rpc

func Any ¶

func Any(id uuid.UUID, args []string) (msg *message.UserMessage)

Any is used to execute arbitrary Agent commands. The first argument is the command to execute, and the remaining arguments are passed to the command. args[0] = command to execute (e.g., connect, download) args[1: ] = arguments to pass to the command

func CD ¶

func CD(id uuid.UUID, args []string) (msg *message.UserMessage)

CD is used to change the agent's current working directory args[0] = the directory path to change to

func CMD ¶

func CMD(id uuid.UUID, args []string) (msg *message.UserMessage)

CMD is used to send a command to the agent to run a command or execute a program args[0] = "cmd" args[1:] = program and arguments to be executed on the host OS of the running agent Used with `cmd` and `shell` commands as well as through "standard" modules

func CheckIn ¶

func CheckIn(id uuid.UUID) (msg *message.UserMessage)

CheckIn creates an AgentInfo job that forces the Agent to send data back to the server

func ClearJobs ¶

func ClearJobs(agentID uuid.UUID) (msg *message.UserMessage)

ClearJobs removes any jobs the queue for a specific Agent that have been created, but NOT sent to the agent

func ClearJobsCreated ¶

func ClearJobsCreated() (msg *message.UserMessage)

ClearJobsCreated clears all created (but unsent) jobs for all agents

func Connect ¶

func Connect(id uuid.UUID, args []string) (msg *message.UserMessage)

Connect instructs an Agent to disconnect from its current server and connect to the new provided target Args[0] = the target address or URI to connect to

func CreateListener ¶

func CreateListener(options map[string]string) (msg *message.UserMessage)

CreateListener instantiates a listener on the RPC server from the provided options

func Download ¶

func Download(id uuid.UUID, args []string) (msg *message.UserMessage)

Download is used to download the file through the corresponding agent from the provided input file path args[0] = the file path to download

func ENV ¶

func ENV(id uuid.UUID, args []string) (msg *message.UserMessage)

ENV is used to view or modify a host's environment variables args[0] = the action to take (e.g., get, set, showall, unset) args[1] = the name of the environment variable to modify args[2] = the value to set the environment variable to

func ExecuteAssembly ¶

func ExecuteAssembly(id uuid.UUID, args []string) (msg *message.UserMessage)

ExecuteAssembly calls the donut module to create shellcode from a .NET 4.0 assembly and then uses the CreateProcess module to create a job that executes the shellcode in a remote process args[0] .NET assembly File bytes as Base64 string args[1] .NET assembly arguments args[2] SpawnTo path args[3] SpawnTo arguments

func ExecutePE ¶

func ExecutePE(id uuid.UUID, args []string) (msg *message.UserMessage)

ExecutePE calls the donut module to create shellcode from PE and then uses the CreateProcess module to create a job that executes the shellcode in a remote process args[0] PE file bytes as Base64 string args[1] PE arguments args[2] SpawnTo path args[3] SpawnTo arguments

func ExecuteShellcode ¶

func ExecuteShellcode(id uuid.UUID, args []string) (msg *message.UserMessage)

ExecuteShellcode calls the corresponding shellcode module to create a job that executes the provided shellcode args[0] shellcode bytes as Base64 string args[1] Shellcode execution method (e.g., self, remote, rtlcreateuserthread, userapc) args[2] PID to inject shellcode into (only used with remote, rtlcreateuserthread, and userapc methods)

func Exit ¶

func Exit(id uuid.UUID) (msg *message.UserMessage)

Exit instructs the agent to quit running

func GetAgent ¶

func GetAgent(id uuid.UUID) (a *agent.Agent, err error)

GetAgent returns an Agent structure for the provided Agent UUID

func GetAgentActiveJobs ¶

func GetAgentActiveJobs(id uuid.UUID) (jobs []job.Job, err error)

GetAgentActiveJobs returns all jobs from the RPC server for the specified Agent id

func GetAgentLinks ¶

func GetAgentLinks(id uuid.UUID) (links []uuid.UUID, err error)

