cc

package
v0.0.0-...-c30bc72 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 21, 2024 License: MIT Imports: 37 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SocketName = "/tmp/emp3r0r.socket"

	// for stupid goconst
	LOG  = "log"
	JSON = "JSON"
	CMD  = "cmd"
)
View Source 
const (
	// Temp where we save temp files
	Temp = "/tmp/emp3r0r/"

	// WWWRoot host static files for agent
	WWWRoot = Temp + "www/"

	// UtilsArchive host utils.tar.xz for agent
	UtilsArchive = WWWRoot + "utils.tar.xz"
)
View Source 
const (
	PromptName = "emp3r0r"
	ClearTerm  = "\033[2J"
)
View Source 
const AgentsJSON = "agents.json"
View Source 
const HELP = "help" // fuck goconst

Variables

View Source 
var (
	// DebugLevel what kind fof logs do we want to see
	// 3 (DEBUG) -> 2 (INFO) -> 1 (WARN)
	DebugLevel = 2

	// IsAPIEnabled Indicate whether we are in headless mode
	IsAPIEnabled = false

	// Prefix /usr or /usr/local, can be set through $EMP3R0R_PREFIX
	Prefix = ""

	// EmpWorkSpace workspace directory of emp3r0r
	EmpWorkSpace = ""

	// EmpDataDir prefix/lib/emp3r0r
	EmpDataDir = ""

	// EmpBuildDir prefix/lib/emp3r0r/build
	EmpBuildDir = ""

	// FileGetDir where we save #get files
	FileGetDir = ""

	// EmpConfigFile emp3r0r.json
	EmpConfigFile = ""

	// Targets target list, with control (tun) interface
	Targets      = make(map[*emp3r0r_data.AgentSystemInfo]*Control)
	TargetsMutex = sync.RWMutex{}

	// certs
	CACrtFile     string
	CAKeyFile     string
	ServerCrtFile string
	ServerKeyFile string
)
View Source 
var (
	// CliCompleter holds all command completions
	CliCompleter = readline.NewPrefixCompleter()

	// CmdCompls completions for readline
	CmdCompls []readline.PrefixCompleterInterface

	// InitCmdCompls initial completions for readline, so we can roll back
	InitCmdCompls []readline.PrefixCompleterInterface

	// EmpReadLine : our commandline
	EmpReadLine *readline.Instance

	// EmpPrompt : the prompt string
	EmpPrompt = color.HiCyanString(PromptName + " > ")
)
View Source 
var (
	// ModuleDir stores modules
	ModuleDirs []string

	// CurrentMod selected module
	CurrentMod = "<blank>"

	// CurrentTarget selected target
	CurrentTarget *emp3r0r_data.AgentSystemInfo

	// Options currently available options for `set`
	Options = make(map[string]*Option)

	// ShellHelpInfo provide utilities like ps, kill, etc
	// deprecated
	ShellHelpInfo = map[string]string{
		HELP:    "Display this help",
		"#ps":   "List processes: `ps`",
		"#kill": "Kill process: `kill <PID>`",
		"#net":  "Show network info",
		"put":   "Put a file from CC to agent: `put <local file> <remote path>`",
		"get":   "Get a file from agent: `get <remote file>`",
	}

