fixed some bugs involving DCERPC arguments

author: Bryan McNulty <bryanmcnulty@protonmail.com> 2025-03-10 06:17:13 -0500
committer: Bryan McNulty <bryanmcnulty@protonmail.com> 2025-03-10 06:17:13 -0500
commit: b3c69a1559e2876820f4b07f3ef0f47b467f5d26 (patch)
tree: 3eb024651ab491fccbb893ce79140327f339c8bc /cmd
parent: c6460b19bd834875b00f199390e6121d5bdfba7e (diff)
download: goexec-b3c69a1559e2876820f4b07f3ef0f47b467f5d26.tar.gz
goexec-b3c69a1559e2876820f4b07f3ef0f47b467f5d26.zip
2 files changed, 58 insertions, 12 deletions
diff --git a/cmd/rpc.go b/cmd/rpc.go
index 7290b06..7b5b214 100644
--- a/cmd/rpc.go
+++ b/cmd/rpc.go
@@ -23,7 +23,7 @@ func needsRpcTarget(proto string) func(cmd *cobra.Command, args []string) error
       if ok, err := regexp.MatchString(`^\w+$`, argDceEpmFilter); err == nil && ok {
         argDceEpmFilter += ":"
       }
-      dceConfig.Endpoint, err = dcerpc.ParseStringBinding(argDceEpmFilter)
+      dceConfig.EpmFilter, err = dcerpc.ParseStringBinding(argDceEpmFilter)
       if err != nil {
         return fmt.Errorf("failed to parse EPM filter: %w", err)
       }
diff --git a/cmd/scmr.go b/cmd/scmr.go
index 7772fc4..37b52eb 100644
--- a/cmd/scmr.go
+++ b/cmd/scmr.go
@@ -19,10 +19,17 @@ func scmrCmdInit() {
   if err := scmrCmd.MarkPersistentFlagRequired("executable-path"); err != nil {
     panic(err)
   }
-  scmrCmd.AddCommand(scmrChangeCmd)
   scmrCreateCmdInit()
-  scmrCmd.AddCommand(scmrCreateCmd)
+  scmrCmd.AddCommand(scmrChangeCmd)
   scmrChangeCmdInit()
+  scmrCmd.AddCommand(scmrCreateCmd)
+  scmrDeleteCmdInit()
+  scmrCmd.AddCommand(scmrDeleteCmd)
+}
+
+func scmrCreateCmdInit() {
+  scmrCreateCmd.Flags().StringVarP(&scmrServiceName, "service-name", "s", "", "Name of service to create")
+  scmrCreateCmd.Flags().BoolVar(&scmrNoDelete, "no-delete", false, "Don't delete service after execution")
 }
 
 func scmrChangeCmdInit() {
@@ -34,9 +41,11 @@ func scmrChangeCmdInit() {
   }
 }
 
-func scmrCreateCmdInit() {
-  scmrCreateCmd.Flags().StringVarP(&scmrServiceName, "service-name", "s", "", "Name of service to create")
-  scmrCreateCmd.Flags().BoolVar(&scmrNoDelete, "no-delete", false, "Don't delete service after execution")
+func scmrDeleteCmdInit() {
+  scmrDeleteCmd.Flags().StringVarP(&scmrServiceName, "service-name", "s", "", "Name of service to delete")
+  if err := scmrChangeCmd.MarkFlagRequired("service-name"); err != nil {
+    panic(err)
+  }
 }
 
 var (
@@ -57,7 +66,14 @@ var (
   scmrCreateCmd = &cobra.Command{
     Use:   "create [target]",
     Short: "Create & run a new Windows service to gain execution",
-    Args:  needsRpcTarget("cifs"),
+    Long: `Description:
+  The create method calls RCreateServiceW to create a new Windows service with
+  the provided executable & arguments as the lpBinaryPathName
+
+References:
+  https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/6a8ca926-9477-4dd4-b766-692fab07227e
+`,
+    Args: needsRpcTarget("cifs"),
     Run: func(cmd *cobra.Command, args []string) {
 
       if scmrServiceName == "" {
@@ -137,24 +153,54 @@ var (
           ServiceName: scmrServiceName,
         },
       }
-      log = log.With().
+      ctx = log.With().
         Str("module", "scmr").
         Str("method", "change").
-        Logger()
+        Logger().WithContext(ctx)
 
-      if err := executor.Connect(log.WithContext(ctx), creds, target, connCfg); err != nil {
+      if err := executor.Connect(ctx, creds, target, connCfg); err != nil {
         log.Fatal().Err(err).Msg("Connection failed")
       }
       if !scmrNoDelete {
         defer func() {
-          if err := executor.Cleanup(log.WithContext(ctx), cleanCfg); err != nil {
+          if err := executor.Cleanup(ctx, cleanCfg); err != nil {
             log.Error().Err(err).Msg("Cleanup failed")
           }
         }()
       }
-      if err := executor.Exec(log.WithContext(ctx), execCfg); err != nil {
+      if err := executor.Exec(ctx, execCfg); err != nil {
         log.Error().Err(err).Msg("Execution failed")
       }
     },
   }
+  scmrDeleteCmd = &cobra.Command{
+    Use:   "delete [target]",
+    Short: "Delete an existing Windows service",
+    Long: `Description:
+  
+`,
+    Args: needsRpcTarget("cifs"),
+    Run: func(cmd *cobra.Command, args []string) {
+
+      executor := scmrexec.Module{}
+      cleanCfg := &exec.CleanupConfig{
+        CleanupMethod: scmrexec.CleanupMethodDelete,
+      }
+      connCfg := &exec.ConnectionConfig{
+        ConnectionMethod:       exec.ConnectionMethodDCE,
+        ConnectionMethodConfig: dceConfig,
+      }
+      ctx = log.With().
+        Str("module", "scmr").
+        Str("method", "delete").
+        Logger().WithContext(ctx)
+
+      if err := executor.Connect(ctx, creds, target, connCfg); err != nil {
+        log.Fatal().Err(err).Msg("Connection failed")
+
+      } else if err = executor.Cleanup(ctx, cleanCfg); err != nil {
+        log.Fatal().Err(err).Msg("Delete failed")
+      }
+    },
+  }
 )
author	Bryan McNulty <bryanmcnulty@protonmail.com>	2025-03-10 06:17:13 -0500
committer	Bryan McNulty <bryanmcnulty@protonmail.com>	2025-03-10 06:17:13 -0500
commit	b3c69a1559e2876820f4b07f3ef0f47b467f5d26 (patch)
tree	3eb024651ab491fccbb893ce79140327f339c8bc /cmd
parent	c6460b19bd834875b00f199390e6121d5bdfba7e (diff)
download	goexec-b3c69a1559e2876820f4b07f3ef0f47b467f5d26.tar.gz goexec-b3c69a1559e2876820f4b07f3ef0f47b467f5d26.zip