github.com/iDigitalFlame/xmt@v0.5.4/c2/task/v_zombie.go (about) 1 //go:build !implant 2 // +build !implant 3 4 // Copyright (C) 2020 - 2023 iDigitalFlame 5 // 6 // This program is free software: you can redistribute it and/or modify 7 // it under the terms of the GNU General Public License as published by 8 // the Free Software Foundation, either version 3 of the License, or 9 // any later version. 10 // 11 // This program is distributed in the hope that it will be useful, 12 // but WITHOUT ANY WARRANTY; without even the implied warranty of 13 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 14 // GNU General Public License for more details. 15 // 16 // You should have received a copy of the GNU General Public License 17 // along with this program. If not, see <https://www.gnu.org/licenses/>. 18 // 19 20 package task 21 22 import ( 23 "io" 24 25 "github.com/iDigitalFlame/xmt/cmd" 26 "github.com/iDigitalFlame/xmt/data" 27 ) 28 29 // SetStdin wil attempt to read all the data from the supplied reader to fill 30 // the Stdin byte array for this Process struct. 31 // 32 // This function will return an error if any errors occurs during reading. 33 func (z *Zombie) SetStdin(r io.Reader) error { 34 var err error 35 z.Stdin, err = data.ReadAll(r) 36 return err 37 } 38 39 // ZombieAsm will create a Zombie Tasklet that can be used to run the supplied 40 // Assembly in a Zombie process that uses the specified command line arguments. 41 // 42 // The Filter attribute will attempt to set the target that runs the zombie 43 // Process. If none are specified, the Process will be ran under the client 44 // process. 45 // 46 // C2 Details: 47 // 48 // ID: WvZombie 49 // 50 // Input: 51 // Zombie struct { 52 // []byte // Data 53 // []string // Args 54 // string // Dir 55 // []string // Environment 56 // uint32 // Flags 57 // bool // Wait 58 // int64 // Timeout 59 // bool // Filter Status 60 // Filter struct { // Filter 61 // bool // Filter Status 62 // uint32 // PID 63 // bool // Fallback 64 // uint8 // Session 65 // uint8 // Elevated 66 // []string // Exclude 67 // []string // Include 68 // } 69 // []byte // Stdin Data 70 // } 71 // Output: 72 // uint32 // PID 73 // int32 // Exit Code 74 // []byte // Output (Stdout and Stderr) 75 func ZombieAsm(b []byte, args ...string) Zombie { 76 return Zombie{Data: b, Args: args} 77 } 78 79 // ZombieAsmFile will create a Zombie Tasklet that can be used to run the 80 // supplied Assembly from the specified local (server) file source in a Zombie 81 // process that uses the specified command line arguments. 82 // 83 // The Filter attribute will attempt to set the target that runs the zombie 84 // Process. If none are specified, the Process will be ran under the client 85 // process. 86 // 87 // C2 Details: 88 // 89 // ID: WvZombie 90 // 91 // Input: 92 // Zombie struct { 93 // []byte // Data 94 // []string // Args 95 // string // Dir 96 // []string // Environment 97 // uint32 // Flags 98 // bool // Wait 99 // int64 // Timeout 100 // bool // Filter Status 101 // Filter struct { // Filter 102 // bool // Filter Status 103 // uint32 // PID 104 // bool // Fallback 105 // uint8 // Session 106 // uint8 // Elevated 107 // []string // Exclude 108 // []string // Include 109 // } 110 // []byte // Stdin Data 111 // } 112 // Output: 113 // uint32 // PID 114 // int32 // Exit Code 115 // []byte // Output (Stdout and Stderr) 116 func ZombieAsmFile(s string, args ...string) (Zombie, error) { 117 b, err := data.ReadFile(s) 118 if err != nil { 119 return Zombie{}, err 120 } 121 return Zombie{Data: b, Args: args}, nil 122 } 123 124 // ZombieDLLFile will create a Zombie Tasklet that can be used to run the 125 // supplied DLL from the specified local (server) file source in a Zombie 126 // process that uses the specified command line arguments. 