	// ModuleHelpers a map of module helpers
	ModuleHelpers = map[string]func(){
		emp3r0r_data.ModGenAgent:     modGenAgent,
		emp3r0r_data.ModCMD_EXEC:     moduleCmd,
		emp3r0r_data.ModSHELL:        moduleShell,
		emp3r0r_data.ModPROXY:        moduleProxy,
		emp3r0r_data.ModPORT_FWD:     modulePortFwd,
		emp3r0r_data.ModLPE_SUGGEST:  moduleLPE,
		emp3r0r_data.ModGET_ROOT:     moduleGetRoot,
		emp3r0r_data.ModCLEAN_LOG:    moduleLogCleaner,
		emp3r0r_data.ModPERSISTENCE:  modulePersistence,
		emp3r0r_data.ModVACCINE:      moduleVaccine,
		emp3r0r_data.ModINJECTOR:     moduleInjector,
		emp3r0r_data.ModBring2CC:     moduleBring2CC,
		emp3r0r_data.ModGDB:          moduleGDB,
		emp3r0r_data.ModStager:       modStager,
		emp3r0r_data.ModSSHHarvester: module_ssh_harvester,
	}
)
View Source 
var (
	EmpTLSServer       *http.Server
	EmpTLSServerCtx    context.Context
	EmpTLSServerCancel context.CancelFunc
)
View Source 
var (
	// RShellStream reverse shell handler
	RShellStream = &StreamHandler{H2x: nil, BufSize: emp3r0r_data.RShellBufSize, Buf: make(chan []byte)}

	// ProxyStream proxy handler
	ProxyStream = &StreamHandler{H2x: nil, BufSize: emp3r0r_data.ProxyBufSize, Buf: make(chan []byte)}

	// FTPStreams file transfer handlers
	FTPStreams = make(map[string]*StreamHandler)

	// FTPMutex lock
	FTPMutex = &sync.Mutex{}

	// RShellStreams rshell handlers
	RShellStreams = make(map[string]*StreamHandler)

	// RShellMutex lock
	RShellMutex = &sync.Mutex{}

	// PortFwds port mappings/forwardings: { sessionID:StreamHandler }
	PortFwds = make(map[string]*PortFwdSession)

	// PortFwdsMutex lock
	PortFwdsMutex = &sync.Mutex{}
)
View Source 
var (
	// TermWidth
	TermWidth int

	// TermHeight
	TermHeight int

	// home tmux window
	HomeWindow string

	// Console titled "Command"
	CommandPane *Emp3r0rPane

	// Displays system info of selected agent
	AgentInfoPane *Emp3r0rPane

	// Displays agent output, separated from logs
	AgentOutputPane *Emp3r0rPane

	// Displays agent list
	AgentListPane *Emp3r0rPane

	// Displays bash shell for selected agent
	AgentShellPane *Emp3r0rPane

	// SFTP shell for selected agent
	AgentSFTPPane *Emp3r0rPane

	// Put all windows in this map
	TmuxPanes = make(map[string]*Emp3r0rPane)

	// CAT use this cat to replace /bin/cat
	CAT = "emp3r0r-cat"
)
View Source 
var APIConn net.Conn
View Source 
var Arch_List = []string{
	"386",
	"amd64",
	"arm",
	"arm64",
	"mips",
	"mips64",
	"riscv64",
}
View Source 
var Arch_List_All = []string{
	"386",
	"amd64",
	"arm",
	"arm64",
	"mips",
	"mips64",
	"riscv64",
}
View Source 
var Arch_List_Windows = []string{
	"386",
	"amd64",
}
View Source 
var CmdFuncs = map[string]func(){
	"ls_targets":    ls_targets,
	"ls_modules":    ListModules,
	"ls_port_fwds":  ListPortFwds,
	"info":          CliListOptions,
	"run":           ModuleRun,
	"screenshot":    TakeScreenshot,
	"file_manager":  OpenFileManager,
	"upgrade_agent": UpgradeAgent,
	"suicide":       Suicide,
}

CmdFuncs holds a map of helper functions

View Source 
var CmdFuncsWithArgs = map[string]func(string){
	"ls":              FSNoArgCmd,
	"pwd":             FSNoArgCmd,
	"cd":              FSSingleArgCmd,
	"mv":              FSDoubleArgCmd,
	"cp":              FSDoubleArgCmd,
	"rm":              FSSingleArgCmd,
	"mkdir":           FSSingleArgCmd,
	"put":             UploadToAgent,
	"get":             DownloadFromAgent,
	"ps":              FSNoArgCmd,
	"kill":            FSSingleArgCmd,
	"delete_port_fwd": DeletePortFwdSession,
	"debug":           setDebugLevel,
	"search":          ModuleSearch,
	"set":             setOptVal,
	"label":           setTargetLabel,
	"target":          setCurrentTarget,
}

