github.com/iDigitalFlame/xmt@v0.5.4/c2/task/v_zombie.go (about)

     1  //go:build !implant
     2  // +build !implant
     3  
     4  // Copyright (C) 2020 - 2023 iDigitalFlame
     5  //
     6  // This program is free software: you can redistribute it and/or modify
     7  // it under the terms of the GNU General Public License as published by
     8  // the Free Software Foundation, either version 3 of the License, or
     9  // any later version.
    10  //
    11  // This program is distributed in the hope that it will be useful,
    12  // but WITHOUT ANY WARRANTY; without even the implied warranty of
    13  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    14  // GNU General Public License for more details.
    15  //
    16  // You should have received a copy of the GNU General Public License
    17  // along with this program.  If not, see <https://www.gnu.org/licenses/>.
    18  //
    19  
    20  package task
    21  
    22  import (
    23  	"io"
    24  
    25  	"github.com/iDigitalFlame/xmt/cmd"
    26  	"github.com/iDigitalFlame/xmt/data"
    27  )
    28  
    29  // SetStdin wil attempt to read all the data from the supplied reader to fill
    30  // the Stdin byte array for this Process struct.
    31  //
    32  // This function will return an error if any errors occurs during reading.
    33  func (z *Zombie) SetStdin(r io.Reader) error {
    34  	var err error
    35  	z.Stdin, err = data.ReadAll(r)
    36  	return err
    37  }
    38  
    39  // ZombieAsm will create a Zombie Tasklet that can be used to run the supplied
    40  // Assembly in a Zombie process that uses the specified command line arguments.
    41  //
    42  // The Filter attribute will attempt to set the target that runs the zombie
    43  // Process. If none are specified, the Process will be ran under the client
    44  // process.
    45  //
    46  // C2 Details:
    47  //
    48  //	ID: WvZombie
    49  //
    50  //	Input:
    51  //	    Zombie struct {
    52  //	        []byte          // Data
    53  //	        []string        // Args
    54  //	        string          // Dir
    55  //	        []string        // Environment
    56  //	        uint32          // Flags
    57  //	        bool            // Wait
    58  //	        int64           // Timeout
    59  //	        bool            // Filter Status
    60  //	        Filter struct { // Filter
    61  //	            bool        // Filter Status
    62  //	            uint32      // PID
    63  //	            bool        // Fallback
    64  //	            uint8       // Session
    65  //	            uint8       // Elevated
    66  //	            []string    // Exclude
    67  //	            []string    // Include
    68  //	        }
    69  //	        []byte          // Stdin Data
    70  //	    }
    71  //	Output:
    72  //	    uint32              // PID
    73  //	    int32               // Exit Code
    74  //	    []byte              // Output (Stdout and Stderr)
    75  func ZombieAsm(b []byte, args ...string) Zombie {
    76  	return Zombie{Data: b, Args: args}
    77  }
    78  
    79  // ZombieAsmFile will create a Zombie Tasklet that can be used to run the
    80  // supplied Assembly from the specified local (server) file source in a Zombie
    81  // process that uses the specified command line arguments.
    82  //
    83  // The Filter attribute will attempt to set the target that runs the zombie
    84  // Process. If none are specified, the Process will be ran under the client
    85  // process.
    86  //
    87  // C2 Details:
    88  //
    89  //	ID: WvZombie
    90  //
    91  //	Input:
    92  //	    Zombie struct {
    93  //	        []byte          // Data
    94  //	        []string        // Args
    95  //	        string          // Dir
    96  //	        []string        // Environment
    97  //	        uint32          // Flags
    98  //	        bool            // Wait
    99  //	        int64           // Timeout
   100  //	        bool            // Filter Status
   101  //	        Filter struct { // Filter
   102  //	            bool        // Filter Status
   103  //	            uint32      // PID
   104  //	            bool        // Fallback
   105  //	            uint8       // Session
   106  //	            uint8       // Elevated
   107  //	            []string    // Exclude
   108  //	            []string    // Include
   109  //	        }
   110  //	        []byte          // Stdin Data
   111  //	    }
   112  //	Output:
   113  //	    uint32              // PID
   114  //	    int32               // Exit Code
   115  //	    []byte              // Output (Stdout and Stderr)
   116  func ZombieAsmFile(s string, args ...string) (Zombie, error) {
   117  	b, err := data.ReadFile(s)
   118  	if err != nil {
   119  		return Zombie{}, err
   120  	}
   121  	return Zombie{Data: b, Args: args}, nil
   122  }
   123  
   124  // ZombieDLLFile will create a Zombie Tasklet that can be used to run the
   125  // supplied DLL from the specified local (server) file source in a Zombie
   126  // process that uses the specified command line arguments.