127 // 128 // The Filter attribute will attempt to set the target that runs the zombie 129 // Process. If none are specified, the Process will be ran under the client 130 // process. 131 // 132 // NOTE: This converts the DLL to Assembly. 133 // 134 // C2 Details: 135 // 136 // ID: WvZombie 137 // 138 // Input: 139 // Zombie struct { 140 // []byte // Data 141 // []string // Args 142 // string // Dir 143 // []string // Environment 144 // uint32 // Flags 145 // bool // Wait 146 // int64 // Timeout 147 // bool // Filter Status 148 // Filter struct { // Filter 149 // bool // Filter Status 150 // uint32 // PID 151 // bool // Fallback 152 // uint8 // Session 153 // uint8 // Elevated 154 // []string // Exclude 155 // []string // Include 156 // } 157 // []byte // Stdin Data 158 // } 159 // Output: 160 // uint32 // PID 161 // int32 // Exit Code 162 // []byte // Output (Stdout and Stderr) 163 func ZombieDLLFile(s string, args ...string) (Zombie, error) { 164 b, err := data.ReadFile(s) 165 if err != nil { 166 return Zombie{}, err 167 } 168 return Zombie{Data: cmd.DLLToASM("", b), Args: args}, nil 169 } 170 171 // ZombieDLLReader will create a Zombie Tasklet that can be used to run the 172 // supplied DLL from the specified reader source in a Zombie process that uses 173 // the specified command line arguments. 174 // 175 // The Filter attribute will attempt to set the target that runs the zombie 176 // Process. If none are specified, the Process will be ran under the client 177 // process. 178 // 179 // NOTE: This converts the DLL to Assembly. 180 // 181 // C2 Details: 182 // 183 // ID: WvZombie 184 // 185 // Input: 186 // Zombie struct { 187 // []byte // Data 188 // []string // Args 189 // string // Dir 190 // []string // Environment 191 // uint32 // Flags 192 // bool // Wait 193 // int64 // Timeout 194 // Filter struct { // Filter 195 // bool // Filter Status 196 // uint32 // PID 197 // bool // Fallback 198 // uint8 // Session 199 // uint8 // Elevated 200 // []string // Exclude 201 // []string // Include 202 // } 203 // []byte // Stdin Data 204 // } 205 // Output: 206 // uint32 // PID 207 // int32 // Exit Code 208 // []byte // Output (Stdout and Stderr) 209 func ZombieDLLReader(r io.Reader, args ...string) (Zombie, error) { 210 b, err := data.ReadAll(r) 211 if err != nil { 212 return Zombie{}, err 213 } 214 return Zombie{Data: cmd.DLLToASM("", b), Args: args}, nil 215 } 216 217 // ZombieAsmReader will create a Zombie Tasklet that can be used to run the 218 // supplied Assembly from the specified reader source in a Zombie process that 219 // uses the specified command line arguments. 220 // 221 // The Filter attribute will attempt to set the target that runs the zombie 222 // Process. If none are specified, the Process will be ran under the client 223 // process. 224 // 225 // C2 Details: 226 // 227 // ID: WvZombie 228 // 229 // Input: 230 // Zombie struct { 231 // []byte // Data 232 // []string // Args 233 // string // Dir 234 // []string // Environment 235 // uint32 // Flags 236 // bool // Wait 237 // int64 // Timeout 238 // bool // Filter Status 239 // Filter struct { // Filter 240 // bool // Filter Status 241 // uint32 // PID 242 // bool // Fallback 243 // uint8 // Session 244 // uint8 // Elevated 245 // []string // Exclude 246 // []string // Include 247 // } 248 // []byte // Stdin Data 249 // } 250 // Output: 251 // uint32 // PID 252 // int32 // Exit Code 253 // []byte // Output (Stdout and Stderr) 254 func ZombieAsmReader(r io.Reader, args ...string) (Zombie, error) { 255 b, err := data.ReadAll(r) 256 if err != nil { 257 return Zombie{}, err 258 } 259 return Zombie{Data: b, Args: args}, nil 260 }