github.com/iDigitalFlame/xmt@v0.5.4/c2/task/v_io.go (about) 1 //go:build !implant 2 // +build !implant 3 4 // Copyright (C) 2020 - 2023 iDigitalFlame 5 // 6 // This program is free software: you can redistribute it and/or modify 7 // it under the terms of the GNU General Public License as published by 8 // the Free Software Foundation, either version 3 of the License, or 9 // any later version. 10 // 11 // This program is distributed in the hope that it will be useful, 12 // but WITHOUT ANY WARRANTY; without even the implied warranty of 13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 // GNU General Public License for more details. 15 // 16 // You should have received a copy of the GNU General Public License 17 // along with this program. If not, see <https://www.gnu.org/licenses/>. 18 // 19 20 package task 21 22 import ( 23 "io" 24 "os" 25 "time" 26 27 "github.com/iDigitalFlame/xmt/cmd/filter" 28 "github.com/iDigitalFlame/xmt/com" 29 "github.com/iDigitalFlame/xmt/device" 30 ) 31 32 // ProcessList returns a list processes Packet. This can be used to instruct 33 // the client to return a list of the current running host's processes. 34 // 35 // C2 Details: 36 // 37 // ID: MvProcList 38 // 39 // Input: 40 // <none> 41 // Output: 42 // uint32 // Count 43 // []ProcessInfo { // List of Running Processes 44 // uint32 // Process ID 45 // uint32 // Parent Process ID 46 // string // Process Image Name 47 // } 48 func ProcessList() *com.Packet { 49 return &com.Packet{ID: MvProcList} 50 } 51 52 // Kill returns a process kill Packet. This can be used to instruct to send a 53 // SIGKILL signal to the specified process by the specified Process ID. 54 // 55 // C2 Details: 56 // 57 // ID: TvSystemIO 58 // 59 // Input: 60 // uint8 // IO Type 61 // uint32 // PID 62 // Output: 63 // uint8 // IO Type 64 func Kill(p uint32) *com.Packet { 65 n := &com.Packet{ID: TvSystemIO} 66 n.WriteUint8(taskIoKill) 67 n.WriteUint32(p) 68 return n 69 } 70 71 // Touch returns a file touch Packet. This can be used to instruct to create the 72 // specified file if it does not exist. 73 // 74 // The path may contain environment variables that will be resolved during 75 // runtime. 76 // 77 // C2 Details: 78 // 79 // ID: TvSystemIO 80 // 81 // Input: 82 // uint8 // IO Type 83 // string // Path 84 // Output: 85 // uint8 // IO Type 86 func Touch(s string) *com.Packet { 87 n := &com.Packet{ID: TvSystemIO} 88 n.WriteUint8(taskIoTouch) 89 n.WriteString(s) 90 return n 91 } 92 93 // KillName returns a process kill Packet. This can be used to instruct to send 94 // a SIGKILL signal all to the specified processes that have the specified name. 95 // 96 // NOTE: This kills all processes that share this name. 97 // 98 // C2 Details: 99 // 100 // ID: TvSystemIO 101 // 102 // Input: 103 // uint8 // IO Type 104 // string // Process Name 105 // Output: 106 // uint8 // IO Type 107 func KillName(s string) *com.Packet { 108 n := &com.Packet{ID: TvSystemIO} 109 n.WriteUint8(taskIoKillName) 110 n.WriteString(s) 111 return n 112 } 113 114 // Download returns a download Packet. This will instruct the client to 115 // read the (client local) filepath provided and return the raw binary data. 116 // 117 // The source path may contain environment variables that will be resolved 118 // during runtime. 119 // 120 // C2 Details: 121 // 122 // ID: TvDownload 123 // 124 // Input: 125 // string // Target 126 // Output: 127 // string // Expanded Target Path 128 // bool // Target is Directory 129 // int64 // Size 130 // []byte // Data 131 func Download(src string) *com.Packet { 132 n := &com.Packet{ID: TvDownload} 133 n.WriteString(src) 134 return n 135 } 136 137 // Move returns a file move Packet. This can be used to instruct to move the 138 // specified source file to the specified destination path. 139 // 140 // The source and destination paths may contain environment variables that will 141 // be resolved during runtime. 