CmdFuncsWithArgs commands that accept a single string parameter

View Source 
var CmdResults = make(map[string]string)

CmdResults receive response from agent and cache them

View Source 
var CmdResultsMutex = &sync.Mutex{}

mutex

View Source 
var CmdTime = make(map[string]string)

CmdTime Record the time spent on each command

View Source 
var CmdTimeMutex = &sync.Mutex{}
View Source 
var CommandHelp = map[string]string{
	HELP:              "Print this help, 'help <module>' gives help for a module",
	"target":          "Set target. eg. `target <index>`",
	"file_manager":    "Browse remote files in your local file manager with SFTP protocol",
	"set":             "Set an option. eg. `set <option> <val>`",
	"use":             "Use a module. eg. `use <module_name>`",
	"run":             "Run selected module, make sure you have set required options",
	"info":            "What options do we have?",
	"upgrade_agent":   "Upgrade agent on selected target",
	"ls":              "List current directory of selected agent",
	"mv":              "Move a file to another location on selected target",
	"cp":              "Copy a file to another location on selected target",
	"cd":              "Change current working directory of selected agent",
	"rm":              "Delete a file/directory on selected agent",
	"mkdir":           "Create new directory on selected agent",
	"pwd":             "Current working directory of selected agent",
	"ps":              "Process list of selected agent",
	"kill":            "Terminate a process on selected agent: eg. `kill <pid>`",
	"get":             "Download a file from selected agent",
	"put":             "Upload a file to selected agent",
	"screenshot":      "Take a screenshot of selected agent",
	"suicide":         "Kill agent process, delete agent root directory",
	"ls_targets":      "List all targets",
	"ls_modules":      "List all modules",
	"search":          "Search modules",
	"ls_port_fwds":    "List all port mappings",
	"debug":           "Set debug level: -1 (least verbose) to 1 (most verbose)",
	"delete_port_fwd": "Delete a port mapping",
	"exit":            "Exit",
}

CommandHelp holds all commands and their help string, command: help

View Source 
var LPEHelperURLs = map[string]string{
	"lpe_les":         "https://raw.githubusercontent.com/mzet-/linux-exploit-suggester/master/linux-exploit-suggester.sh",
	"lpe_lse":         "https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh",
	"lpe_linpeas":     "https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh",
	"lpe_winpeas.ps1": "https://raw.githubusercontent.com/carlospolop/PEASS-ng/master/winPEAS/winPEASps1/winPEAS.ps1",
	"lpe_winpeas.bat": "https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEAS.bat",
	"lpe_winpeas.exe": "https://github.com/carlospolop/PEASS-ng/releases/latest/download/winPEASany_ofs.exe",
}

LPEHelperURLs scripts that help you get root

View Source 
var LsDir []string

LsDir cache items in current directory

View Source 
var ModuleConfigs = make(map[string]ModConfig, 1)

stores module configs

View Source 
var ModuleNames = []string{}

stores module names

View Source 
var RShellStatus = make(map[string]error)

RShellStatus stores errors from reverseBash

View Source 
var RuntimeConfig = &emp3r0r_data.Config{}
View Source 
var SSHShellPort = make(map[string]string)

shell - port mapping one port for one shell

View Source 
var Stagers = []string{

	"linux/bash",

	"java",
	"php",
	"python",
	"python3",
	"perl",

	"windows/powershell",
	"windows/c#",
}

Functions

func APIListen 

func APIListen()

listen on a unix socket users can send commands to this socket as if they were using a console

func APIMain 

func APIMain()

func AdaptiveTable 

func AdaptiveTable(tableString string)

automatically resize CommandPane according to table width

func CliAlert 

func CliAlert(textColor color.Attribute, format string, a ...interface{})

CliAlert print log in blinking text

func CliAsk 

func CliAsk(prompt string, allow_empty bool) (answer string)