GetAgentLinks returns a list of linked child Agent IDs

func GetAgents ¶

func GetAgents() (agents []uuid.UUID, err error)

GetAgents returns a list of existing Agent UUID values

func GetAgentsRows ¶

func GetAgentsRows() (header []string, rows [][]string, err error)

GetAgentsRows returns a row of data for every agent that is alive and includes information about it such as the Agent's GUID, platform, user, host, transport, and status

func GetAllActiveJobs ¶

func GetAllActiveJobs() (jobs []job.Job, err error)

GetAllActiveJobs returns all Agent jobs from the RPC server that have not completed

func GetModule ¶

func GetModule(modulePath string) (msg *message.UserMessage, m *module.Module)

GetModule return information about a specific module from the RPC server so a module object can be created on the client

func GetModuleList ¶

func GetModuleList() (msg *message.UserMessage, modules []string)

GetModuleList returns a list of all available modules on the RPC server

func GroupAdd ¶

func GroupAdd(id uuid.UUID, group string) (msg *message.UserMessage)

GroupAdd adds the provided Agent id to the group on the RPC server

func GroupList ¶

func GroupList(group string) (groups []string)

GroupList lists agents that are part of a specific group Return an empty slice instead of an error so that way other functions can still complete

func GroupListAll ¶

func GroupListAll() map[string][]string

GroupListAll returns a list of all groups and their member's from the RPC server

func GroupRemove ¶

func GroupRemove(id uuid.UUID, group string) (msg *message.UserMessage)

GroupRemove deletes the provided Agent id from the group

func Groups ¶

func Groups() []string

Groups returns a list of existing group names from the server Will not return an error so that completers are not blocked but will instead return an empty slice

func IFConfig ¶

func IFConfig(id uuid.UUID) (msg *message.UserMessage)

func InvokeAssembly ¶

func InvokeAssembly(id uuid.UUID, args []string) (msg *message.UserMessage)

InvokeAssembly executes an assembly that was previously loaded with the load-assembly command args[0] = the assembly name to execute args[1: ] = arguments to pass to the assembly

func JA3 ¶

func JA3(id uuid.UUID, args []string) (msg *message.UserMessage)

JA3 is used to change the Agent's JA3 signature args[0] = the JA3 signature to change to

func KillDate ¶

func KillDate(id uuid.UUID, args []string) (msg *message.UserMessage)

KillDate configures the date and time that the agent will stop running args[0] = the date and time to stop running

func KillProcess ¶

func KillProcess(id uuid.UUID, args []string) (msg *message.UserMessage)

KillProcess tasks an agent to kill a process by its number identifier args[0] = the process ID to kill

func LS ¶

func LS(id uuid.UUID, args []string) (msg *message.UserMessage)

LS uses native Go to list the directory contents of the provided path args[0] = the directory path to list

func LinkAgent ¶

func LinkAgent(id uuid.UUID, args []string) (msg *message.UserMessage)

LinkAgent tasks a parent agent to connect to and link a child agent args[0] = the link method (e.g., add|list|remove|refresh|tcp|udp|smb) args[1] = method arguments

func ListAssemblies ¶

func ListAssemblies(id uuid.UUID) (msg *message.UserMessage)

ListAssemblies instructs the agent to list the .NET assemblies that are currently loaded into the agent's process .NET assemblies are loaded with the LoadAssembly call

func Listener ¶

func Listener(id uuid.UUID, args []string) (msg *message.UserMessage)

Listener interacts with Agent listeners used for peer-to-peer communications args[0] = the listener method (e.g., list|start|stop) args[1:] = method arguments; [protocol] [address]

func ListenerGetConfiguredOptions ¶

func ListenerGetConfiguredOptions(id uuid.UUID) (msg *message.UserMessage, options map[string]string)

ListenerGetConfiguredOptions returns a map of the Listener's configured options

func ListenerGetDefaultOptions ¶

func ListenerGetDefaultOptions(listenerType string) (msg *message.UserMessage, options map[string]string)