142 // 143 // C2 Details: 144 // 145 // ID: TvSystemIO 146 // 147 // Input: 148 // uint8 // IO Type 149 // string // Source 150 // string // Destination 151 // Output: 152 // uint8 // IO Type 153 // string // Expanded Destination Path 154 // uint64 // Byte Count Written 155 func Move(src, dst string) *com.Packet { 156 n := &com.Packet{ID: TvSystemIO} 157 n.WriteUint8(taskIoMove) 158 n.WriteString(src) 159 n.WriteString(dst) 160 return n 161 } 162 163 // Copy returns a file copy Packet. This can be used to instruct to copy the 164 // specified source file to the specified destination path. 165 // 166 // The source and destination paths may contain environment variables that will 167 // be resolved during runtime. 168 // 169 // C2 Details: 170 // 171 // ID: TvSystemIO 172 // 173 // Input: 174 // uint8 // IO Type 175 // string // Source 176 // string // Destination 177 // Output: 178 // uint8 // IO Type 179 // string // Expanded Destination Path 180 // uint64 // Byte Count Written 181 func Copy(src, dst string) *com.Packet { 182 n := &com.Packet{ID: TvSystemIO} 183 n.WriteUint8(taskIoCopy) 184 n.WriteString(src) 185 n.WriteString(dst) 186 return n 187 } 188 189 // Pull returns a pull Packet. This will instruct the client to download the 190 // resource from the provided URL and write the data to the supplied local 191 // filesystem path. 192 // 193 // The path may contain environment variables that will be resolved during 194 // runtime. 195 // 196 // If the destination path is empty, the download results were be returned in the 197 // results instead. 198 // 199 // C2 Details: 200 // 201 // ID: TvPull 202 // 203 // Input: 204 // string // URL 205 // string // Target Path 206 // Output: 207 // string // Expanded Destination Path 208 // uint64 // Byte Count Written 209 // []byte // Data 210 func Pull(url, path string) *com.Packet { 211 return PullAgent(url, "", path) 212 } 213 214 // Upload returns an upload Packet. This will instruct the client to write the 215 // provided byte array to the filepath provided. The client will return the 216 // number of bytes written and the resulting expanded file path. 217 // 218 // The destination path may contain environment variables that will be resolved 219 // during runtime. 220 // 221 // C2 Details: 222 // 223 // ID: TvUpload 224 // 225 // Input: 226 // string // Destination 227 // []byte // File Data 228 // Output: 229 // string // Expanded Destination Path 230 // uint64 // Byte Count Written 231 func Upload(dst string, b []byte) *com.Packet { 232 n := &com.Packet{ID: TvUpload} 233 n.WriteString(dst) 234 n.Write(b) 235 return n 236 } 237 238 // ProcessDump will instruct the client to attempt to read and download then 239 // memory of the filter target. The returned data is a binary blob of the memory 240 // if successful. 241 // 242 // C2 Details: 243 // 244 // ID: TvProcDump 245 // 246 // Input: 247 // Filter struct { // Filter 248 // bool // Filter Status 249 // uint32 // PID 250 // bool // Fallback 251 // uint8 // Session 252 // uint8 // Elevated 253 // []string // Exclude 254 // []string // Include 255 // } 256 // Output: 257 // []byte // Data 258 func ProcessDump(f *filter.Filter) *com.Packet { 259 n := &com.Packet{ID: TvProcDump} 260 f.MarshalStream(n) 261 return n 262 } 263 264 // Delete returns a file delete Packet. This can be used to instruct to delete 265 // the specified file if it exists. 266 // 267 // Specify 'recurse' to True to delete a non-empty directory and all files in it. 268 // 269 // The path may contain environment variables that will be resolved during 270 // runtime. 