CliAsk prompt for an answer from user

func CliBanner 

func CliBanner() error

CliBanner prints banner

func CliFatalError 

func CliFatalError(format string, a ...interface{})

CliFatalError print log in red, and exit

func CliListCmds 

func CliListCmds(w io.Writer)

CliListCmds list all commands in tree format

func CliListOptions 

func CliListOptions()

CliListOptions list currently available options for `set`

func CliMain 

func CliMain()

CliMain launches the commandline UI

func CliMsg 

func CliMsg(format string, a ...interface{})

CliMsg print log in bold cyan, regardless of debug level

func CliPrettyPrint 

func CliPrettyPrint(header1, header2 string, map2write *map[string]string)

CliPrettyPrint prints two-column help info

func CliPrint 

func CliPrint(format string, a ...interface{})

CliPrint print in bold cyan without logging prefix, regardless of debug level

func CliPrintDebug 

func CliPrintDebug(format string, a ...interface{})

CliPrintDebug print log in blue

func CliPrintError 

func CliPrintError(format string, a ...interface{})

CliPrintError print log in red

func CliPrintInfo 

func CliPrintInfo(format string, a ...interface{})

CliPrintInfo print log in hiblue

func CliPrintSuccess 

func CliPrintSuccess(format string, a ...interface{})

CliPrintSuccess print log in green

func CliPrintWarning 

func CliPrintWarning(format string, a ...interface{})

CliPrintWarning print log in hiyellow

func CliYesNo 

func CliYesNo(prompt string) bool

CliYesNo prompt for a y/n answer from user

func CmdHandler 

func CmdHandler(cmd string) (err error)

CmdHandler processes user commands

func CmdHelp 

func CmdHelp(mod string)

CmdHelp prints help in two columns print help for modules

func CopyToClipboard 

func CopyToClipboard(data []byte)

CopyToClipboard copy data to clipboard using xsel -b

func CreateVaccineArchive 

func CreateVaccineArchive() (err error)

func DeletePortFwdSession 

func DeletePortFwdSession(cmd string)

DeletePortFwdSession delete a port mapping session by ID

func DownloadFile 

func DownloadFile(url, path string) (err error)

DownloadFile download file using default http client

func DownloadFromAgent 

func DownloadFromAgent(cmd string)

func FSDoubleArgCmd 

func FSDoubleArgCmd(cmd string)

func FSNoArgCmd 

func FSNoArgCmd(cmd string)

func FSSingleArgCmd 

func FSSingleArgCmd(cmd string)

func FitPanes 

func FitPanes(output_pane_x int)

FitPanes adjust width of panes to fit them in the terminal window triggered by agent output

func GenC2Certs 

func GenC2Certs(hosts []string) (err error)

GenC2Certs generate certificates for CA and emp3r0r C2 server

func GetDateTime 

func GetDateTime() (datetime string)

GetDateTime get current date and time, for logging

func GetFile 

func GetFile(filepath string, a *emp3r0r_data.AgentSystemInfo) error

GetFile get file from agent

func GetTargetDetails 

func GetTargetDetails(target *emp3r0r_data.AgentSystemInfo)

func GetTargetFromH2Conn 

func GetTargetFromH2Conn(conn *h2conn.Conn) (target *emp3r0r_data.AgentSystemInfo)

GetTargetFromH2Conn find target from Targets via HTTP2 connection ID, return nil if not found

func GetTargetFromIndex 

func GetTargetFromIndex(index int) (target *emp3r0r_data.AgentSystemInfo)

GetTargetFromIndex find target from Targets via control index, return nil if not found

func GetTargetFromTag 

func GetTargetFromTag(tag string) (target *emp3r0r_data.AgentSystemInfo)

GetTargetFromTag find target from Targets via tag, return nil if not found

func InitConfig 

func InitConfig() (err error)

