diff options
| -rw-r--r-- | TODO.md | 1 | ||||
| -rw-r--r-- | cmd/args.go | 172 | ||||
| -rw-r--r-- | pkg/goexec/wmi/call.go | 4 | ||||
| -rw-r--r-- | pkg/goexec/wmi/module.go | 6 |
4 files changed, 89 insertions, 94 deletions
@@ -37,7 +37,6 @@ ### Other - [X] Add proxy support - see https://github.com/oiweiwei/go-msrpc/issues/21 -- [ ] `--unsafe` option - allow unsafe OPSEC (i.e. fetching execution output via file write/read) - [ ] Descriptions for all modules and methods - [ ] Add SMB file transfer interface - [ ] README diff --git a/cmd/args.go b/cmd/args.go index ca61c22..b176c75 100644 --- a/cmd/args.go +++ b/cmd/args.go @@ -1,139 +1,139 @@ package cmd import ( - "context" - "errors" - "fmt" - "github.com/spf13/cobra" - "github.com/spf13/pflag" - "os" + "context" + "errors" + "fmt" + "github.com/spf13/cobra" + "github.com/spf13/pflag" + "os" ) func registerRpcFlags(cmd *cobra.Command) { - rpcFlags := pflag.NewFlagSet("RPC", pflag.ExitOnError) + rpcFlags := pflag.NewFlagSet("RPC", pflag.ExitOnError) - rpcFlags.BoolVar(&rpcClient.NoEpm, "no-epm", false, "Do not use EPM to automatically detect endpoints") - //rpcFlags.BoolVar(&rpcClient.Options.EpmAuto, "epm-auto", false, "Automatically detect endpoints instead of using the module defaults") - rpcFlags.BoolVar(&rpcClient.NoSign, "no-sign", false, "Disable signing on DCE messages") - rpcFlags.BoolVar(&rpcClient.NoSeal, "no-seal", false, "Disable packet stub encryption on DCE messages") - rpcFlags.StringVar(&rpcClient.Filter, "epm-filter", "", "String binding to filter endpoints returned by EPM") - rpcFlags.StringVar(&rpcClient.Endpoint, "endpoint", "", "Explicit RPC endpoint definition") + rpcFlags.BoolVar(&rpcClient.NoEpm, "no-epm", false, "Do not use EPM to automatically detect endpoints") + //rpcFlags.BoolVar(&rpcClient.Options.EpmAuto, "epm-auto", false, "Automatically detect endpoints instead of using the module defaults") + rpcFlags.BoolVar(&rpcClient.NoSign, "no-sign", false, "Disable signing on DCE messages") + rpcFlags.BoolVar(&rpcClient.NoSeal, "no-seal", false, "Disable packet stub encryption on DCE messages") + rpcFlags.StringVar(&rpcClient.Filter, "epm-filter", "", "String binding to filter endpoints returned by EPM") + rpcFlags.StringVar(&rpcClient.Endpoint, "endpoint", "", "Explicit RPC endpoint definition") - cmd.PersistentFlags().AddFlagSet(rpcFlags) + cmd.PersistentFlags().AddFlagSet(rpcFlags) - cmd.MarkFlagsMutuallyExclusive("endpoint", "epm-filter") - cmd.MarkFlagsMutuallyExclusive("no-epm", "epm-filter") + cmd.MarkFlagsMutuallyExclusive("endpoint", "epm-filter") + cmd.MarkFlagsMutuallyExclusive("no-epm", "epm-filter") } func registerProcessExecutionArgs(cmd *cobra.Command) { - group := pflag.NewFlagSet("Execution", pflag.ExitOnError) + group := pflag.NewFlagSet("Execution", pflag.ExitOnError) - group.StringVarP(&exec.Input.Arguments, "args", "a", "", "Command line arguments") - group.StringVarP(&exec.Input.Command, "command", "c", "", "Windows process command line (executable & arguments)") - group.StringVarP(&exec.Input.Executable, "executable", "e", "", "Windows executable to invoke") + group.StringVarP(&exec.Input.Arguments, "args", "a", "", "Command line arguments") + group.StringVarP(&exec.Input.Command, "command", "c", "", "Windows process command line (executable & arguments)") + group.StringVarP(&exec.Input.Executable, "executable", "e", "", "Windows executable to invoke") - cmd.PersistentFlags().AddFlagSet(group) + cmd.PersistentFlags().AddFlagSet(group) - cmd.MarkFlagsOneRequired("executable", "command") - cmd.MarkFlagsMutuallyExclusive("executable", "command") + cmd.MarkFlagsOneRequired("executable", "command") + cmd.MarkFlagsMutuallyExclusive("executable", "command") } func registerExecutionOutputArgs(cmd *cobra.Command) { - group := pflag.NewFlagSet("Output", pflag.ExitOnError) + group := pflag.NewFlagSet("Output", pflag.ExitOnError) - group.StringVarP(&outputPath, "output", "o", "", `Fetch execution output to file or "-" for standard output`) - group.StringVarP(&outputMethod, "output-method", "m", "smb", "Method to fetch execution output") - group.StringVar(&exec.Output.RemotePath, "remote-output", "", "Location to temporarily store output on remote filesystem") - group.BoolVar(&exec.Output.NoDelete, "no-delete-output", false, "Preserve output file on remote filesystem") + group.StringVarP(&outputPath, "output", "o", "", `Fetch execution output to file or "-" for standard output`) + group.StringVarP(&outputMethod, "output-method", "m", "smb", "Method to fetch execution output") + group.StringVar(&exec.Output.RemotePath, "remote-output", "", "Location to temporarily store output on remote filesystem") + group.BoolVar(&exec.Output.NoDelete, "no-delete-output", false, "Preserve output file on remote filesystem") - cmd.PersistentFlags().AddFlagSet(group) + cmd.PersistentFlags().AddFlagSet(group) } func args(reqs ...func(*cobra.Command, []string) error) (fn