271 // 272 // C2 Details: 273 // 274 // ID: TvSystemIO 275 // 276 // Input: 277 // uint8 // IO Type 278 // string // Path 279 // Output: 280 // uint8 // IO Type 281 func Delete(s string, recurse bool) *com.Packet { 282 n := &com.Packet{ID: TvSystemIO} 283 if recurse { 284 n.WriteUint8(taskIoDeleteAll) 285 } else { 286 n.WriteUint8(taskIoDelete) 287 } 288 n.WriteString(s) 289 return n 290 } 291 292 // PullAgent returns a pull Packet. This will instruct the client to download the 293 // resource from the provided URL and write the data to the supplied local 294 // filesystem path. 295 // 296 // The supplied 'agent' string (if non-empty) will specify the User-Agent header 297 // string to be used. 298 // 299 // The path may contain environment variables that will be resolved during 300 // runtime. 301 // 302 // If the destination path is empty, the download results were be returned in the 303 // results instead. 304 // 305 // C2 Details: 306 // 307 // ID: TvPull 308 // 309 // Input: 310 // string // URL 311 // string // User-Agent 312 // string // Target Path 313 // Output: 314 // string // Expanded Destination Path 315 // uint64 // Byte Count Written 316 // []byte // Data 317 func PullAgent(url, agent, path string) *com.Packet { 318 n := &com.Packet{ID: TvPull} 319 n.WriteString(url) 320 n.WriteString(agent) 321 n.WriteString(path) 322 return n 323 } 324 325 // UploadFile returns an upload Packet. This will instruct the client to write 326 // the provided (server local) file content to the filepath provided. The client 327 // will return the number of bytes written and the resulting expanded file path. 328 // 329 // The destination path may contain environment variables that will be resolved 330 // during runtime. 331 // 332 // The source path may contain environment variables that will be resolved on 333 // server execution. 334 // 335 // C2 Details: 336 // 337 // ID: TvUpload 338 // 339 // Input: 340 // string // Destination 341 // []byte // File Data 342 // Output: 343 // string // Expanded Destination Path 344 // uint64 // Byte Count Written 345 func UploadFile(dst, src string) (*com.Packet, error) { 346 // 0 - READONLY 347 f, err := os.OpenFile(device.Expand(src), 0, 0) 348 if err != nil { 349 return nil, err 350 } 351 n, err := UploadReader(dst, f) 352 f.Close() 353 return n, err 354 } 355 356 // UploadReader returns an upload Packet. This will instruct the client to write 357 // the provided reader content to the filepath provided. The client will return 358 // the number of bytes written and the resulting file path. 359 // 360 // The destination path may contain environment variables that will be resolved 361 // during runtime. 362 // 363 // C2 Details: 364 // 365 // ID: TvUpload 366 // 367 // Input: 368 // string // Destination 369 // []byte // File Data 370 // Output: 371 // string // Expanded Destination Path 372 // uint64 // Byte Count Written 373 func UploadReader(dst string, r io.Reader) (*com.Packet, error) { 374 n := &com.Packet{ID: TvUpload} 375 n.WriteString(dst) 376 _, err := io.Copy(n, r) 377 return n, err 378 } 379 380 // PullExecute returns a pull and execute Packet. This will instruct the client 381 // to download the resource from the provided URL and execute the downloaded data. 382 // 383 // The download data may be saved in a temporary location depending on what the 384 // resulting data type is or file extension. (see 'man.ParseDownloadHeader') 385 // 386 // This function allows for specifying a Filter struct to specify the target 387 // parent process and the boolean flag can be set to true/false to specify 388 // if the task should wait for the process to exit. 389 // 390 // Returns the same output as the 'Run*' tasks. 391 // 392 // C2 Details: 393 // 394 // ID: TvPullExecute 395 // 396 // Input: 397 // string // URL 398 // bool // Wait 399 // Filter struct { // Filter 400 // bool // Filter Status 401 // uint32 // PID 402 // bool // Fallback 403 // uint8 // Session 404 // uint8 // Elevated 405 // []string // Exclude 406 // []string // Include 407 // } 408 // Output: 409 // uint32 // PID 410 // int32 // Exit Code 411 func PullExecute(url string, w bool, f *filter.Filter) *com.Packet { 412 return PullExecuteAgent(url, "", w, f) 413 } 414 415 // Restart returns a shutdown Packet. This will instruct the client to initiate 416 // a restart/reboot operation. A reboot message, reason, force and timeout can 417 // be specified. Timeouts are specified in seconds. 