InitConfig set workspace, module directories, etc

func InitConfigFile 

func InitConfigFile(cc_host string) (err error)

func InitModules 

func InitModules()

scan custom modules in ModuleDir, and update ModuleHelpers, ModuleDocs

func IsAgentExist 

func IsAgentExist(t *emp3r0r_data.AgentSystemInfo) bool

IsAgentExist is agent already in target list?

func IsAgentExistByTag 

func IsAgentExistByTag(tag string) bool

IsAgentExistByTag is agent already in target list?

func IsCCRunning 

func IsCCRunning() bool

IsCCRunning check if CC is already running

func KCPListenAndServe 

func KCPListenAndServe()

KCPListenAndServe KCP server for Shadowsocks

func ListModules 

func ListModules()

ListModules list all available modules

func ListPortFwds 

func ListPortFwds()

ListPortFwds list currently active port mappings

func ListTargets 

func ListTargets()

ListTargets list currently connected agents

func LoadCACrt 

func LoadCACrt() error

LoadCACrt load CA cert from file

func MakeConfig 

func MakeConfig() (err error)

func ModuleDetails 

func ModuleDetails(modName string)

Print module meta data

func ModuleRun 

func ModuleRun()

ModuleRun run current module

func ModuleSearch 

func ModuleSearch(cmd string)

search modules, powered by fuzzysearch

func OpenFileManager 

func OpenFileManager()

func OpenInNewTerminalWindow 

func OpenInNewTerminalWindow(name, cmd string) error

OpenInNewTerminalWindow run a command in new terminal emulator window

func PackAgentBinary 

func PackAgentBinary()

PackAgentBinary pack agent ELF binary with Packer()

func Packer 

func Packer(inputELF string) (err error)

Packer compress and encrypt ELF, append it to packer_stub.exe encryption key is generated from MagicString

func PutFile 

func PutFile(lpath, rpath string, a *emp3r0r_data.AgentSystemInfo) error

PutFile put file to agent

func SSHClient 

func SSHClient(shell, args, port string, split bool) (err error)

SSHClient ssh to sshd server, with shell access in a new tmux window shell: the executable to run, eg. bash, python port: serve this shell on agent side 127.0.0.1:port

func SelectCurrentTarget 

func SelectCurrentTarget() (target *emp3r0r_data.AgentSystemInfo)

SelectCurrentTarget check if current target is set and alive

func Send2Agent 

func Send2Agent(data *emp3r0r_data.MsgTunData, agent *emp3r0r_data.AgentSystemInfo) (err error)

Send2Agent send MsgTunData to agent

func SendCmd 

func SendCmd(cmd, cmd_id string, a *emp3r0r_data.AgentSystemInfo) error

SendCmd send command to agent

func SendCmdToCurrentTarget 

func SendCmdToCurrentTarget(cmd, cmd_id string) error

SendCmdToCurrentTarget send a command to currently selected agent

func SetAgentLabel 

func SetAgentLabel(a *emp3r0r_data.AgentSystemInfo) (label string)

SetAgentLabel if an agent is already labeled, we can set its label in later sessions

func SetDynamicPrompt 

func SetDynamicPrompt()

SetDynamicPrompt set prompt with module and target info

func SetOption 

func SetOption(args []string)

SetOption set an option to value, `set` command

func ShadowsocksServer 

func ShadowsocksServer()

Start Shadowsocks proxy server with a random password (RuntimeConfig.ShadowsocksPassword), listening on RuntimeConfig.ShadowsocksPort You can use the offical Shadowsocks program to start the same Shadowsocks server on any host that you find convenient

func StatFile 

func StatFile(filepath string, a *emp3r0r_data.AgentSystemInfo) (fi *util.FileStat, err error)

StatFile Get stat info of a file on agent

func Suicide 

func Suicide()

func TLSServer 

func TLSServer()

TLSServer start HTTPS server

func TakeScreenshot 

func TakeScreenshot()

TakeScreenshot take a screenshot of selected target, and download it open the picture if possible

func TermClear 

func TermClear()

TermClear clear screen

func TermSize 

func TermSize() (width, height int, err error)