func(*cobra.Command, []string) error) { - return func(cmd *cobra.Command, args []string) (err error) { + return func(cmd *cobra.Command, args []string) (err error) { - for _, req := range reqs { - if err = req(cmd, args); err != nil { - return - } - } - return - } + for _, req := range reqs { + if err = req(cmd, args); err != nil { + return + } + } + return + } } func argsTarget(proto string) func(cmd *cobra.Command, args []string) error { - return func(cmd *cobra.Command, args []string) (err error) { + return func(cmd *cobra.Command, args []string) (err error) { - if len(args) != 1 { - return errors.New("command require exactly one positional argument: [target]") - } + if len(args) != 1 { + return errors.New("command require exactly one positional argument: [target]") + } - if credential, target, err = authOpts.WithTarget(context.TODO(), proto, args[0]); err != nil { - return fmt.Errorf("failed to parse target: %w", err) - } + if credential, target, err = authOpts.WithTarget(context.TODO(), proto, args[0]); err != nil { + return fmt.Errorf("failed to parse target: %w", err) + } - if credential == nil { - return errors.New("no credentials supplied") - } - if target == nil { - return errors.New("no target supplied") - } - return - } + if credential == nil { + return errors.New("no credentials supplied") + } + if target == nil { + return errors.New("no target supplied") + } + return + } } func argsSmbClient() func(cmd *cobra.Command, args []string) error { - return args( - argsTarget("cifs"), + return args( + argsTarget("cifs"), - func(_ *cobra.Command, _ []string) error { + func(_ *cobra.Command, _ []string) error { - smbClient.Credential = credential - smbClient.Target = target - smbClient.Proxy = proxy + smbClient.Credential = credential + smbClient.Target = target + smbClient.Proxy = proxy - return smbClient.Parse(context.TODO()) - }, - ) + return smbClient.Parse(context.TODO()) + }, + ) } func argsRpcClient(proto string) func(cmd *cobra.Command, args []string) error { - return args( - argsTarget(proto), + return args( + argsTarget(proto), - func(cmd *cobra.Command, args []string) (err error) { + func(cmd *cobra.Command, args []string) (err error) { - rpcClient.Target = target - rpcClient.Credential = credential - rpcClient.Proxy = proxy + rpcClient.Target = target + rpcClient.Credential = credential + rpcClient.Proxy = proxy - return rpcClient.Parse(context.TODO()) - }, - ) + return rpcClient.Parse(context.TODO()) + }, + ) } func argsOutput(methods ...string) func(cmd *cobra.Command, args []string) error { - var as []func(*cobra.Command, []string) error + var as []func(*cobra.Command, []string) error - for _, method := range methods { - if method == "smb" { - as = append(as, argsSmbClient()) - } - } + for _, method := range methods { + if method == "smb" { + as = append(as, argsSmbClient()) + } + } - return args(append(as, func(*cobra.Command, []string) (err error) { + return args(append(as, func(*cobra.Command, []string) (err error) { - if outputPath != "" { - if outputPath == "-" { - exec.Output.Writer = os.Stdout + if outputPath != "" { + if outputPath == "-" { + exec.Output.Writer = os.Stdout - } else if exec.Output.Writer, err = os.OpenFile(outputPath, os.O_WRONLY|os.O_CREATE, 0644); err != nil { - log.Fatal().Err(err).Msg("Failed to open output file") - } - } - return - })...) + } else if exec.Output.Writer, err = os.OpenFile(outputPath, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644); err != nil { + log.Fatal().Err(err).Msg("Failed to open output file") + } + } + return + })...) } diff --git a/pkg/goexec/wmi/call.go b/pkg/goexec/wmi/call.go index e4386b5..3ca7596 100644 --- a/pkg/goexec/wmi/call.go +++ b/pkg/goexec/wmi/call.go @@ -6,10 +6,6 @@ import ( "github.com/rs/zerolog" ) -const ( - MethodCall = "Call" -) - type WmiCall struct { Wmi diff --git a/pkg/goexec/wmi/module.go b/pkg/goexec/wmi/module.go index 20d687a..e743139 100644 --- a/pkg/goexec/wmi/module.go +++ b/pkg/goexec/wmi/module.go @@ -75,7 +75,7 @@ func (m *Wmi) Init(ctx context.Context) (err error) { stringBinding, err := dcerpc.ParseStringBinding("ncacn_ip_tcp:" + bind.NetworkAddr) // TODO: try bind.String() if err != nil { - log.Error().Err(err).Msg("Failed to parse string binding") + log.Debug().Err(err).Msg("Failed to parse string binding") continue } stringBinding.NetworkAddress = m.Client.Target.AddressWithoutPort() @@ -129,8 +129,8 @@ func (m *Wmi) query(ctx context.Context, class, method string, values map[string return nil, errors.New("module has not been initialized") } if out, err := query.NewBuilder(ctx, m.servicesClient, ComVersion). - Spawn(class). // The class to instantiate (i.e. Win32_Process) - Method(method). // The method to call (i.e. Create) + Spawn(class). // The class to instantiate (i.e., Win32_Process) + Method(method). // The method to call (i.e., Create) Values(values). // The values to pass to method Exec(). Object(); err == nil { |