github.com/iDigitalFlame/xmt@v0.5.4/c2/task/v_dll.go (about) 1 //go:build !implant 2 // +build !implant 3 4 // Copyright (C) 2020 - 2023 iDigitalFlame 5 // 6 // This program is free software: you can redistribute it and/or modify 7 // it under the terms of the GNU General Public License as published by 8 // the Free Software Foundation, either version 3 of the License, or 9 // any later version. 10 // 11 // This program is distributed in the hope that it will be useful, 12 // but WITHOUT ANY WARRANTY; without even the implied warranty of 13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 // GNU General Public License for more details. 15 // 16 // You should have received a copy of the GNU General Public License 17 // along with this program. If not, see <https://www.gnu.org/licenses/>. 18 // 19 20 package task 21 22 import ( 23 "io" 24 25 "github.com/iDigitalFlame/xmt/com" 26 "github.com/iDigitalFlame/xmt/data" 27 ) 28 29 // DLLFile will create a Tasklet that will instruct the client to local a 30 // DLL from the specified local (server - the one calling this function) file 31 // source. (THIS WILL MAKE A WRITE TO DISK!) 32 // 33 // To prevent writes to disk, use the 'cmd.DLLToASM' function on the server 34 // (or any non 'implant' tagged build) to build a shellcode DLL+loader using 35 // SRDi and launch as Assembly instead. 36 // 37 // The Filter attribute will attempt to set the target that runs the Process. 38 // If none are specified, the Process will be ran under the client process. 39 // 40 // C2 Details: 41 // 42 // ID: WvInjectDLL 43 // 44 // Input: 45 // DLL struct { 46 // string // Path 47 // bool // Wait 48 // int64 // Timeout 49 // bool // Filter Status 50 // Filter struct { // Filter 51 // uint32 // PID 52 // bool // Fallback 53 // uint8 // Session 54 // uint8 // Elevated 55 // []string // Exclude 56 // []string // Include 57 // } 58 // []byte // Raw DLL Data 59 // } 60 // Output: 61 // uint64 // Handle 62 // uint32 // PID 63 // int32 // Exit Code 64 func DLLFile(s string) (DLL, error) { 65 b, err := data.ReadFile(s) 66 if err != nil { 67 return DLL{}, err 68 } 69 return DLL{Data: b}, nil 70 } 71 72 // DLLReader will create a Tasklet that will instruct the client to local a DLL 73 // from the specified reader source. (THIS WILL MAKE A WRITE TO DISK!) 74 // 75 // To prevent writes to disk, use the 'cmd.DLLToASM' function on the server 76 // (or any non 'implant' tagged build) to build a shellcode DLL+loader using 77 // SRDi and launch as Assembly instead. 78 // 79 // The Filter attribute will attempt to set the target that runs the Process. 80 // If none are specified, the Process will be ran under the client process. 81 // 82 // C2 Details: 83 // 84 // ID: WvInjectDLL 85 // 86 // Input: 87 // DLL struct { 88 // string // Path 89 // bool // Wait 90 // int64 // Timeout 91 // bool // Filter Status 92 // Filter struct { // Filter 93 // uint32 // PID 94 // bool // Fallback 95 // uint8 // Session 96 // uint8 // Elevated 97 // []string // Exclude 98 // []string // Include 99 // } 100 // []byte // Raw DLL Data 101 // } 102 // Output: 103 // uint64 // Handle 104 // uint32 // PID 105 // int32 // Exit Code 106 func DLLReader(r io.Reader) (DLL, error) { 107 b, err := data.ReadAll(r) 108 if err != nil { 109 return DLL{}, err 110 } 111 return DLL{Data: b}, nil 112 } 113 114 // Packet will take the configured DLL options and will return a Packet and any 115 // errors that may occur during building. 116 // 117 // This allows the DLL struct to fulfil the 'Tasklet' interface. 118 // 119 // C2 Details: 120 // 121 // ID: TvDLL 122 // 123 // Input: 124 // DLL struct { 125 // string // Path 126 // bool // Wait 127 // int64 // Timeout 128 // bool // Filter Status 129 // Filter struct { // Filter 130 // uint32 // PID 131 // bool // Fallback 132 // uint8 // Session 133 // uint8 // Elevated 134 // []string // Exclude 135 // []string // Include 136 // } 137 // []byte // Raw DLL Data 138 // } 139 // Output: 140 // uint64 // Handle 141 // uint32 // PID 142 // int32 // Exit Code 143 func (d DLL) Packet() (*com.Packet, error) { 144 n := &com.Packet{ID: TvDLL} 145 d.MarshalStream(n) 146 return n, nil 147 } 148 149 // MarshalStream writes the data for this DLL task to the supplied Writer. 150 func (d DLL) MarshalStream(w data.Writer) error { 151 if err := w.WriteString(d.Path); err != nil { 152 return err 153 } 154 if err := w.WriteBool(d.Wait); err != nil { 155 return err 156 } 157 if err := w.WriteInt64(int64(d.Timeout)); err != nil { 158 return err 159 } 160 if err := d.Filter.MarshalStream(w); err != nil { 161 return err 162 } 163 return w.WriteBytes(d.Data) 164 }