TermSize Get terminal size

func TmuxCurrentPane 

func TmuxCurrentPane() (pane_id string)

returns the index of current pane returns -1 when error occurs

func TmuxCurrentWindow 

func TmuxCurrentWindow() (id string)

All panes live in this tmux window, returns the unique ID of the window returns "" when error occurs

func TmuxDeinitWindows 

func TmuxDeinitWindows()

TmuxDeinitWindows close previously opened tmux windows

func TmuxDisplay 

func TmuxDisplay(msg string) (res string)

func TmuxInitWindows 

func TmuxInitWindows() (err error)

TmuxInitWindows split current terminal into several windows/panes - command output window - current agent info

func TmuxKillWindow 

func TmuxKillWindow(id string) (err error)

func TmuxNewWindow 

func TmuxNewWindow(name, cmd string) error

TmuxNewWindow split tmux window, and run command in the new pane

func TmuxSetOpt 

func TmuxSetOpt(index, opt string) (err error)

Set tmux option of current tmux window

func TmuxSetPaneTitle 

func TmuxSetPaneTitle(title, pane_id string) error

func TmuxSplit 

func TmuxSplit(hV, cmd string) error

TmuxSplit split tmux window, and run command in the new pane

func TmuxSwitchWindow 

func TmuxSwitchWindow(window_id string) (res bool)

func TmuxUpdatePane 

func TmuxUpdatePane(pane *Emp3r0rPane)

Sync changes of a pane

func TmuxUpdatePanes 

func TmuxUpdatePanes()

func TmuxWindowSize 

func TmuxWindowSize() (x, y int)

TmuxWindowSize size in chars, of the current tmux window/tab

func UnlockDownloads 

func UnlockDownloads() error

UnlockDownloads if there are incomplete file downloads that are "locked", unlock them unless CC is actually running/downloading

func UpdateOptions 

func UpdateOptions(modName string) (exist bool)

UpdateOptions add new options according to current module

func UpgradeAgent 

func UpgradeAgent()

func UploadToAgent 

func UploadToAgent(cmd string)

func VimEdit 

func VimEdit(filepath string) (err error)

VimEdit launch local vim to edit files

Types

type APIResponse 

type APIResponse struct {
	Cmd     string // user cmd
	MsgType string // log/json/cmd, tells frontend where to put it
	MsgData []byte // data payload, can be a JSON string or ordinary string
	Alert   bool   // whether to alert the frontend user
}

APIResponse what the frontend sees, in JSON

type Control 

type Control struct {
	Index  int          // index of a connected agent
	Label  string       // custom label for an agent
	Conn   *h2conn.Conn // h2 connection of an agent
	Ctx    context.Context
	Cancel context.CancelFunc
}

Control controller interface of a target

type Emp3r0rPane 

type Emp3r0rPane struct {
	Alive    bool   // indicates that pane is not dead
	ID       string // tmux pane unique ID
	WindowID string // tmux window unique ID, indicates the window that the pane lives in
	Title    string // title of pane
	Name     string // intial title of pane, doesn't change even if pane is dead
	TTY      string // eg. /dev/pts/1, write to this file to get your message displayed on this pane
	PID      int    // PID of the process running in tmux pane
	Cmd      string // cmdline of the process
	Width    int    // width of pane, number of chars
	Height   int    // height of pane, number of chars
}

Emp3r0rPane a tmux window/pane that makes emp3r0r CC's interface

func TmuxNewPane 

func TmuxNewPane(title, hV string, target_pane_id string, size int, cmd string) (pane *Emp3r0rPane, err error)

TmuxNewPane split tmux window, and run command in the new pane hV: horizontal or vertical split target_pane: target_pane tmux index, split this pane size: percentage, do not append %

func (*Emp3r0rPane) ClearPane 

func (pane *Emp3r0rPane) ClearPane() (err error)

func (*Emp3r0rPane) KillPane 

func (pane *Emp3r0rPane) KillPane() (err error)

func (*Emp3r0rPane) PaneDetails 

func (pane *Emp3r0rPane) PaneDetails() (
	is_alive bool,
	title string,
	tty string,
	pid int,
	cmd string,
	width int,
	height int)