ListenerGetDefaultOptions returns a map of the Listener's default options

func ListenerGetIDs ¶

func ListenerGetIDs() (msg *message.UserMessage, ids []string)

ListenerGetIDs retrieves a list of all instantiated listener IDs from the RPC server

func ListenerGetRows ¶

func ListenerGetRows() (msg *message.UserMessage, header []string, rows [][]string)

ListenerGetRows gets information about all configured listeners as data that can be used to populate a table

func ListenerGetTypes ¶

func ListenerGetTypes() (msg *message.UserMessage, types []string)

ListenerGetTypes returns a list of all available Listener types (e.g. http, tcp, etc.)

func ListenerSetOption ¶

func ListenerSetOption(id uuid.UUID, args []string) (msg *message.UserMessage)

ListenerSetOption saves a configurable listener option in the server database

func ListenerStatus ¶

func ListenerStatus(id uuid.UUID) (msg *message.UserMessage)

ListenerStatus returns the status of the Listener's server

func ListenerStop ¶

func ListenerStop(id uuid.UUID) (msg *message.UserMessage)

ListenerStop terminates the Listener's server

func LoadAssembly ¶

func LoadAssembly(id uuid.UUID, args []string) (msg *message.UserMessage)

LoadAssembly instructs the agent to load a .NET assembly into the agent's process args[0] is a Base64 encoded string of the assembly bytes args[1] is the assembly name or alias args[2] is the calculated SHA256 hash of the assembly

func LoadCLR ¶

func LoadCLR(id uuid.UUID, args []string) (msg *message.UserMessage)

LoadCLR loads the .NET Common Language Runtime (CLR) into the agent's process. .NET assemblies can subsequently be loaded with the LoadAssembly call and executed with the InvokeAssembly call args[0] = the .NET CLR version to load (e.g., v2.0.50727, v4.0.30319, or v4.0)

func MEMFD ¶

func MEMFD(id uuid.UUID, args []string) (msg *message.UserMessage)

MEMFD run a linux executable "from memory" args[0] = the executable as a base64 encoded string args[1:] = arguments to pass to the executable

func MaxRetry ¶

func MaxRetry(id uuid.UUID, args []string) (msg *message.UserMessage)

MaxRetry configures the amount of times an Agent will try to check in before it quits args[0] = the number of times to retry

func Memory ¶

func Memory(id uuid.UUID, args []string) (msg *message.UserMessage)

Memory interacts with virtual memory on the operating system where the agent is running args[0] = the memory method (e.g., read|write|patch) args[1:] = method arguments

func NSLOOKUP ¶

func NSLOOKUP(id uuid.UUID, args []string) (msg *message.UserMessage)

NSLOOKUP instructs the agent to perform a DNS query on the input args[0:] = the host name or IP address to query

func Netstat ¶

func Netstat(id uuid.UUID, args []string) (msg *message.UserMessage)

Netstat is used to print network connections on the target system args[0] = -p OPTIONAL args[1] = the protocol to filter on (e.g., tcp or udp) OPTIONAL

func Note ¶

func Note(id uuid.UUID, args []string) (msg *message.UserMessage)

Note sets a note on the Agent's Note field args[0] = the note to set

func PS ¶

func PS(id uuid.UUID) (msg *message.UserMessage)

PS displays running processes

func PWD ¶

func PWD(id uuid.UUID) (msg *message.UserMessage)

PWD is used to print the Agent's current working directory

func Padding ¶

func Padding(id uuid.UUID, args []string) (msg *message.UserMessage)

Padding configures the maximum size for the random amount of padding added to each message args[0] = the maximum size of the padding

func Parrot ¶ added in v1.1.0

func Parrot(id uuid.UUID, args []string) (msg *message.UserMessage)

Parrot configures the Agent's HTTP client to match the provided browser args[0] = the browser to match (e.g., HelloChrome_Auto)

func Pipes ¶

func Pipes(id uuid.UUID) (msg *message.UserMessage)