   127  //
   128  // The Filter attribute will attempt to set the target that runs the zombie
   129  // Process. If none are specified, the Process will be ran under the client
   130  // process.
   131  //
   132  // NOTE: This converts the DLL to Assembly.
   133  //
   134  // C2 Details:
   135  //
   136  //	ID: WvZombie
   137  //
   138  //	Input:
   139  //	    Zombie struct {
   140  //	        []byte          // Data
   141  //	        []string        // Args
   142  //	        string          // Dir
   143  //	        []string        // Environment
   144  //	        uint32          // Flags
   145  //	        bool            // Wait
   146  //	        int64           // Timeout
   147  //	        bool            // Filter Status
   148  //	        Filter struct { // Filter
   149  //	            bool        // Filter Status
   150  //	            uint32      // PID
   151  //	            bool        // Fallback
   152  //	            uint8       // Session
   153  //	            uint8       // Elevated
   154  //	            []string    // Exclude
   155  //	            []string    // Include
   156  //	        }
   157  //	        []byte          // Stdin Data
   158  //	    }
   159  //	Output:
   160  //	    uint32              // PID
   161  //	    int32               // Exit Code
   162  //	    []byte              // Output (Stdout and Stderr)
   163  func ZombieDLLFile(s string, args ...string) (Zombie, error) {
   164  	b, err := data.ReadFile(s)
   165  	if err != nil {
   166  		return Zombie{}, err
   167  	}
   168  	return Zombie{Data: cmd.DLLToASM("", b), Args: args}, nil
   169  }
   170  
   171  // ZombieDLLReader will create a Zombie Tasklet that can be used to run the
   172  // supplied DLL from the specified reader source in a Zombie process that uses
   173  // the specified command line arguments.
   174  //
   175  // The Filter attribute will attempt to set the target that runs the zombie
   176  // Process. If none are specified, the Process will be ran under the client
   177  // process.
   178  //
   179  // NOTE: This converts the DLL to Assembly.
   180  //
   181  // C2 Details:
   182  //
   183  //	ID: WvZombie
   184  //
   185  //	Input:
   186  //	    Zombie struct {
   187  //	        []byte          // Data
   188  //	        []string        // Args
   189  //	        string          // Dir
   190  //	        []string        // Environment
   191  //	        uint32          // Flags
   192  //	        bool            // Wait
   193  //	        int64           // Timeout
   194  //	        Filter struct { // Filter
   195  //	            bool        // Filter Status
   196  //	            uint32      // PID
   197  //	            bool        // Fallback
   198  //	            uint8       // Session
   199  //	            uint8       // Elevated
   200  //	            []string    // Exclude
   201  //	            []string    // Include
   202  //	        }
   203  //	        []byte          // Stdin Data
   204  //	    }
   205  //	Output:
   206  //	    uint32              // PID
   207  //	    int32               // Exit Code
   208  //	    []byte              // Output (Stdout and Stderr)
   209  func ZombieDLLReader(r io.Reader, args ...string) (Zombie, error) {
   210  	b, err := data.ReadAll(r)
   211  	if err != nil {
   212  		return Zombie{}, err
   213  	}
   214  	return Zombie{Data: cmd.DLLToASM("", b), Args: args}, nil
   215  }
   216  
   217  // ZombieAsmReader will create a Zombie Tasklet that can be used to run the
   218  // supplied Assembly from the specified reader source in a Zombie process that
   219  // uses the specified command line arguments.
   220  //
   221  // The Filter attribute will attempt to set the target that runs the zombie
   222  // Process. If none are specified, the Process will be ran under the client
   223  // process.
   224  //
   225  // C2 Details:
   226  //
   227  //	ID: WvZombie
   228  //
   229  //	Input:
   230  //	    Zombie struct {
   231  //	        []byte          // Data
   232  //	        []string        // Args
   233  //	        string          // Dir
   234  //	        []string        // Environment
   235  //	        uint32          // Flags
   236  //	        bool            // Wait
   237  //	        int64           // Timeout
   238  //	        bool            // Filter Status
   239  //	        Filter struct { // Filter
   240  //	            bool        // Filter Status
   241  //	            uint32      // PID
   242  //	            bool        // Fallback
   243  //	            uint8       // Session
   244  //	            uint8       // Elevated
   245  //	            []string    // Exclude
   246  //	            []string    // Include
   247  //	        }
   248  //	        []byte          // Stdin Data
   249  //	    }
   250  //	Output:
   251  //	    uint32              // PID
   252  //	    int32               // Exit Code
   253  //	    []byte              // Output (Stdout and Stderr)
   254  func ZombieAsmReader(r io.Reader, args ...string) (Zombie, error) {
   255  	b, err := data.ReadAll(r)
   256  	if err != nil {
   257  		return Zombie{}, err
   258  	}
   259  	return Zombie{Data: b, Args: args}, nil
   260  }