte) PacketDCOMMemRelease

func (PacketDCOMMemRelease) Bytes

func (p PacketDCOMMemRelease) Bytes() []byte

type PacketDCOMRemQueryInterface

type PacketDCOMRemQueryInterface struct {
	VersionMajor uint16
	VersionMinor uint16
	Flags        uint32
	Reserved     uint32
	CausalityID  [16]byte
	Reserved2    uint32
	IPID         [16]byte
	Refs         uint32
	IIDs         uint16
	Unknown      [6]byte
	IID          [16]byte
}

func NewPacketDCOMRemQueryInterface

func NewPacketDCOMRemQueryInterface(causalityID, IPID, IID []byte) PacketDCOMRemQueryInterface

func (PacketDCOMRemQueryInterface) Bytes

func (p PacketDCOMRemQueryInterface) Bytes() []byte

type PacketDCOMRemoteInstance

type PacketDCOMRemoteInstance struct {
	/*
		DCOMVersionMajor                                                                                                             uint16
		DCOMVersionMinor                                                                                                             uint16
		DCOMFlags                                                                                                                    uint32
		DCOMReserved                                                                                                                 uint32
		DCOMCausalityID                                                                                                              [16]byte
		Unknown                                                                                                                      uint32
	*/
	DCOMORPCThis   DCOMORPCThis
	Unknown2       uint32
	Unknown3       uint32
	Unknown4       uint32
	IActProperties IActProperties
}

func NewDCOMRemoteInstance

func NewDCOMRemoteInstance(causality [16]byte, target string) PacketDCOMRemoteInstance

func (PacketDCOMRemoteInstance) Bytes

func (p PacketDCOMRemoteInstance) Bytes() []byte

type PrivateHeader

type PrivateHeader struct {
	ObjectBufferLength uint32
	Filler             uint32
}

func NewPrivateHeader

func NewPrivateHeader(buflen uint32) PrivateHeader

type ScmRequestInfo

type ScmRequestInfo struct {
	CommonHeader                                                 CommonTypeHeader
	PrivateHeader                                                PrivateHeader
	NULLPtr                                                      uint32
	RemoteRequestPtrReferentID                                   uint32
	RemoteRequestPtrRemoteRequestClientImpersonationLevel        uint32
	RemoteRequestPtrRemoteRequestNumProtocolSequences            uint16
	RemoteRequestPtrRemoteRequestUnknown                         uint16
	RemoteRequestPtrRemoteRequestProtocolSeqsArrayPtrReferentID  uint32
	RemoteRequestPtrRemoteRequestProtocolSeqsArrayPtrMaxCount    uint32
	RemoteRequestPtrRemoteRequestProtocolSeqsArrayPtrProtocolSeq uint16
	UnusedBuffer                                                 [6]byte // = 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
}

type SecurityInfo

type SecurityInfo struct {
	CommonHeader                        CommonTypeHeader
	PrivateHeader                       PrivateHeader //", packet_private_header);
	AuthenticationFlags                 uint32
	ServerInfoPtrReferentID             uint32
	NULLPtr                             uint32
	ServerInfoServerInfoReserved        uint32
	ServerInfoServerInfoNameReferentID  uint32
	ServerInfoServerInfoNULLPtr         uint32
	ServerInfoServerInfoReserved2       uint32
	ServerInfoServerInfoNameMaxCount    uint32 //", packet_target_length);
	ServerInfoServerInfoNameOffset      uint32
	ServerInfoServerInfoNameActualCount uint32 //", packet_target_length);
	ServerInfoServerInfoNameString      []byte // uint32//uint", packet_target_unicode);

}

func (SecurityInfo) Bytes

func (i SecurityInfo) Bytes() []byte

type SpecialSystemProperties

type SpecialSystemProperties struct {
	CommonHeader         CommonTypeHeader
	PrivateHeader        PrivateHeader
	SessionID            uint32
	RemoteThisSessionID  uint32
	ClientImpersonating  uint32
	PartitionIDPresent   uint32
	DefaultAuthnLevel    uint32
	PartitionGUID        [16]byte
	ProcessRequestFlags  uint32
	OriginalClassContext uint32
	Flags                uint32
	Reserved             [32]byte
	UnusedBuffer         uint64
}

type WmiExecConfig

type WmiExecConfig struct {
	// contains filtered or unexported fields
}

func NewExecConfig

func NewExecConfig(username, password, hash, domain, target, clientHostname string, timeout int, verbose bool, logger *zap.Logger, writer io.Writer) (WmiExecConfig, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL