github.com/iDigitalFlame/xmt@v0.5.1/c2/task/v_registry.go (about) 1 //go:build !implant 2 // +build !implant 3 4 // Copyright (C) 2020 - 2023 iDigitalFlame 5 // 6 // This program is free software: you can redistribute it and/or modify 7 // it under the terms of the GNU General Public License as published by 8 // the Free Software Foundation, either version 3 of the License, or 9 // any later version. 10 // 11 // This program is distributed in the hope that it will be useful, 12 // but WITHOUT ANY WARRANTY; without even the implied warranty of 13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 // GNU General Public License for more details. 15 // 16 // You should have received a copy of the GNU General Public License 17 // along with this program. If not, see <https://www.gnu.org/licenses/>. 18 // 19 20 package task 21 22 import ( 23 "github.com/iDigitalFlame/xmt/com" 24 "github.com/iDigitalFlame/xmt/data" 25 ) 26 27 // RegLs returns a list registry keys/values Packet. This can be used to instruct 28 // the client to return a list of Registry entries for the specified registry 29 // path. 30 // 31 // C2 Details: 32 // 33 // ID: TvRegistry 34 // 35 // Input: 36 // uint8 // Operation 37 // string // Key Path 38 // Output: 39 // uint8 // Operation 40 // uint32 // Count 41 // []Entry struct { // List of Entries 42 // string // Name 43 // uint32 // Type 44 // []byte // Data 45 // } 46 func RegLs(s string) *com.Packet { 47 n := &com.Packet{ID: TvRegistry} 48 n.WriteUint8(regOpLs) 49 n.WriteString(s) 50 return n 51 } 52 53 // RegMakeKey returns a make registry key Packet. This can be used to instruct 54 // the client to make a key at specified registry path. 55 // 56 // C2 Details: 57 // 58 // ID: TvRegistry 59 // 60 // Input: 61 // uint8 // Operation 62 // string // Key Path 63 // Output: 64 // uint8 // Operation 65 func RegMakeKey(key string) *com.Packet { 66 n := &com.Packet{ID: TvRegistry} 67 n.WriteUint8(regOpMake) 68 n.WriteString(key) 69 return n 70 } 71 72 // RegGet returns a get key/value Packet. This can be used to instruct the client 73 // to return an entry details for the specified registry path. 74 // 75 // C2 Details: 76 // 77 // ID: TvRegistry 78 // 79 // Input: 80 // uint8 // Operation 81 // string // Key Path 82 // string // Value Name 83 // Output: 84 // uint8 // Operation 85 // Entry struct { // Entry 86 // string // Name 87 // uint32 // Type 88 // []byte // Data 89 // } 90 func RegGet(key, value string) *com.Packet { 91 n := &com.Packet{ID: TvRegistry} 92 n.WriteUint8(regOpGet) 93 n.WriteString(key) 94 n.WriteString(value) 95 return n 96 } 97 98 // RegSetString returns a set as string key/value Packet. This can be used to 99 // instruct the client to set the value content to the supplied string for the 100 // specified registry path. 101 // 102 // C2 Details: 103 // 104 // ID: TvRegistry 105 // 106 // Input: 107 // uint8 // Operation 108 // string // Key Path 109 // string // Value Name 110 // string // Content 111 // Output: 112 // uint8 // Operation 113 func RegSetString(key, value, v string) *com.Packet { 114 n := &com.Packet{ID: TvRegistry} 115 n.WriteUint8(regOpSetString) 116 n.WriteString(key) 117 n.WriteString(value) 118 n.WriteString(v) 119 return n 120 } 121 122 // RegDeleteKey returns a delete key Packet. This can be used to instruct the 123 // client to delete a key at the specified registry path. 124 // 125 // C2 Details: 126 // 127 // ID: TvRegistry 128 // 129 // Input: 130 // uint8 // Operation 131 // string // Key Path 132 // bool // Delete Recursively or Delete non-empty Keys 133 // Output: 134 // uint8 // Operation 135 func RegDeleteKey(key string, force bool) *com.Packet { 136 n := &com.Packet{ID: TvRegistry} 137 n.WriteUint8(regOpDeleteKey) 138 n.WriteString(key) 139 n.WriteBool(force) 140 return n 141 } 142 143 // RegDelete returns a delete key/value Packet. This can be used to instruct the 144 // client to delete a key or value at the specified registry path. 145 // 146 // C2 Details: 147 // 148 // ID: TvRegistry 149 // 150 // Input: 151 // uint8 // Operation 152 // string // Key Path 153 // string // Value Name 154 // bool // Delete Recursively or Delete non-empty Keys 155 // Output: 156 // uint8 // Operation 