exec

package
v0.0.0-...-8d1123e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2026 License: MIT Imports: 6 Imported by: 0

Documentation

Overview

Package exec provides execution primitives for the agent implant.

Techniques:

  • Shell command execution (cmd.exe / PowerShell)
  • BOF (Beacon Object File) loader — runs COFF .o in-process
  • .NET / CLR in-memory hosting (CLRCreateInstance)
  • PowerShell runspace (IPC via named pipe)
  • LOLBin execution helpers (certutil, mshta, wmic, etc.)
  • Alternate Data Stream (ADS) write + execute
  • PE reflective loader
  • Token / privilege manipulation
  • Timegate / OPSEC scheduling

Mixed dependency: BOF/peloader use winsyscall; shell/lolbin use exec.Command.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AdsExec 

func AdsExec(path string) (string, error)

func AdsRead 

func AdsRead(path string) ([]byte, error)

func AdsWrite 

func AdsWrite(path string, data []byte) error

func DotnetExecute 

func DotnetExecute(assemblyPath, typeName, methodName, argument string) (int32, error)

func ImpersonateToken 

func ImpersonateToken(_ uint32) (string, error)

func LolbinFetch 

func LolbinFetch(url, localPath, method string) error

func MakeToken 

func MakeToken(_, _, _ string) error

func MaskedSleep 

func MaskedSleep(duration time.Duration, _ []byte)

func PeLoad 

func PeLoad(rawPE []byte) (uintptr, error)

func PsEncode 

func PsEncode(command string) string

PsEncode is a stub on non-Windows.

func PsRunspace 

func PsRunspace(psScript, bridgePath string) (string, error)

func RevertToSelf 

func RevertToSelf() error

func RunCommand 

func RunCommand(method, command string, timeout int) (stdout, stderr string, exitCode int)

RunCommand executes a shell command on non-Windows platforms.

func StegoEncodeJPEG 

func StegoEncodeJPEG(carrierPath, outPath string, shellcode []byte, key byte, quality int) error

func StegoEncodePNG 

func StegoEncodePNG(carrierPath, outPath string, shellcode []byte, key byte) error

func StegoExtract 

func StegoExtract(imagePath string, key byte) ([]byte, error)

func StegoExtractAndRun 

func StegoExtractAndRun(imagePath string, key byte) error

func TokenListText 

func TokenListText(_ []TokenInfo) string

Types

type BOFResult 

type BOFResult struct {
	Output string
	Err    string
}

BOFResult holds the output and error string from a BOF execution.

func RunBOF 

func RunBOF(coffBytes []byte, args []byte) (*BOFResult, error)

type TimeGate 

type TimeGate struct {
	WorkStart int
	WorkEnd   int
	KillDate  string
}

TimeGate holds working-hours and kill-date configuration.

func (*TimeGate) IsActive 

func (tg *TimeGate) IsActive() (bool, string)

IsActive returns true if execution should proceed according to the time gate.

func (*TimeGate) SleepUntilActive 

func (tg *TimeGate) SleepUntilActive() error

SleepUntilActive blocks until the time gate allows execution.

type TokenInfo 

type TokenInfo struct {
	PID           uint32
	ProcessName   string
	Username      string
	Integrity     string
	Impersonating bool
}

TokenInfo holds information about a process's token.

func ListTokens 

func ListTokens() ([]TokenInfo, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.