blob: 01a00b681a1f309b62fc25b24cf0d5e6dfd6143e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# TODO
## TSCH
- [X] Clean up TSCH module
- [X] Session hijacking
- [X] Generate random name/path
- [X] Output
- [X] Add `tsch change`
- [ ] Serialize XML with default indent level
## SCMR
- [X] Clean up SCMR module
- [X] add dynamic string binding support
- [X] general cleanup. Use TSCH & WMI as reference
- [ ] Output
## DCOM
- [X] Add DCOM module
- [X] MMC20.Application method
- [X] Output
## WMI
- [X] Add WMI module
- [X] Clean up WMI module
- [X] Output
- [ ] WMI `reg` subcommand - read & edit the registry
- [ ] File transfer functionality
## Other
- [X] Add proxy support - see https://github.com/oiweiwei/go-msrpc/issues/21
- [ ] Descriptions for all modules and methods
- [ ] Add SMB file transfer interface
- [ ] README
## Bug Fixes
- [X] Fix SMB transport for SCMR module - `rpc_s_cannot_support: The requested operation is not supported.`
- [X] Fix proxy - EPM doesn't use the proxy dialer
- [ ] Fix SCMR `change` method so that dependencies field isn't permanently overwritten
## Lower Priority
- [ ] `--shell` option
- [ ] Add Go tests
- [ ] ability to specify multiple targets
### TSCH
- [ ] Add more trigger types
### SCMR
- [ ] `psexec` with PsExeSVC.exe AND NOT Impacket's RemCom build - https://sensepost.com/blog/2025/psexecing-the-right-way-and-why-zero-trust-is-mandatory/
### DCOM
- [ ] ShellWindows & ShellBrowserWindow
### WinRM
- [ ] Add basic WinRM module - https://github.com/bryanmcnulty/winrm
- [ ] File transfer functionality
- [ ] Shell functionality
|