commands

package
v1.6.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 10, 2023 License: GPL-3.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CLR 

func CLR(cmd jobs.Command) jobs.Results

CLR is the entrypoint for Jobs that are processed to determine which CLR function should be executed

func CreateProcess 

func CreateProcess(cmd jobs.Command) jobs.Results

CreateProcess spawns a child process with anonymous pipes, executes shellcode in it, and returns the output from the executed shellcode

func Download 

func Download(transfer jobs.FileTransfer) (result jobs.Results)

Download receives a job from the server to download a file to host where the Agent is running

func ExecuteCommand 

func ExecuteCommand(cmd jobs.Command) jobs.Results

ExecuteCommand runs the provided input program and arguments, returning results in a message base

func ExecuteShellcode 

func ExecuteShellcode(cmd jobs.Shellcode) jobs.Results

ExecuteShellcode instructs the agent to load and run shellcode according to the input job

func ExecuteShellcodeCreateProcessWithPipe 

func ExecuteShellcodeCreateProcessWithPipe(sc string, spawnto string, args string) (stdout string, stderr string, err error)

ExecuteShellcodeCreateProcessWithPipe creates a child process, redirects STDOUT/STDERR to an anonymous pipe, injects/executes shellcode, and retrieves output

func ExecuteShellcodeQueueUserAPC 

func ExecuteShellcodeQueueUserAPC(shellcode []byte, pid uint32) error

ExecuteShellcodeQueueUserAPC executes provided shellcode in the provided target process using the Windows QueueUserAPC API call

func ExecuteShellcodeRemote 

func ExecuteShellcodeRemote(shellcode []byte, pid uint32) error

ExecuteShellcodeRemote executes provided shellcode in the provided target process

func ExecuteShellcodeRtlCreateUserThread 

func ExecuteShellcodeRtlCreateUserThread(shellcode []byte, pid uint32) error

ExecuteShellcodeRtlCreateUserThread executes provided shellcode in the provided target process using the Windows RtlCreateUserThread call

func ExecuteShellcodeSelf 

func ExecuteShellcodeSelf(shellcode []byte) error

ExecuteShellcodeSelf executes provided shellcode in the current process

func Memfd 

func Memfd(cmd jobs.Command) (result jobs.Results)

Memfd places a linux executable file in-memory, executes it, and returns the results Uses the linux memfd_create API call to create an anonymous file https://man7.org/linux/man-pages/man2/memfd_create.2.html http://manpages.ubuntu.com/manpages/bionic/man2/memfd_create.2.html

func Memory added in v1.4.0 

func Memory(cmd jobs.Command) (results jobs.Results)

Memory is a handler for working with virtual memory on the host operating system

func MiniDump 

func MiniDump(cmd jobs.Command) (jobs.FileTransfer, error)

MiniDump is the top-level function used to receive a job and subsequently execute a Windows memory dump on the target process The function returns the memory dump as a file upload to the server

func Native 

func Native(cmd jobs.Command) jobs.Results

Native executes a golang native command that does not use any executables on the host

func Netstat added in v1.1.0 

func Netstat(cmd jobs.Command) jobs.Results

Netstat is used to print network connections on the target system

func PS added in v1.1.0 

func PS() jobs.Results

PS lists running processes Only available on Windows

func Pipes added in v1.1.0 

func Pipes() jobs.Results

Pipes is only a valid function on Windows agents...for now

func RunAs added in v1.2.0 

func RunAs(cmd jobs.Command) (results jobs.Results)

RunAs creates a new process as the provided user

func SSH added in v1.2.0 

func SSH(command jobs.Command) (results jobs.Results)

SSH executes a command on a remote host using the SSH protocol and does not provide an interactive session

func Setup added in v1.2.0 

func Setup() error

Setup is used to prepare the environment or context for subsequent commands and is specific to each operating system

func TearDown added in v1.2.0 

func TearDown() error

TearDown is the opposite of Setup and removes and environment or context applications

func Token added in v1.2.0 

func Token(cmd jobs.Command) jobs.Results

Token is the entrypoint for Jobs that are processed to determine which Token function should be executed

func Upload 

func Upload(transfer jobs.FileTransfer) (jobs.FileTransfer, error)

Upload receives a job from the server to upload a file from the host to the Merlin server

func Uptime added in v1.1.0 

func Uptime() jobs.Results

Uptime retrieves the system's uptime Windows only

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.