418 // 419 // Message and Reason codes are only applicable to Windows devices and are ignored 420 // on non-Windows devices. 421 // 422 // C2 Details: 423 // 424 // ID: TvPower 425 // 426 // Input: 427 // string // Restart message (Windows only) 428 // uint32 // Timeout (seconds) 429 // uint32 // Reason code (Windows only) 430 // uint8 // Flags 431 // Output: 432 // <none> 433 func Restart(msg string, sec uint32, force bool, reason uint32) *com.Packet { 434 n := &com.Packet{ID: TvPower} 435 n.WriteString(msg) 436 n.WriteUint32(sec) 437 n.WriteUint32(reason) 438 var v uint8 = 1 439 if force { 440 v |= 2 441 } 442 n.WriteUint8(v) 443 return n 444 } 445 446 // Shutdown returns a shutdown Packet. This will instruct the client to initiate 447 // a shutdown/poweroff operation. A shutdown message, reason, force and timeout 448 // can be specified. Timeouts are specified in seconds. 449 // 450 // Message and Reason codes are only applicable to Windows devices and are ignored 451 // on non-Windows devices. 452 // 453 // C2 Details: 454 // 455 // ID: TvPower 456 // 457 // Input: 458 // string // Shutdown message (Windows only) 459 // uint32 // Timeout (seconds) 460 // uint32 // Reason code (Windows only) 461 // uint8 // Flags 462 // Output: 463 // <none> 464 func Shutdown(msg string, sec uint32, force bool, reason uint32) *com.Packet { 465 n := &com.Packet{ID: TvPower} 466 n.WriteString(msg) 467 n.WriteUint32(sec) 468 n.WriteUint32(reason) 469 var v uint8 = 0 470 if force { 471 v |= 2 472 } 473 n.WriteUint8(v) 474 return n 475 } 476 477 // PullExecuteAgent returns a pull and execute Packet. This will instruct the client 478 // to download the resource from the provided URL and execute the downloaded data. 479 // 480 // The supplied 'agent' string (if non-empty) will specify the User-Agent header 481 // string to be used. 482 // 483 // The download data may be saved in a temporary location depending on what the 484 // resulting data type is or file extension. (see 'man.ParseDownloadHeader') 485 // 486 // This function allows for specifying a Filter struct to specify the target 487 // parent process and the boolean flag can be set to true/false to specify 488 // if the task should wait for the process to exit. 489 // 490 // Returns the same output as the 'Run*' tasks. 491 // 492 // C2 Details: 493 // 494 // ID: TvPullExecute 495 // 496 // Input: 497 // string // URL 498 // string // User-Agent 499 // bool // Wait 500 // Filter struct { // Filter 501 // bool // Filter Status 502 // uint32 // PID 503 // bool // Fallback 504 // uint8 // Session 505 // uint8 // Elevated 506 // []string // Exclude 507 // []string // Include 508 // } 509 // Output: 510 // uint32 // PID 511 // int32 // Exit Code 512 func PullExecuteAgent(url, agent string, w bool, f *filter.Filter) *com.Packet { 513 n := &com.Packet{ID: TvPullExecute} 514 n.WriteString(url) 515 n.WriteString(agent) 516 n.WriteBool(w) 517 f.MarshalStream(n) 518 return n 519 } 520 521 // Netcat returns a network connection Packet. This will instruct the client to 522 // initiate a network call to the specified host:port with the provided protocol. 523 // Reading the results and timeouts can be specified, along with the payload to 524 // be sent. 525 // 526 // If 'read' is true, the resulting data stream results would be returned. 527 // 528 // C2 Details: 529 // 530 // ID: TvNetcat 531 // 532 // Input: 533 // string // Host:Port 534 // uint8 // Read | Protocol 535 // uint64 // Timeout 536 // []byte // Data to send 537 // Output: 538 // []byte // Result data (if read is true) 539 func Netcat(host string, proto uint8, t time.Duration, read bool, b []byte) *com.Packet { 540 n := &com.Packet{ID: TvNetcat} 541 n.WriteString(host) 542 p := proto 543 if read { 544 p |= 0x80 545 } 546 n.WriteUint8(p) 547 n.WriteUint64(uint64(t)) 548 n.WriteBytes(b) 549 return n 550 }