Documentation
¶
Index ¶
- func CLR(cmd jobs.Command) jobs.Results
- func CreateProcess(cmd jobs.Command) jobs.Results
- func Download(transfer jobs.FileTransfer) jobs.Results
- func ExecuteCommand(cmd jobs.Command) jobs.Results
- func ExecuteShellcode(cmd jobs.Shellcode) jobs.Results
- func ExecuteShellcodeCreateProcessWithPipe(sc string, spawnto string, args string) (stdout string, stderr string, err error)
- func ExecuteShellcodeQueueUserAPC(shellcode []byte, pid uint32) error
- func ExecuteShellcodeRemote(shellcode []byte, pid uint32) error
- func ExecuteShellcodeRtlCreateUserThread(shellcode []byte, pid uint32) error
- func ExecuteShellcodeSelf(shellcode []byte) error
- func Memfd(cmd jobs.Command) (result jobs.Results)
- func MiniDump(cmd jobs.Command) (jobs.FileTransfer, error)
- func Native(cmd jobs.Command) jobs.Results
- func Upload(transfer jobs.FileTransfer) (jobs.FileTransfer, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CLR ¶
CLR is the entrypoint for Jobs that are processed to determine which CLR function should be executed
func CreateProcess ¶
CreateProcess spawns a child process with anonymous pipes, executes shellcode in it, and returns the output from the executed shellcode
func Download ¶
func Download(transfer jobs.FileTransfer) jobs.Results
Download receives a job from the server to download a file to host where the Agent is running
func ExecuteCommand ¶
ExecuteCommand runs the provided input program and arguments, returning results in a message base
func ExecuteShellcode ¶
ExecuteShellcode instructs the agent to load and run shellcode according to the input job
func ExecuteShellcodeCreateProcessWithPipe ¶
func ExecuteShellcodeCreateProcessWithPipe(sc string, spawnto string, args string) (stdout string, stderr string, err error)
ExecuteShellcodeCreateProcessWithPipe creates a child process, redirects STDOUT/STDERR to an anonymous pipe, injects/executes shellcode, and retrieves output
func ExecuteShellcodeQueueUserAPC ¶
ExecuteShellcodeQueueUserAPC executes provided shellcode in the provided target process using the Windows QueueUserAPC API call
func ExecuteShellcodeRemote ¶
ExecuteShellcodeRemote executes provided shellcode in the provided target process
func ExecuteShellcodeRtlCreateUserThread ¶
ExecuteShellcodeRtlCreateUserThread executes provided shellcode in the provided target process using the Windows RtlCreateUserThread call
func ExecuteShellcodeSelf ¶
ExecuteShellcodeSelf executes provided shellcode in the current process
func Memfd ¶
Memfd places a linux executable file in-memory, executes it, and returns the results Uses the linux memfd_create API call to create an anonymous file https://man7.org/linux/man-pages/man2/memfd_create.2.html http://manpages.ubuntu.com/manpages/bionic/man2/memfd_create.2.html
func MiniDump ¶
func MiniDump(cmd jobs.Command) (jobs.FileTransfer, error)
MiniDump is the top-level function used to receive a job and subsequently execute a Windows memory dump on the target process The function returns the memory dump as a file upload to the server
func Upload ¶
func Upload(transfer jobs.FileTransfer) (jobs.FileTransfer, error)
Upload receives a job from the server to upload a file from the host to the Merlin server
Types ¶
This section is empty.
Source Files