protocol

package
v1.58.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2026 License: Apache-2.0 Imports: 20 Imported by: 10

Documentation

Overview

Network protocols. The core go-exploit protocol package contains a set of helper functions for common HTTP, TCP, and UDP actions and subpackages are provided to handle complex or specific use cases.

Index

Constants

This section is empty.

Variables

View Source 
var GlobalCommTimeout = 10

GlobalCommTimeout is the default timeout for all socket communications.

View Source 
var GlobalUA string

GlobalUA is the default User-Agent for all go-exploit comms

Functions

func BasicAuth added in v1.7.0 

func BasicAuth(username, password string) string

BasicAuth takes a username and password and returns a string suitable for an Authorization header. 

resp, body, ok = protocol.HTTPSendAndRecvWithHeaders("GET", fmt.Sprintf("%s?%s", url, params), "", map[string]string{
	"Authorization": protocol.BasicAuth(conf.GetStringFlag("username"), conf.GetStringFlag("password")),
	"Cookie":        sessionID,
})

func BuildURI added in v1.0.11 

func BuildURI(paths ...string) string

Using the variable amount of paths, return a URI without any extra '/'.

func CookieString added in v1.22.0 

func CookieString(cookies []*http.Cookie) string

Turns net/http []*Cookie into a string for adding to the Cookie header. 

if resp.StatusCode == 302 {
	output.PrintfStatus("Account '%s' appears to be successfully registered with password '%s'", email, password)

	return protocol.CookieString(resp.Cookies()), true
}

func CreateRequest 

func CreateRequest(verb string, url string, payload string, followRedirect bool) (*http.Client, *http.Request, bool)

Creates the HTTP client, generates the HTTP request, and sets the default user-agent.

func CreateRequestParams 

func CreateRequestParams(params map[string]string) string

Converts a map of strings into a single string in application/x-www-urlencoded format (but does not encode the params).

func CreateRequestParamsEncoded 

func CreateRequestParamsEncoded(params map[string]string) string

CreateRequestParamsEncoded is the encoded version of CreateRequestParams.

func DoRawHTTPRequest 

func DoRawHTTPRequest(rhost string, rport int, uri string, verb string) bool

Go doesn't always like sending our exploit URI so use this raw version. SSL not implemented.

func DoRequest 

func DoRequest(client *http.Client, req *http.Request) (*http.Response, string, bool)

Provided an HTTP client and a request, this function triggers the HTTP request and converts the response body to a string.

func GenerateURL 

func GenerateURL(rhost string, rport int, ssl bool, uri string) string

Returns a valid HTTP/HTTPS URL provided the given input.

func GetSetCookieValue added in v1.8.0 

func GetSetCookieValue(resp *http.Response, name string) (string, bool)

Provided an HTTP request, find the Set-Cookie headers, and extract the value of the specified cookie.

func HTTPGetCache added in v1.21.0 

func HTTPGetCache(url string) (*http.Response, string, bool)

Send a HTTP GET request and cache it in the go-exploit database.

func HTTPSendAndRecv 

func HTTPSendAndRecv(verb string, url string, payload string) (*http.Response, string, bool)

Generic send HTTP request and receive response.

func HTTPSendAndRecvNoRedirect 

func HTTPSendAndRecvNoRedirect(verb string, url string, payload string) (*http.Response, string, bool)

Send an HTTP request but do not follow the 302 redirect.

func HTTPSendAndRecvURLEncoded 

func HTTPSendAndRecvURLEncoded(verb string, url string, params map[string]string) (*http.Response, string, bool)

Send an HTTP request, with the provided parameters in the params map stored in the body. Return the response and response body.

Note that this function *will not* attempt to url encode the params.

func HTTPSendAndRecvURLEncodedAndHeaders 

func HTTPSendAndRecvURLEncodedAndHeaders(verb string, url string, params map[string]string,
	headers map[string]string,
) (*http.Response, string, bool)

Send an HTTP request, with the provided parameters in the params map stored in the body, and with extra headers specified in the headers map. Return the response and response body.

Note that this function *will not* attempt to url encode the params.

func HTTPSendAndRecvURLEncodedParams 

func HTTPSendAndRecvURLEncodedParams(verb string, url string, params map[string]string) (*http.Response, string, bool)

Send an HTTP request, with the provided parameters in the params map URL encoded in the body. Return the response and response body.

Note that this function *will* attempt to url encode the params.

func HTTPSendAndRecvURLEncodedParamsAndHeaders 

func HTTPSendAndRecvURLEncodedParamsAndHeaders(verb string, url string, params map[string]string,
	headers map[string]string,
) (*http.Response, string, bool)

Send an HTTP request, with the provided parameters in the params map URL encoded in the body, and with extra headers specified in the headers map. Return the response and response body.