Pipes enumerates and displays named pipes on Windows hosts only

func RM ¶

func RM(id uuid.UUID, args []string) (msg *message.UserMessage)

RM removes or deletes a file args[0] = the file path to remove

func Reconnect ¶

func Reconnect() (msg *message.UserMessage)

Reconnect re-establish a connection with the RPC server after the connection was previously broken

func Remove ¶

func Remove(id uuid.UUID) (msg *message.UserMessage)

Remove deletes the agent from the server

func RemoveListener ¶

func RemoveListener(id uuid.UUID) (msg *message.UserMessage)

RemoveListener deletes a listener from the server

func RestartListener ¶

func RestartListener(id uuid.UUID) (msg *message.UserMessage)

RestartListener restarts a listener on the server

func RunAs ¶

func RunAs(id uuid.UUID, args []string) (msg *message.UserMessage)

RunAs creates a new process as the provided user args[0] = the domain\username to run the program as args[1] = the password for the provided user args[2] = the program to run args[3:] = the arguments to pass to the program

func RunModule ¶

func RunModule(m *module.Module) (msgs []*message.UserMessage)

RunModule sends information to the RPC server and executes the module there

func SSH ¶

func SSH(id uuid.UUID, args []string) (msg *message.UserMessage)

SSH executes a command on a remote host through the SSH protocol and returns the output args[0] = SSH username args[1] = SSH password args[2] = the SSH host:port args[3] = the program to execute args[4] = program arguments (optional)

func SecureDelete ¶

func SecureDelete(id uuid.UUID, args []string) (msg *message.UserMessage)

SecureDelete securely deletes supplied file args[0] = the file path to securely delete

func Servers ¶

func Servers() []string

Servers return a list of listeners' type that is available on the server Some listeners (e.g., HTTPS) have a server while others (e.g., SMB) do not

func SharpGen ¶

func SharpGen(id uuid.UUID, args []string) (msg *message.UserMessage)

SharpGen generates a .NET core assembly, converts it to shellcode with go-donut, and executes it in the spawnto process args[0] = the .NET Core C# code, as a string, to compile args[1] = the SpawnTo process to inject the shellcode into args[2] = the arguments to pass to the SpawnTo process (optional)

func Skew ¶

func Skew(id uuid.UUID, args []string) (msg *message.UserMessage)

Skew configures the amount of skew an Agent uses to randomize checkin times args[0] = the amount of skew to use

func Sleep ¶

func Sleep(id uuid.UUID, args []string) (msg *message.UserMessage)

Sleep configures the Agent's sleep time between checkins args[0] = the amount of time to sleep

func Socks ¶

func Socks(id uuid.UUID, args []string) (msg *message.UserMessage)

Socks creates a TCP listener on the provided port and forwards SOCKS5 traffic to the provided agent args[0] = method args[1] = interface:port args[2] = agent ID

func StartListener ¶

func StartListener(id uuid.UUID) (msg *message.UserMessage)

StartListener start the listener on the RPC server

func Token ¶

func Token(id uuid.UUID, args []string) (msg *message.UserMessage)

Token is used to interact with Windows Access Tokens on the agent args[0] = the token method (e.g., make|privs|rev2self|steal|whoami) args[1:] = method arguments

func Touch ¶

func Touch(id uuid.UUID, args []string) (msg *message.UserMessage)

Touch matches the destination file's timestamps with source file args[0] = the source file args[1] = the destination file

func UnlinkAgent ¶

func UnlinkAgent(id uuid.UUID, args []string) (msg *message.UserMessage)

UnlinkAgent instructs the parent Agent to close, or unlink, the connection with the child Agent args[0] = the child Agent ID to unlink

func Upload ¶

func Upload(id uuid.UUID, args []string) (msg *message.UserMessage)

Upload transfers a file from the Merlin Server to the Agent args[0] = the source file as a Base64 encoded string args[1] = the destination file path

func Uptime ¶

func Uptime(id uuid.UUID) (msg *message.UserMessage)

Uptime retrieves the target host's uptime. Windows only