diff options
| author | Bryan McNulty <bryanmcnulty@protonmail.com> | 2025-03-04 02:45:54 -0600 |
|---|---|---|
| committer | Bryan McNulty <bryanmcnulty@protonmail.com> | 2025-03-04 02:45:54 -0600 |
| commit | f98989334bbe227bbe9dc4c84a2d0e34aa2fb86f (patch) | |
| tree | cb1d1302d7574c0390021f65d273316a973e9bd0 /pkg | |
| parent | 6fe1d2cf9ead0a868ef3c86502f904ae97c74116 (diff) | |
| parent | 294e3b68183470f1f8d0f4d75ab99c01548fdb14 (diff) | |
| download | goexec-f98989334bbe227bbe9dc4c84a2d0e34aa2fb86f.tar.gz goexec-f98989334bbe227bbe9dc4c84a2d0e34aa2fb86f.zip | |
Merge branch 'dev' of github.com:FalconOpsLLC/goexec into dev
Diffstat (limited to 'pkg')
| -rw-r--r-- | pkg/exec/tsch/exec.go | 51 |
1 files changed, 31 insertions, 20 deletions
diff --git a/pkg/exec/tsch/exec.go b/pkg/exec/tsch/exec.go index 4157ec4..868f9ea 100644 --- a/pkg/exec/tsch/exec.go +++ b/pkg/exec/tsch/exec.go @@ -91,6 +91,8 @@ func (mod *Module) Exec(ctx context.Context, creds *adauth.Credential, target *a } else { startTime := time.Now().UTC().Add(cfg.StartDelay) + stopTime := startTime.Add(cfg.StopDelay) + task := &task{ TaskVersion: "1.2", // static TaskNamespace: "http://schemas.microsoft.com/windows/2004/02/mit/task", // static @@ -102,16 +104,21 @@ func (mod *Module) Exec(ctx context.Context, creds *adauth.Credential, target *a }, Principals: defaultPrincipals, Settings: defaultSettings, - Actions: actions{Context: defaultPrincipals.Principals[0].ID, Exec: []actionExec{{Command: ecfg.ExecutableName, Arguments: ecfg.ExecutableArgs}}}, + Actions: actions{ + Context: defaultPrincipals.Principals[0].ID, + Exec: []actionExec{ + { + Command: ecfg.ExecutableName, + Arguments: ecfg.ExecutableArgs, + }, + }, + }, } if !cfg.NoDelete && !cfg.CallDelete { if cfg.StopDelay == 0 { // EndBoundary cannot be >= StartBoundary cfg.StopDelay = 1 * time.Second } - stopTime := startTime.Add(cfg.StopDelay) - - mod.log.Info().Time("when", stopTime).Msg("Task is scheduled to delete") task.Settings.DeleteExpiredTaskAfter = xmlDuration(cfg.DeleteDelay) task.TimeTriggers[0].EndBoundary = stopTime.Format(TaskXMLDurationFormat) } @@ -157,25 +164,29 @@ func (mod *Module) Exec(ctx context.Context, creds *adauth.Credential, target *a } else { mod.log.Info().Str("path", response.ActualPath).Msg("Task registered successfully") - if !cfg.NoDelete && cfg.CallDelete { - defer func() { - if err = mod.Cleanup(ctx, creds, target, &exec.CleanupConfig{ - CleanupMethod: MethodDelete, - CleanupMethodConfig: MethodDeleteConfig{TaskPath: taskPath}, - }); err != nil { - mod.log.Error().Err(err).Msg("Failed to delete task") + if !cfg.NoDelete { + if cfg.CallDelete { + defer func() { + if err = mod.Cleanup(ctx, creds, target, &exec.CleanupConfig{ + CleanupMethod: MethodDelete, + CleanupMethodConfig: MethodDeleteConfig{TaskPath: taskPath}, + }); err != nil { + mod.log.Error().Err(err).Msg("Failed to delete task") + } + }() + mod.log.Info().Dur("ms", cfg.StartDelay).Msg("Waiting for task to run") + select { + case <-ctx.Done(): + mod.log.Warn().Msg("Cancelling execution") + return err + case <-time.After(cfg.StartDelay + (time.Second * 2)): // + two seconds + // TODO: check if task is running yet; delete if the wait period is over + break } - }() - mod.log.Info().Dur("ms", cfg.StartDelay).Msg("Waiting for task to run") - select { - case <-ctx.Done(): - mod.log.Warn().Msg("Cancelling execution") return err - case <-time.After(cfg.StartDelay + (time.Second * 2)): // + two seconds - // TODO: check if task is running yet; delete if the wait period is over - break + } else { + mod.log.Info().Time("when", stopTime).Msg("Task is scheduled to delete") } - return err } } } |