Note that this function *will* attempt to url encode the params.

func HTTPSendAndRecvWithHeaders 

func HTTPSendAndRecvWithHeaders(verb string, url string, payload string, headers map[string]string) (*http.Response, string, bool)

Send an HTTP request with extra headers specified in the headers map. Return the response and response body.

func HTTPSendAndRecvWithHeadersNoRedirect 

func HTTPSendAndRecvWithHeadersNoRedirect(verb string, url string, payload string,
	headers map[string]string,
) (*http.Response, string, bool)

Send an HTTP request with extra headers and does not follow redirects. This naming scheme is a little out of control.

func MixedConnect added in v1.0.17 

func MixedConnect(host string, port int, ssl bool) (net.Conn, bool)

Connections to the remote target with or without encryption depending on the ssl bool.

func MultipartAddField 

func MultipartAddField(writer *multipart.Writer, name string, value string) bool

Adds a multipart field for data values without additional header or file requirements. 

output.PrintfStatus("Uploading file: %s", fileName)
form, w := protocol.MultipartCreateForm()

protocol.MultipartAddField(w, "action", "wpr_addons_upload_file")
protocol.MultipartAddField(w, "max_file_size", "0")
protocol.MultipartAddField(w, "allowed_file_types", "ph$p")
protocol.MultipartAddField(w, "triggering_event", "click")
protocol.MultipartAddField(w, "wpr_addons_nonce", nonce)
protocol.MultipartAddFile(w, "uploaded_file", fileName, "text/plain", generated)

w.Close()

func MultipartAddFile added in v1.0.5 

func MultipartAddFile(writer *multipart.Writer, name, filename, ctype, value string) bool

Add a file and content type for a multipart form.

func MultipartAddPart added in v1.31.0 

func MultipartAddPart(writer *multipart.Writer, headers map[string]string, body string) bool

Create part for multipart forms that can include the header types. 

form, formWriter := protocol.MultipartCreateForm()
protocol.MultipartAddPart(formWriter, map[string]string{
	"Content-Disposition": `form-data; name="real"`,
	"Content-Type":        "text/plain",
}, fmt.Sprintf(`/../../../%s/`, mainPath))
protocol.MultipartAddPart(formWriter, map[string]string{
	"Content-Disposition": `form-data; name="version"`,
	"Content-Type":        "text/plain",
}, random.RandLettersRange(8, 10))
protocol.MultipartAddFile(
	formWriter,
	"file",
	random.RandLettersRange(8, 17)+".zip",
	"application/octet-stream",
	string(zipFile),
)
formWriter.Close()

func MultipartCreateForm added in v1.0.6 

func MultipartCreateForm() (*strings.Builder, *multipart.Writer)

Create a HTTP multipart form and writer. This is a helper function around the Go standard library packages and can be combined with MultipartAddField, MultipartAddPart, and MultipartAddFile functions to quickly create complicated multipart requests. 

form, formWriter := protocol.MultipartCreateForm()
protocol.MultipartAddPart(formWriter, map[string]string{
	"Content-Disposition": `form-data; name="uploadPath"`,
}, `/`)
protocol.MultipartAddPart(formWriter, map[string]string{
	"Content-Disposition": `form-data; name="uploadFile_x"`,
}, `-1000`)
protocol.MultipartAddPart(formWriter, map[string]string{
	"Content-Disposition": `form-data; name="uploadFile_y"`,
}, `-1000`)
protocol.MultipartAddPart(formWriter, map[string]string{
	"Content-Disposition": `form-data; name="uploadFile_width"`,
}, `1920`)
protocol.MultipartAddPart(formWriter, map[string]string{
	"Content-Disposition": `form-data; name="uploadFile_height"`,
}, `1080`)
protocol.MultipartAddFile(formWriter, "uploadFile", fmt.Sprintf("%s.bmp", name), "image/bmp", webshellData)
formWriter.Close()

url := conf.GenerateURL("/simpleeditor/imageManager/uploadImage.do")
headers := map[string]string{
	"Content-Type": fmt.Sprintf(`multipart/form-data; boundary="%s"`, formWriter.Boundary()),
}

output.PrintfStatus("Exploiting %s", url)
resp, body, ok := protocol.HTTPSendAndRecvWithHeaders("POST", url, form.String(), headers)
if !ok {
	return false
}
if resp.StatusCode != 200 {
	output.PrintfDebug("RunExploit failed: status-code=%d resp=%#v body=%q", resp.StatusCode, resp, body)

	return false
}

func MultipartCreateFormFields added in v1.46.0 

func MultipartCreateFormFields(writer *multipart.Writer, fieldMap map[string]string) bool