PaneDetails Get details of a tmux pane

func (*Emp3r0rPane) Printf 

func (pane *Emp3r0rPane) Printf(clear bool, format string, a ...interface{})

Printf like printf, but prints to a tmux pane/window id: pane unique id

func (*Emp3r0rPane) ResizePane 

func (pane *Emp3r0rPane) ResizePane(direction string, lines int) (err error)

ResizePane resize pane in x/y to number of lines

func (*Emp3r0rPane) Respawn 

func (pane *Emp3r0rPane) Respawn() (err error)

type LabeledAgent 

type LabeledAgent struct {
	Tag   string `json:"tag"`
	Label string `json:"label"`
}

type ModConfig 

type ModConfig struct {
	Name          string `json:"name"`        // Display as this name
	Exec          string `json:"exec"`        // Run this executable file
	Platform      string `json:"platform"`    // targeting which OS? Linux/Windows
	IsInteractive bool   `json:"interactive"` // whether run as a shell or not, eg. python, bettercap
	Author        string `json:"author"`      // by whom
	Date          string `json:"date"`        // when did you write it
	Comment       string `json:"comment"`     // describe your module in one line
	Path          string `json:"path"`        // where is this module stored? eg. ~/.emp3r0r/modules

	// option: [value, help]
	// eg.
	// "option you see in emp3r0r console": ["a parameter of your module", "describe how to use this parameter"]
	Options map[string][]string `json:"options"`
}

ModConfig config.json of a module Example 

{
    "name": "LES",
    "exec": "les.sh",
    "platform": "Linux",
    "interactive": false,
    "author": "jm33-ng",
    "date": "2022-01-12",
    "comment": "https://github.com/mzet-/linux-exploit-suggester",
    "options": {
        "args": ["--checksec", "run les.sh with this commandline arg"]
    }
}

type Option 

type Option struct {
	Name string   // like `module`, `target`, `cmd_to_exec`
	Val  string   // the value to use
	Vals []string // possible values
}

Option all necessary info of an option

type PortFwdSession 

type PortFwdSession struct {
	Protocol    string       // TCP or UDP
	Lport       string       // listen_port
	To          string       // to address
	Description string       // fmt.Sprintf("%s (Local) -> %s (Agent)", listenPort, to_addr)
	Reverse     bool         // from agent to cc or cc to agent
	Listener    *net.UDPConn // if mapping is UDP, we need its listener
	Timeout     int          // timeout in seconds

	Agent  *emp3r0r_data.AgentSystemInfo // agent who holds this port mapping session
	Sh     map[string]*StreamHandler     // related to HTTP handler
	Ctx    context.Context               // PortFwd context
	Cancel context.CancelFunc            // PortFwd cancel
}

PortFwdSession holds controller interface of a port-fwd session

func (*PortFwdSession) InitReversedPortFwd 

func (pf *PortFwdSession) InitReversedPortFwd() (err error)

InitReversedPortFwd send portfwd command to agent and set up a reverse port mapping

func (*PortFwdSession) RunPortFwd 

func (pf *PortFwdSession) RunPortFwd() (err error)

RunPortFwd forward from ccPort to dstPort on agent, via h2conn as if the dstPort is listening on CC machine

func (*PortFwdSession) RunReversedPortFwd 

func (pf *PortFwdSession) RunReversedPortFwd(sh *StreamHandler) (err error)

RunReversedPortFwd expose service on CC side to agent, via h2conn as if the service is listening on agent machine

type StreamHandler 

type StreamHandler struct {
	H2x     *emp3r0r_data.H2Conn // h2conn with context
	Buf     chan []byte          // buffer for receiving data
	Token   string               // token string, for agent auth
	BufSize int                  // buffer size for reverse shell should be 1
}

StreamHandler allow the http handler to use H2Conn

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.