157 func RegDelete(key, value string, force bool) *com.Packet { 158 n := &com.Packet{ID: TvRegistry} 159 n.WriteUint8(regOpDelete) 160 n.WriteString(key) 161 n.WriteString(value) 162 n.WriteBool(force) 163 return n 164 } 165 166 // RegSetDword returns a set as a DWORD (uint32) key/value Packet. This can be 167 // used to instruct the client to set the value content to the supplied DWORD 168 // for the specified registry path. 169 // 170 // C2 Details: 171 // 172 // ID: TvRegistry 173 // 174 // Input: 175 // uint8 // Operation 176 // string // Key Path 177 // string // Value Name 178 // uint32 // Content 179 // Output: 180 // uint8 // Operation 181 func RegSetDword(key, value string, v uint32) *com.Packet { 182 n := &com.Packet{ID: TvRegistry} 183 n.WriteUint8(regOpSetDword) 184 n.WriteString(key) 185 n.WriteString(value) 186 n.WriteUint32(v) 187 return n 188 } 189 190 // RegSetQword returns a set as QWORD (uint64) key/value Packet. This can be 191 // used to instruct the client to set the value content to the supplied QWORD 192 // for the specified registry path. 193 // 194 // C2 Details: 195 // 196 // ID: TvRegistry 197 // 198 // Input: 199 // uint8 // Operation 200 // string // Key Path 201 // string // Value Name 202 // uint64 // Content 203 // Output: 204 // uint8 // Operation 205 func RegSetQword(key, value string, v uint64) *com.Packet { 206 n := &com.Packet{ID: TvRegistry} 207 n.WriteUint8(regOpSetQword) 208 n.WriteString(key) 209 n.WriteString(value) 210 n.WriteUint64(v) 211 return n 212 } 213 214 // RegSetBytes returns a set as a BINARY (bytes) key/value Packet. This can be 215 // used to instruct the client to set the value content to the supplied bytes 216 // for the specified registry path. 217 // 218 // C2 Details: 219 // 220 // ID: TvRegistry 221 // 222 // Input: 223 // uint8 // Operation 224 // string // Key Path 225 // string // Value Name 226 // []byte // Content 227 // Output: 228 // uint8 // Operation 229 func RegSetBytes(key, value string, b []byte) *com.Packet { 230 n := &com.Packet{ID: TvRegistry} 231 n.WriteUint8(regOpSetBytes) 232 n.WriteString(key) 233 n.WriteString(value) 234 n.WriteBytes(b) 235 return n 236 } 237 238 // RegSetExpandString returns a set as expand string key/value Packet. This can 239 // be used to instruct the client to set the value content to the supplied 240 // string for the specified registry path. 241 // 242 // C2 Details: 243 // 244 // ID: TvRegistry 245 // 246 // Input: 247 // uint8 // Operation 248 // string // Key Path 249 // string // Value Name 250 // string // Content 251 // Output: 252 // uint8 // Operation 253 func RegSetExpandString(key, value, v string) *com.Packet { 254 n := &com.Packet{ID: TvRegistry} 255 n.WriteUint8(regOpSetExpandString) 256 n.WriteString(key) 257 n.WriteString(value) 258 n.WriteString(v) 259 return n 260 } 261 262 // RegSet returns a set content key/value Packet. This can be used to instruct 263 // the client to set the raw value content to the supplied raw bytes for the 264 // specified registry path along with the type. 265 // 266 // C2 Details: 267 // 268 // ID: TvRegistry 269 // 270 // Input: 271 // uint8 // Operation 272 // string // Key Path 273 // string // Value Name 274 // uint32 // Type 275 // []byte // Content 276 // Output: 277 // uint8 // Operation 278 func RegSet(key, value string, t uint32, b []byte) *com.Packet { 279 n := &com.Packet{ID: TvRegistry} 280 n.WriteUint8(regOpSet) 281 n.WriteString(key) 282 n.WriteString(value) 283 n.WriteUint32(t) 284 n.WriteBytes(b) 285 return n 286 } 287 288 // RegSetStringList returns a set as multi string key/value Packet. This can 289 // be used to instruct the client to set the value content to the supplied 290 // strings for the specified registry path. 291 // 292 // C2 Details: 293 // 294 // ID: TvRegistry 295 // 296 // Input: 297 // uint8 // Operation 298 // string // Key Path 299 // string // Value Name 300 // []string // Content 301 // Output: 302 // uint8 // Operation 303 func RegSetStringList(key, value string, v []string) *com.Packet { 304 n := &com.Packet{ID: TvRegistry} 305 n.WriteUint8(regOpSetStringList) 306 n.WriteString(key) 307 n.WriteString(value) 308 data.WriteStringList(n, v) 309 return n 310 }