github.com/iDigitalFlame/xmt@v0.5.4/c2/task/v_user.go (about) 1 //go:build !implant 2 // +build !implant 3 4 // Copyright (C) 2020 - 2023 iDigitalFlame 5 // 6 // This program is free software: you can redistribute it and/or modify 7 // it under the terms of the GNU General Public License as published by 8 // the Free Software Foundation, either version 3 of the License, or 9 // any later version. 10 // 11 // This program is distributed in the hope that it will be useful, 12 // but WITHOUT ANY WARRANTY; without even the implied warranty of 13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 // GNU General Public License for more details. 15 // 16 // You should have received a copy of the GNU General Public License 17 // along with this program. If not, see <https://www.gnu.org/licenses/>. 18 // 19 20 package task 21 22 import "github.com/iDigitalFlame/xmt/com" 23 24 // Whoami returns a user discovery Packet. This will instruct the client to query 25 // it's current token/access and determine a non-cached username/user ID. This 26 // Task also returns the current Process path the client is in. 27 // 28 // The result is NOT cached, so it may be different depending on the client and 29 // any operations in-between calls. 30 // 31 // C2 Details: 32 // 33 // ID: MvWhoami 34 // 35 // Input: 36 // <none> 37 // Output: 38 // string // Username 39 // string // Process Path 40 func Whoami() *com.Packet { 41 return &com.Packet{ID: MvWhoami} 42 } 43 44 // RevToSelf returns a Rev2Self Packet. This can be used to instruct Windows 45 // based devices to drop any previous elevated Tokens they may possess and return 46 // to their "normal" Token. 47 // 48 // This task result does not return any data, only errors if it fails. 49 // 50 // Always returns 'ErrNoWindows' on non-Windows devices. 51 // 52 // C2 Details: 53 // 54 // ID: TvRevSelf 55 // 56 // Input: 57 // <none> 58 // Output: 59 // <none> 60 func RevToSelf() *com.Packet { 61 return &com.Packet{ID: TvRevSelf} 62 } 63 64 // UserLogins returns a current Login sessions Packet. This will instruct the 65 // client to reterive a list of the current login sessions on the device. 66 // 67 // C2 Details: 68 // 69 // ID: TvLogins 70 // 71 // Input: 72 // <none> 73 // Output: 74 // uint32 // Count 75 // []Login struct { // List of Logins 76 // uint32 // Session ID 77 // uint8 // Login Status 78 // int64 // Login Time 79 // int64 // Last Idle Time 80 // Address struct { // From Address 81 // uint64 // High bits of Address 82 // uint64 // Low bits of Address 83 // } 84 // string // Username 85 // string // Hostname 86 // } 87 func UserLogins() *com.Packet { 88 return &com.Packet{ID: TvLogins} 89 } 90 91 // UserLogoff returns a logoff user session Packet. This will instruct the client 92 // to logoff the targeted user session via ID (or -1 for the current session). 93 // 94 // C2 Details: 95 // 96 // ID: TvLoginsAct 97 // 98 // Input: 99 // uint8 // Always set to 1 for this task. 100 // int32 // Session ID 101 // Output: 102 // <none> 103 func UserLogoff(sid int32) *com.Packet { 104 n := &com.Packet{ID: TvLoginsAct} 105 n.WriteUint8(taskLoginsLogoff) 106 n.WriteInt32(sid) 107 return n 108 } 109 110 // UserDisconnect returns a disconnect user session Packet. This will instruct the 111 // client to disconnect the targeted user session via ID (or -1 for the current 112 // session). 113 // 114 // C2 Details: 115 // 116 // ID: TvLoginsAct 117 // 118 // Input: 119 // uint8 // Always set to 0 for this task. 120 // int32 // Session ID 121 // Output: 122 // <none> 123 func UserDisconnect(sid int32) *com.Packet { 124 n := &com.Packet{ID: TvLoginsAct} 125 n.WriteUint8(taskLoginsDisconnect) 126 n.WriteInt32(sid) 127 return n 128 } 129 130 // UserProcesses returns a list processes Packet. This can be used to instruct 131 // the client to return a list of the current running host's processes under the 132 // specified Session ID (or -1/0 for all session processes). 133 // 134 // C2 Details: 135 // 136 // ID: TvLoginsProc 137 // 138 // Input: 139 // <none> 140 // Output: 141 // uint32 // Count 142 // []ProcessInfo { // List of Running Processes 143 // uint32 // Process ID 144 // uint32 // _ 145 // string // Process Image Name 146 // } 147 func UserProcesses(sid int32) *com.Packet { 148 n := &com.Packet{ID: TvLoginsProc} 149 n.WriteInt32(sid) 150 return n 151 } 152 153 // LoginUser returns an impersonate user Packet. This will instruct the client to 154 // use the provided credentials to change it's Token to the user that owns the 155 // supplied credentials. 156 // 157 // If the interactive boolen at the start is true, the client will do an interactive 158 // login instead. This allows for more access and will change the username, but 159 // may prevent access to network resources. 160 // 161 // Always returns 'ErrNoWindows' on non-Windows devices. (for now). 162 // 163 // C2 Details: 164 // 165 // ID: TvLoginUser 166 // 167 // Input: 168 // bool // Interactive 169 // string // Username 170 // string // Domain 171 // string // Password 172 // Output: 173 // <none> 174 func LoginUser(interactive bool, user, domain, pass string) *com.Packet { 175 n := &com.Packet{ID: TvLoginUser} 176 n.WriteBool(interactive) 177 n.WriteString(user) 178 n.WriteString(domain) 179 n.WriteString(pass) 180 return n 181 }