github.com/iDigitalFlame/xmt@v0.5.4/c2/task/dll.go

github.com/iDigitalFlame/xmt@v0.5.4/c2/task/dll.go (about)

     1  // Copyright (C) 2020 - 2023 iDigitalFlame
     2  //
     3  // This program is free software: you can redistribute it and/or modify
     4  // it under the terms of the GNU General Public License as published by
     5  // the Free Software Foundation, either version 3 of the License, or
     6  // any later version.
     7  //
     8  // This program is distributed in the hope that it will be useful,
     9  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    10  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    11  // GNU General Public License for more details.
    12  //
    13  // You should have received a copy of the GNU General Public License
    14  // along with this program.  If not, see <https://www.gnu.org/licenses/>.
    15  //
    16  
    17  package task
    18  
    19  import (
    20  	"time"
    21  
    22  	"github.com/iDigitalFlame/xmt/cmd/filter"
    23  	"github.com/iDigitalFlame/xmt/data"
    24  )
    25  
    26  // DLL is a Tasklet that is similar to the 'cmd.DLL' struct. This is
    27  // used to Task a Client with loading a DLL.
    28  //
    29  // The Path parameter is the path (on the client) where the DLL is located.
    30  // This may be omitted and Data can be filled instead with the raw binary data
    31  // to send and load a remote DLL instead. (THIS WILL MAKE A WRITE TO DISK!)
    32  //
    33  // To prevent writes to disk, use the 'cmd.DLLToASM' function on the server
    34  // (or any non 'implant' tagged build) to build a shellcode DLL+loader using
    35  // SRDi and launch as Assembly instead.
    36  //
    37  // This can be directly used in the Session 'Tasklet' function instead of
    38  // directly creating a Task.
    39  //
    40  // The Filter attribute will attempt to set the target that runs the Process.
    41  // If none are specified, the Process will be ran under the client process.
    42  //
    43  // C2 Details:
    44  //
    45  //	ID: TvDLL
    46  //
    47  //	Input:
    48  //	    DLL struct {
    49  //	        string          // Path
    50  //	        bool            // Wait
    51  //	        int64           // Timeout
    52  //	        bool            // Filter Status
    53  //	        Filter struct { // Filter
    54  //	            uint32      // PID
    55  //	            bool        // Fallback
    56  //	            uint8       // Session
    57  //	            uint8       // Elevated
    58  //	            []string    // Exclude
    59  //	            []string    // Include
    60  //	        }
    61  //	        []byte          // Raw DLL Data
    62  //	    }
    63  //	Output:
    64  //	    uint64              // Handle
    65  //	    uint32              // PID
    66  //	    int32               // Exit Code
    67  type DLL struct {
    68  	Filter  *filter.Filter
    69  	Path    string
    70  	Data    []byte
    71  	Wait    bool
    72  	Timeout time.Duration
    73  }
    74  
    75  // UnmarshalStream reads the data for this DLL task from the supplied Reader.
    76  func (d *DLL) UnmarshalStream(r data.Reader) error {
    77  	if err := r.ReadString(&d.Path); err != nil {
    78  		return err
    79  	}
    80  	if err := r.ReadBool(&d.Wait); err != nil {
    81  		return err
    82  	}
    83  	if err := r.ReadInt64((*int64)(&d.Timeout)); err != nil {
    84  		return err
    85  	}
    86  	if err := filter.UnmarshalStream(r, &d.Filter); err != nil {
    87  		return err
    88  	}
    89  	return r.ReadBytes(&d.Data)
    90  }