MultipartCreateFormFields generates multipart form data out of the field names and values provided via fieldMap and writes this to writer. It returns a bool to indicate success or failure. 

webshellName := fmt.Sprintf("%s.php", random.RandLettersRange(3, 5))
form, formWriter := protocol.MultipartCreateForm()
fields := map[string]string{
	"dzuuid":            uuid.NewString(),
	"dzchunkindex":      "0",
	"dztotalfilesize":   fmt.Sprintf("%d", len(webshellContents)),
	"dzchunksize":       "2000000",
	"dztotalchunkcount": "1",
	"dzchunkbyteoffset": "0",
	"fwbrand":           conf.GetStringFlag("path"),
	"fwmodel":           random.RandLettersRange(3, 5),
	"fwversion":         fmt.Sprintf("%d", random.RandIntRange(1, 10)),
}

if !protocol.MultipartCreateFormFields(formWriter, fields) {
	output.PrintDebug("Failed creating multipart form fields")

	return "", false
}

if !protocol.MultipartAddFile(formWriter, "file", webshellName, "application/octet-stream", webshellContents) {
	output.PrintDebug("Failed adding file to multipart form")

	return "", false
}

formWriter.Close()

resp, body, ok := protocol.HTTPSendAndRecvWithHeaders("POST", url, form.String(), map[string]string{
	"Cookie":       cookies,
	"Content-Type": formWriter.FormDataContentType(),
	"Referer":      conf.GenerateURL("/admin/config.php?display=endpoint&view=custfwupgrade"),
})
if !ok {
	return "", false
}

func ParseCookies added in v1.0.9 

func ParseCookies(resp *http.Response) string

ParseCookies parses an HTTP response and returns a string suitable for a Cookie header.

func SetRequestHeaders 

func SetRequestHeaders(req *http.Request, headers map[string]string)

Provided a map of headers, this function loops through them and sets them in the http request.

func TCPConnect 

func TCPConnect(host string, port int) (net.Conn, bool)

Connects to a remote target without encryption.

func TCPReadAmount 

func TCPReadAmount(conn net.Conn, amount int) ([]byte, bool)

Read a set amount of data from a TCP connection.

func TCPReadAmountBlind added in v1.32.0 

func TCPReadAmountBlind(conn net.Conn, amount int) ([]byte, bool)

Read an amount and dont log errors if we fail to read from the socket.

func TCPWrite 

func TCPWrite(conn net.Conn, data []byte) bool

Write data to a TCP connection.

func TLSConnect added in v1.0.17 

func TLSConnect(host string, port int) (net.Conn, bool)

Connects to the remote target with encryption.

func UDPConnect added in v1.0.2 

func UDPConnect(host string, port int) (*net.UDPConn, bool)

Dial to a UDP network socket with resolution.

func UDPReadAmount added in v1.0.2 

func UDPReadAmount(conn *net.UDPConn, amount int) ([]byte, bool)

Read data from a UDP socket.

func UDPWrite added in v1.0.2 

func UDPWrite(conn *net.UDPConn, data []byte) bool

Write data to a UDP connection.

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
AFP network protocol
 AFP network protocol
Package ajp is a very basic (and incomplete) implementation of the AJPv13 protocol.
 Package ajp is a very basic (and incomplete) implementation of the AJPv13 protocol.
A library for .NET remoting functionality
 A library for .NET remoting functionality
Package fortinet is a very basic (and incomplete) implementation of Fortinet FGFM protocol
 Package fortinet is a very basic (and incomplete) implementation of Fortinet FGFM protocol
Package ikev2 A (very) basic framework for an ikev2 protocol.
 Package ikev2 A (very) basic framework for an ikev2 protocol.
`msg.go` contains the logic for building, reading, accessing, and serializing RouterOS M2 messages.
 `msg.go` contains the logic for building, reading, accessing, and serializing RouterOS M2 messages.
Package rocketmq is a very basic (and incomplete) implementation of RocketMQ remoting protocol
 Package rocketmq is a very basic (and incomplete) implementation of RocketMQ remoting protocol
sip
Package sip is a very basic (and incomplete) implementation of SIP messaging protocol.
 Package sip is a very basic (and incomplete) implementation of SIP messaging protocol.
examples/call command
This example registers an endpoint (user authentication) in a server and starts a call (only the SIP related part).
 This example registers an endpoint (user authentication) in a server and starts a call (only the SIP related part).
examples/ping command
This example checks if a UDP server is up.
 This example checks if a UDP server is up.
examples/tcp command
This example sends an OPTIONS request over TCP (or TLS).
 This example sends an OPTIONS request over TCP (or TLS).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.